HP OpenView Storage Data Protector EXEC_CMD Buffer Overflow (CVE-2011-1866)
| Check Point Reference: | CPAI-2011-479 | |
| Date Published: | ||
| Severity: | ||
| Last Updated: | ||
| Source: | Secunia Advisory: 45100 | |
| Industry Reference(s): | CVE-2011-1866 | |
| Protection Provided by: |
Security Gateway
|
|
| Who is Vulnerable? HP OpenView Storage Data Protector 6.0 HP OpenView Storage Data Protector 6.10 HP OpenView Storage Data Protector 6.11 HP OpenView Storage Data Protector 6.20 | ||
| Vulnerability Description A remote code execution vulnerability has been reported in HP OpenView Storage Data Protector. |
||
|
Vulnerability Details The vulnerability is due to insufficient boundary checking while handling EXEC_CMD messages. A remote attacker may exploit this vulnerability by sending a specially crafted EXEC_CMD to an affected service. Successful exploitation would allow an attacker to execute arbitrary code in the user's security context. |
Protection Overview
This protection will detect and block the transferring of malicious EXEC_CMD packets to the server.
In order for the protection to be activated, update your product to the latest update. For information on how to update , go to SBP-2006-05, Protection tab and select the version of your choice.
To configure the defense, select your product from the list below and follow the related protection steps.