HP OpenView Storage Data Protector Opcode 27 Stack Buffer Overflow

Added: 07/18/2011
CVE: CVE-2011-1865
BID: 48486
OSVDB: 73571

Background

HP Data Protector is a backup solution for enterprise and distributed environments. The Data Protector environment consists of a Cell Manager, backup agents, and backup device servers. The OmniInet process (omniinet.exe) is responsible for communication between systems in the cell as well as for starting other processes that are used for backup and restore operations.

Problem

A buffer overflow vulnerability allows remote attackers to execute arbitrary commands by sending an overly long opcode 27 request to the OmniInet process.

Resolution

Upgrade to Data Protector A.06.20 or newer and enable encrypted control communication services on the cell server and all clients in the cell, as described in HP Security Bulletin HPSBMU02686 SSRT100541.

References

http://secunia.com/advisories/45100

Limitations

Exploit works on HP OpenView Storage Data Protector 6.20.

Platforms

Windows Server 2003
Windows XP

Back to exploit index