Информационная безопасность
[RU] switch to English


Многочисленные уязвимости безопасности в HP Data Protector
дополнено с 14 февраля 2011 г.
Опубликовано:1 мая 2011 г.
Источник:
SecurityVulns ID:11432
Тип:удаленная
Уровень опасности:
7/10
Описание:Многочисленные уязвимости не устранены в течении более 180 дней.
CVE:CVE-2011-1736 (Directory traversal vulnerability in OmniInet.exe in the Backup Client Service in HP OpenView Storage Data Protector 6.00, 6.10, and 6.11 allows remote attackers to read arbitrary files via directory traversal sequences in a filename in a GET_FILE message.)
 CVE-2011-1735 (Stack-based buffer overflow in OmniInet.exe in the Backup Client Service in HP OpenView Storage Data Protector 6.00, 6.10, and 6.11 allows remote attackers to execute arbitrary code via a malformed bm message.)
 CVE-2011-1734 (Stack-based buffer overflow in OmniInet.exe in the Backup Client Service in HP OpenView Storage Data Protector 6.00, 6.10, and 6.11 allows remote attackers to execute arbitrary code via a malformed omniiaputil message.)
 CVE-2011-1733 (Stack-based buffer overflow in OmniInet.exe in the Backup Client Service in HP OpenView Storage Data Protector 6.00, 6.10, and 6.11 allows remote attackers to execute arbitrary code via a malformed HPFGConfig message.)
 CVE-2011-1732 (Stack-based buffer overflow in OmniInet.exe in the Backup Client Service in HP OpenView Storage Data Protector 6.00, 6.10, and 6.11 allows remote attackers to execute arbitrary code via a malformed stutil message.)
 CVE-2011-1731 (Stack-based buffer overflow in OmniInet.exe in the Backup Client Service in HP OpenView Storage Data Protector 6.00, 6.10, and 6.11 allows remote attackers to execute arbitrary code via a malformed EXEC_INTEGUTIL message.)
 CVE-2011-1730 (Stack-based buffer overflow in OmniInet.exe in the Backup Client Service in HP OpenView Storage Data Protector 6.00, 6.10, and 6.11 allows remote attackers to execute arbitrary code via a malformed EXEC_SCRIPT message.)
 CVE-2011-1729 (Stack-based buffer overflow in OmniInet.exe in the Backup Client Service in HP OpenView Storage Data Protector 6.00, 6.10, and 6.11 allows remote attackers to execute arbitrary code via a malformed GET_FILE message.)
 CVE-2011-1728 (Stack-based buffer overflow in OmniInet.exe in the Backup Client Service in HP OpenView Storage Data Protector 6.00, 6.10, and 6.11 allows remote attackers to execute arbitrary code via a malformed EXEC_BAR message.)
Оригинальный текстdocumentZDI, ZDI-11-152: HP Data Protector Backup Client Service GET_FILE Directory Traversal Vulnerability (01.05.2011)
 documentZDI, ZDI-11-151: HP Data Protector Backup Client Service bm Message Processing Remote Code Execution Vulnerability (01.05.2011)
 documentZDI, ZDI-11-150: HP Data Protector Backup Client Service omniiaputil Message Processing Remote Code Execution Vulnerability (01.05.2011)
 documentZDI, ZDI-11-149: HP Data Protector Backup Client Service HPFGConfig Remote Code Execution Vulnerability (01.05.2011)
 documentZDI, ZDI-11-148: HP Data Protector Backup Client Service stutil Message Processing Remote Code Execution Vulnerability (01.05.2011)
 documentZDI, ZDI-11-147: HP Data Protector Backup Client Service EXEC_INTEGUTIL Remote Code Execution Vulnerability (01.05.2011)
 documentZDI, ZDI-11-146: HP Data Protector Backup Client Service EXEC_SCRIPT Remote Code Execution Vulnerability (01.05.2011)
 documentZDI, ZDI-11-145: HP Data Protector Backup Client Service GET_FILE Remote Code Execution Vulnerability (01.05.2011)
 documentZDI, ZDI-11-144: HP Data Protector Backup Client Service EXEC_BAR Remote Code Execution Vulnerability (01.05.2011)
 documentZDI, ZDI-11-057: Hewlett-Packard Data Protector Cell Manager Service Authentication Bypass Vulnerability (14.02.2011)
 documentZDI, ZDI-11-056: Hewlett-Packard Data Protector Client EXEC_SETUP Remote Code Execution Vulnerability (14.02.2011)
 documentZDI, ZDI-11-055: Hewlett-Packard Data Protector Client EXEC_CMD Perl Remote Code Execution Vulnerability (14.02.2011)
 documentZDI, ZDI-11-054: Hewlett-Packard Data Protector Client EXEC_CMD omni_chk_ds.sh Remote Code Execution Vulnerability (14.02.2011)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород