1. Symantec/
  2. Security Response/
  3. Attack Signatures/
  4. Attack: HP Data Protector CVE-2013-6194

Attack: HP Data Protector CVE-2013-6194

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Description

This signature detects attempts to exploit a vulnerability in HP Data Protector which could result in arbitrary code execution.

Additional Information

HP Data Protector is an application used for the backup and recovery of data.

HP Data Protector is prone to the following remote code execution vulnerabilities:

1. A remote-code execution vulnerability exists because it fails to sufficiently sanitize user-supplied data when handling certain messages. Specifically, this issue affects the 'Backup Client Service' of the 'OmniInet.exe' executable. [CVE-2013-2344]

2. Multiple remote-code execution vulnerabilities exist because it fails to sufficiently sanitize user-supplied data when handling certain messages. Specifically, these issues affect the 'Backup Client Service' of the 'OmniInet.exe' executable. An attacker can exploit these issues by sending a specially crafted packet to the target causing in a directory traversing arbitrary file write. [CVE-2013-2348, CVE-2013-6194]

3. A remote-code execution vulnerability exists because it fails to properly bounds-check user-supplied input before copying it to an insufficiently sized memory buffer. Specifically, this issue occurs when 'Omininet.exe' starts 'rrda.exe' to process rrda request messages. [CVE-2013-2346]

4. A remote-code execution vulnerability exists because it fails to properly bounds-check user-supplied input before copying it to an insufficiently sized memory buffer. Specifically, this issue occurs when 'Omininet.exe' starts 'vbda.exe' to process vbda request messages. [CVE-2013-2349]

5. A remote-code execution vulnerability exists because it fails to properly bounds-check user-supplied input before copying it to an insufficiently sized memory buffer. Specifically, this issue occurs when 'Omininet.exe' starts 'vrda.exe' to process vrda request messages. [CVE-2013-2345]

6. A remote-code execution vulnerability exists because it fails to properly bounds-check user-supplied input before copying it to an insufficiently sized memory buffer. Specifically, this issue occurs when 'Omininet.exe' starts 'rbda.exe' to process rbda request messages. [CVE-2013-2350]

7. A remote-code execution vulnerability exists because it fails to sufficiently sanitize user-supplied data when handling certain messages. Specifically, this issue affects the 'Backup Client Service' of the 'OmniInet.exe' executable. An attacker can exploit this issue by sending specially crafted 'EXEC_BAR' packet. [CVE-2013-2347]

8. A remote-code execution vulnerability exists because it fails to properly bounds-check user-supplied input before copying it to an insufficiently sized memory buffer when parsing opcodes 214, 215, 216, 219, 257, and 263. Specifically, this issue occurs in the 'crs.exe' which listens on a random TCP port by default. [CVE-2013-6195]

Attackers can exploit these issues to execute arbitrary code, gain elevated privileges, or cause denial-of-service conditions. This may aid in further attacks.

Affected

  • HP-UX B.11.31
  • HP-UX B.11.23
  • HP-UX B.11.11
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube