HP OpenView Application Recovery Manager MSG_PROTOCOL buffer overflow

2010-01-08T00:00:00
ID SAINT:8B0994D8733719A24801573A2F73E824
Type saint
Reporter SAINT Corporation
Modified 2010-01-08T00:00:00

Description

Added: 01/08/2010
CVE: CVE-2009-3844
BID: 37250
OSVDB: 60852

Background

HP OpenView Application Recovery Manager is a backup solution for business application data.

Problem

A buffer overflow vulnerability allows remote attackers to execute arbitrary commands by sending a specially crafted MSG_PROTOCOL request to the OmniInet process.

Resolution

Apply the patch referenced in HPSBMA02481 SSRT090113.

References

<http://www.zerodayinitiative.com/advisories/ZDI-09-091/>

Limitations

Exploit works on HP OpenView Data Protector 5.5 on Windows Server 2003 SP2 English with patch KB933729.

Platforms

Windows Server 2003