Executive Summary
This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
| Summary | |
|---|---|
| Title | HP OpenView Storage Data Protector, Remote Execution of Arbitrary Code |
| Informations | |||
|---|---|---|---|
| Name | HPSBMA02668 SSRT100474 | First vendor Publication | 2011-04-28 |
| Vendor | HP | Last vendor Modification | 2011-04-28 |
| Severity (Vendor) | N/A | Revision | 1 |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C) | |||
|---|---|---|---|
| Cvss Base Score | 10 | Attack Range | Network |
| Cvss Impact Score | 10 | Attack Complexity | Low |
| Cvss Expoit Score | 10 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| Potential security vulnerabilities have been identified with HP OpenView Storage Data Protector. These vulnerabilities could be remotely exploited to execute arbitrary code. |
Original Source
| Url : http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02810240 |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|---|---|
| 89 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
| 11 % | CWE-22 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE/SANS Top 25) |
CPE : Common Platform Enumeration
| Type | Description | Count |
|---|---|---|
| Application | 3 |
SAINT Exploits
| Description | Link |
|---|---|
| HP OpenView Storage Data Protector Backup Client Service GET_FILE Message Processing Overflow | More info here |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 72195 | HP OpenView Storage Data Protector Backup Client Service OmniInet.exe GET_FIL... HP OpenView Storage Data Protector contains a flaw that allows a remote attacker to traverse outside of a restricted path. The issue is due to the Backup Client Service, OmniInet.exe, not properly sanitizing user input, specifically directory traversal style attacks (e.g., ../../) supplied via GET_FILE messages. This directory traversal attack would allow the attacker to access arbitrary files. |
| 72194 | HP OpenView Storage Data Protector Backup Client Service OmniInet.exe bm Mess... HP OpenView Storage Data Protector is prone to an overflow condition. The Backup Client Service, OmniInet.exe, fails to properly sanitize user-supplied input when processing bm messages, resulting in a stack-based buffer overflow. With a specially crafted packet sent to TCP port 5555, a remote attacker can potentially execute arbitrary code. |
| 72193 | HP OpenView Storage Data Protector Backup Client Service OmniInet.exe omniiap... HP OpenView Storage Data Protector is prone to an overflow condition. The Backup Client Service, OmniInet.exe, fails to properly sanitize user-supplied input when processing omniiaputil messages, resulting in a stack-based buffer overflow. With a specially crafted packet sent to TCP port 5555, a remote attacker can potentially execute arbitrary code. |
| 72192 | HP OpenView Storage Data Protector Backup Client Service OmniInet.exe HPFGCon... HP OpenView Storage Data Protector is prone to an overflow condition. The Backup Client Service, OmniInet.exe, fails to properly sanitize user-supplied input when processing HPFGConfig messages, resulting in a stack-based buffer overflow. With a specially crafted packet sent to TCP port 5555, a remote attacker can potentially execute arbitrary code. |
| 72191 | HP OpenView Storage Data Protector Backup Client Service OmniInet.exe stutil ... HP OpenView Storage Data Protector is prone to an overflow condition. The Backup Client Service, OmniInet.exe, fails to properly sanitize user-supplied input when processing stutil messages, resulting in a stack-based buffer overflow. With a specially crafted packet sent to TCP port 5555, a remote attacker can potentially execute arbitrary code. |
| 72190 | HP OpenView Storage Data Protector Backup Client Service OmniInet.exe EXEC_IN... HP OpenView Storage Data Protector is prone to an overflow condition. The Backup Client Service, OmniInet.exe, fails to properly sanitize user-supplied input when processing EXEC_INTEGUTIL messages, resulting in a stack-based buffer overflow. With a specially crafted packet sent to TCP port 5555, a remote attacker can potentially execute arbitrary code. |
| 72189 | HP OpenView Storage Data Protector Backup Client Service OmniInet.exe EXEC_SC... HP OpenView Storage Data Protector is prone to an overflow condition. The Backup Client Service, OmniInet.exe, fails to properly sanitize user-supplied input when processing EXEC_SCRIPT messages, resulting in a stack-based buffer overflow. With a specially crafted packet sent to TCP port 5555, a remote attacker can potentially execute arbitrary code. |
| 72188 | HP OpenView Storage Data Protector Backup Client Service OmniInet.exe GET_FIL... HP OpenView Storage Data Protector is prone to an overflow condition. The Backup Client Service, OmniInet.exe, fails to properly sanitize user-supplied input when processing GET_FILE messages, resulting in a stack-based buffer overflow. With a specially crafted packet sent to TCP port 5555, a remote attacker can potentially execute arbitrary code. |
| 72187 | HP OpenView Storage Data Protector Backup Client Service OmniInet.exe EXEC_BA... HP OpenView Storage Data Protector is prone to an overflow condition. The Backup Client Service, OmniInet.exe, fails to properly sanitize user-supplied input when processing EXEC_BAR messages, resulting in a stack-based buffer overflow. With a specially crafted packet sent to TCP port 5555, a remote attacker can potentially execute arbitrary code. |
Snort® IPS/IDS
| Date | Description |
|---|---|
| 2014-01-10 | HP OpenView Storage Data Protector get file buffer overflow attempt RuleID : 20532 - Revision : 9 - Type : SERVER-WEBAPP |
| 2014-01-10 | HP OpenView Storage Data Protector directory traversal attempt RuleID : 20531 - Revision : 9 - Type : SERVER-WEBAPP |
| 2014-01-10 | HP OpenView Storage Data Protector directory traversal attempt RuleID : 20530 - Revision : 9 - Type : SERVER-WEBAPP |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2011-05-10 | Name : The backup service running on the remote host is affected by multiple vulnera... File : hp_data_protector_multiple_code_exec.nasl - Type : ACT_GATHER_INFO |
