Test ID:	1.3.6.1.4.1.25623.1.0.804402
Category:	General
Title:	HP (OpenView Storage) Data Protector Multiple Vulnerabilities
Summary:	HP (OpenView Storage) Data Protector is prone to multiple; vulnerabilities.
Description:	Summary: HP (OpenView Storage) Data Protector is prone to multiple vulnerabilities. Vulnerability Insight: Multiple flaws are due to: - An error within OmniInet.exe when handling certain messages can be exploited to access otherwise restricted files by sending a specially crafted request to TCP port 5555. - A boundary error within rrda.exe, vbda.exe, vrda.exe, rbda.exe when processing rrda request messages can be exploited to cause a stack-based buffer overflow. - An error within OmniInet.exe when handling certain messages can be exploited to execute arbitrary commands by sending specially crafted EXEC_BAR packet to TCP port 5555. - A boundary error within crs.exe when parsing opcodes 214, 215, 216, 219, 257, and 263 can be exploited to a cause stack-based buffer overflow. Vulnerability Impact: Successful exploitation will allow remote attackers to bypass certain security restrictions, manipulate certain data, and compromise a vulnerable system. Affected Software/OS: HP (OpenView Storage) Data Protector v6.2x, v7.x, v8.x and v9.x. Solution: Apply the patch from the referenced advisory. CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2013-2344 HPdes Security Advisory: HPSBMU02895 http://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?docId=emr_na-c03822422 HPdes Security Advisory: SSRT101217 HPdes Security Advisory: SSRT101253 Common Vulnerability Exposure (CVE) ID: CVE-2013-2345 HPdes Security Advisory: SSRT101218 Common Vulnerability Exposure (CVE) ID: CVE-2013-2346 HPdes Security Advisory: SSRT101219 Common Vulnerability Exposure (CVE) ID: CVE-2013-2347 http://www.exploit-db.com/exploits/32164 HPdes Security Advisory: SSRT101220 http://ddilabs.blogspot.com/2014/02/fun-with-hp-data-protector-execbar.html http://www.zerodayinitiative.com/advisories/ZDI-14-008/ Common Vulnerability Exposure (CVE) ID: CVE-2013-2348 HPdes Security Advisory: SSRT101221 Common Vulnerability Exposure (CVE) ID: CVE-2013-2349 HPdes Security Advisory: SSRT101222 Common Vulnerability Exposure (CVE) ID: CVE-2013-2350 HPdes Security Advisory: SSRT101223 Common Vulnerability Exposure (CVE) ID: CVE-2013-6195 HPdes Security Advisory: SSRT101348 Common Vulnerability Exposure (CVE) ID: CVE-2011-0923 BugTraq ID: 46234 http://www.securityfocus.com/bid/46234 HPdes Security Advisory: HPSBMA02654 http://marc.info/?l=bugtraq&m=130391284726795&w=2 HPdes Security Advisory: SSRT100441 http://dvlabs.tippingpoint.com/blog/2011/02/07/zdi-disclosure-hp http://zerodayinitiative.com/advisories/ZDI-11-055/ http://securityreason.com/securityalert/8261 http://securityreason.com/securityalert/8323 http://securityreason.com/securityalert/8329 http://www.vupen.com/english/advisories/2011/0308 Common Vulnerability Exposure (CVE) ID: CVE-2014-2623 http://www.exploit-db.com/exploits/34066/ http://www.exploit-db.com/exploits/35961 http://www.exploit-db.com/exploits/36304 HPdes Security Advisory: HPSBMU03072 https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04373818 HPdes Security Advisory: SSRT101644 http://packetstormsecurity.com/files/130658/HP-Data-Protector-8.10-Remote-Command-Execution.html http://www.osvdb.org/109069 http://www.securitytracker.com/id/1030583
Copyright	Copyright (C) 2014 Greenbone Networks GmbH

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.