HP Data Protector < A.06.20 Multiple Vulnerabilities

This script is Copyright (C) 2011-2014 Tenable Network Security, Inc.


Synopsis :

The remote backup service has multiple vulnerabilities.

Description :

According to its version and build number, the remote install of HP
OpenView Data Protector is potentially affected by the following
vulnerabilities :

- Eight buffer overflow vulnerabilities exist in the
application's Backup Client Service (OmniInet.exe),
which could allow an unauthenticated, remote attacker to
execute arbitrary code on the affected host as a
privileged user. Note that these issues only affect HP
Data Protector installs running on Windows.
(CVE-2011-1728, CVE-2011-1729, CVE-2011-1730,
CVE-2011-1731, CVE-2011-1732, CVE-2011-1733,
CVE-2011-1734, and CVE-2011-1735)

- A directory traversal vulnerability exists in the
application's Backup Client Service, which could allow
an unauthenticated, remote attacker to view the contents
of arbitrary files on the affected host. Note that this
issue only affects HP Data Protector installs running
on Windows. (CVE-2011-1736)

- A denial of service vulnerability exists in the
application's Media Management Daemon (mmd) that could
be exploited by an unauthenticated, remote attacker to
crash the affected host. (CVE-2011-2399)

See also :

http://www.zerodayinitiative.com/advisories/ZDI-11-144/
http://www.zerodayinitiative.com/advisories/ZDI-11-145/
http://www.zerodayinitiative.com/advisories/ZDI-11-146/
http://www.zerodayinitiative.com/advisories/ZDI-11-147/
http://www.zerodayinitiative.com/advisories/ZDI-11-148/
http://www.zerodayinitiative.com/advisories/ZDI-11-149/
http://www.zerodayinitiative.com/advisories/ZDI-11-150/
http://www.zerodayinitiative.com/advisories/ZDI-11-151/
http://www.zerodayinitiative.com/advisories/ZDI-11-152/
http://archives.neohapsis.com/archives/bugtraq/2011-04/0286.html
http://archives.neohapsis.com/archives/bugtraq/2011-04/0287.html
http://archives.neohapsis.com/archives/bugtraq/2011-04/0288.html
http://archives.neohapsis.com/archives/bugtraq/2011-04/0289.html
http://archives.neohapsis.com/archives/bugtraq/2011-04/0290.html
http://archives.neohapsis.com/archives/bugtraq/2011-04/0291.html
http://archives.neohapsis.com/archives/bugtraq/2011-04/0292.html
http://archives.neohapsis.com/archives/bugtraq/2011-04/0293.html
http://archives.neohapsis.com/archives/bugtraq/2011-04/0294.html
http://www.nessus.org/u?c6c3e62b
http://archives.neohapsis.com/archives/bugtraq/2011-04/0283.html
http://www.nessus.org/u?c8301134

Solution :

Apply the relevant patches referenced in HP's advisory (patch A.06.20
or higher). Enable encrypted control communication services.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 7.8
(CVSS2#E:POC/RL:OF/RC:C)
Public Exploit Available : true