European Performance Systems Probe Builder Denial of Service Vulnerability

Bugtraq ID:	30403
Class:	Design Error
CVE:	CVE-2008-1667
Remote:	Yes
Local:	No
Published:	Jul 28 2008 12:00AM
Updated:	Jul 30 2008 11:27PM
Credit:	This issue was disclosed in an HP security advisory.
Vulnerable:	EPS Openview Internet Services Probe Builder A.02.20.900
Not Vulnerable:	EPS Openview Internet Services Probe Builder A.02.20.901

European Performance Systems Probe Builder Denial of Service Vulnerability

European Performance Systems (EPS) Probe Builder is prone to a denial-of-service vulnerability.

An attacker may leverage this issue to crash the affected computer, denying service to affected users.

Versions prior to Probe Builder A.02.20.901 on Windows are vulnerable.

European Performance Systems Probe Builder Denial of Service Vulnerability

An attacker can use readily available network utilities to exploit this issue.

European Performance Systems Probe Builder Denial of Service Vulnerability

Solution:
The vendor has released Probe Builder A.02.20.901 to address this issue. Please see the references for more information.


EPS Openview Internet Services Probe Builder A.02.20.900

• EPS pbpatch01.zip
  http://www.eps.eu.com/download/patches/pbpatch01.zip

European Performance Systems Probe Builder Denial of Service Vulnerability

References:

• Hewlett-Packard OVIS Probe Builder Arbitrary Process Termination Vulnerability (iDefense Labs)
  
• Vendor Homepage (EPS)
  
• iDefense Security Advisory 07.28.08: Hewlett-Packard OVIS Probe Builder Arbitrar (iDefense Labs )