| CVE ID | CVE-2011-4147 |
| CVSS SCORE | 10.0, AV:N/AC:L/Au:N/C:C/I:C/A:C |
| AFFECTED VENDORS |
Hewlett-Packard |
| AFFECTED PRODUCTS |
Virtual SAN Appliance |
| VULNERABILITY DETAILS |
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett-Packard Virtual SAN appliance. Authentication is not required to exploit this vulnerability. The flaw exists within the hydra.exe component which listens by default on port 13838. When parsing a login request the Hydra daemon will call sscanf() using fixed-length stack buffers and no length checks. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the SYSTEM service. |
| ADDITIONAL DETAILS |
March 23, 2011 - This vulnerability is being disclosed publicly without a patch in accordance with the ZDI 180 day deadline. -- Mitigations: |
| DISCLOSURE TIMELINE |
|
| CREDIT | Nicolas Gregoire of Agarri (www.agarri.fr) |
