HP Data Protector Backup Client Service EXEC_BAR Packet Vulnerability

Added: 03/21/2014
CVE: CVE-2013-2347
BID: 64647
OSVDB: 101626

Background

HP OpenView Storage Data Protector is a backup solution for enterprise and distributed environments. HP Data Protector's Backup Client Service (OmniInet.exe) listens on TCP port 5555 for communications between managed systems.

Problem

HP Data Protector is vulnerable to remote code execution due to the Backup Client Service (OmniInet.exe) service not properly sanitizing user-supplied input. By sending a specially crafted EXEC_BAR packet, a remote attacker could execute arbitrary commands in the context of the SYSTEM user.

Resolution

Apply patches as described in HP Security Bulletin HPSBMU02895 SSRT101253.

References

http://www.zerodayinitiative.com/advisories/ZDI-14-008/

Limitations

Exploit works on HP Data Protector 6.20 on Windows 2003 SP2 and Windows 2008 R2.

Platforms

Windows

Back to exploit index