HP System Management Homepage Single Sign On Parameter Handling RCE

critical Nessus Plugin ID 85766

Synopsis

The remote web server is affected by a remote code execution vulnerability.

Description

The HP System Management Homepage (SMH) application running on the remote web server potentially contains an overflow condition in the Single Sign On (SSO) functionality due to improper validation of user-supplied input when handling overly long parameters. A remote attacker could exploit this to cause a stack-based buffer overflow, resulting in a denial of service or the execution of arbitrary code.

Note that this plugin attempts to crash the HPSMHD process, but the process can be restarted by a parent process.

Solution

Upgrade to HP System Management Homepage (SMH) 7.4.1 or later.

See Also

https://www.zerodayinitiative.com/advisories/ZDI-15-262/

http://www.nessus.org/u?37a0930b

Plugin Details

Severity: Critical

ID: 85766

File Name: hpsmh_zdi-15-262.nbin

Version: 1.129

Type: remote

Family: Web Servers

Published: 9/3/2015

Updated: 10/10/2024

Configuration: Enable paranoid mode, Enable thorough checks

Supported Sensors: Nessus

Vulnerability Information

CPE: cpe:/a:hp:system_management_homepage

Required KB Items: Settings/ParanoidReport, www/hp_smh

Exploit Ease: No known exploits are available

Patch Publication Date: 2/5/2015

Vulnerability Publication Date: 6/26/2015

Reference Information

CVE: CVE-2015-2133

BID: 75434

HP: HPSBMU03375, SSRT101710, emr_na-c04743386