This application requires Javascript for optimal performance.

HP.Application.Recovery.Manager.MSG.PROTOCOL.Stack.Overflow

Release Date

Jan 12, 2010

Severity

critical

Impact

System Compromise: Remote attackers can gain control of vulnerable systems.

Description

This indicates an attack attempt against a stack overflow vulnerability in
HP Application Recovery Manager.

The vulnerability is caused by an error when the vulnerable software handles a malicious packet. It allows a remote attacker to execute arbitrary code.

Affected Products

HP OpenView Data Protector Application Recovery Manager 5.5
HP OpenView Data Protector Application Recovery Manager 6.0

Recommended Actions

Apply the latest update from the vendor:
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01943909

Coverage

IPS
VCM

Common Vulnerabilities and Exposures (CVE)

CVE-2011-1729
CVE-2007-2280
CVE-2009-3844
CVE-2011-1865

Reference/s

http://www.exploit-db.com/exploits/10715
http://www.securityfocus.com/bid/37396 (BugTraq)
http://www.securityfocus.com/bid/37250 (BugTraq)
http://www.zerodayinitiative.com/advisories/ZDI-09-091/

Reference: VID-18028