HP Data Protector < A.06.20 Multiple Vulnerabilities
Critical Nessus Plugin ID 53857
SynopsisThe backup service running on the remote host is affected by multiple vulnerabilities.
DescriptionAccording to its version and build number, the HP Data Protector application running on the remote host is affected by the following vulnerabilities :
- Multiple buffer overflow conditions exist in the Backup Client Service (OmniInet.exe) that allow an unauthenticated, remote attacker to execute arbitrary code on the affected host as a privileged user. Note that these issues only affect HP Data Protector installations running on Windows. (CVE-2011-1728, CVE-2011-1729, CVE-2011-1730, CVE-2011-1731, CVE-2011-1732, CVE-2011-1733, CVE-2011-1734, CVE-2011-1735)
- A directory traversal vulnerability exists in the Backup Client Service (OmniInet.exe) that allows an unauthenticated, remote attacker to view the contents of arbitrary files on the affected host. Note that this issue only affects HP Data Protector installations running on Windows. (CVE-2011-1736)
- A flaw exists in the Media Management Daemon (mmd) that allows an unauthenticated, remote attacker to cause a denial of service condition. (CVE-2011-2399)
SolutionApply the relevant patches referenced in the HP advisories.
Alternatively, enable the encrypted control communication services.