HP OpenView Storage Data Protector Opcode 27 Stack Buffer Overflow

2011-07-18T00:00:00
ID SAINT:C5838FC8C5DFFAC4C8B6A54D44AF1F95
Type saint
Reporter SAINT Corporation
Modified 2011-07-18T00:00:00

Description

Added: 07/18/2011
CVE: CVE-2011-1865
BID: 48486
OSVDB: 73571

Background

HP Data Protector is a backup solution for enterprise and distributed environments. The Data Protector environment consists of a Cell Manager, backup agents, and backup device servers. The OmniInet process (**omniinet.exe**) is responsible for communication between systems in the cell as well as for starting other processes that are used for backup and restore operations.

Problem

A buffer overflow vulnerability allows remote attackers to execute arbitrary commands by sending an overly long opcode 27 request to the OmniInet process.

Resolution

Upgrade to Data Protector A.06.20 or newer and enable encrypted control communication services on the cell server and all clients in the cell, as described in HP Security Bulletin HPSBMU02686 SSRT100541.

References

<http://secunia.com/advisories/45100>

Limitations

Exploit works on HP OpenView Storage Data Protector 6.20.

Platforms

Windows Server 2003
Windows XP