HP OmniInet.exe Opcode 27 Buffer Overflow

2011.07.04
Credit: CORE
Risk: High
Local: No
Remote: Yes
CWE: CWE-119


CVSS Base Score: 10/10
Impact Subscore: 10/10
Exploitability Subscore: 10/10
Exploit range: Remote
Attack complexity: Low
Authentication: No required
Confidentiality impact: Complete
Integrity impact: Complete
Availability impact: Complete

1. Advisory Information Title: Multiple vulnerabilities in HP Data Protector Advisory ID: CORE-2011-0514 Advisory URL: http://www.coresecurity.com/content/HP-Data-Protector-multiple-vulnerabilities Date published: 2011-06-29 Date of last update: 2011-06-29 Vendors contacted: HP Release mode: Coordinated release 2. Vulnerability Information Class: Remote stack overflow [CWE-120], Null pointer dereference [CWE-476], Improper input validation [CWE-20] Impact: Code execution Remotely Exploitable: Yes Locally Exploitable: No CVE Name: CVE-2011-1865, CVE-2011-1514, CVE-2011-1515 3. Vulnerability Description HP Data Protector [1] is an automated backup and recovery software for single-server to enterprise environments. Multiple vulnerabilities have been found in HP Data Protector that could allow a remote attacker to execute arbitrary code and lead to denial of service conditions. The vulnerabilities are triggered by sending a request to port 5555 of a host running the "data protector inet" service, part of HP Data Protector. The request has several parameters, including an opcode. By sending requests with specially crafted parameters, the different bugs can be triggered. 4. Vulnerable packages HP OpenView Storage Data Protector v6.20 (running on Windows). HP OpenView Storage Data Protector v6.11 (running on Windows). HP OpenView Storage Data Protector v6.10 (running on Windows). HP OpenView Storage Data Protector v6.00 (running on Windows). Previous versions may be affected, but were not tested. 5. Non-vulnerable packages No fixes are available at the time of publication. 6. Vendor Information, Solutions and Workarounds HP has issued a security bulletin with document ID c02872182 available through HP Support Center at http://www.hp.com/go/HPSC. The latest version of HP Data Protector is vulnerable to these issues. HP has provided the following procedure to mitigate these vulnerabilities: Upgrade to Data Protector A.06.20 or subsequent. Enable encrypted control communication services on cell server and all clients in cell. The upgrade is available for download from http://hp.com/go/dataprotector then under 'Product Information' click on 'Trials and Demos'. 7. Credits This vulnerability was discovered by Oren Isacson from Core Security Technologies. Publication was coordinated by Carlos Sarraute.

References:

http://xforce.iss.net/xforce/xfdb/68281
http://www.securityfocus.com/bid/48486
http://www.coresecurity.com/content/HP-Data-Protector-multiple-vulnerabilities
http://securitytracker.com/id?1025731
http://secunia.com/advisories/45100
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02872182
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02872182


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2020, cxsecurity.com

 

Back to Top