HPOpenView Performance Agent DynaZip Buffer Overflow Vulnerability

Last Update Date: 28 Jan 2011 Release Date: 14 Apr 2009 4934 Views

RISK: Medium Risk

Medium Risk

A vulnerability has been identified in HP OpenView Performance Agent and HP Performance Agent, which could be exploited by remote attackers to compromise a vulnerable system.Buffer overflow errors in the "dzip32.dll" and "dzips32.dll" libraries when repairing, adding, updating, or freshening files in a ZIP archive containing a file with an overly long filename, which could be exploited by attackers to compromise a vulnerable system via a specially crafted ZIP archive.

Impact

  • Remote Code Execution

System / Technologies affected

  • HP OpenView Performance Agent version C.04.60 (Windows)
  • HP Performance Agent version C.04.70 (Windows)
  • HP Performance Agent version C.04.72 (Windows)

Solutions

Note: There is no patch available for this vulnerability currently.

Workaround:

Contact HP Services support and request the Performance Agent Hotfix: "Migrate away from the 3.0.0.15 version of DynaZip library".

Vulnerability Identifier

Source

Related Link

Share with

Previous

SunSolaris and SEAM Kerberos Multiple Vulnerabilities

14 Apr 2009 4648 Views

Next

ClamAVcli_url_canon()" Buffer Overflow and UPack DoS Vulnerabilities

14 Apr 2009 4732 Views

We use cookies to give you the best possible experience on our website. By continuing to browse this site, you give consent for cookies to be used. For more details please read our Cookie Policy.

PRIVACY POLICY