Vulnerabilities > CVE-2011-1864 - Remote Code Execution vulnerability in HP OpenView Storage Data Protector 6.0/6.10/6.11
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
Unspecified vulnerability in HP OpenView Storage Data Protector 6.0, 6.10, and 6.11 allows remote attackers to execute arbitrary code via unknown vectors.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 3 |
Nessus
NASL family HP-UX Local Security Checks NASL id HPUX_PHSS_41364.NASL description s700_800 11.X OV DP6.11 HP-UX IA64 - Core patch : The remote HP-UX host is affected by multiple vulnerabilities : - A potential security vulnerability has been identified with HP OpenView Storage Data Protector. The vulnerability could be remotely exploited to execute arbitrary code. (HPSBMA02631 SSRT100324) - A potential security vulnerability has been identified with HP OpenView Storage Data Protector. The vulnerability could be remotely exploited to execute arbitrary code. (HPSBMA02625 SSRT100138) last seen 2020-06-01 modified 2020-06-02 plugin id 56842 published 2012-03-06 reporter This script is Copyright (C) 2012-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/56842 title HP-UX PHSS_41364 : s700_800 11.X OV DP6.11 HP-UX IA64 - Core patch code # # (C) Tenable Network Security, Inc. # # The descriptive text and patch checks in this plugin were # extracted from HP patch PHSS_41364. The text itself is # copyright (C) Hewlett-Packard Development Company, L.P. # include("compat.inc"); if (description) { script_id(56842); script_version("1.11"); script_cvs_date("Date: 2018/07/12 19:01:15"); script_cve_id("CVE-2011-0273", "CVE-2011-1864"); script_bugtraq_id(45929, 48178); script_xref(name:"HP", value:"emr_na-c02688353"); script_xref(name:"HP", value:"emr_na-c02712867"); script_xref(name:"HP", value:"SSRT100138"); script_xref(name:"HP", value:"SSRT100324"); script_name(english:"HP-UX PHSS_41364 : s700_800 11.X OV DP6.11 HP-UX IA64 - Core patch"); script_summary(english:"Checks for the patch in the swlist output"); script_set_attribute( attribute:"synopsis", value:"The remote HP-UX host is missing a security-related patch." ); script_set_attribute( attribute:"description", value: "s700_800 11.X OV DP6.11 HP-UX IA64 - Core patch : The remote HP-UX host is affected by multiple vulnerabilities : - A potential security vulnerability has been identified with HP OpenView Storage Data Protector. The vulnerability could be remotely exploited to execute arbitrary code. (HPSBMA02631 SSRT100324) - A potential security vulnerability has been identified with HP OpenView Storage Data Protector. The vulnerability could be remotely exploited to execute arbitrary code. (HPSBMA02625 SSRT100138)" ); # http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02688353 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?1bea18ae" ); # http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02712867 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?a7685e40" ); script_set_attribute( attribute:"solution", value:"Install patch PHSS_41364 or subsequent." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:hp:hp-ux"); script_set_attribute(attribute:"patch_publication_date", value:"2011/01/19"); script_set_attribute(attribute:"plugin_publication_date", value:"2012/03/06"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2012-2018 Tenable Network Security, Inc."); script_family(english:"HP-UX Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/HP-UX/version", "Host/HP-UX/swlist"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("hpux.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/HP-UX/version")) audit(AUDIT_OS_NOT, "HP-UX"); if (!get_kb_item("Host/HP-UX/swlist")) audit(AUDIT_PACKAGE_LIST_MISSING); if (!hpux_check_ctx(ctx:"11.23 11.31", proc:"ia64")) { exit(0, "The host is not affected since PHSS_41364 applies to a different OS release / architecture."); } patches = make_list("PHSS_41364", "PHSS_41803", "PHSS_41955", "PHSS_42169", "PHSS_42699"); foreach patch (patches) { if (hpux_installed(app:patch)) { exit(0, "The host is not affected because patch "+patch+" is installed."); } } flag = 0; if (hpux_check_patch(app:"DATA-PROTECTOR.OMNI-CORE", version:"A.06.11")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:hpux_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
