Vulnerabilities > CVE-2013-4841 - Remote Code Execution vulnerability in HP products

047910
CVSS 10.0 - CRITICAL
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE
network
low complexity
hp
critical
nessus
NVD
Published: 2014-02-26
Updated: 2019-10-09

Summary

Unspecified vulnerability in dbd_manager in LeftHand OS before 11.0 in HP StoreVirtual 4000 and StoreVirtual VSA Software (formerly LeftHand Virtual SAN Appliance) allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1509.

Vulnerable Configurations

Part Description Count
OS
Hp
6
Application
Hp
1
Hardware
Hp
1

Nessus

NASL familyMisc.
NASL idHP_VSA_11_0.NASL
descriptionThe remote HP storage system running LeftHand OS is affected by an unspecified remote arbitrary code execution vulnerability in the dbd_manager component.
last seen2020-06-01
modified2020-06-02
plugin id73463
published2014-04-10
reporterThis script is Copyright (C) 2014-2018 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/73463
titleHP StoreVirtual 4000 and StoreVirtual VSA Software dbd_manager RCE
code
#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(73463);
  script_version("2.6");
  script_cvs_date("Date: 2018/11/15 20:50:23");

  script_cve_id("CVE-2013-4841");
  script_bugtraq_id(65770);
  script_xref(name:"HP", value:"HPSBST02937");
  script_xref(name:"HP", value:"SSRT100796");
  script_xref(name:"HP", value:"emr_na-c03995204");
  script_xref(name:"ZDI", value:"ZDI-14-051");

  script_name(english:"HP StoreVirtual 4000 and StoreVirtual VSA Software dbd_manager RCE");
  script_summary(english:"Checks the version of LeftHand OS.");

  script_set_attribute(attribute:"synopsis", value:
"The remote host is affected by a remote code execution vulnerability.");
  script_set_attribute(attribute:"description", value:
"The remote HP storage system running LeftHand OS is affected by an
unspecified remote arbitrary code execution vulnerability in the
dbd_manager component.");
  # https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-c03995204
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?7a39b326");
  script_set_attribute(attribute:"see_also", value:"https://www.zerodayinitiative.com/advisories/ZDI-14-051/");
  script_set_attribute(attribute:"solution", value:
"Upgrade to LeftHand OS version 11.0 or higher.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2014/02/24");
  script_set_attribute(attribute:"patch_publication_date", value:"2014/02/24");
  script_set_attribute(attribute:"plugin_publication_date", value:"2014/04/10");

  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:hp:lefthand");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Misc.");

  script_copyright(english:"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.");

  script_dependencies("hp_saniq_hydra_detect.nbin", "hp_lefthand_console_discovery.nasl", "hp_lefthand_hydra_detect.nasl");
  script_require_ports("Services/saniq_hydra", "Services/hydra_13841", "Services/saniq_console_discovery", "Services/udp/saniq_console_discovery");

  exit(0);
}

include("audit.inc");
include("byte_func.inc");
include("global_settings.inc");
include("misc_func.inc");

vuln = FALSE;

# next, explicitly check any version numbers that were obtained via console discovery or hydra
versions = get_kb_list_or_exit('lefthand_os/*/version');
foreach key (keys(versions))
{
  port = key - 'lefthand_os/' - '/version';
  if ('udp' >< port)
  {
    port = port - 'udp/';
    udp = TRUE;
  }
  else udp = FALSE;

  ver = versions[key];
  if (isnull(ver)) continue;

  fix = '11.0';
  if (ver_compare(ver:ver, fix:fix, strict:FALSE) < 0)
  {
    vuln = TRUE;

    if (report_verbosity > 0)
    {
      report =
        '\n  Installed version : ' + ver +
        '\n  Fixed version     : ' + fix + '\n';
      if (udp) security_hole(port:port, extra:report, proto:'udp');
      else security_hole(port:port, extra:report);
    }
    else
    {
      if (udp) security_hole(port:port, proto:'udp');
      else security_hole(port);
    }
  }
}

if (!vuln) audit(AUDIT_HOST_NOT, 'affected');

Seebug

bulletinFamilyexploit
descriptionBugtraq ID:65770 CVE ID:CVE-2013-4841 HP StoreVirtual Storage是一个适用于虚拟化环境的横向扩展存储,支持所有业务的虚拟化需求。 HP StoreVirtual 4000和StoreVirtual VSA所使用的LeftHand OS相关dbd_manager存在一个未明错误,允许远程攻击者利用漏洞执行任意代码。 0 HP LeftHand OS 10.x HP StoreVirtual 4000 Storage HP StoreVirtual VSA 厂商补丁: HP ----- HP LeftHand OS version 11.0已经修复该漏洞,建议用户下载更新: https://h20392.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber=StoreVirtualSW_10.5
idSSV:61589
last seen2017-11-19
modified2014-02-27
published2014-02-27
reporterRoot
titleHP StoreVirtual 4000/StoreVirtual VSA dbd_manager任意代码执行漏洞

References