APP: HP OpenView Storage Data Protector Cell Manager Heap Buffer Overflow
This signature detects attempts to exploit a known heap buffer overflow vulnerability in HP OpenView Data Protector Cell Manager. It is due to an integer overflow while processing crafted packets received on port 1530/TCP. A remote unauthenticated attacker can exploit this by sending maliciously crafted packets to the affected service. In a successful attack, arbitrary code is injected and executed on the target machine; the behavior of the target is dependent on the logic of the malicious code and can result in arbitrary code execution within the security context of the service, which is usually SYSTEM. An unsuccessful attack can cause the target service to abnormally terminate.
Extended Description
HP OpenView Storage Data Protector is prone to a remote integer-overflow vulnerability. An attacker can exploit this issue to execute arbitrary code with SYSTEM-level privileges. Successful exploits will completely compromise affected computers. Failed exploit attempts will result in a denial-of-service condition. NOTE: This BID was previously titled "HP OpenView Storage Data Protector Multiple Remote Code Execution Vulnerabilities", but the issue (described by CVE-2007-2280) has been moved to BID 37396 (HP OpenView Storage Data Protector Stack Buffer Overflow Vulnerability) to better document it.
Affected Products
Hp openview_storage_data_protector
Short Name
APP:HPOV:SDPM-HEAP-BOF
Severity
Major
Recommended
False
Recommended Action
Drop
Category
APP
Keywords
Buffer CVE-2007-2281 Cell Data HP Heap Manager OpenView Overflow Protector Storage bid:37386
Release Date
10/18/2010
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3336
Port
tcp/1530
False Positive
Unknown
Vendors
Hp
CVSS Score
10.0