Otkriven je sigurnosni nedostatak u radu paketa HP Intelligent Management Center User Access Manager (UAM) 5.x čije iskorištavanje omogućuje pokretanje proizvoljnog programskog koda sa SYSTEM ovlastima.

HP Intelligent Management Center UAM Buffer Overflow Vulnerability
Secunia Advisory 	SA50406 	

Release Date 	2012-08-30
Criticality level 	Moderately criticalModerately critical
Impact 	System access
Where 	From local network
Authentication level 	Available in Customer Area
  	 
Report reliability 	Available in Customer Area
Solution Status 	Unpatched
  	 
Systems affected 	Available in Customer Area
Approve distribution 	Available in Customer Area
Remediation status 	Secunia VIM
  	 
Software:	
	HP Intelligent Management Center User Access Manager (UAM) 5.x

Secunia CVSS Score 	Available in Customer Area
CVE Reference(s) 	No CVE references.

	   	

Description

A vulnerability has been reported in HP Intelligent Management Center UAM, which can be exploited by malicious people to compromise a vulnerable system.

The vulnerability is caused due to a boundary error in the uam.exe component when logging certain actions. This can be exploited to cause a stack-based buffer overflow via a specially crafted datagram sent to UDP port 1811.

Successful exploitation may allow execution of arbitrary code with privileges of the SYSTEM user.

Solution
No official solution is currently available.

Provided and/or discovered by
e6af8de8b1d4b2b6d5ba2610cbf9cd38 via ZDI

Original Advisory
ZDI:
http://www.zerodayinitiative.com/advisories/ZDI-12-171/