Vulnerabilities > CVE-2012-0121 - Unspecified vulnerability in HP Data Protector Express 5.0/6.0

047910
CVSS 10.0 - CRITICAL
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE
network
low complexity
hp
critical
nessus

Summary

Unspecified vulnerability in HP Data Protector Express (aka DPX) 5.0.00 before build 59287 and 6.0.00 before build 11974 allows remote attackers to execute arbitrary code or cause a denial of service via unknown vectors, aka ZDI-CAN-1392.

Vulnerable Configurations

Part Description Count
Application
Hp
2

Nessus

NASL familyWindows
NASL idHP_DATA_PROTECTOR_EXP_HPSBMU02746.NASL
descriptionThe version of HP Data Protector Express installed on the remote Windows host is 5.x earlier than 5.0.0 build 59287 or 6.x earlier than 6.0.0 build 11974. As such, it is potentially affected by multiple unspecified denial of service and code execution vulnerabilities.
last seen2020-06-01
modified2020-06-02
plugin id58399
published2012-03-20
reporterThis script is Copyright (C) 2012-2018 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/58399
titleHP Data Protector Express 5.x < 5.0.0 Build 59287 / 6.x < 6.0.0 Build 11974 Multiple Vulnerabilities
code
#
# (C) Tenable Network Security, Inc.
#

include('compat.inc');

if (description)
{
  script_id(58399);
  script_version("1.8");
  script_cvs_date("Date: 2018/07/12 19:01:17");

  script_cve_id(
    "CVE-2012-0121", 
    "CVE-2012-0122", 
    "CVE-2012-0123", 
    "CVE-2012-0124"
  );
  script_bugtraq_id(52431);
  script_xref(name:"EDB-ID", value:"19484");

  script_name(english:"HP Data Protector Express 5.x < 5.0.0 Build 59287 / 6.x < 6.0.0 Build 11974 Multiple Vulnerabilities");
  script_summary(english:"Checks version of HP Data Protector Express");

  script_set_attribute(attribute:"synopsis", value:
"The remote Windows host contains a backup application that is
affected by multiple vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"The version of HP Data Protector Express installed on the remote
Windows host is 5.x earlier than 5.0.0 build 59287 or 6.x earlier than
6.0.0 build 11974.  As such, it is potentially affected by multiple
unspecified denial of service and code execution vulnerabilities.");
  
  # http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03229235
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?94781a20");
  script_set_attribute(attribute:"solution", value:
"Upgrade to HP Data Protector Express 5.0.0 build 59287 / 6.0.0 build
11974 or later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploit_framework_core", value:"true");
  script_set_attribute(attribute:"metasploit_name", value:'HP Data Protector Create New Folder Buffer Overflow');
  script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2012/03/12");
  script_set_attribute(attribute:"patch_publication_date", value:"2012/03/12");
  script_set_attribute(attribute:"plugin_publication_date", value:"2012/03/20");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:hp:data_protector_express");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Windows");

  script_copyright(english:"This script is Copyright (C) 2012-2018 Tenable Network Security, Inc.");
  
  script_dependencies("hp_data_protector_exp_installed.nasl");
  script_require_keys("SMB/HP Data Protector Express/Path", "SMB/HP Data Protector Express/Version", "SMB/HP Data Protector Express/Build");
  
  exit(0);
}

include("global_settings.inc");
include("misc_func.inc");

path = get_kb_item_or_exit('SMB/HP Data Protector Express/Path');
version = get_kb_item_or_exit('SMB/HP Data Protector Express/Version');
build = get_kb_item_or_exit('SMB/HP Data Protector Express/Build');

ver = split(version, sep:'.');
for (i=0; i<max_index(ver); i++)
  ver[i] = int(ver[i]);

fix = NULL;
if (ver[0] == 5 && ver[1] == 0 && ver[2] == 0 && ver_compare(ver:build, fix:'59287') == -1)
  fix = '5.0.0 build 59287';
else if (ver[0] == 6 && ver[1] == 0 && ver[2] == 0 && ver_compare(ver:build, fix:'11974') == -1)
  fix = '6.0.0 build 11974';

if (fix)
{
  if (report_verbosity > 0)
  {
    report =
      '\n  Path              : ' + path +
      '\n  Installed version : ' + version + ' build ' + build +
      '\n  Fixed version     : ' + fix + '\n';
    security_hole(port:get_kb_item("SMB/transport"), extra:report);
  }
  else security_hole(get_kb_item("SMB/transport"));
  exit(0);
}
else exit(0, 'The HP Data Protector Express '+version+' build '+build+' install in '+path+' is not affected.');

Saint

bid52431
descriptionHP Data Protector Express Opcode 0x320 Overflow
osvdb80102
titlehp_data_protector_express_opcode_0x320
typeremote