HP Data Protector Media Operations Heap Buffer Overflow Vulnerability Network Vulnerability

Summary

This host is running HP Data Protector Media Operations and is prone to buffer overflow vulnerability.

Impact

Successful exploitation may allow remote attackers to execute arbitrary code within the context of the application or cause a denial of service condition. Impact Level: System/Application

Solution

No solution or patch was made available for at least one year since disclosure of this vulnerability. Likely none will be provided anymore. General solution options are to upgrade to a newer release, disable respective features, remove the product or replace the product by another one.

Insight

The flaw is due to a boundary error when processing large size packets. This can be exploited to cause a heap-based buffer overflow via a specially crafted packet sent to port 19813.

Affected

HP Data Protector Media Operations versions 6.20 and prior.

References

http://aluigi.altervista.org/adv/hpdpmedia_2-adv.txt
http://osvdb.org/show/osvdb/76842
http://packetstormsecurity.org/files/106591/hpdpmedia_2-adv.txt
http://zerodayinitiative.com/advisories/ZDI-11-112/
https://secunia.com/advisories/46688

Updated on 2015-03-25

Severity

Classification

CVE CVE-2011-4791

CVSS	Base Score: 10.0 AV:N/AC:L/Au:N/C:C/I:C/A:C

Related Vulnerabilities

DesignWorks Professional '.cct' File BOF Vulnerability
Adobe Reader 'Plug-in' Buffer Overflow Vulnerability (Windows)
BarCodeWiz 'BarcodeWiz.dll' ActiveX Control BOF Vulnerability
A-V Tronics InetServ POP3 Denial Of Service Vulnerability
Adobe Flash Professional JPG Object Processing BOF Vulnerability (Mac OS X)

Take action and discover your vulnerabilities