Rechercher
Contactez-nous Suivez-nous sur Twitter En francais English Language
 

De la Théorie à la pratique





















Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN

Vulnérabilités

Unsubscribe

Vigil@nce: HP OpenView, denial of service of Trace Service

October 2008 by Vigil@nce

An attacker can connect to the RPC service of HP OpenView Trace Service in order to stop it.

- Gravity: 2/4
- Consequences: denial of service of service
- Provenance: intranet client
- Means of attack: no proof of concept, no attack
- Ability of attacker: expert (4/4)
- Confidence: unique source (2/5)
- Diffusion of the vulnerable configuration: high (3/3)
- Creation date: 22/10/2008

IMPACTED PRODUCTS

- Hewlett-Packard OpenView

DESCRIPTION

The HP OpenView Trace Service listens as RPC on ports 5051/tcp or 5053/tcp.

A non authenticated attacker can connect to these ports and send a special sequence of RPC queries, which forces a read at an invalid memory address, and stops the service.

An attacker can therefore connect to the RPC service of HP OpenView Trace Service in order to stop it.

CHARACTERISTICS

- Identifiers: BID-31860, CVE-2007-4349, VIGILANCE-VUL-8193
- Url: http://vigilance.aql.fr/vulnerability/8193




See previous articles

    

See next articles