The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

vulnerability alert CVE-2011-4789

HP Diagnostics Server, LoadRunner: buffer overflow via magentservice.exe

Synthesis of the vulnerability

An unauthenticated attacker can send a malicious packet to HP Diagnostics Server or LoadRunner, in order to generate a buffer overflow, leading to a denial of service or to code execution.
Vulnerable software: HP Diagnostics, LoadRunner.
Severity of this announce: 3/4.
Consequences of an intrusion: privileged access/rights, user access/rights, denial of service on service.
Attacker's origin: intranet client.
Creation date: 13/01/2012.
Références of this computer vulnerability: BID-51398, c03216705, CVE-2011-4789, HPSBMU02785, SSRT100526, VIGILANCE-VUL-11281, ZDI-12-016.

Description of the vulnerability

The magentservice.exe service of HP Diagnostics Server listens on port 23472.

This service analyzes messages received on the port: the 32 first bits indicate a size, which is decremented by one, before been used to copy the remaining data. For example, if the packets starts with 0x00000000, the service tries to copy 0xFFFFFFFF bytes, which corrupts the memory.

An unauthenticated attacker can therefore send a malicious packet to HP Diagnostics Server, in order to generate a buffer overflow, leading to a denial of service or to code execution.

This vulnerability also impacts HP LoadRunner.
Full Vigil@nce bulletin... (Free trial)

Computer vulnerabilities tracking service

Vigil@nce provides systems vulnerabilities announces. Each administrator can customize the list of products for which he wants to receive vulnerability alerts. The Vigil@nce security watch publishes vulnerability bulletins about threats impacting the information system. The Vigil@nce vulnerability database contains several thousand vulnerabilities.