This Metasploit module exploits a vulnerability found in HP Data Protector's OmniInet process. By supplying a long string of data as the file path with opcode '20', a buffer overflow can occur when this data is being written on the stack where no proper bounds checking is done beforehand, which results arbitrary code execution under the context of SYSTEM. This Metasploit module is also made against systems such as Windows Server 2003 or Windows Server 2008 that have DEP and/or ASLR enabled by default.
c300d04fb3ea4183698f9badb47bedde5230f3414ad7738a1e1ab7d7e1be8221HP Security Bulletin HPSBMU02686 SSRT100541 3 - Potential security vulnerabilities has been identified with HP OpenView Storage Data Protector. These vulnerabilities could be remotely exploited to execute arbitrary code. Revision 3 of this advisory.
b6c881f36e3c9b94e9f9911cabf1d6b6e6262a20bee93dc22c57d97ca80806faThis Metasploit module exploits a buffer overflow in the Hewlett-Packard OmniInet NT Service. By sending a specially crafted opcode 27 packet, a remote attacker may be able to execute arbitrary code.
eb9d10b903164f2c90c26f542dab7d1cc131c1e19ce94207df65fcf05ff64db7Core Security Technologies Advisory - HP Data Protector is an automated backup and recovery software for single-server to enterprise environments. Multiple vulnerabilities have been found in HP Data Protector that could allow a remote attacker to execute arbitrary code and lead to denial of service conditions. The vulnerabilities are triggered by sending a request to port 5555 of a host running the "data protector inet" service, part of HP Data Protector. The request has several parameters, including an opcode. By sending requests with specially crafted parameters, the different bugs can be triggered.
f98a13749e7a39ecb264fe5f8d281306487eb2c3e90b78c64ce6d9396ad34261
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed