| The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them. |
|
 |
|
|
Computer vulnerabilities of LoadRunner
Windows domain: privilege escalation via Kerberos KDC
Synthesis of the vulnerability
An attacker, who is authenticated on the domain, can create a fake Kerberos ticket for Windows, in order to obtain privileges of the domain administrator.
Impacted products: LoadRunner, Performance Center, Windows 2003, Windows 2008 R0, Windows 2008 R2, Windows 2012.
Severity: 3/4.
Consequences: administrator access/rights, privileged access/rights.
Provenance: user account.
Creation date: 18/11/2014.
Identifiers: 3011780, c04526330, CERTFR-2014-ALE-011, CERTFR-2014-AVI-489, CVE-2014-6324, HPSBMU03224, MS14-068, VIGILANCE-VUL-15667, VU#213119.
Description of the vulnerability
Domain controllers implement the Kerberos KDC (Key Distribution Center) service, which processes authorizations for domain users.
Kerberos tickets are signed. However, the Windows implementation of KDC accepts tickets without a valid signature.
An attacker, who is authenticated on the domain, can therefore create a fake Kerberos ticket for Windows, in order to obtain privileges of the domain administrator.
Full Vigil@nce bulletin... (Free trial) |
HP LoadRunner: multiple vulnerabilities of Virtual User Generator
Synthesis of the vulnerability
An attacker can use several vulnerabilities of Virtual User Generator of HP LoadRunner.
Impacted products: LoadRunner.
Severity: 3/4.
Consequences: administrator access/rights, privileged access/rights, user access/rights.
Provenance: intranet client.
Number of vulnerabilities in this bulletin: 4.
Creation date: 04/11/2013.
Revision date: 17/04/2014.
Identifiers: BID-63475, BID-63476, BID-63477, c03969437, CVE-2013-4837, CVE-2013-4838, CVE-2013-4839, CVE-2013-6213, HPSBMU02935, SSRT101191, SSRT101192, SSRT101193, SSRT101357, VIGILANCE-VUL-13687, ZDI-14-100, ZDI-CAN-1832, ZDI-CAN-1833, ZDI-CAN-1850, ZDI-CAN-1851.
Description of the vulnerability
Several vulnerabilities were announced in HP LoadRunner.
An attacker can use a vulnerability of Virtual User Generator, in order to execute code. [severity:3/4; BID-63475, CVE-2013-4837, SSRT101191, ZDI-CAN-1832]
An attacker can use a vulnerability of Virtual User Generator, in order to execute code. [severity:3/4; BID-63476, CVE-2013-4838, SSRT101192, ZDI-CAN-1850]
An attacker can use a vulnerability of Virtual User Generator, in order to execute code. [severity:3/4; BID-63477, CVE-2013-4839, SSRT101193, ZDI-CAN-1851]
An attacker can use a vulnerability of Virtual User Generator, in order to execute code. [severity:3/4; CVE-2013-6213, SSRT101357, ZDI-14-100, ZDI-CAN-1833]
Full Vigil@nce bulletin... (Free trial) |
OpenSSL: information disclosure via Heartbeat
Synthesis of the vulnerability
An attacker can use the Heartbeat protocol on an application compiled with OpenSSL, in order to obtain sensitive information, such as keys stored in memory.
Impacted products: Tomcat, ArubaOS, i-Suite, ProxyAV, ProxySG par Blue Coat, SGOS by Blue Coat, ARCserve Backup, ASA, Cisco Catalyst, IOS XE Cisco, Prime Infrastructure, Cisco PRSM, Cisco Router, Cisco CUCM, Cisco IP Phone, Cisco Unity ~ precise, XenDesktop, Clearswift Email Gateway, Clearswift Web Gateway, Debian, ECC, PowerPath, ArcGIS ArcView, ArcGIS for Desktop, ArcGIS for Server, Black Diamond, ExtremeXOS, Summit, BIG-IP Hardware, TMOS, Fedora, FortiClient, FortiGate, FortiGate Virtual Appliance, FortiOS, FreeBSD, HP Diagnostics, LoadRunner, Performance Center, AIX, WebSphere MQ, IVE OS, Juniper J-Series, Junos OS, Junos Pulse, Juniper Network Connect, Juniper SA, Juniper UAC, LibreOffice, McAfee Email Gateway, ePO, GroupShield, McAfee NGFW, VirusScan, McAfee Web Gateway, Windows 8, Windows RT, MySQL Enterprise, NetBSD, OpenBSD, OpenSSL, openSUSE, Opera, Solaris, pfSense, HDX, RealPresence Collaboration Server, Polycom VBP, Puppet, RHEL, RSA Authentication Manager, SIMATIC, Slackware, Sophos AV, Splunk Enterprise, Stonesoft NGFW/VPN, stunnel, ASE, OfficeScan, Ubuntu, Unix (platform) ~ not comprehensive, ESXi, VMware Player, vCenter Server, VMware vSphere, VMware vSphere Hypervisor, VMware Workstation, Websense Email Security, Websense Web Filter, Websense Web Security.
