Vulnerability Bulletins |
Ejecución de código en HP Intelligent Management Center |
|
Vulnerability classification |
|
| Property | Value |
| Confidence level | Oficial |
| Impact | Obtener acceso |
| Dificulty | Avanzado |
| Required attacker level | Acceso remoto sin cuenta a un servicio estandar |
System information |
|
| Property | Value |
| Affected manufacturer | Comercial Software |
| Affected software |
Hp Intelligent Management Center 5.0 E0101l02 Hp Intelligent Management Center 5.0 E0101l01 Hp Intelligent Management Center 5.0 E0101h04 Hp Intelligent Management Center 5.0 E0101h03 Hp Intelligent Management Center 5.0 E0101 |
Description |
|
| Vulnerabilidad de desobrdamiento de búfer basado en pila en uam.exe en el componente User Access Manager (UAM) en HP Intelligent Management Center (IMC) antes de v5.1 E0101P01 permite a atacantes remotos ejecutar código de su elección a través de vectores relacionados con el registro de datos. | |
Solution |
|
| El fabricante ha puesto a disposición del cliente una actualización que solventa la vulnerabilidad presentada. | |
Standar resources |
|
| Property | Value |
| CVE | CVE-2012-3274 |
| BID | |
Other resources |
|
|
(0Day) HP Intelligent Management Center UAM sprintf Remote Code Execution Vulnerability http://zerodayinitiative.com/advisories/ZDI-12-171/ HPSB3C02831 SSRT100661 rev.1 - HP Intelligent Management Center User Access Manager (UAM), Remote Execution of Arbitrary Code https://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c03589863-1%257CdocLocale%253D%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken |
|
Version history |
||
| Version | Comments | Date |
| 1.0 | Aviso emitido | 2012-12-09 |