The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Vulnerability of HP Diagnostics Server, LoadRunner: buffer overflow via magentservice.exe

Synthesis of the vulnerability

An unauthenticated attacker can send a malicious packet to HP Diagnostics Server or LoadRunner, in order to generate a buffer overflow, leading to a denial of service or to code execution.
Severity of this announce: 3/4.
Creation date: 13/01/2012.
Références of this computer vulnerability: BID-51398, c03216705, CVE-2011-4789, HPSBMU02785, SSRT100526, VIGILANCE-VUL-11281, ZDI-12-016.

Description of the vulnerability

The magentservice.exe service of HP Diagnostics Server listens on port 23472.

This service analyzes messages received on the port: the 32 first bits indicate a size, which is decremented by one, before been used to copy the remaining data. For example, if the packets starts with 0x00000000, the service tries to copy 0xFFFFFFFF bytes, which corrupts the memory.

An unauthenticated attacker can therefore send a malicious packet to HP Diagnostics Server, in order to generate a buffer overflow, leading to a denial of service or to code execution.

This vulnerability also impacts HP LoadRunner.
Full Vigil@nce bulletin... (Free trial)

This vulnerability note impacts software or systems such as HP Diagnostics, LoadRunner.

Our Vigil@nce team determined that the severity of this cybersecurity vulnerability is important.

The trust level is of type confirmed by the editor, with an origin of intranet client.

A proof of concept or an attack tool is available, so your teams have to process this alert. An attacker with a technician ability can exploit this computer threat note.

Solutions for this threat

HP Diagnostics Server: workaround for magentservice.exe.
A workaround is to filter access to port 23472.

HP LoadRunner: version 11.00 patch 4.
The version 11.00 patch 4 is corrected:
  http://support.openview.hp.com/selfsolve/patches
Full Vigil@nce bulletin... (Free trial)

Computer vulnerabilities tracking service

Vigil@nce provides software vulnerability bulletins. Each administrator can customize the list of products for which he wants to receive vulnerability alerts.