HP Data Protector < A.06.20 Multiple Vulnerabilities

Critical Nessus Plugin ID 53857

New! Vulnerability Priority Rating (VPR)

Tenable calculates a dynamic VPR for every vulnerability. VPR combines vulnerability information with threat intelligence and machine learning algorithms to predict which vulnerabilities are most likely to be exploited in attacks. Read more about what VPR is and how it's different from CVSS.

VPR Score: 7.4

Synopsis

The backup service running on the remote host is affected by multiple vulnerabilities.

Description

According to its version and build number, the HP Data Protector application running on the remote host is affected by the following vulnerabilities :

- Multiple buffer overflow conditions exist in the Backup Client Service (OmniInet.exe) that allow an unauthenticated, remote attacker to execute arbitrary code on the affected host as a privileged user. Note that these issues only affect HP Data Protector installations running on Windows. (CVE-2011-1728, CVE-2011-1729, CVE-2011-1730, CVE-2011-1731, CVE-2011-1732, CVE-2011-1733, CVE-2011-1734, CVE-2011-1735)

- A directory traversal vulnerability exists in the Backup Client Service (OmniInet.exe) that allows an unauthenticated, remote attacker to view the contents of arbitrary files on the affected host. Note that this issue only affects HP Data Protector installations running on Windows. (CVE-2011-1736)

- A flaw exists in the Media Management Daemon (mmd) that allows an unauthenticated, remote attacker to cause a denial of service condition. (CVE-2011-2399)

Solution

Apply the relevant patches referenced in the HP advisories.
Alternatively, enable the encrypted control communication services.

See Also

https://www.zerodayinitiative.com/advisories/ZDI-11-144/

https://www.zerodayinitiative.com/advisories/ZDI-11-145/

https://www.zerodayinitiative.com/advisories/ZDI-11-146/

https://www.zerodayinitiative.com/advisories/ZDI-11-147/

https://www.zerodayinitiative.com/advisories/ZDI-11-148/

https://www.zerodayinitiative.com/advisories/ZDI-11-149/

https://www.zerodayinitiative.com/advisories/ZDI-11-150/

https://www.zerodayinitiative.com/advisories/ZDI-11-151/

https://www.zerodayinitiative.com/advisories/ZDI-11-152/

https://seclists.org/bugtraq/2011/Apr/282

https://seclists.org/bugtraq/2011/Apr/285

https://seclists.org/bugtraq/2011/Apr/286

https://seclists.org/bugtraq/2011/Apr/287

https://seclists.org/bugtraq/2011/Apr/288

https://seclists.org/bugtraq/2011/Apr/289

https://seclists.org/bugtraq/2011/Apr/290

https://seclists.org/bugtraq/2011/Apr/291

https://seclists.org/bugtraq/2011/Apr/292

https://seclists.org/bugtraq/2011/Apr/293

http://www.nessus.org/u?8a4529ef

http://www.nessus.org/u?29d6a8c8

Plugin Details

Severity: Critical

ID: 53857

File Name: hp_data_protector_multiple_code_exec.nasl

Version: 1.17

Type: combined

Family: Misc.

Published: 2011/05/10

Updated: 2018/11/15

Dependencies: 19601, 55550

Risk Information

Risk Factor: Critical

VPR Score: 7.4

CVSS v2.0

Base Score: 10

Temporal Score: 8.3

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:F/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:hp:storage_data_protector, cpe:/a:hp:data_protector

Required KB Items: Services/data_protector/version

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2011/04/28

Vulnerability Publication Date: 2011/04/04

Exploitable With

CANVAS (White_Phosphorus)

Reference Information

CVE: CVE-2011-1728, CVE-2011-1729, CVE-2011-1730, CVE-2011-1731, CVE-2011-1732, CVE-2011-1733, CVE-2011-1734, CVE-2011-1735, CVE-2011-1736, CVE-2011-2399

BID: 47638, 48917

ZDI: ZDI-11-144, ZDI-11-145, ZDI-11-146, ZDI-11-147, ZDI-11-148, ZDI-11-149, ZDI-11-150, ZDI-11-151, ZDI-11-152

HP: emr_na-c02810240, HPSBMA02668, SSRT100474, emr_na-c02940981, HPSBMU02669, SSRT100346