HP OpenView Storage Data Protector multiple security vulnerabilities
Published:		06.07.2011
Source:		BUGTRAQ
SecurityVulns ID:		11768
Type:		remote
Level:		5/10
Description:		Multiple vulnerabilities in TCP/5555 service.

Affected:		HP : OpenView Storage Data Protector 6.00
		HP : OpenView Storage Data Protector 6.11
		HP : OpenView Storage Data Protector 6.10
		HP : OpenView Storage Data Protector 6.20
CVE:		CVE-2011-1866 (Buffer overflow in omniinet.exe in the inet service in HP OpenView Storage Data Protector 6.00 through 6.20 allows remote attackers to execute arbitrary code via a crafted request, related to the EXEC_CMD functionality.)
		CVE-2011-1865 (Multiple stack-based buffer overflows in the inet service in HP OpenView Storage Data Protector 6.00 through 6.20 allow remote attackers to execute arbitrary code via a request containing crafted parameters.)
		CVE-2011-1515 (The inet service in HP OpenView Storage Data Protector 6.00 through 6.20 allows remote attackers to cause a denial of service (daemon exit) via a request containing crafted parameters.)
		CVE-2011-1514 (The inet service in HP OpenView Storage Data Protector 6.00 through 6.20 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a request containing crafted parameters.)

Original document		CORE SECURITY TECHNOLOGIES ADVISORIES, CORE-2011-0606: HP Data Protector EXEC_CMD Buffer Overflow Vulnerability (06.07.2011)
		CORE SECURITY TECHNOLOGIES ADVISORIES, CORE-2011-0514: Multiple vulnerabilities in HP Data Protector (06.07.2011)
		HP, [security bulletin] HPSBMU02686 SSRT100541 rev.3 - HP OpenView Storage Data Protector, Remote Execution of Arbitrary Code (06.07.2011)

Discuss:

Read or add your comments to this news (0 comments)