CVE-2009-3999

Related Files

HP Power Manager 'formExportDataLogs' Buffer Overflow

Posted Oct 20, 2011

Authored by Alin Rad Pop, sinn3r, ipax | Site metasploit.com

This Metasploit module exploits a buffer overflow in HP Power Manager's 'formExportDataLogs'. By creating a malformed request specifically for the fileName parameter, a stack-based buffer overflow occurs due to a long error message (which contains the fileName), which may result in arbitrary remote code execution under the context of 'SYSTEM'.

tags | exploit, remote, overflow, arbitrary, code execution

advisories | CVE-2009-3999

SHA-256 | 0e4c84f448f90124f9f12c53d533fe71d62881437ab85d0ea37f8f9dff741fe0

Download | Favorite | View

HP Power Manager "formExportDataLogs" Buffer Overflow

Posted Jan 21, 2010

Authored by Alin Rad Pop | Site secunia.com

Secunia Research has discovered a vulnerability in HP Power Manager, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to a boundary error when processing parameters sent to the /goform/formExportDataLogs URL. This can be exploited to cause a stack-based buffer overflow via an overly long "fileName" parameter. Successful exploitation allows execution of arbitrary code. Version 4.2.9 is affected.

tags | advisory, overflow, arbitrary

advisories | CVE-2009-3999

SHA-256 | fbf4697d7b193b303eab401b5d9ec51a535b6334f69e22214ec5cb25d1d89dd6

Download | Favorite | View

HP Security Bulletin HPSBMA02485 SSRT090252

Posted Jan 20, 2010

Authored by Hewlett Packard | Site hp.com

HP Security Bulletin - Potential security vulnerabilities have been identified with HP Power Manager. The vulnerabilities could be exploited remotely to execute arbitrary code.

tags | advisory, arbitrary, vulnerability

advisories | CVE-2009-3999, CVE-2009-4000

SHA-256 | 75dc8a05f116b4ff10d5280b49741f919e170bd154f9b188374109751a2eeee9

Download | Favorite | View