CVE-2011-1849

Description

tftpserver.exe in HP Intelligent Management Center (IMC) 5.0 before E0101L02 allows remote attackers to create or overwrite files, and subsequently execute arbitrary code, via a crafted WRQ request.

Affected products

• HP / intelligent_management_center5.0 – 5.0
• HP / intelligent_management_center5.0 – 5.0
• HP / intelligent_management_center5.0 – 5.0

References

• VENDOR_ADVISORYhttp://www.zerodayinitiative.com/advisories/ZDI-11-161/
• MISChttp://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02822750
• MISChttp://securitytracker.com/id?1025519
• MISChttp://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02822750
• MISChttp://www.securityfocus.com/bid/47789