Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
saintSAINT CorporationSAINT:BAA1C202A9FAC0972F583AEF11E4CC9B
HistoryJan 28, 2014 - 12:00 a.m.

HP Data Protector Backup Client Service opcode 42 directory traversal

2014-01-2800:00:00
SAINT Corporation
my.saintcorporation.com
16

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.755 High

EPSS

Percentile

98.1%

JSON

Added: 01/28/2014
CVE: CVE-2013-6194
BID: 64647
OSVDB: 101630

Background

HP OpenView Storage Data Protector is a backup solution for enterprise and distributed environments.

Problem

A vulnerability in the Backup Client Service (OmniInet.exe) allows remote, unauthenticated attackers to write files to arbitrary locations by sending an opcode 42 request containing a directory traversal attack. This can be leveraged to execute arbitrary commands with SYSTEM privileges.

Resolution

Apply the patch referenced in HPSBMU02895 SSRT101253.

References

<http://www.zerodayinitiative.com/advisories/ZDI-14-003/&gt;

Limitations

Exploit works on HP Data Protector 6.20 on Windows Server 2003 SP2 and Windows XP SP3.

Platforms

Windows

Related

prion 1
saint 3
zdt 1
checkpoint_advisories 2
packetstorm 1
zdi 1
openvas 1
cvelist 1
cve 1
securityvulns 2
nessus 3
seebug 1
prion
prion
Code injection
2014-01-04 04:51:00
saint
saint
HP Data Protector Backup Client Service opcode 42 directory traversal
2014-01-28 00:00:00
HP Data Protector Backup Client Service opcode 42 directory traversal
2014-01-28 00:00:00
HP Data Protector Backup Client Service opcode 42 directory traversal
2014-01-28 00:00:00
zdt
zdt
HP Data Protector Backup Client Service Directory Traversal
2014-01-21 00:00:00
checkpoint_advisories
checkpoint_advisories
HP Data Protector Opcode 42 Directory Traversal (CVE-2013-6194)
2014-03-12 00:00:00
HP Data Protector Opcode 42 Directory Traversal - Ver2 (CVE-2013-6194)
2015-03-26 00:00:00
packetstorm
packetstorm
HP Data Protector Backup Client Service Directory Traversal
2014-01-21 00:00:00
zdi
zdi
Hewlett-Packard Data Protector Backup Client Service Opcode 42 Remote Code Execution Vulnerability
2014-01-10 00:00:00
openvas
openvas
HP (OpenView Storage) Data Protector Backup Client Service Directory Traversal
2014-02-11 00:00:00
cvelist
cvelist
CVE-2013-6194
2014-01-04 02:00:00
cve
cve
CVE-2013-6194
2014-01-04 04:51:00
securityvulns
securityvulns
HP Data Protector multiple security vulnerabilities
2014-01-08 00:00:00
[security bulletin] HPSBMU02895 SSRT101253 rev.1 - HP Data Protector, Remote Increase of Privilege, Denial of Service &#40;DoS&#41;, Execution of Arbitrary Code
2014-01-08 00:00:00
nessus
nessus
HP Data Protector Multiple Vulnerabilities (HPSBMU02895 SSRT101253)
2014-01-06 00:00:00
HP-UX PHSS_43889 : s700_800 11.X OV DP7.00 HP-UX IA/PA - Cell Server patch
2014-04-27 00:00:00
HP-UX PHSS_43890 : s700_800 11.X OV DP7.00 HP-UX IA/PA - Core patch
2014-04-27 00:00:00
seebug
seebug
HP Storage Data Protector多个安全漏洞
2014-01-06 00:00:00

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.755 High

EPSS

Percentile

98.1%

JSON
Related for SAINT:BAA1C202A9FAC0972F583AEF11E4CC9B
prion1saint3zdt1checkpoint_advisories2packetstorm1zdi1openvas1cvelist1cve1securityvulns2nessus3seebug1