Check Point Advisories

HP Mercury Multiple Products Agent Command Processing Buffer Overflow (CVE-2007-0446)

Check Point Reference: CPAI-2007-236
Date Published: 29 Nov 2009
Severity: Critical
Last Updated: Sunday 29 November, 2009
Source:
Industry Reference:CVE-2007-0446
Protection Provided by:

Security Gateway
R81, R80, R77, R75
Who is Vulnerable?
Vulnerability Description HP Mercury LoadRunner is a performance and load testing product. LoadRunner consists of three components, a Virtual User Generator, a Controller, and an Analysis module. The Virtual User Generator constructs large number of virtual user clients and generate running script. The Controller runs the script to perform real-life request activities on the testing target. Once the testing result has been collected, the Analysis module is launched to generate testing reports. There exists a buffer overflow vulnerability in multiple HP Mercury products. The flaw is due to an improper handling of user supplied data sent to the LoadRunner Agent service on TCP port 54345. In an attack case where code injection is not successful the affected application will terminate abnormally. In an attack case where code injection is successful, the behaviour of the target is entirely dependent on the intended function of the injected code. The code in such a case would run within the privileges of the LoadRunner Agent service, under the security context of the service process. Depending on the installation method, the affected service may run with the System account or as the currently logged on user.

Protection Overview

This protection will detect and block attempts to exploit this vulnerability

In order for the protection to be activated, update your Security Gateway product to the latest IPS update. For information on how to update IPS, go to SBP-2006-05, click on Protection tab and select the version of your choice.

Security Gateway R80 / R77 / R75

  1. In the IPS tab, click Protections and find the HP Mercury Multiple Products Agent Command Processing Buffer Overflow protection using the Search tool and Edit the protection's settings.
  2. Install policy on all Security Gateways.

This protection's log will contain the following information:

Attack Name:  HP Products Protection Violation.
Attack Information:  HP Mercury multiple products Agent command processing buffer overflow

×
  Feedback
This website uses cookies for its functionality and for analytics and marketing purposes. By continuing to use this website, you agree to the use of cookies. For more information, please read our Cookies Notice.
OK