Lucene search

SAINT CorporationSAINT:B4EBC4071B1A0845ECB3522834CBA1BE

HistoryAug 20, 2012 - 12:00 a.m.

HP Operations Agent Opcode 0x8c vulnerability

2012-08-2000:00:00

SAINT Corporation

download.saintcorporation.com

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.946 High

EPSS

Percentile

99.3%

JSON

Added: 08/20/2012
CVE: CVE-2012-2020
BID: 54362
OSVDB: 83674

Background

HP Operations Agents is a fault and performance monitoring solution for servers.

Problem

A buffer overflow vulnerability in the **coda.exe** process, which listens on a random TCP port, could allow remote attackers to execute arbitrary code by sending a specially crafted GET request.

Resolution

Apply the patch referenced in HPSBMU02796 SSRT100594.

References

<http://www.zerodayinitiative.com/advisories/ZDI-12-115/>

Limitations

This exploit has been tested against HP Operations Agent 11.00 on Windows Server 2003 SP2 English (DEP OptOut).

Platforms

Windows

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.946 High

EPSS

Percentile

99.3%

JSON

Related for SAINT:B4EBC4071B1A0845ECB3522834CBA1BE