SAINT CorporationSAINT:441A3D7F422FD47A5943D82971F77CF6HP Data Protector Backup Client Service EXEC_BAR Packet Vulnerability
0.467 Medium
EPSS
Percentile
97.1%
Added: 03/21/2014
CVE: CVE-2013-2347
BID: 64647
OSVDB: 101626
Background
HP OpenView Storage Data Protector is a backup solution for enterprise and distributed environments. HP Data Protectorโs Backup Client Service (OmniInet.exe) listens on TCP port 5555 for communications between managed systems.
Problem
HP Data Protector is vulnerable to remote code execution due to the Backup Client Service (OmniInet.exe) service not properly sanitizing user-supplied input. By sending a specially crafted EXEC_BAR packet, a remote attacker could execute arbitrary commands in the context of the SYSTEM user.
Resolution
Apply patches as described in HP Security Bulletin HPSBMU02895 SSRT101253.
References
<http://www.zerodayinitiative.com/advisories/ZDI-14-008/>
Limitations
Exploit works on HP Data Protector 6.20 on Windows 2003 SP2 and Windows 2008 R2.
Platforms
Windows
Related
