Signature Detail
Short Name |
APP:HPOV:OMNILNET-NULL |
|---|---|
Severity |
Medium |
Recommended |
No |
Recommended Action |
Drop |
Category |
APP |
Keywords |
HP Data Protector OmniInet Service NULL Dereference Denial of Service |
Release Date |
2010/12/21 |
Update Number |
1836 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
APP: HP Data Protector OmniInet Service NULL Dereference Denial of Service
This signature detects attempts to exploit a known denial-of-service vulnerability in HP Data Protector OmniInet Service. It is due to a NULL pointer dereference error in OmniInet Service when parsing malformed requests. A remote unauthenticated attacker can exploit this by sending a maliciously crafted request to the target server. A successful attack can cause the target service to terminate abnormally resulting in a denial-of-service condition.
Extended Description
The HP OpenView Storage Data Protector is prone to a buffer-overflow vulnerability. This issue occurs because the application fails to perform adequate boundary checks on user-supplied data. Attackers can exploit this issue to execute arbitrary code in the context of the affected application. HP OpenView Storage Data Protector versions 6.0, 6.10, 6.11, and 6.20 are vulnerable.
Affected Products
- HP OpenView Storage Data Protector 6.0
- HP OpenView Storage Data Protector 6.10
- HP OpenView Storage Data Protector 6.11
- HP OpenView Storage Data Protector 6.20
References
- BugTraq: 48486
- CVE: CVE-2013-6195
- CVE: CVE-2011-1865