Detections
Analytics

HP Data Protector < A.06.20 Multiple Vulnerabilities

critical Nessus Plugin ID 53857

Language:

Synopsis

The backup service running on the remote host is affected by multiple vulnerabilities.

Description

According to its version and build number, the HP Data Protector application running on the remote host is affected by the following vulnerabilities :

 - Multiple buffer overflow conditions exist in the Backup Client Service (OmniInet.exe) that allow an unauthenticated, remote attacker to execute arbitrary code on the affected host as a privileged user. Note that these issues only affect HP Data Protector installations running on Windows. (CVE-2011-1728, CVE-2011-1729, CVE-2011-1730, CVE-2011-1731, CVE-2011-1732, CVE-2011-1733, CVE-2011-1734, CVE-2011-1735)

 - A directory traversal vulnerability exists in the Backup Client Service (OmniInet.exe) that allows an unauthenticated, remote attacker to view the contents of arbitrary files on the affected host. Note that this issue only affects HP Data Protector installations running on Windows. (CVE-2011-1736)

 - A flaw exists in the Media Management Daemon (mmd) that allows an unauthenticated, remote attacker to cause a denial of service condition. (CVE-2011-2399)

Solution

Apply the relevant patches referenced in the HP advisories.
Alternatively, enable the encrypted control communication services.

See Also

https://www.zerodayinitiative.com/advisories/ZDI-11-144/

https://www.zerodayinitiative.com/advisories/ZDI-11-145/

https://www.zerodayinitiative.com/advisories/ZDI-11-146/

https://www.zerodayinitiative.com/advisories/ZDI-11-147/

https://www.zerodayinitiative.com/advisories/ZDI-11-148/

https://www.zerodayinitiative.com/advisories/ZDI-11-149/

https://www.zerodayinitiative.com/advisories/ZDI-11-150/

https://www.zerodayinitiative.com/advisories/ZDI-11-151/

https://www.zerodayinitiative.com/advisories/ZDI-11-152/

https://seclists.org/bugtraq/2011/Apr/282

https://seclists.org/bugtraq/2011/Apr/285

https://seclists.org/bugtraq/2011/Apr/286

https://seclists.org/bugtraq/2011/Apr/287

https://seclists.org/bugtraq/2011/Apr/288

https://seclists.org/bugtraq/2011/Apr/289

https://seclists.org/bugtraq/2011/Apr/290

https://seclists.org/bugtraq/2011/Apr/291

https://seclists.org/bugtraq/2011/Apr/292

https://seclists.org/bugtraq/2011/Apr/293

http://www.nessus.org/u?8a4529ef

http://www.nessus.org/u?29d6a8c8

Plugin Details

Severity: Critical

ID: 53857

File Name: hp_data_protector_multiple_code_exec.nasl

Version: 1.18

Type: combined

Family: Misc.

Published: 5/10/2011

Updated: 4/11/2022

Configuration: Enable thorough checks

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.4

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 8.3

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/a:hp:storage_data_protector, cpe:/a:hp:data_protector

Required KB Items: Services/data_protector/version

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 4/28/2011

Vulnerability Publication Date: 4/4/2011

Exploitable With

CANVAS (White_Phosphorus)

Reference Information

CVE: CVE-2011-1728, CVE-2011-1729, CVE-2011-1730, CVE-2011-1731, CVE-2011-1732, CVE-2011-1733, CVE-2011-1734, CVE-2011-1735, CVE-2011-1736, CVE-2011-2399

BID: 47638, 48917

HP: HPSBMA02668, HPSBMU02669, SSRT100346, SSRT100474, emr_na-c02810240, emr_na-c02940981

ZDI: ZDI-11-144, ZDI-11-145, ZDI-11-146, ZDI-11-147, ZDI-11-148, ZDI-11-149, ZDI-11-150, ZDI-11-151, ZDI-11-152