HP OpenView Performance Manager Remote Code Execution Vulnerability
Release date:
Updated on:
Affected Systems:
HP Performance Manager 9.00
Description:
--------------------------------------------------------------------------------
Bugtraq id: 52749
CVE (CAN) ID: CVE-2012-0127
HP Performance Manager can identify bottlenecks and effectively manage application, system, and service Performance trends.
HP Performance Manager 9.00 has a remote code execution vulnerability. Attackers can exploit this vulnerability to overwrite arbitrary files with system-level permissions, resulting in remote code execution or dos.
<* Source: Luigi Auriemma (aluigi@pivx.com)
Link: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp? ObjectID = c03255321
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
HP
--
HP has released a Security Bulletin (HPSBMU02756) for this purpose and the corresponding patch:
HPSBMU02756 SSRT100596 rev.1-HP Performance Manager Running on HP-UX, Linux, Solaris and Windows, Remote Execution of Arbitrary Code, Denial of Service (DoS)
Link: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp? ObjectID = c03255321