Check Point Reference: | CPAI-2007-236 |
Date Published: | 29 Nov 2009 |
Severity: | Critical |
Last Updated: | Sunday 29 November, 2009 |
Source: | |
Industry Reference: | CVE-2007-0446 |
Protection Provided by: |
Security Gateway |
Who is Vulnerable? | |
Vulnerability Description | HP Mercury LoadRunner is a performance and load testing product. LoadRunner consists of three components, a Virtual User Generator, a Controller, and an Analysis module. The Virtual User Generator constructs large number of virtual user clients and generate running script. The Controller runs the script to perform real-life request activities on the testing target. Once the testing result has been collected, the Analysis module is launched to generate testing reports. There exists a buffer overflow vulnerability in multiple HP Mercury products. The flaw is due to an improper handling of user supplied data sent to the LoadRunner Agent service on TCP port 54345. In an attack case where code injection is not successful the affected application will terminate abnormally. In an attack case where code injection is successful, the behaviour of the target is entirely dependent on the intended function of the injected code. The code in such a case would run within the privileges of the LoadRunner Agent service, under the security context of the service process. Depending on the installation method, the affected service may run with the System account or as the currently logged on user. |
This protection will detect and block attempts to exploit this vulnerability
In order for the protection to be activated, update your Security Gateway product to the latest IPS update. For information on how to update IPS, go to SBP-2006-05, click on Protection tab and select the version of your choice.
This protection's log will contain the following information:
Attack Name: HP Products Protection Violation.
Attack Information: HP Mercury multiple products Agent command processing buffer overflow