Mercury LoadRunner Agent server_ip_name Field Remote Buffer Overflow

critical Nessus Plugin ID 24327

Synopsis

The remote server is affected by a buffer overflow vulnerability.

Description

The version of the LoadRunner Agent installed on the remote host contains a buffer overflow in 'mchan.dll' that can be exploited by an unauthenticated, remote attacker using a request with a long 'server_ip_name' field to crash the affected service or execute arbitrary code subject to the permissions of the user id under which the agent runs.

Solution

HP no longer supports version 8.x of this product and patches may no longer be available. HP recommends all users upgrade to latest available version of 9.x.

See Also

https://www.zerodayinitiative.com/advisories/ZDI-07-007/

https://seclists.org/fulldisclosure/2007/Feb/176

https://www.securityfocus.com/archive/1/459496

Plugin Details

Severity: Critical

ID: 24327

File Name: loadrunner_agent_server_ip_name_overflow.nasl

Version: 1.20

Type: remote

Published: 2/13/2007

Updated: 11/15/2018

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.4

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 8.3

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/a:hp:loadrunner

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 2/8/2007

Exploitable With

CANVAS (D2ExploitPack)

Reference Information

CVE: CVE-2007-0446

BID: 22487