HP Data Protector OmniInet.exe MSG_PROTOCOL Command RCE

critical Nessus Plugin ID 43635

Synopsis

The backup service running on the remote host is affected by a remote code execution vulnerability.

Description

According to its version and build number, the HP Data Protector application running on the remote host is affected by a stack-based buffer overflow condition in the backup client service daemon (OmniInet.exe). An unauthenticated, remote attacker can exploit this, via an MSG_PROTOCOL command with long arguments, to corrupt memory, resulting in the execution of arbitrary code.

Solution

Apply the relevant patches referenced in the HP advisory.

See Also

https://www.tenable.com/security/research/tra-2009-04

https://www.zerodayinitiative.com/advisories/ZDI-09-099/

https://seclists.org/bugtraq/2009/Dec/258

http://www.nessus.org/u?d59a99f7

Plugin Details

Severity: Critical

ID: 43635

File Name: hp_data_protector_msg_protocol_bof.nasl

Version: 1.18

Type: combined

Published: 1/5/2010

Updated: 4/11/2022

Configuration: Enable thorough checks

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.4

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 8.3

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/a:hp:storage_data_protector, cpe:/a:hp:data_protector

Required KB Items: Services/data_protector/version, Services/data_protector/build

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 12/16/2009

Vulnerability Publication Date: 12/16/2009

Exploitable With

Core Impact

Metasploit (HP OmniInet.exe MSG_PROTOCOL Buffer Overflow)

Reference Information

CVE: CVE-2007-2280

BID: 37396

CWE: 119

HP: HPSBMA02252, SSRT061258, emr_na-c01124817

SECUNIA: 37845

TRA: TRA-2009-04

ZDI: ZDI-09-099