Intrusion Prevention

HP.Data.Protector.Client.EXEC_SETUP.Remote.Code.Execution

Description

This indicates an attack attempt against a remote code execution vulnerability in HP Data Protector Client.
The vulnerability is caused by a design weakness in the processing of the EXEC_SETUP messages. It allows an attacker to execute arbitrary code by sending a crafted command to the target service.

Affected Products

HP OpenView Storage Data Protector 5.5
HP OpenView Storage Data Protector 6.11
HP OpenView Storage Data Protector 6.10
HP OpenView Storage Data Protector 6.1
HP OpenView Storage Data Protector 6.0
HP OpenView Storage Data Protector 5.1
HP Data Protector Manager A.06.11
HP Data Protector Manager 6.11

Impact

System Compromise: Remote attackers can gain control of vulnerable systems.

Recommended Actions

Currently we are not aware of any vendor supplied patch for this issue.

CVE References

CVE-2011-0922