The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

vulnerability bulletin CVE-2013-2344 CVE-2013-2345 CVE-2013-2346

HP Data Protector: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of HP Data Protector.
Impacted products: HP Data Protector.
Severity of this bulletin: 3/4.
Consequences of an intrusion: administrator access/rights, privileged access/rights, user access/rights, client access/rights, denial of service on service.
Hacker's origin: intranet client.
Number of vulnerabilities in this bulletin: 9.
Creation date: 03/01/2014.
Revision date: 13/01/2014.
Références of this threat: BID-64647, c03822422, CVE-2013-2344, CVE-2013-2345, CVE-2013-2346, CVE-2013-2347, CVE-2013-2348, CVE-2013-2349, CVE-2013-2350, CVE-2013-6194, CVE-2013-6195, HPSBMU02895, SSRT101217, SSRT101218, SSRT101219, SSRT101220, SSRT101221, SSRT101222, SSRT101223, SSRT101233, SSRT101253, SSRT101348, VIGILANCE-VUL-14013, ZDI-14-001, ZDI-14-002, ZDI-14-003, ZDI-14-004, ZDI-14-005, ZDI-14-006, ZDI-14-007, ZDI-14-008, ZDI-14-009, ZDI-CAN-1866, ZDI-CAN-1869, ZDI-CAN-1870, ZDI-CAN-1885, ZDI-CAN-1892, ZDI-CAN-1896, ZDI-CAN-1897, ZDI-CAN-1905, ZDI-CAN-2008.

Description of the vulnerability

Several vulnerabilities were announced in HP Data Protector.

An attacker can send a command to OmniInet.exe, in order to execute code. [severity:3/4; CVE-2013-2344, SSRT101217, ZDI-14-001, ZDI-CAN-1866]

An attacker can generate a buffer overflow in vrda.exe, in order to trigger a denial of service, and possibly to execute code. [severity:3/4; CVE-2013-2345, SSRT101218, ZDI-14-006, ZDI-CAN-1869]

An attacker can generate a buffer overflow in rrda.exe, in order to trigger a denial of service, and possibly to execute code. [severity:3/4; CVE-2013-2346, SSRT101219, ZDI-14-004, ZDI-CAN-1870]

An attacker can send an EXEC_BAR packet, in order to execute code. [severity:3/4; CVE-2013-2347, SSRT101220, ZDI-14-008, ZDI-CAN-1885]

An attacker can traverse directories in OmniInet.exe, in order to write a file outside the root path, to execute it. [severity:3/4; CVE-2013-2348, SSRT101221, ZDI-14-002, ZDI-CAN-1892]

An attacker can generate a buffer overflow in vbda.exe, in order to trigger a denial of service, and possibly to execute code. [severity:3/4; CVE-2013-2349, SSRT101222, ZDI-14-005, ZDI-CAN-1896]

An attacker can generate a buffer overflow in rbda.exe, in order to trigger a denial of service, and possibly to execute code. [severity:3/4; CVE-2013-2350, SSRT101223, ZDI-14-007, ZDI-CAN-1897]

An attacker can traverse directories in OmniInet.exe, in order to write a file outside the root path, to execute it. [severity:3/4; CVE-2013-6194, SSRT101233, ZDI-14-003, ZDI-CAN-1905]

An attacker can generate a buffer overflow in crs.exe, in order to trigger a denial of service, and possibly to execute code. [severity:3/4; CVE-2013-6195, SSRT101348, ZDI-14-009, ZDI-CAN-2008]
Full Vigil@nce bulletin... (Free trial)

Computer vulnerabilities tracking service

Vigil@nce provides network vulnerability alerts. The Vigil@nce computer vulnerability tracking service alerts your teams of vulnerabilities or threats impacting your information system. The technology watch team tracks security threats targeting the computer system. The Vigil@nce vulnerability database contains several thousand vulnerabilities.