APP: HP Data Protector OmniInet Service NULL Dereference Denial of Service - 1
This signature detects attempts to exploit a known denial-of-service vulnerability in HP Data Protector OmniInet Service. It is due to a NULL pointer dereference error in OmniInet Service when parsing malformed requests. A remote unauthenticated attacker can exploit this by sending a maliciously crafted request to the target server. A successful attack can cause the target service to terminate abnormally resulting in a denial-of-service condition.
Extended Description
The HP OpenView Storage Data Protector is prone to a buffer-overflow vulnerability. This issue occurs because the application fails to perform adequate boundary checks on user-supplied data. Attackers can exploit this issue to execute arbitrary code in the context of the affected application. HP OpenView Storage Data Protector versions 6.0, 6.10, 6.11, and 6.20 are vulnerable.
Affected Products
Hp openview_storage_data_protector
References
BugTraq: 48486
CVE: CVE-2013-2333
URL: http://www.coresecurity.com/content/HP-Data-Protector-multiple-vulnerabilities http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02872182 http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?objectid=c03781657 http://www.zerodayinitiative.com/advisories/zdi-13-130/ http://www.itrc.hp.com/service/cki/docdisplay.do?docid=emr_na-c02872182 http://www.coresecurity.com/content/hp-data-protector-multiple-vulnerabilities
Short Name
APP:HPOV:OMNILNET-NULL-1
Severity
Minor
Recommended
False
Recommended Action
Drop
Category
APP
Keywords
- 1 CVE-2011-1865 CVE-2013-2333 CVE-2013-6195 Data Denial Dereference HP NULL OmniInet Protector Service bid:48486 of
Release Date
12/21/2010
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3656
Port
TCP/5555
False Positive
Unknown
Vendors
Hp
CVSS Score
10.0