HP Operations Agent for NonStop Server ELinkService HEALTH packet buffer overflow

Added: 10/26/2012
BID: 55161
OSVDB: 84854

Background

HP Operations Agents is a fault and performance monitoring solution for servers.

Problem

A buffer overflow vulnerability in HP Operations Agent for NonStop server allows an attacker to execute arbitrary commands by sending a specially crafted HEALTH packet to the ELinkService process. The commands are executed when a manager tries to operate the system.

Resolution

Block access to the ELinkService ports at the firewall. The default ports are 7771/TCP and 8976/TCP.

References

http://www.zerodayinitiative.com/advisories/ZDI-12-165/

Limitations

Exploit works on HP Operations Agent for NonStop Server 5.0.

In order for the exploit to succeed, the manager must try to operate the system using the management tools, such as the utilities inside All Programs->HP OVNM->NonStop Object Management from the Start menu. Therefore, this exploit runs an exploit server to listen for shell connections and is not included in automated pentests.

Platforms

Windows

Back to exploit index