Executive Summary

Summary
Title HP Data Protector Express and HP Data Protector Express Single Server Edition (SSE), Local Denial of Service (DoS), Execution of Arbitrary Code
Informations
Name HPSBMA02576 SSRT090231 First vendor Publication 2010-09-08
Vendor HP Last vendor Modification 2010-09-08
Severity (Vendor) N/A Revision 1

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:L/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score 7.2 Attack Range Local
Cvss Impact Score 10 Attack Complexity Low
Cvss Expoit Score 3.9 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

A potential security vulnerability has been identified with HP Data Protector Express 3.x and 4.x and HP Data Protector Express Single Server Edition (SSE) 3.x and 4.x running on supported Microsoft Windows, Linux, and NetWare versions. The vulnerability could be exploited locally to create a Denial of Service (DoS) or to execute arbitrary code.

Original Source

Url : http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02498535

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 10

SAINT Exploits

Description Link
HP Data Protector Express DtbClsLogin function buffer overflow More info here

Open Source Vulnerability Database (OSVDB)

Id Description
67974 HP Data Protector Express on Linux libdplindtb.so DtbClsLogin() Function Over...

HP Data Protector Express on Linux is prone to an overflow condition. The 'DtbClsLogin()'function in libdplindtb.so fails to properly sanitize user-supplied input resulting in a stack overflow. With a specially crafted string, a local attacker can potentially cause arbitrary code execution.
67973 HP Data Protector Express on Windows dpwindtb.dll DtbClsLogin() Function Over...

HP Data Protector Express on Windows is prone to an overflow condition. The 'DtbClsLogin()'function within dpwindtb.dll fails to properly sanitize user-supplied input resulting in a stack overflow. With a specially crafted string, a local attacker can potentially cause arbitrary code execution.

Snort® IPS/IDS

Date Description
2018-01-18 HP Data Protector Express DtbClsLogin buffer overflow attempt
RuleID : 45205 - Revision : 1 - Type : SERVER-OTHER
2014-01-10 HP Data Protector Express DtbClsLogin buffer overflow attempt
RuleID : 19006 - Revision : 9 - Type : SERVER-OTHER

Nessus® Vulnerability Scanner

Date Description
2010-09-22 Name : The remote Windows host contains an application that is affected by a multipl...
File : hp_data_protector_exp_multiple.nasl - Type : ACT_GATHER_INFO