Advisory Details

October 2nd, 2014

(0Day) Hewlett-Packard Data Protector EXEC_INTEGUTIL Remote Command Execution Vulnerability

ZDI-14-344
ZDI-CAN-2266

CVE ID
CVSS SCORE 10, (AV:N/AC:L/Au:N/C:C/I:C/A:C)
AFFECTED VENDORS Hewlett-Packard
AFFECTED PRODUCTS Data Protector
TREND MICRO CUSTOMER PROTECTION Trend Micro TippingPoint IPS customers are protected against this vulnerability by Digital Vaccine protection filter ID 11132. For further product information on the TippingPoint IPS: http://www.tippingpoint.com
VULNERABILITY DETAILS


This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett-Packard Data Protector. Authentication is not required to exploit this vulnerability.

The specific flaw exists within specifically crafted EXEC_INTEGUTIL messages. A remote attacker can inject arbitrary commands under the context of the SYSTEM user.

ADDITIONAL DETAILS

This vulnerability is being disclosed publicly without a patch because vendor indicates that the vulnerability does not meet the bar for servicing.

04/16/2014 - ZDI disclosed to vendor
04/16/2014 - Vendor acknowledged and provided a tracking number
05/30/2014 - Vendor reported 'no fix' and workaround/mitigation

-- Vendor Mitigation:

You can enable the encrypted control communication from the command line as root by doing the below.
Please review your configuration and enable it from the command line interface, executing:
# omnicc -encryption -enable
You can read up on the capability on page 145 of the User Guide. That guide is a PDF file, and found in /opt/omni/doc/C


DISCLOSURE TIMELINE
  • 2014-04-16 - Case submitted to the ZDI
  • 2014-10-02 - Public release of advisory
CREDIT Aniway.Anyway@gmail.com
BACK TO ADVISORIES