The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

weakness announce CVE-2011-0272

HP LoadRunner, Performance Center: code execution

Synthesis of the vulnerability

An attacker can generate a buffer overflow in the magentproc.exe process, in order to execute code with SYSTEM privileges.
Severity of this weakness: 3/4.
Creation date: 25/01/2011.
Références of this bulletin: BID-45792, c02680678, CERTA-2011-AVI-019, CVE-2011-0272, HPSBMA02624, SSRT100195, VIGILANCE-VUL-10296, ZDI-11-015.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The HP LoadRunner and HP Performance Center products install the magentproc.exe process. It listens on ports 5001/tcp and 5002/tcp, when HttpTunnel is enabled.

However, the process does not check the allocation size requested by the client. A malicious client can thus request a short memory area, in order to create an overflow.

An attacker can therefore generate a buffer overflow in the magentproc.exe process, in order to execute code with SYSTEM privileges.
Full Vigil@nce bulletin... (Free trial)

This vulnerability alert impacts software or systems such as LoadRunner, Performance Center.

Our Vigil@nce team determined that the severity of this computer weakness alert is important.

The trust level is of type confirmed by the editor, with an origin of intranet client.

An attacker with a expert ability can exploit this computer vulnerability.

Solutions for this threat

HP LoadRunner, Performance Center: version 9.52.
The version 9.52 is corrected:
  http://www.hp.com/
A workaround is to close ports 5001/5002, by disabling HttpTunnel in {InstallationFolder}\launch_service\dat\merc_agent.cfg:
  [Attributes]
    HttpTunnel=0
Full Vigil@nce bulletin... (Free trial)

Computer vulnerabilities tracking service

Vigil@nce provides computer vulnerability announces. The Vigil@nce vulnerability database contains several thousand vulnerabilities. The technology watch team tracks security threats targeting the computer system. The Vigil@nce computer vulnerability tracking service alerts your teams of vulnerabilities or threats impacting your information system.