SAINT CorporationSAINT:5B8D28ABF9118CD74FCE15E83C7BBAA4HP OpenView Storage Data Protector Opcode 27 Stack Buffer Overflow
10 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.955 High
EPSS
Percentile
99.4%
Added: 07/18/2011
CVE: CVE-2011-1865
BID: 48486
OSVDB: 73571
Background
HP Data Protector is a backup solution for enterprise and distributed environments. The Data Protector environment consists of a Cell Manager, backup agents, and backup device servers. The OmniInet process (**omniinet.exe**) is responsible for communication between systems in the cell as well as for starting other processes that are used for backup and restore operations.
Problem
A buffer overflow vulnerability allows remote attackers to execute arbitrary commands by sending an overly long opcode 27 request to the OmniInet process.
Resolution
Upgrade to Data Protector A.06.20 or newer and enable encrypted control communication services on the cell server and all clients in the cell, as described in HP Security Bulletin HPSBMU02686 SSRT100541.
References
<http://secunia.com/advisories/45100>
Limitations
Exploit works on HP OpenView Storage Data Protector 6.20.
Platforms
Windows Server 2003
Windows XP
Related
10 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.955 High
EPSS
Percentile
99.4%