HP Operations Agent Opcode 0x8c vulnerability

Added: 08/20/2012
CVE: CVE-2012-2020
BID: 54362
OSVDB: 83674

Background

HP Operations Agents is a fault and performance monitoring solution for servers.

Problem

A buffer overflow vulnerability in the coda.exe process, which listens on a random TCP port, could allow remote attackers to execute arbitrary code by sending a specially crafted GET request.

Resolution

Apply the patch referenced in HPSBMU02796 SSRT100594.

References

http://www.zerodayinitiative.com/advisories/ZDI-12-115/

Limitations

This exploit has been tested against HP Operations Agent 11.00 on Windows Server 2003 SP2 English (DEP OptOut).

Platforms

Windows

Back to exploit index