The host is running HP Data Protector and is prone to multiple vulnerabilities.

Successful exploitation will allow remote attackers to bypass certain security restrictions, manipulate certain data, and compromise a vulnerable system. Impact Level: System/Application

Apply the patch from below link, https://h20564.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c04373818

Multiple flaws are due to, - An error within OmniInet.exe when handling certain messages can be exploited to access otherwise restricted files by sending a specially crafted request to TCP port 5555. - A boundary error within rrda.exe, vbda.exe, vrda.exe, rbda.exe when processing rrda request messages can be exploited to cause a stack-based buffer overflow. - An error within OmniInet.exe when handling certain messages can be exploited to execute arbitrary commands by sending specially crafted EXEC_BAR packet to TCP port 5555. - A boundary error within crs.exe when parsing opcodes 214, 215, 216, 219, 257, and 263 can be exploited to a cause stack-based buffer overflow.

HP Storage Data Protector v6.2X, v7.X, v8.X and v9.X

Construct the crafted TCP request with command and check it is possible to execute the command

• http://h20565.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c03822422
• http://packetstormsecurity.com/files/125246
• http://seclists.org/bugtraq/2014/Jan/7
• http://www.osvdb.org/101626
• http://www.zerodayinitiative.com/advisories/ZDI-14-001
• http://www.zerodayinitiative.com/advisories/ZDI-14-002
• http://www.zerodayinitiative.com/advisories/ZDI-14-003
• http://www.zerodayinitiative.com/advisories/ZDI-14-004
• http://www.zerodayinitiative.com/advisories/ZDI-14-005
• http://www.zerodayinitiative.com/advisories/ZDI-14-006
• http://www.zerodayinitiative.com/advisories/ZDI-14-007
• http://www.zerodayinitiative.com/advisories/ZDI-14-008
• http://www.zerodayinitiative.com/advisories/ZDI-14-009

---

Updated on 2015-03-25