CVE-2011-1853 – HP 3COM/H3C Intelligent Management Center tftpserver opcode_table Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2011-1853
tftpserver.exe in HP Intelligent Management Center (IMC) 5.0 before E0101L02 allows remote attackers to execute arbitrary code via a (1) large or (2) invalid opcode field, related to a function pointer table. tftpserver.exe en HP Intelligent Management Center (IMC) v5.0 antes de E0101L02 permite a atacantes remotos ejecutar código de su elección a través de un campo (1) grande o (2) de opcode no válido, relacionado con una tabla de puntero de función. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP 3com/H3C Intelligent Management Center. Authentication is not required to exploit this vulnerability. The flaw exists within the tftpserver.exe component which listens by default on UDP port 69. When handling the opcode word of a packet the process uses this value as a lookup into a function pointer table. The process then calls into the calculated address. • http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02822750 http://securitytracker.com/id?1025519 http://www.securityfocus.com/bid/47789 http://www.zerodayinitiative.com/advisories/ZDI-11-165 • CWE-20: Improper Input Validation •
CVE-2011-1852 – HP 3COM/H3C Intelligent Management Center tftpserver DATA/ERROR Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2011-1852
Multiple stack-based buffer overflows in tftpserver.exe in HP Intelligent Management Center (IMC) 5.0 before E0101L02 allow remote attackers to execute arbitrary code via crafted packet content accompanying a (1) DATA or (2) ERROR opcode. Múltiples desbordamientos de búfer basado en pila en tftpserver.exe en HP Intelligent Management Center (IMC) v5.0 antes de E0101L02 permite a atacantes remotos ejecutar código de su elección a través de un paquete de contenido manipulado acompañando un opcode (1) DATA o (2) ERROR. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP 3COM/H3C Intelligent Management Center. Authentication is not required to exploit this vulnerability. The flaw exists within the tftpserver.exe component which listens by default on UDP port 69. When handling a TFTP packet type 0x03 or 0x05 (DATA or ERROR) the process blindly copies user supplied data into a fixed-length buffer on the stack. • http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02822750 http://securitytracker.com/id?1025519 http://www.securityfocus.com/bid/47789 http://www.zerodayinitiative.com/advisories/ZDI-11-164 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2011-1850 – HP 3COM/H3C Intelligent Management Center dbman sprintf Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2011-1850
Stack-based buffer overflow in the logging functionality in dbman.exe in HP Intelligent Management Center (IMC) 5.0 before E0101L02 allows remote attackers to execute arbitrary code via vectors related to a received action. Desbordamiento de búfer basado en pila en la funcionalidad de registro en dbman.exe en HP Intelligent Management Center (IMC) v5.0 antes de E0101L02, permite a atacantes remotos ejecutar código de su elección a través de vectores relacionados con una acción recibida. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP 3com/H3C Intelligent Management Center. Authentication is not required to exploit this vulnerability. The flaw exists within the dbman.exe component which listens by default on UDP port 2810. When logging received actions to dbman_debug.log sprintf is used to build the log message. • http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02822750 http://securitytracker.com/id?1025519 http://www.securityfocus.com/bid/47789 http://www.zerodayinitiative.com/advisories/ZDI-11-162 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2011-1851 – HP 3COM/H3C Intelligent Management Center tftpserver mode Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2011-1851
Stack-based buffer overflow in tftpserver.exe in HP Intelligent Management Center (IMC) 5.0 before E0101L02 allows remote attackers to execute arbitrary code via a long mode field. Desbordamiento de búfer basado en pila en tftpserver.exe en HP Intelligent Management Center (IMC) v5.0 anterior a E0101L02 permite a atacantes remotos ejecutar código de su elección a través de un campo "long mode". This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP 3com/H3C Intelligent Management Center. Authentication is not required to exploit this vulnerability. The flaw exists within the tftpserver.exe component which listens by default on UDP port 69. When handling the transfer mode field this value is passed through toupper before being stored in a local buffer for string comparison. • http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02822750 http://securitytracker.com/id?1025519 http://www.securityfocus.com/bid/47789 http://www.zerodayinitiative.com/advisories/ZDI-11-163 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2011-1848 – HP 3COM/H3C Intelligent Management Center img Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2011-1848
Stack-based buffer overflow in img.exe in HP Intelligent Management Center (IMC) 5.0 before E0101L02 allows remote attackers to execute arbitrary code via a crafted length field in a packet. Desbordamiento de búfer basado en pila en img.exe en HP Intelligent Management Center (IMC)v5.0 anterior a E0101L02 permite a atacantes remotos ejecutar código de su elección a través del campo longitud manipulado en un paquete. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP 3COM/H3C Intelligent Management Center. Authentication is not required to exploit this vulnerability. The flaw exists within the img.exe component which listens by default on TCP port 8800. When handling a packet the process uses the packet length field to make a calculation and blindly copies user supplied data into a fixed-length buffer on the stack. • http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02822750 http://securitytracker.com/id?1025519 http://www.securityfocus.com/bid/47789 http://www.zerodayinitiative.com/advisories/ZDI-11-160 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •