HP OpenView Storage Data Protector Backup Client Service GET_FILE Message Processing Overflow

Added: 05/09/2011
CVE: CVE-2011-1729
BID: 47638
OSVDB: 72188

Background

HP OpenView Storage Data Protector is a backup solution for enterprise and distributed environments.

Problem

A remote code execution vulnerability exists in HP Data Protector Backup Client Service due to a buffer overflow in the processing of GET_FILE messages. A remote unauthenticated attacker could exploit this vulnerability by sending malformed GET_FILE message packets to the target service.

Resolution

Upgrade to Data Protector A.06.20 or newer, as indicated in HP Security Bulletin HPSBMA02668 SSRT100474.

References

http://secunia.com/advisories/44402/
http://www.zerodayinitiative.com/advisories/ZDI-11-145/

Limitations

Exploit works on HP Data Protector Backup Client Service 6.11 running on Microsoft Windows Server 2003 SP2 English (DEP OptOut) with KB956802 (gdi32.dll version 5.2.3790.4396) and KB2393802 (ntdll.dll version 5.2.3790.4789) installed, and on Microsoft Windows Server 2008 SP2 English (DEP AlwaysOff).

Platforms

Windows Server 2003
Windows Server 2008

Back to exploit index