{"vuid":"VU#303012","idnumber":"303012","name":"HP Mercury products vulnerable to buffer overflow","keywords":["HP","Mercury LoadRunner","arbitrary code execution","magentproc.exe","TCP port 54345","server_ip_name field","stack overflow","strcpy()","mchan.dll","Mercury Performance Center","Mercury Monitor over Firewall"],"overview":"Some HP Mercury products are vulnerable to a buffer overflow and may allow an attacker to execute arbitrary code.","clean_desc":"The magentproc.exe service provided with some HP Mercury products fails to properly parse values in the server_ip_name field. If an overly long value is sent in this parameter, a stack-based buffer overflow may be triggered within the mchan.dll library. An attacker may be able to exploit this vulnerability by sending a specially crafted packet to the agent (port 54345/tcp). HP reports that the following products are affected by this issue: Mercury LoadRunner Agent 8.1 SP1, FP1, FP2, FP3, and FP4\nMercury LoadRunner Agent 8.1 GA\nMercury LoadRunner Agent 8.0 GA\nMercury Performance Center Agent 8.1 FP1, FP2, FP3, and FP4\nMercury Performance Center Agent 8.1 GA\nMercury Performance Center Agent 8.0 GA\nMercury Monitor over Firewall 8.1","impact":"A remote, unauthenticated attacker may be able to execute arbitrary code.","resolution":"Apply an Update HP has issued an update to address this issue. please see HP Security Document ID #c00854250 for further information.","workarounds":"","sysaffected":"","thanks":"This vulnerability was reported in \nHP Security Document ID #c00854250\n. This issue was discovered by Eric Detoisien and reported via \nZero Day Initiative","author":"This document was written by Katie Steiner.","public":["http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c00854250&jumpid=reg_R1002_USEN","http://www.ciac.org/ciac/bulletins/r-123.shtml","http://www.zerodayinitiative.com/advisories/ZDI-07-007.html","http://secunia.com/advisories/24112/","http://securitytracker.com/alerts/2007/Feb/1017613.html"],"cveids":["CVE-2007-0446"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2007-02-08T20:50:20Z","publicdate":"2007-02-08T00:00:00Z","datefirstpublished":"2007-02-26T19:42:24Z","dateupdated":"2007-03-01T19:44:04Z","revision":16,"vrda_d1_directreport":"0","vrda_d1_population":"2","vrda_d1_impact":"2","cam_widelyknown":"17","cam_exploitation":"0","cam_internetinfrastructure":"5","cam_population":"7","cam_impact":"17","cam_easeofexploitation":"14","cam_attackeraccessrequired":"15","cam_scorecurrent":"10.308375","cam_scorecurrentwidelyknown":"11.7140625","cam_scorecurrentwidelyknownexploited":"21.0853125","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":10.308375,"vulnote":null}