OSVDB ID: 72194

Title: HP OpenView Storage Data Protector Backup Client Service OmniInet.exe bm Message Processing Overflow

Info

Disclosure

Apr 28, 2011

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Apr 28, 2011

Description

HP OpenView Storage Data Protector is prone to an overflow condition. The Backup Client Service, OmniInet.exe, fails to properly sanitize user-supplied input when processing bm messages, resulting in a stack-based buffer overflow. With a specially crafted packet sent to TCP port 5555, a remote attacker can potentially execute arbitrary code.

Classification

Location: Remote / Network Access
Attack Type: Input Manipulation
Impact: Loss of Integrity
Solution: Upgrade
Exploit: Exploit Private
Disclosure: Vendor Verified, Coordinated Disclosure

Solution

Upgrade to version A.06.20 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

Hewlett-Packard Development Company, L.P.	HP OpenView Storage Data Protector	6.10
		6.11
		6.0.0

References

Security Tracker: 1025454
CVE ID: 2011-1735 (see also: NVD)
Secunia Advisory ID: 44402
Bugtraq ID: 47638
ISS X-Force ID: 67208
Related OSVDB ID: 72187 72188 72189 72190 72191 72192 72193 72195
Vendor Specific Advisory URL: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02810240
Mail List Post: http://seclists.org/bugtraq/2011/Apr/282
http://seclists.org/fulldisclosure/2011/Apr/529
Other Advisory URL: http://www.zerodayinitiative.com/advisories/ZDI-11-151/

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/72194

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

Hewlett-Packard Development Company, L.P.

HP OpenView Storage Data Protector

References

Credit