HP Virtual SAN Appliance Stack Overflow in 'hydra.exe' Lets Remote Users Execute Arbitrary Code.
HP StorageWorks P4000 Virtual SAN Appliance Software
A vulnerability has been reported in HP StorageWorks P4000 Virtual SAN Appliance Software, which can be exploited by malicious people to compromise a vulnerable system.
Hewlett-Packard Virtual SAN Appliance is prone to a remote buffer-overflow vulnerability.
Attackers may exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts may result in a denial-of-service condition.
A vulnerability was reported in HP Virtual SAN Appliance. A remote user can execute arbitrary code on the target device.
A remote user can send a specially crafted login request to 'hydra.exe' on port 13838 to trigger a stack overflow and execute arbitrary code on the target system. The code will run with System privileges.
This vulnerability could be mitigated by administrators by restricting communication with the hydra agent to known client IP addresses. A remote user can execute arbitrary code on the target system.
HP Software Update