(0Day) HP iNode Management Center iNodeMngChecker.exe Remote Code Execution Vulnerability

CVSS Score

10, (AV:N/AC:L/Au:N/C:C/I:C/A:C)

Affected Vendors

Hewlett-Packard

Affected Products

iNode Management Center

Vulnerability Details

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP H3C/3Com iNode Management Center. Authentication is not required to exploit this vulnerability.

The flaw exists within the iNOdeMngChecker.exe component which listens by default on TCP port 9090. When handling the 0x0A0BF007 packet type the process blindly copies user supplied data into a fixed-length buffer on the stack. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the SYSTEM user.

Vendor Response

This vulnerability is being disclosed publicly without a patch in accordance with the ZDI 180 day deadline.

Disclosure Timeline

2011-11-04 - Vulnerability reported to vendor
2012-08-22 - Coordinated public release of advisory

Credit

Anonymous
Luigi Auriemma

Published Advisories

ZDI-13-079: Oracle

• published 2013-05-10

ZDI-13-078: Oracle

• published 2013-05-10

ZDI-13-077: Oracle

• published 2013-05-10

ZDI-13-076: Oracle

• published 2013-05-10

ZDI-13-075: Oracle

• published 2013-05-10

Upcoming Advisories

Oracle

• reported 2013-05-14, 0 days ago

Adobe

• reported 2013-05-14, 0 days ago

Oracle

• reported 2013-05-14, 0 days ago

Apple

• reported 2013-05-14, 0 days ago

IBM

• reported 2013-05-14, 0 days ago

Recent Press

Google offers $20,000 prize in annual hack-off

• published Feb. 2, 2011, The Register

Pwn2Own 2011: Google offering $20,000 for Chrome sandbox ...

• published Feb. 2, 2011, ZDNet

Google Offers Bucks For Bugs In Its Web ...

• published Nov. 2, 2010, Dark Reading

How Microsoft ranks with the most tardy bug ...

• published Aug. 5, 2010, Network World

HP TippingPoint gives deadline to vendors

• published Aug. 5, 2010, International Business Times