HP OpenView Data Protector Omnilnet.exe Remote Buffer Overflow (CVE-2007-2280)

Vulnerability Overview Vulnerability Title: Hewlett-Packard OpenView Data Protector Backup Client Service Buffer Overflow Vulnerability Vulnerability Identifiers: ZDI ID: ZDI-09-099 ZDI ID: ZDI-CAN-105 CVE ID: CVE-2007-2280 CVSS Score: Data missing Affected Vendor: Hewlett-Packard Affected Product: OpenView Data Protector Vulnerability Description: This vulnerability allows remote attackers to execute arbitrary code on vulnerable Hewlett-Packard Storage Data Protector installations. Exploitation does not require authentication. The specific flaw resides in the backup client service daemon (Omnilnet.exe), which binds to TCP port 5555. A stack-based buffer overflow occurs when processing long parameters for the 'MSG_PROTOCOL' command, leading to code execution within the daemon's context. Affected Customer Protection: Trend Micro TippingPoint IPS customers are protected against this vulnerability via the Digital Vaccine protection filter ID '[4786]'. For product details, visit TippingPoint IPS: http://www.tippingpoint.com Additional Details: Hewlett-Packard has released an update to fix this vulnerability. More information is available here: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01124817 Disclosure Timeline: 2006-10-10 - Vulnerability reported to vendor. 2009-12-17 - Coordinated public advisory release. Acknowledgments: Tenable Network Security Aaron Portnoy, TippingPoint DVLabs

Goal Reached Thanks to every supporter — we hit 100%!

HP OpenView Data Protector Omnilnet.exe Remote Buffer Overflow (CVE-2007-2280)