Buffer overflow in HP Mercury products
HP is warning of a possible buffer overflow in a series of HP Mercury products, which could be remotely exploited. The bug is located in the Mercury Agent magentproc.exe, which listens at TCP port 54345, and is triggered by an over long entry in the server_ip_name field. The following versions are affected:
- Mercury LoadRunner Agent 8.1 SP1, FP1, FP2, FP3, and FP4
- Mercury LoadRunner Agent 8.1 GA
- Mercury LoadRunner Agent 8.0 GA
- Mercury Performance Center Agent 8.1 FP1, FP2, FP3, and FP4
- Mercury Performance Center Agent 8.1 GA
- Mercury Performance Center Agent 8.0 GA
- Mercury Monitor over Firewall 8.1
The security bulletin advises users to install the update to fix the problem as soon as possible.
- Mercury LoadRunner, Performance Center, Monitor over Firewall, Remote Unauthenticated Arbitrary Code Execution from HP
- HP Mercury LoadRunner Agent Stack Overflow Vulnerability from Tipping Point
(trk)