Skip to main content

HP StorageWorks File Migration Agent Buffer Overflow Vulnerabilities

Last Update Date: 20 Jul 2012 10:25 Release Date: 20 Jul 2012 5092 Views

RISK: High Risk

TYPE: Servers - Other Servers

TYPE: Other Servers

Two vulnerabilities have been identified in HP StorageWorks File Migration Agent, which can be exploited by malicious people to compromise a vulnerable system.

  1. A boundary error in HsmCfgSvc.exe service when processing CIFS archive names can be exploited to cause a stack-based buffer overflow via specially crafted packets sent to TCP port 9111.
  2. A boundary error in HsmCfgSvc.exe service when processing the root path of FTP archives can be exploited to cause a stack-based buffer overflow via specially crafted packets sent to TCP port 9111.

Note: There is no patch available for this vulnerability currently.


Impact

  • Remote Code Execution

System / Technologies affected

  • HP StorageWorks File Migration Agent 2.x

Solutions

  • There is no patch available for this vulnerability currently.
  • Workaround: It is recommended to restrict access to trusted hosts only.

Vulnerability Identifier

  • No CVE information is available

Source


Related Link