|
Family: Gain root remotely --> Category: attack
Mercury LoadRunner Agent server_ip_name Buffer Overflow Vulnerability Vulnerability Scan
Vulnerability Scan Summary Sends an invalid request to a LoadRunner agent
Detailed Explanation for this Vulnerability Test
Synopsis :
The remote server is affected by a buffer overflow vulnerability.
Description :
The version of the LoadRunner Agent installed on the remote host
contains a buffer overflow in 'mchan.dll' that can be exploited by an
unauthenticated remote attacker using a request with a long
'server_ip_name' field to crash the affected service or execute
arbitrary code subject to the permissions of the user id under which
the agent runs.
See also :
http://www.zerodayinitiative.com/advisories/ZDI-07-007.html
http://archives.neohapsis.com/archives/fulldisclosure/2007-02/0177.html
http://www.nessus.org/u?5a833d9e
Solution :
Apply the appropriate patch as listed in the vendor advisory
referenced above.
Threat Level:
Critical / CVSS Base Score : 10.0
(AV:R/AC:L/Au:NR/C:C/I:C/A:C/B:N)
Click HERE for more information and discussions on this network vulnerability scan.
|