Višestruki propusti vezani uz HP Managed Printing Administration 2.x

Ispravljni su višestruki propusti vezani uz HP Managed Printing Administration 2.x koje je udaljeni napadač mogao iskoristiti za proizvoljno izvršavanje programskog koda.

Paket:	HP Managed Printing Administration 2.x
Operacijski sustavi:	Microsoft Windows XP, Microsoft Windows Server 2003, Microsoft Windows Vista, Microsoft Windows Server 2008, Microsoft Windows 7
Kritičnost:	7.5
Problem:	nespecificirana pogreška, pogreška u programskoj funkciji, pogreška u programskoj komponenti, preljev međuspremnika
Iskorištavanje:	udaljeno
Posljedica:	proizvoljno izvršavanje programskog koda
Rješenje:	programska zakrpa proizvođača
CVE:	CVE-2011-4166, CVE-2011-4167, CVE-2011-4168, CVE-2011-4169
Izvorni ID preporuke:	SA47329
Izvor:	Secunia

Problem:
Propusti su uzrokovani pogreškama u "MPAUploader.dll3" i "jobDeliveryDefault.asp" te funkciji "MPAUploader.Uploader.1.UploadFiles()".
Posljedica:
Udaljeni napadač može iskoristiti navedene nedostatke za proizvoljno izvršavanje programskog koda.
Rješenje:
Svim korisnicima se savjetuje korištenje službene nadogradnje.

Izvorni tekst preporuke

HP Managed Printing Administration Multiple Vulnerabilities
Secunia Advisory 	SA47329 	
Get alerted and manage the vulnerability life cycle
Free Trial

Release Date 	2011-12-23
  	 
Popularity 	63 views
Comments 	0 comments

Criticality level 	Moderately criticalModerately critical
Impact 	System access
Where 	From local network
Authentication level 	Available in Customer Area
  	 
Report reliability 	Available in Customer Area
Solution Status 	Vendor Patch
  	 
Systems affected 	Available in Customer Area
Approve distribution 	Available in Customer Area
  	 
Software:	
	HP Managed Printing Administration 2.x

Secunia CVSS Score 	Available in Customer Area
CVE Reference(s) 	CVE-2011-4166 CVSS available in Customer Area
CVE-2011-4167 CVSS available in Customer Area
CVE-2011-4168 CVSS available in Customer Area
CVE-2011-4169 CVSS available in Customer Area
	   	

Description

Multiple vulnerabilities have been reported in HP Managed Printing Administration, which can be exploited by malicious people to compromise a vulnerable system.

1) An input sanitisation error in the MPAUploader.Uploader.1.UploadFiles() function can be exploited to create arbitrary files via directory traversal sequences.

2) A boundary error within MPAUploader.dll3 when parsing the "filename" parameter passed via Default.asp can be exploited to cause a stack-based buffer overflow via an overly long string.

3) An input sanitisation error in jobDelivery\Default.asp can be exploited to create arbitrary files via directory traversal sequences.

4) A vulnerability is caused due to an unspecified error. No further information is currently available.

Successful exploitation of the vulnerabilities may allow execution of arbitrary code.

The vulnerabilities are reported in versions prior to 2.6.4.

Solution
Update to version 2.6.4.

Provided and/or discovered by
Andrea Micalizzi aka rgod via ZDI.

Original Advisory
HPSBPI02732 SSRT100435:
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03128469

ZDI:
http://www.zerodayinitiative.com/advisories/ZDI-11-352/
http://www.zerodayinitiative.com/advisories/ZDI-11-353/
http://www.zerodayinitiative.com/advisories/ZDI-11-354/

Višestruki propusti vezani uz HP Managed Printing Administration 2.x

Tražilica portala

Aktivnosti

O CIS-u

Posljednje vijesti

Posljednji dokumenti

Višestruki propusti vezani uz HP Managed Printing Administration 2.x

Tražilica portala

Aktivnosti

O CIS-u

Posljednje sigurnosne preporuke

Posljednje vijesti

Popularni članci

Posljednji dokumenti