CVE-2011-1867

Stack-based buffer overflow in iNodeMngChecker.exe in the User Access Manager (UAM) 5.0 before SP1 E0101P03 and Endpoint Admission Defense (EAD) 5.0 before SP1 E0101P03 components in HP Intelligent Management Center (aka iNode Management Center) allows remote attackers to execute arbitrary code via a 0x0A0BF007 packet.

CVSS v2.0 10.0 HIGH

10.0^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://marc.info/?l=bugtraq&m=130982758604404&w=2	Vendor Advisory
http://secunia.com/advisories/45129	Vendor Advisory
http://securityreason.com/securityalert/8302
http://securitytracker.com/id?1025740
http://www.osvdb.org/73597
http://www.securityfocus.com/archive/1/518691/100/0/threaded
http://www.securityfocus.com/bid/48527
http://www.zerodayinitiative.com/advisories/ZDI-11-232/
https://exchange.xforce.ibmcloud.com/vulnerabilities/68348

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:hp:endpoint_admission_defense:5.0:::::::*
	cpe:2.3:a:hp:endpoint_admission_defense:5.0:e0101::::::
	cpe:2.3:a:hp:intelligent_management_center::::::::
	cpe:2.3:a:hp:user_access_manager:5.0:::::::*
	cpe:2.3:a:hp:user_access_manager:5.0:e0101::::::

History

No history.

Information

Published : 2011-07-11 20:55

Updated : 2024-02-04 17:54

NVD link : CVE-2011-1867

Mitre link : CVE-2011-1867

CVE.ORG link : CVE-2011-1867

JSON object : View

Products Affected

hp

intelligent_management_center
endpoint_admission_defense
user_access_manager

CWE

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

{"id": "CVE-2011-1867", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 10.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2011-07-11T20:55:01.130", "references": [{"url": "http://marc.info/?l=bugtraq&m=130982758604404&w=2", "tags": ["Vendor Advisory"], "source": "hp-security-alert@hp.com"}, {"url": "http://secunia.com/advisories/45129", "tags": ["Vendor Advisory"], "source": "hp-security-alert@hp.com"}, {"url": "http://securityreason.com/securityalert/8302", "source": "hp-security-alert@hp.com"}, {"url": "http://securitytracker.com/id?1025740", "source": "hp-security-alert@hp.com"}, {"url": "http://www.osvdb.org/73597", "source": "hp-security-alert@hp.com"}, {"url": "http://www.securityfocus.com/archive/1/518691/100/0/threaded", "source": "hp-security-alert@hp.com"}, {"url": "http://www.securityfocus.com/bid/48527", "source": "hp-security-alert@hp.com"}, {"url": "http://www.zerodayinitiative.com/advisories/ZDI-11-232/", "source": "hp-security-alert@hp.com"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68348", "source": "hp-security-alert@hp.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-119"}]}], "descriptions": [{"lang": "en", "value": "Stack-based buffer overflow in iNodeMngChecker.exe in the User Access Manager (UAM) 5.0 before SP1 E0101P03 and Endpoint Admission Defense (EAD) 5.0 before SP1 E0101P03 components in HP Intelligent Management Center (aka iNode Management Center) allows remote attackers to execute arbitrary code via a 0x0A0BF007 packet."}, {"lang": "es", "value": "Desbordamiento de b\u00fafer basado en pila en iNodeMngChecker.exe en el User Access Manager (UAM ) v5.0 antes de SP1 E0101P03 y Endpoint Admission Defense(EAD )v5.0 antes de SP1 E0101P03,componentes de HP Intelligent Management Center (tambi\u00e9n conocido como iNode Management Center), permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de un paquete 0x0A0BF007.\r\n"}], "lastModified": "2018-10-09T19:32:08.040", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:hp:endpoint_admission_defense:5.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "22ED175D-A113-4072-82C3-69000AAA0F49"}, {"criteria": "cpe:2.3:a:hp:endpoint_admission_defense:5.0:e0101:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3AA1C8F6-AC80-4E09-AED8-75462E2C94F0"}, {"criteria": "cpe:2.3:a:hp:intelligent_management_center:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BDC88AFF-1BE1-453D-ACCF-A673A51F398B"}, {"criteria": "cpe:2.3:a:hp:user_access_manager:5.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F7EDEA50-06F9-45A1-BD2C-4D0DD512ED03"}, {"criteria": "cpe:2.3:a:hp:user_access_manager:5.0:e0101:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "940B190C-30F7-4360-BB0B-B3E5BEB03A98"}], "operator": "OR"}]}], "sourceIdentifier": "hp-security-alert@hp.com"}