10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.972 High
EPSS
Percentile
99.8%
Added: 06/07/2011
CVE: CVE-2011-0923
BID: 46234
OSVDB: 72526
HP OpenView Storage Data Protector is a backup solution for enterprise and distributed environments.
The HP Data Protector Client is vulnerable to remote code execution as a result of insufficient input validation of arguments passed to the **EXEC_CMD**
command.
Upgrade as indicated in HP Security Bulletin HPSBMA02654 SSRT100441 and enable encrypted control communication services.
<http://secunia.com/advisories/43202/>
<http://www.zerodayinitiative.com/advisories/ZDI-11-055/>
Exploit works on HP Data Protector Backup Client Service 6.11.
The executable smbclient
must be available on the exploit server, and a valid SMB user with permission to write to the SMB share is required. The smb password is not allowed to contain single quotes (').
The option **OB2INETSCRIPTEXECFULLPATH**
must be specified as 1 in the configuration file **omnirc**
.
Windows