PT-2014-25: Stack-Based Buffer Overflow in HP iLO Vulnerable softwareHP Integrated Lights-Out 4 (iLO 4) Version: 2.02 and earlierHP Integrated Lights-Out 2 (iLO 2) Version: 2.26 and earlierHP Integrated Lights-Out Chassis Management (iLO CM) Version: 1.29 and earlierLinks: http://www8.hp.com/Severity levelSeverity level: High Impact: Remote Code Execution Access Vector: Remote CVSS v2: Base Score: 10 Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)CVE: CVE-2014-7876Software descriptionHP Integrated Lights-Out is a remote management tool for servers that requires no physical access. Vulnerability descriptionThe specialists of the Positive Research center have detected a Stack-Based Buffer Overflow vulnerability in HP iLO.This vulnerability allows remote attackers to execute arbitrary codeHow to fixUpdate your software up to the latest versionAdvisory status 22.09.2014 - Vendor gets vulnerability details 17.03.2015 - Vendor releases fixed version and details 17.11.2015 - Public disclosureCreditsThe vulnerability was detected by Alexander Tlyapov, Positive Research Center (Positive Technologies Company)References http://en.securitylab.ru/lab/PT-2014-25 https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04486432 Reports on the vulnerabilities previously discovered by Positive Research:http://www.ptsecurity.com/research/advisory/ http://en.securitylab.ru/lab/