Advisory Details

October 2nd, 2014

(0Day) Hewlett-Packard Data Protector EXEC_INTEGUTIL Remote Command Execution Vulnerability

ZDI-14-344
ZDI-CAN-2266

CVE ID
CVSS SCORE	10.0, AV:N/AC:L/Au:N/C:C/I:C/A:C
AFFECTED VENDORS	Hewlett-Packard
AFFECTED PRODUCTS	Data Protector
TREND MICRO CUSTOMER PROTECTION	Trend Micro TippingPoint IPS customers are protected against this vulnerability by Digital Vaccine protection filter ID ['11132']. For further product information on the TippingPoint IPS: http://www.tippingpoint.com
VULNERABILITY DETAILS	This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett-Packard Data Protector. Authentication is not required to exploit this vulnerability. The specific flaw exists within specifically crafted EXEC_INTEGUTIL messages. A remote attacker can inject arbitrary commands under the context of the SYSTEM user.
ADDITIONAL DETAILS	This vulnerability is being disclosed publicly without a patch because vendor indicates that the vulnerability does not meet the bar for servicing. 04/16/2014 - ZDI disclosed to vendor 04/16/2014 - Vendor acknowledged and provided a tracking number 05/30/2014 - Vendor reported 'no fix' and workaround/mitigation -- Vendor Mitigation: You can enable the encrypted control communication from the command line as root by doing the below. Please review your configuration and enable it from the command line interface, executing: # omnicc -encryption -enable You can read up on the capability on page 145 of the User Guide. That guide is a PDF file, and found in /opt/omni/doc/C
DISCLOSURE TIMELINE	2014-04-16 - Vulnerability reported to vendor 2014-10-02 - Coordinated public release of advisory
CREDIT	Aniway.Anyway@gmail.com

BACK TO ADVISORIES