HP System Management Homepage Single Sign On Parameter Handling RCE

This script is Copyright (C) 2015-2017 Tenable Network Security, Inc.


Synopsis :

The remote web server is affected by a remote code execution
vulnerability.

Description :

The HP System Management Homepage (SMH) application running on the
remote web server potentially contains an overflow condition in the
Single Sign On (SSO) functionality due to improper validation of
user-supplied input when handling overly long parameters. A remote
attacker could exploit this to cause a stack-based buffer overflow,
resulting in a denial of service or the execution of arbitrary code.

Note that this plugin attempts to crash the HPSMHD process, but the
process can be restarted by a parent process.

See also :

http://www.zerodayinitiative.com/advisories/ZDI-15-262/
http://www.nessus.org/u?d5c7ae80

Solution :

Upgrade to HP System Management Homepage (SMH) 7.4.1 or later.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

Family: Web Servers

Nessus Plugin ID: 85766 ()

Bugtraq ID: 75434

CVE ID: CVE-2015-2133

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now