NASL family HP-UX Local Security Checks NASL id HPUX_PHSS_41363.NASL description s700_800 11.X OV DP6.11 HP-UX PA-Risc - Core patch : The remote HP-UX host is affected by multiple vulnerabilities : - A potential security vulnerability has been identified with HP OpenView Storage Data Protector. The vulnerability could be remotely exploited to execute arbitrary code. (HPSBMA02631 SSRT100324) - A potential security vulnerability has been identified with HP OpenView Storage Data Protector. The vulnerability could be remotely exploited to execute arbitrary code. (HPSBMA02625 SSRT100138) last seen 2020-06-01 modified 2020-06-02 plugin id 56841 published 2012-03-06 reporter This script is Copyright (C) 2012-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/56841 title HP-UX PHSS_41363 : s700_800 11.X OV DP6.11 HP-UX PA-Risc - Core patch code # # (C) Tenable Network Security, Inc. # # The descriptive text and patch checks in this plugin were # extracted from HP patch PHSS_41363. The text itself is # copyright (C) Hewlett-Packard Development Company, L.P. # include("compat.inc"); if (description) { script_id(56841); script_version("1.11"); script_cvs_date("Date: 2018/07/12 19:01:15"); script_cve_id("CVE-2011-0273", "CVE-2011-1864"); script_bugtraq_id(45929, 48178); script_xref(name:"HP", value:"emr_na-c02688353"); script_xref(name:"HP", value:"emr_na-c02712867"); script_xref(name:"HP", value:"SSRT100138"); script_xref(name:"HP", value:"SSRT100324"); script_name(english:"HP-UX PHSS_41363 : s700_800 11.X OV DP6.11 HP-UX PA-Risc - Core patch"); script_summary(english:"Checks for the patch in the swlist output"); script_set_attribute( attribute:"synopsis", value:"The remote HP-UX host is missing a security-related patch." ); script_set_attribute( attribute:"description", value: "s700_800 11.X OV DP6.11 HP-UX PA-Risc - Core patch : The remote HP-UX host is affected by multiple vulnerabilities : - A potential security vulnerability has been identified with HP OpenView Storage Data Protector. The vulnerability could be remotely exploited to execute arbitrary code. (HPSBMA02631 SSRT100324) - A potential security vulnerability has been identified with HP OpenView Storage Data Protector. The vulnerability could be remotely exploited to execute arbitrary code. (HPSBMA02625 SSRT100138)" ); # http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02688353 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?1bea18ae" ); # http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02712867 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?a7685e40" ); script_set_attribute( attribute:"solution", value:"Install patch PHSS_41363 or subsequent." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:hp:hp-ux"); script_set_attribute(attribute:"patch_publication_date", value:"2011/01/19"); script_set_attribute(attribute:"plugin_publication_date", value:"2012/03/06"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2012-2018 Tenable Network Security, Inc."); script_family(english:"HP-UX Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/HP-UX/version", "Host/HP-UX/swlist"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("hpux.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/HP-UX/version")) audit(AUDIT_OS_NOT, "HP-UX"); if (!get_kb_item("Host/HP-UX/swlist")) audit(AUDIT_PACKAGE_LIST_MISSING); if (!hpux_check_ctx(ctx:"11.11 11.23 11.31", proc:"parisc")) { exit(0, "The host is not affected since PHSS_41363 applies to a different OS release / architecture."); } patches = make_list("PHSS_41363", "PHSS_41802", "PHSS_41954", "PHSS_42168", "PHSS_42698"); foreach patch (patches) { if (hpux_installed(app:patch)) { exit(0, "The host is not affected because patch "+patch+" is installed."); } } flag = 0; if (hpux_check_patch(app:"DATA-PROTECTOR.OMNI-CORE", version:"A.06.11")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:hpux_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
