SAINT CorporationSAINT:E561ABB74005E149089B2373BC8A4103HP OpenView Storage Data Protector inet Service EXEC_CMD Remote Overflow
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.872 High
EPSS
Percentile
98.6%
Added: 06/27/2012
CVE: CVE-2011-1866
BID: 48488
OSVDB: 73572
Background
HP Data Protector is an automated data backup solution.
Problem
A buffer overflow vulnerability in omniinet.exe in the inet service of HP OpenView Storage Data Protector allows remote attackers to execute arbitrary commands by sending a specially crafted request to the inet service on port 5555/tcp.
Resolution
Apply the update referenced in HPSBMU02686.
References
<http://secunia.com/advisories/45100/>
Limitations
This exploit has been tested against HP OpenView Storage Data Protector 6.11 on Microsoft Windows Server 2003 SP2 English (DEP OptOut) and Microsoft Windows Server 2008 SP2 (DEP OptOut).
Platforms
Windows
Related
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.872 High
EPSS
Percentile
98.6%