SAINT CorporationSAINT:78F41D2C5006348EC05D46727FE23B4BHP Data Protector Backup Client Service EXEC_BAR Packet Vulnerability
10 High
CVSS2
Access Vector
Access Complexity
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.43 Medium
EPSS
Percentile
97.4%
Added: 03/21/2014
CVE: CVE-2013-2347
BID: 64647
OSVDB: 101626
Background
HP OpenView Storage Data Protector is a backup solution for enterprise and distributed environments. HP Data Protectorโs Backup Client Service (OmniInet.exe) listens on TCP port 5555 for communications between managed systems.
Problem
HP Data Protector is vulnerable to remote code execution due to the Backup Client Service (OmniInet.exe) service not properly sanitizing user-supplied input. By sending a specially crafted EXEC_BAR packet, a remote attacker could execute arbitrary commands in the context of the SYSTEM user.
Resolution
Apply patches as described in HP Security Bulletin HPSBMU02895 SSRT101253.
References
<http://www.zerodayinitiative.com/advisories/ZDI-14-008/>
Limitations
Exploit works on HP Data Protector 6.20 on Windows 2003 SP2 and Windows 2008 R2.
Platforms
Windows
Related
10 High
CVSS2
Access Vector
Access Complexity
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.43 Medium
EPSS
Percentile
97.4%