U radu programskog paketa HP Intelligent Management Center uočena su dva sigurnosna propusta. Lokalnim napadačima omogućuju neovlašteni pristup sustavu i pokretanje proizvoljnog programskog koda.

Secunia Advisory SA50328
HP Intelligent Management Center Two Vulnerabilities

Release Date 	2012-08-23
Criticality level 	Moderately criticalModerately critical
Impact 	System access
Where 	From local network
Authentication level 	Available in Customer Area
  	 
Report reliability 	Available in Customer Area
Solution Status 	Unpatched
  	 
Systems affected 	Available in Customer Area
Approve distribution 	Available in Customer Area
Remediation status 	Secunia VIM
  	 
Software:	
	HP Intelligent Management Center (IMC) 5.x

Secunia CVSS Score 	Available in Customer Area
CVE Reference(s) 	No CVE references.

	   	

Description

Two vulnerabilities have been reported in HP Intelligent Management Center, which can be exploited by malicious people to compromise a vulnerable system.

1) An integer overflow error in img.exe can be exploited to cause a heap-based buffer overflow via a specially crafted packet sent to TCP port 8800.

2) A boundary error in iNOdeMngChecker.exe when handling packets of type 0x0A0BF007 can be exploited to cause a stack-based buffer overflow via a specially crafted packet sent to TCP port 9090.

Successful exploitation of the vulnerabilities allows execution of arbitrary code.

Solution
No official solution is currently available.

Provided and/or discovered by
1) gwslabs.com via ZDI.
2) An anonymous person and Luigi Auriemma via ZDI.

Original Advisory
ZDI:
http://www.zerodayinitiative.com/advisories/ZDI-12-163/
http://www.zerodayinitiative.com/advisories/ZDI-12-164/