Thursday, November 19, 2009

Another 0day on HP Power Manager

I have been working on this CVE-2009-2685/ZDI ( this afternoon and now managed to get the dummy shellcode (calc.exe) running.yey..:D

The bug was mentioned by ZDI at link provided, and as claimed by HP advisory, they already patch the bug(

Ironically, by using the same patch released by HP (4.9.2 - The latest one), i still managed to exploit the code. I guess, HP didn't really patch the bug. This is probably wild guess, but if we take a look at workaround, HP only recommending to limit the HP Power Manager Server access to trusted user/ip/network.

Exploiting this bug is trivial, though. Reading from any windows exploitation materials is enough. This standard/classic stack overflow for sprint bug.