APP: HP Data Protector EXEC_BAR Command Execution
This signature detects attempts to exploit a known vulnerability in the HP Data Protector. A successful attack can lead to arbitrary command execution.
Extended Description
The Backup Client Service (OmniInet.exe) in HP Storage Data Protector 6.2X allows remote attackers to execute arbitrary commands or cause a denial of service via a crafted EXEC_BAR packet to TCP port 5555, aka ZDI-CAN-1885.
Affected Products
Hp storage_data_protector
References
BugTraq: 64647
CVE: CVE-2013-2347
URL: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c03822422 http://ddilabs.blogspot.com/2014/02/fun-with-hp-data-protector-execbar.html http://h20565.www2.hp.com/portal/site/hpsc/template.page/public/kb/docdisplay/?docid=emr_na-c03822422&ac.admitted=1390229830646.876444892.492883150 http://www.zerodayinitiative.com/advisories/zdi-14-008/
Short Name
APP:HP-DATA-PRTCTR-EXEC-BAR-CE
Severity
Major
Recommended
False
Recommended Action
Drop
Category
APP
Keywords
CVE-2013-2347 Command Data EXEC_BAR Execution HP Protector bid:64647
Release Date
03/03/2014
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3336
Port
tcp/5555
False Positive
Unknown
Vendors
Hp
CVSS Score
10.0