(0Day) Hewlett-Packard Virtual SAN Appliance hydra.exe Login Request Remote Code Execution Vulnerability
ZDI-11-111: March 23rd, 2011CVE ID
CVSS Score
Affected Vendors
Affected Products
-
Virtual SAN Appliance
Vulnerability Details
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett-Packard Virtual SAN appliance. Authentication is not required to exploit this vulnerability.
The flaw exists within the hydra.exe component which listens by default on port 13838. When parsing a login request the Hydra daemon will call sscanf() using fixed-length stack buffers and no length checks. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the SYSTEM service.
Vendor Response
Hewlett-Packard states:March 23, 2011 - This vulnerability is being disclosed publicly without a patch in accordance with the ZDI 180 day deadline.
-- Mitigations:
This vulnerability could be mitigated by administrators by restricting communication with the hydra agent to known client IP addresses.
Disclosure Timeline
-
2010-09-24 - Vulnerability reported to vendor
2011-03-23 - Coordinated public release of advisory
Credit
This vulnerability was discovered by:-
Nicolas Gregoire of Agarri (www.agarri.fr)
