HP System Management Homepage Single Sign On Parameter Handling RCE
Critical Nessus Plugin ID 85766
SynopsisThe remote web server is affected by a remote code execution vulnerability.
DescriptionThe HP System Management Homepage (SMH) application running on the remote web server potentially contains an overflow condition in the Single Sign On (SSO) functionality due to improper validation of user-supplied input when handling overly long parameters. A remote attacker could exploit this to cause a stack-based buffer overflow, resulting in a denial of service or the execution of arbitrary code.
Note that this plugin attempts to crash the HPSMHD process, but the process can be restarted by a parent process.
SolutionUpgrade to HP System Management Homepage (SMH) 7.4.1 or later.