HP OpenView Application Recovery Manager MSG_PROTOCOL buffer overflow

Added: 01/08/2010
CVE: CVE-2009-3844
BID: 37250
OSVDB: 60852

Background

HP OpenView Application Recovery Manager is a backup solution for business application data.

Problem

A buffer overflow vulnerability allows remote attackers to execute arbitrary commands by sending a specially crafted MSG_PROTOCOL request to the OmniInet process.

Resolution

Apply the patch referenced in HPSBMA02481 SSRT090113.

References

http://www.zerodayinitiative.com/advisories/ZDI-09-091/

Limitations

Exploit works on HP OpenView Data Protector 5.5 on Windows Server 2003 SP2 English with patch KB933729.

Platforms

Windows Server 2003

Back to exploit index