HP Data Protector < A.06.20 Multiple Vulnerabilities

This script is Copyright (C) 2011-2016 Tenable Network Security, Inc.


Synopsis :

The backup service running on the remote host is affected by multiple
vulnerabilities.

Description :

According to its version and build number, the HP Data Protector
application running on the remote host is affected by the following
vulnerabilities :

- Multiple buffer overflow conditions exist in the Backup
Client Service (OmniInet.exe) that allow an
unauthenticated, remote attacker to execute arbitrary
code on the affected host as a privileged user. Note
that these issues only affect HP Data Protector
installations running on Windows. (CVE-2011-1728,
CVE-2011-1729, CVE-2011-1730, CVE-2011-1731,
CVE-2011-1732, CVE-2011-1733, CVE-2011-1734,
CVE-2011-1735)

- A directory traversal vulnerability exists in the Backup
Client Service (OmniInet.exe) that allows an
unauthenticated, remote attacker to view the contents of
arbitrary files on the affected host. Note that this
issue only affects HP Data Protector installations
running on Windows. (CVE-2011-1736)

- A flaw exists in the Media Management Daemon (mmd) that
allows an unauthenticated, remote attacker to cause a
denial of service condition. (CVE-2011-2399)

See also :

http://www.zerodayinitiative.com/advisories/ZDI-11-144/
http://www.zerodayinitiative.com/advisories/ZDI-11-145/
http://www.zerodayinitiative.com/advisories/ZDI-11-146/
http://www.zerodayinitiative.com/advisories/ZDI-11-147/
http://www.zerodayinitiative.com/advisories/ZDI-11-148/
http://www.zerodayinitiative.com/advisories/ZDI-11-149/
http://www.zerodayinitiative.com/advisories/ZDI-11-150/
http://www.zerodayinitiative.com/advisories/ZDI-11-151/
http://www.zerodayinitiative.com/advisories/ZDI-11-152/
http://seclists.org/bugtraq/2011/Apr/282
http://seclists.org/bugtraq/2011/Apr/285
http://seclists.org/bugtraq/2011/Apr/286
http://seclists.org/bugtraq/2011/Apr/287
http://seclists.org/bugtraq/2011/Apr/288
http://seclists.org/bugtraq/2011/Apr/289
http://seclists.org/bugtraq/2011/Apr/290
http://seclists.org/bugtraq/2011/Apr/291
http://seclists.org/bugtraq/2011/Apr/292
http://seclists.org/bugtraq/2011/Apr/293
http://www.nessus.org/u?56b6a2b8
http://www.nessus.org/u?97080bc0

Solution :

Apply the relevant patches referenced in the HP advisories.
Alternatively, enable the encrypted control communication services.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 7.8
(CVSS2#E:POC/RL:OF/RC:C)
Public Exploit Available : true