HP OpenView Storage Data Protector inet Service EXEC_CMD Remote Overflow

Added: 06/27/2012
CVE: CVE-2011-1866
BID: 48488
OSVDB: 73572

Background

HP Data Protector is an automated data backup solution.

Problem

A buffer overflow vulnerability in omniinet.exe in the inet service of HP OpenView Storage Data Protector allows remote attackers to execute arbitrary commands by sending a specially crafted request to the inet service on port 5555/tcp.

Resolution

Apply the update referenced in HPSBMU02686.

References

http://secunia.com/advisories/45100/

Limitations

This exploit has been tested against HP OpenView Storage Data Protector 6.11 on Microsoft Windows Server 2003 SP2 English (DEP OptOut) and Microsoft Windows Server 2008 SP2 (DEP OptOut).

Platforms

Windows

Back to exploit index