| The Vigil@nce team watches vulnerabilities impacting your computers, and then offers solutions, a database and tools to correct them. |
|
 |
|
|
|
vulnerability alert CVE-2011-4791
HP Data Protector Storage Media Operations: code execution
Synthesis of the vulnerability
| An attacker can send a malformed query to HP Data Protector Media Operations, in order to generate a buffer overflow, which leads to code execution with system privileges. |
Severity: 3/4.
Creation date: 02/02/2012.
|
Impacted products
Description of the vulnerability
The HP Data Protector product listens on port 19813/tcp (process DBServer.exe).
Queries received by DBServer.exe indicate a data size on 32 bit. However, DBServer uses this size, without checking it, to copy data. An overflow thus occurs.
An attacker can therefore send a malformed query to HP Data Protector Media Operations, in order to generate a buffer overflow, which leads to code execution with system privileges. |
Share this bulletin
Complete Vigil@nce bulletin
Characteristics
Title: HP Data Protector Storage Media Operations: code execution.
Keywords: 19813 DBServer Data Media Operations Protector Storage code execution.
Identifiers: c03179046, CVE-2011-4791, HPSBMU02739, SSRT100280, VIGILANCE-VUL-11336, ZDI-11-112, ZDI-CAN-956.
|
Information sources
Solutions for this vulnerability
Computer vulnerabilities tracking service
Vigil@nce provides networks vulnerabilities patches. Each administrator can customize the list of products for which he wants to receive vulnerability alerts. The Vigil@nce team tracks computer vulnerabilities impacting systems and applications. The Vigil@nce security watch publishes vulnerability bulletins about threats impacting the information system.
|
