Wednesday, 9 December 2009

HP Application Recovery Manager Stack Buffer Overflow Vulnerability

TippingPoint's Zero Day Initiative (ZDI) has published an advisory for a remote pre authentication stack buffer overflow vulnerability in the Hewlett-Packard Application Recovery Manager which leads to arbitrary code execution. This vulnerability was discovered by Stephen Fewer of Harmony Security.

You can read the full ZDI advisory here:
http://www.zerodayinitiative.com/advisories/ZDI-09-091/

And the HP advisory here:
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01943909

Interestingly, HP only report this as a remote Denial of Service vulnerability while both ZDI and Harmony Security have confirmed it as a remote code execution vulnerability.

No comments: