HP Data Protector Multiple RCE Vulnerabilities

Critical Nessus Plugin ID 66849

Synopsis

The remote backup service is affected by multiple remote code
execution vulnerabilities.

Description

According to its version and build number, the remote instance of HP
Data Protector is affected by multiple stack-based buffer overflow
conditions in crs.exe when parsing various opcodes. A remote,
unauthenticated attacker can exploit these to execute arbitrary code
in the context of the SYSTEM user or have other unspecified impact.

Solution

Apply the relevant patches referenced in the HP advisory.

See Also

https://www.zerodayinitiative.com/advisories/ZDI-13-121/

https://www.zerodayinitiative.com/advisories/ZDI-13-122/

https://www.zerodayinitiative.com/advisories/ZDI-13-123/

https://www.zerodayinitiative.com/advisories/ZDI-13-124/

https://www.zerodayinitiative.com/advisories/ZDI-13-125/

https://www.zerodayinitiative.com/advisories/ZDI-13-126/

https://www.zerodayinitiative.com/advisories/ZDI-13-127/

https://www.zerodayinitiative.com/advisories/ZDI-13-128/

https://www.zerodayinitiative.com/advisories/ZDI-13-129/

https://www.zerodayinitiative.com/advisories/ZDI-13-130/

https://www.zerodayinitiative.com/advisories/ZDI-13-131/

https://www.zerodayinitiative.com/advisories/ZDI-13-161/

http://www.nessus.org/u?b4edd7f1

Plugin Details

Severity: Critical

ID: 66849

File Name: hp_data_protector_hpsbmu02833.nasl

Version: 1.18

Type: remote

Family: Misc.

Published: 2013/06/10

Modified: 2018/11/15

Dependencies: 11936, 12634, 67121

Risk Information

Risk Factor: Critical

CVSS v2.0

Base Score: 10

Temporal Score: 8.3

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:F/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:hp:data_protector, cpe:/a:hp:storage_data_protector

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2013/06/03

Vulnerability Publication Date: 2013/06/03

Exploitable With

Core Impact

Metasploit (HP Data Protector Cell Request Service Buffer Overflow)

ExploitHub (EH-13-114)

Reference Information

CVE: CVE-2013-2324, CVE-2013-2325, CVE-2013-2326, CVE-2013-2327, CVE-2013-2328, CVE-2013-2329, CVE-2013-2330, CVE-2013-2331, CVE-2013-2332, CVE-2013-2333, CVE-2013-2334, CVE-2013-2335

BID: 60299, 60300, 60301, 60302, 60303, 60304, 60306, 60307, 60308, 60309, 60310, 60311

HP: HPSBMU02883, SSRT101227, emr_na-c03781657

EDB-ID: 28973