{"vuid":"VU#895524","idnumber":"895524","name":"HP System Management Homepage vulnerable to a denial-of-service condition","keywords":["HP","system management","denial-of-service","DoS","stack corruption","CWE-121"],"overview":"HP System Management Homepage 7.2.0.14 and possibly earlier versions contain a denial-of-service vulnerability (CWE-121).","clean_desc":"CWE-121: Stack-based Buffer Overflow\nHP System Management Homepage 7.2.0.14 contains a denial-of-service vulnerability. The remote attacker may send the listener service a malformed request using the iprange parameter in /proxy/DataValidation. One of the listener child processes will then crash with that request value, overwriting EIP and corrupting the stack, resulting in a denial-of-service condition.","impact":"A remote attacker may be able to cause a denial-of-service condition against the HP System Management Homepage software.","resolution":"HP has made System Management Homepage (SMH) v7.2.1 available for Windows and Linux to resolve the vulnerabilities. In the event that updating is not possible, the following workaround is also available.","workarounds":"Limit Access\nAnonymous access is required for this attack to take place. Disabling this feature via the administration page will render the attacker unable to send this request without having proper authentication credentials.","sysaffected":"","thanks":"Thanks to the reporter that wishes to remain anonymous.","author":"This document was written by Adam Rauf.","public":["http://cwe.mitre.org/data/definitions/121.html","https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c03839862","http://h18013.www1.hp.com/products/servers/management/agents/index.html"],"cveids":["CVE-2013-4821"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2013-05-22T16:17:31Z","publicdate":"2013-09-18T00:00:00Z","datefirstpublished":"2013-09-24T13:08:12Z","dateupdated":"2013-09-24T13:08:12Z","revision":14,"vrda_d1_directreport":"1","vrda_d1_population":"2","vrda_d1_impact":"2","cam_widelyknown":"0","cam_exploitation":"0","cam_internetinfrastructure":"0","cam_population":"0","cam_impact":"0","cam_easeofexploitation":"0","cam_attackeraccessrequired":"0","cam_scorecurrent":"0","cam_scorecurrentwidelyknown":"0","cam_scorecurrentwidelyknownexploited":"0","ipprotocol":"","cvss_accessvector":"N","cvss_accesscomplexity":"H","cvss_authentication":null,"cvss_confidentialityimpact":"N","cvss_integrityimpact":"P","cvss_availabilityimpact":"C","cvss_exploitablity":null,"cvss_remediationlevel":"OF","cvss_reportconfidence":"C","cvss_collateraldamagepotential":"ND","cvss_targetdistribution":"M","cvss_securityrequirementscr":"ND","cvss_securityrequirementsir":"ND","cvss_securityrequirementsar":"ND","cvss_basescore":"5.6","cvss_basevector":"AV:N/AC:H/Au:S/C:N/I:P/A:C","cvss_temporalscore":"4.4","cvss_environmentalscore":"3.3","cvss_environmentalvector":"CDP:ND/TD:M/CR:ND/IR:ND/AR:ND","metric":0.0,"vulnote":null}