Severity: 3/4.
Consequences: data reading.
Provenance: internet client.
Number of vulnerabilities in this bulletin: 2.
Creation date: 08/04/2014.
Identifiers: 1669839, 190438, 2076225, 2962393, c04236102, c04267775, c04286049, CA20140413-01, CERTFR-2014-ALE-003, CERTFR-2014-AVI-156, CERTFR-2014-AVI-161, CERTFR-2014-AVI-162, CERTFR-2014-AVI-167, CERTFR-2014-AVI-169, CERTFR-2014-AVI-177, CERTFR-2014-AVI-178, CERTFR-2014-AVI-179, CERTFR-2014-AVI-180, CERTFR-2014-AVI-181, CERTFR-2014-AVI-198, CERTFR-2014-AVI-199, CERTFR-2014-AVI-213, cisco-sa-20140409-heartbleed, CTX140605, CVE-2014-0160, CVE-2014-0346-REJECT, DSA-2896-1, DSA-2896-2, emr_na-c04236102-7, ESA-2014-034, ESA-2014-036, ESA-2014-075, FEDORA-2014-4879, FEDORA-2014-4910, FEDORA-2014-4982, FEDORA-2014-4999, FG-IR-14-011, FreeBSD-SA-14:06.openssl, Heartbleed, HPSBMU02995, HPSBMU03025, HPSBMU03040, ICSA-14-105-03, JSA10623, MDVSA-2014:123, MDVSA-2015:062, NetBSD-SA2014-004, openSUSE-SU-2014:0492-1, openSUSE-SU-2014:0560-1, openSUSE-SU-2014:0719-1, pfSense-SA-14_04.openssl, RHSA-2014:0376-01, RHSA-2014:0377-01, RHSA-2014:0378-01, RHSA-2014:0396-01, RHSA-2014:0416-01, SA40005, SA79, SB10071, SOL15159, SPL-82696, SSA:2014-098-01, SSA-635659, SSRT101565, USN-2165-1, VIGILANCE-VUL-14534, VMSA-2014-0004, VMSA-2014-0004.1, VMSA-2014-0004.2, VMSA-2014-0004.3, VMSA-2014-0004.6, VMSA-2014-0004.7, VU#720951.
Description of the vulnerability
The Heartbeat extension of TLS (RFC 6520) provides a keep-alive feature, without performing a renegotiation. It exchanges random data in a payload.
Version 1.0.1 of OpenSSL implements Heartbeat, which is enabled by default. The [d]tls1_process_heartbeat() function manages Heartbeat messages. However, it does not check the size of random data, and continues to read after the end of the payload, and then sends the full memory area (up to 64kb) to the peer (client or server).
An attacker can therefore use the Heartbeat protocol on an application compiled with OpenSSL, in order to obtain sensitive information, such as keys stored in memory.
Full Vigil@nce bulletin... (Free trial) |
HP LoadRunner: multiple vulnerabilities
Synthesis of the vulnerability
An attacker can use several vulnerabilities of HP LoadRunner.
Impacted products: LoadRunner.
Severity: 3/4.
Consequences: administrator access/rights, privileged access/rights, user access/rights, denial of service on service.
Provenance: intranet client.
Number of vulnerabilities in this bulletin: 8.
Creation date: 25/07/2013.
Identifiers: BID-61436, BID-61437, BID-61441, BID-61442, BID-61443, BID-61444, BID-61445, BID-61446, c03862772, CERTA-2013-AVI-441, CVE-2013-2368, CVE-2013-2369, CVE-2013-2370, CVE-2013-4797, CVE-2013-4798, CVE-2013-4799, CVE-2013-4800, CVE-2013-4801, HPSBGN02905, SSRT101074, SSRT101081, SSRT101082, SSRT101083, SSRT101084, SSRT101085, SSRT101114, SSRT101117, VIGILANCE-VUL-13164, ZDI-13-169, ZDI-13-182, ZDI-13-202, ZDI-13-203, ZDI-13-206, ZDI-13-207, ZDI-13-208, ZDI-13-209, ZDI-CAN-1669, ZDI-CAN-1670, ZDI-CAN-1671, ZDI-CAN-1690, ZDI-CAN-1705, ZDI-CAN-1734, ZDI-CAN-1735, ZDI-CAN-1736.
Description of the vulnerability
Several vulnerabilities were announced in HP LoadRunner.
