HP Data Protector Manager MMD Service Stack Buffer Overflow

ID SAINT:7A248FDE0257E3AC10C7C1AC3D4C3401
Type saint
Reporter SAINT Corporation
Modified 2010-12-10T00:00:00


Added: 12/10/2010
BID: 45128


HP Data Protector is a backup solution for enterprise and distributed environments. The Data Protector environment consists of a Cell Manager, backup agents, and backup device servers. The Cell Manager is the central point from which backup agents and device servers are administered, and backup and restore operations are controlled. The Media Management Daemon service (**mmd.exe**) runs on the Data Protector Cell Manager and controls media management and device operations. The Media Management Daemon service listens for incoming connections on a dynamically assigned TCP port. The protocol utilized for communication between the Media Management Daemon service and clients is proprietary and not documented.


HP Data Protector manager server is vulnerable to a stack buffer overflow due to a boundary error in the Media Management Daemon service when parsing malformed requests.


Apply a patch when it becomes available.




Exploit works on HP Data Protector Media Operations 6.11.

The Media Management Daemon service uses a dynamically assigned TCP port in the range 1024 to 65535.