Информационная безопасность
[RU] switch to English


Многочисленные уязвимости безопасности в HP Intelligent Management Center
Опубликовано:11 мая 2011 г.
Источник:
SecurityVulns ID:11665
Тип:удаленная
Уровень опасности:
7/10
Описание:Многочисленные уязвимости в различных компонентах, приводящие к возможности удаленного выполнения кода.
CVE:CVE-2011-1854 (Use-after-free vulnerability in HP Intelligent Management Center (IMC) 5.0 before E0101L02 allows remote attackers to execute arbitrary code via a long syslog packet, related to an exception handler.)
 CVE-2011-1853 (tftpserver.exe in HP Intelligent Management Center (IMC) 5.0 before E0101L02 allows remote attackers to execute arbitrary code via a (1) large or (2) invalid opcode field, related to a function pointer table.)
 CVE-2011-1852 (Multiple stack-based buffer overflows in tftpserver.exe in HP Intelligent Management Center (IMC) 5.0 before E0101L02 allow remote attackers to execute arbitrary code via crafted packet content accompanying a (1) DATA or (2) ERROR opcode.)
 CVE-2011-1851 (Stack-based buffer overflow in tftpserver.exe in HP Intelligent Management Center (IMC) 5.0 before E0101L02 allows remote attackers to execute arbitrary code via a long mode field.)
 CVE-2011-1850 (Stack-based buffer overflow in the logging functionality in dbman.exe in HP Intelligent Management Center (IMC) 5.0 before E0101L02 allows remote attackers to execute arbitrary code via vectors related to a received action.)
 CVE-2011-1849 (tftpserver.exe in HP Intelligent Management Center (IMC) 5.0 before E0101L02 allows remote attackers to create or overwrite files, and subsequently execute arbitrary code, via a crafted WRQ request.)
 CVE-2011-1848 (Stack-based buffer overflow in img.exe in HP Intelligent Management Center (IMC) 5.0 before E0101L02 allows remote attackers to execute arbitrary code via a crafted length field in a packet.)
Оригинальный текстdocumentZDI, ZDI-11-163: HP 3COM/H3C Intelligent Management Center tftpserver mode Remote Code Execution Vulnerability (11.05.2011)
 documentZDI, ZDI-11-166: HP 3COM/H3C Intelligent Management Center imcsyslogdm Remote Code Execution Vulnerability (11.05.2011)
 documentZDI, ZDI-11-165: HP 3COM/H3C Intelligent Management Center tftpserver opcode_table Remote Code Execution Vulnerability (11.05.2011)
 documentZDI, ZDI-11-162: HP 3COM/H3C Intelligent Management Center dbman sprintf Remote Code Execution Vulnerability (11.05.2011)
 documentZDI, ZDI-11-161: HP 3COM/H3C Intelligent Management Center tftpserver WRQ Remote Code Execution Vulnerability (11.05.2011)
 documentZDI, ZDI-11-160: HP 3COM/H3C Intelligent Management Center img Remote Code Execution Vulnerability (11.05.2011)
 documentZDI, ZDI-11-164: HP 3COM/H3C Intelligent Management Center tftpserver DATA/ERROR Remote Code Execution Vulnerability (11.05.2011)
 documentHP, [security bulletin] HPSBGN02680 SSRT100361 rev.1 - HP Intelligent Management Center (IMC), Remote Execution of Arbitrary Code (11.05.2011)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород