Vulnerability Note VU#895524
HP System Management Homepage vulnerable to a denial-of-service condition
HP System Management Homepage 18.104.22.168 and possibly earlier versions contain a denial-of-service vulnerability (CWE-121).
CWE-121: Stack-based Buffer Overflow
HP System Management Homepage 22.214.171.124 contains a denial-of-service vulnerability. The remote attacker may send the listener service a malformed request using the iprange parameter in /proxy/DataValidation. One of the listener child processes will then crash with that request value, overwriting EIP and corrupting the stack, resulting in a denial-of-service condition.
A remote attacker may be able to cause a denial-of-service condition against the HP System Management Homepage software.
HP has made System Management Homepage (SMH) v7.2.1 available for Windows and Linux to resolve the vulnerabilities. In the event that updating is not possible, the following workaround is also available.
Vendor Information (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Hewlett-Packard Company||Affected||28 Jun 2013||20 Sep 2013|
CVSS Metrics (Learn More)
Thanks to the reporter that wishes to remain anonymous.
This document was written by Adam Rauf.
- CVE IDs: CVE-2013-4821
- Date Public: 18 Sep 2013
- Date First Published: 24 Sep 2013
- Date Last Updated: 24 Sep 2013
- Document Revision: 13
If you have feedback, comments, or additional information about this vulnerability, please send us email.