U radu programskog paketa HP StorageWorks File Migration Agent uočena su dva sigurnosna propusta. Lokalnom napadaču omogućuju neovlašten pristup sustavu.

HP StorageWorks File Migration Agent CIFS and FTP Archives Processing Vulnerabilities
Secunia Advisory 	SA49962 	
Release Date 	2012-07-19

Criticality level 	Moderately criticalModerately critical
Impact 	System access
Where 	From local network
Authentication level 	Available in Customer Area
  	 
Report reliability 	Available in Customer Area
Solution Status 	Unpatched
  	 
Systems affected 	Available in Customer Area
Approve distribution 	Available in Customer Area
Remediation status 	Secunia VIM
  	 
Software:	
	HP StorageWorks File Migration Agent 2.x

Secunia CVSS Score 	Available in Customer Area
CVE Reference(s) 	No CVE references.

	   	

Description

Two vulnerabilities have been reported in HP StorageWorks File Migration Agent, which can be exploited by malicious people to compromise a vulnerable system.

1) A boundary error in HsmCfgSvc.exe service when processing CIFS archive names can be exploited to cause a stack-based buffer overflow via specially crafted packets sent to TCP port 9111.

2) A boundary error in HsmCfgSvc.exe service when processing the root path of FTP archives can be exploited to cause a stack-based buffer overflow via specially crafted packets sent to TCP port 9111.

Solution
The vendor recommends to restrict access to trusted hosts only.

Provided and/or discovered by
AbdulAziz Hariri via ZDI

Original Advisory
ZDI:
http://www.zerodayinitiative.com/advisories/ZDI-12-126/
http://www.zerodayinitiative.com/advisories/ZDI-12-127/