HP Data Protector Backup Client Service opcode 42 directory traversal

Added: 01/28/2014
CVE: CVE-2013-6194
BID: 64647
OSVDB: 101630

Background

HP OpenView Storage Data Protector is a backup solution for enterprise and distributed environments.

Problem

A vulnerability in the Backup Client Service (OmniInet.exe) allows remote, unauthenticated attackers to write files to arbitrary locations by sending an opcode 42 request containing a directory traversal attack. This can be leveraged to execute arbitrary commands with SYSTEM privileges.

Resolution

Apply the patch referenced in HPSBMU02895 SSRT101253.

References

<http://www.zerodayinitiative.com/advisories/ZDI-14-003/&gt;

Limitations

Exploit works on HP Data Protector 6.20 on Windows Server 2003 SP2 and Windows XP SP3.

Platforms

Windows