10 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.955 High
EPSS
Percentile
99.4%
Added: 07/18/2011
CVE: CVE-2011-1865
BID: 48486
OSVDB: 73571
HP Data Protector is a backup solution for enterprise and distributed environments. The Data Protector environment consists of a Cell Manager, backup agents, and backup device servers. The OmniInet process (**omniinet.exe**
) is responsible for communication between systems in the cell as well as for starting other processes that are used for backup and restore operations.
A buffer overflow vulnerability allows remote attackers to execute arbitrary commands by sending an overly long opcode 27 request to the OmniInet process.
Upgrade to Data Protector A.06.20 or newer and enable encrypted control communication services on the cell server and all clients in the cell, as described in HP Security Bulletin HPSBMU02686 SSRT100541.
<http://secunia.com/advisories/45100>
Exploit works on HP OpenView Storage Data Protector 6.20.
Windows Server 2003
Windows XP