An attacker can generate a buffer overflow in micWebAjax.dll, in order to trigger a denial of service, and possibly to execute code. [severity:2/4; BID-61436, CVE-2013-2368, SSRT101081, ZDI-13-202, ZDI-CAN-1669]
An attacker can generate a memory corruption in lrFileIOService, in order to trigger a denial of service, and possibly to execute code. [severity:3/4; BID-61437, CVE-2013-2369, SSRT101082, ZDI-13-203, ZDI-CAN-1670]
An attacker can generate a memory corruption in lrFileIOService, in order to trigger a denial of service, and possibly to execute code. [severity:3/4; BID-61441, CVE-2013-2370, SSRT101083, ZDI-13-182, ZDI-CAN-1671]
An attacker can generate a memory corruption in LrWebIEBrowserMgr.dll, in order to trigger a denial of service, and possibly to execute code. [severity:3/4; BID-61444, CVE-2013-4797, SSRT101084, ZDI-13-206, ZDI-CAN-1690]
An attacker can generate a memory corruption in lrFileIOService, in order to trigger a denial of service, and possibly to execute code. [severity:3/4; BID-61443, CVE-2013-4798, SSRT101074, ZDI-13-207, ZDI-CAN-1705]
An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to execute code. [severity:3/4; BID-61442, CVE-2013-4799, SSRT101114, ZDI-13-208, ZDI-CAN-1734]
An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to execute code. [severity:3/4; BID-61446, CVE-2013-4800, SSRT101117, ZDI-13-169, ZDI-CAN-1735]
An attacker can generate a memory corruption in lrLRIServices, in order to trigger a denial of service, and possibly to execute code. [severity:3/4; BID-61445, CVE-2013-4801, SSRT101085, ZDI-13-209, ZDI-CAN-1736]
Full Vigil@nce bulletin... (Free trial) |
HP Diagnostics Server, LoadRunner: buffer overflow via magentservice.exe
Synthesis of the vulnerability
An unauthenticated attacker can send a malicious packet to HP Diagnostics Server or LoadRunner, in order to generate a buffer overflow, leading to a denial of service or to code execution.
Impacted products: HP Diagnostics, LoadRunner.
Severity: 3/4.
Consequences: privileged access/rights, user access/rights, denial of service on service.
Provenance: intranet client.
Creation date: 13/01/2012.
Identifiers: BID-51398, c03216705, CVE-2011-4789, HPSBMU02785, SSRT100526, VIGILANCE-VUL-11281, ZDI-12-016.
Description of the vulnerability
The magentservice.exe service of HP Diagnostics Server listens on port 23472.
This service analyzes messages received on the port: the 32 first bits indicate a size, which is decremented by one, before been used to copy the remaining data. For example, if the packets starts with 0x00000000, the service tries to copy 0xFFFFFFFF bytes, which corrupts the memory.
An unauthenticated attacker can therefore send a malicious packet to HP Diagnostics Server, in order to generate a buffer overflow, leading to a denial of service or to code execution.
This vulnerability also impacts HP LoadRunner.
Full Vigil@nce bulletin... (Free trial) |
HP LoadRunner: buffer overflow via Virtual User
Synthesis of the vulnerability
An attacker can create a malicious Virtual User file, in order to create a buffer overflow in HP LoadRunner, and to execute code.
Impacted products: LoadRunner.
Severity: 2/4.
Consequences: user access/rights.
Provenance: document.
Creation date: 07/06/2011.
Identifiers: BID-48073, c03216705, CVE-2011-2328, HPSBMU02785, SSRT100526, VIGILANCE-VUL-10721, VU#987308.
Description of the vulnerability
The HP LoadRunner product simulates users (Virtual User) in order to test an application under load.
Virtual Users are defined in a file with the ".usr" extension. The Vuser User Generator (VuGen.exe) application is called to open ".usr" files. However, when directives in a ".usr" file are too long, a buffer overflow occurs in VuGen.exe.
An attacker can therefore create a malicious Virtual User file, in order to create a buffer overflow in HP LoadRunner, and to execute code.
Full Vigil@nce bulletin... (Free trial) |
HP LoadRunner, Performance Center: code execution
Synthesis of the vulnerability
An attacker can generate a buffer overflow in the magentproc.exe process, in order to execute code with SYSTEM privileges.
Impacted products: LoadRunner, Performance Center.
Severity: 3/4.
Consequences: administrator access/rights, privileged access/rights.
Provenance: intranet client.
Creation date: 25/01/2011.
Identifiers: BID-45792, c02680678, CERTA-2011-AVI-019, CVE-2011-0272, HPSBMA02624, SSRT100195, VIGILANCE-VUL-10296, ZDI-11-015.
Description of the vulnerability
The HP LoadRunner and HP Performance Center products install the magentproc.exe process. It listens on ports 5001/tcp and 5002/tcp, when HttpTunnel is enabled.
However, the process does not check the allocation size requested by the client. A malicious client can thus request a short memory area, in order to create an overflow.
An attacker can therefore generate a buffer overflow in the magentproc.exe process, in order to execute code with SYSTEM privileges.
Full Vigil@nce bulletin... (Free trial) |
Our database contains other pages. You can request a free trial to read them.
Display information about LoadRunner:
|