| The Vigil@nce team watches vulnerabilities impacting your computers, and then offers solutions, a database and tools to correct them. |
|
 |
|
|
|
vulnerability note 11124
HP Data Protector: two vulnerabilities
Synthesis of the vulnerability
| An attacker can use two vulnerabilities of HP Data Protector, in order to read a file, to create a denial of service or to execute code. |
Severity: 3/4.
Creation date: 04/11/2011.
|
Impacted products
Description of the vulnerability
The HP Data Protector product listens on port 19813/tcp (process DBServer.exe). It is impacted by two vulnerabilities.
An attacker can send a message containing "../..", in order to read a file from the current partition. [severity:2/4; BID-50531, >]
An attacker can send a large message, in order to create a buffer overflow. [severity:3/4; BID-50558, >] |
Share this bulletin
Complete Vigil@nce bulletin
Characteristics
Title: HP Data Protector: two vulnerabilities.
Keywords: 19813 DBServer Data Protector vulnerabilities.
Identifiers: BID-50531, BID-50558, VIGILANCE-VUL-11124.
|
Solutions for this vulnerability
Supplements
Vulnerability : directory traversal
An attacker can send a message containing "../..", in order to read a file from the current partition.
Severity: 2/4.
Identifiers: BID-50531.
|
|
Vulnerability : heap corruption
An attacker can send a large message, in order to create a buffer overflow.
Severity: 3/4.
Identifiers: BID-50558.
|
|
Computer vulnerabilities tracking service
Vigil@nce provides a network vulnerability patch. The technology watch team tracks security threats targeting the computer system. Each administrator can customize the list of products for which he wants to receive vulnerability alerts. The Vigil@nce computer vulnerability tracking service alerts your teams of vulnerabilities or threats impacting your information system.
|