NASL family Windows NASL id HP_DATA_PROTECTOR_0620_MULTIPLE_VULNS_CREDS.NASL description The version of HP Data Protector installed on the remote Windows host is affected by one or more of the following vulnerabilities : - Multiple denial of service vulnerabilities exist in the last seen 2020-06-01 modified 2020-06-02 plugin id 55551 published 2011-07-11 reporter This script is Copyright (C) 2011-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/55551 title HP Data Protector <= A.06.20 Multiple Vulnerabilities (credentialed check) code # # (C) Tenable Network Security, Inc. # include('compat.inc'); if (description) { script_id(55551); script_version("1.19"); script_cvs_date("Date: 2018/11/15 20:50:27"); script_cve_id( "CVE-2011-1514", "CVE-2011-1515", "CVE-2011-1865", "CVE-2011-1866" ); script_bugtraq_id(48486, 48488); script_xref(name:"Secunia", value:"45100"); script_name(english:"HP Data Protector <= A.06.20 Multiple Vulnerabilities (credentialed check)"); script_summary(english:"Checks if encrypted control communication services is enabled."); script_set_attribute(attribute:"synopsis", value: "The remote Windows host has an application that is affected by multiple vulnerabilities."); script_set_attribute(attribute:"description", value: "The version of HP Data Protector installed on the remote Windows host is affected by one or more of the following vulnerabilities : - Multiple denial of service vulnerabilities exist in the 'data protect inet' service. (CVE-2011-1514, CVE-2011-1515) - A buffer overflow vulnerability exists in the 'data protector inet' service that can be exploited via EXEC_CMD. (CVE-2011-1864) - A buffer overflow vulnerability exists in the inet service that could result in code execution via a request containing crafted parameters. (CVE-2011-1865)"); # http://www.coresecurity.com/content/HP-Data-Protector-EXECCMD-Vulnerability script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?6d655681"); # http://www.coresecurity.com/content/HP-Data-Protector-multiple-vulnerabilities script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?79bee660"); # http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02872182 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?0e38ce76"); script_set_attribute(attribute:"solution", value: "1. Upgrade to Data Protector A.06.20 or later and 2. Enable encrypted control communication services on cell server and all clients in cell."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_core", value:"true"); script_set_attribute(attribute:"exploithub_sku", value:"EH-12-076"); script_set_attribute(attribute:"exploit_framework_exploithub", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'HP OmniInet.exe Opcode 20 Buffer Overflow'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_set_attribute(attribute:"vuln_publication_date", value:"2011/06/29"); script_set_attribute(attribute:"patch_publication_date", value:"2011/04/25"); script_set_attribute(attribute:"plugin_publication_date", value:"2011/07/11"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:hp:storage_data_protector"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Windows"); script_copyright(english:"This script is Copyright (C) 2011-2018 Tenable Network Security, Inc."); script_dependencies("hp_data_protector_installed_local.nasl"); script_require_keys("SMB/HP Data Protector/Version"); exit(0); } include("global_settings.inc"); include("misc_func.inc"); version = get_kb_item_or_exit('SMB/HP Data Protector/Version'); encrypted_comm = get_kb_item_or_exit('SMB/HP Data Protector/Encrypted'); verui = get_kb_item('SMB/HP Data Protector/VersionUI'); type = get_kb_item('SMB/HP Data Protector/Type'); path = get_kb_item('SMB/HP Data Protector/Path'); if (encrypted_comm) encrypted_comm = 'True'; else encrypted_comm = 'False'; ver = split(version, sep:'.', keep:FALSE); for (i=0; i<max_index(ver); i++) ver[i] = int(ver[i]); if ( ver[0] < 6 || (ver[0] == 6 && ver[1] < 20) || (ver[0] == 6 && ver[1] == 20 && encrypted_comm == 'False') ) { if (report_verbosity > 0) { report = '\n Path : ' + path + '\n Install type : ' + type + '\n Encryption : ' + encrypted_comm + '\n Installed version : ' + verui + '\n Fixed version : A.06.20 with encrypted control communications services \n'; security_hole(port:get_kb_item('SMB/transport'), extra:report); } else security_hole(get_kb_item('SMB/transport')); exit(0); } else exit(0, 'The HP Data Protector '+verui+' install is not affected.');