Vulnerability Scanning Solutions, LLC.
Home
Our Process
Residential
Corporate
What We Scan For
Sample Report
Client List
Terms
Contact Us
What We Scan For
Family: Gain root remotely --> Category: attack

Mercury LoadRunner Agent server_ip_name Buffer Overflow Vulnerability Vulnerability Scan


Vulnerability Scan Summary
Sends an invalid request to a LoadRunner agent

Detailed Explanation for this Vulnerability Test

Synopsis :

The remote server is affected by a buffer overflow vulnerability.

Description :

The version of the LoadRunner Agent installed on the remote host
contains a buffer overflow in 'mchan.dll' that can be exploited by an
unauthenticated remote attacker using a request with a long
'server_ip_name' field to crash the affected service or execute
arbitrary code subject to the permissions of the user id under which
the agent runs.

See also :

http://www.zerodayinitiative.com/advisories/ZDI-07-007.html
http://archives.neohapsis.com/archives/fulldisclosure/2007-02/0177.html
http://www.nessus.org/u?5a833d9e

Solution :

Apply the appropriate patch as listed in the vendor advisory
referenced above.

Threat Level:

Critical / CVSS Base Score : 10.0
(AV:R/AC:L/Au:NR/C:C/I:C/A:C/B:N)

Click HERE for more information and discussions on this network vulnerability scan.

VSS, LLC.

P.O. Box 827051

Pembroke Pines, FL 33082-7051

Vulnerability Scanning Solutions, LLC.