|
|
|||
| Rule General Information |
|---|
| Release Date: | 2019-12-17 | |
| Rule Name: | HPE Data Protector EXEC_BAR username Buffer Overflow Vulnerability -3 (CVE-2016-2005) | |
| Severity: | ||
| CVE ID: | ||
| Rule Protection Details |
|---|
| Description: | A buffer overflow vulnerability has been found in the OmniInet.exe component of HPE Data Protector. This vulnerability is due to lack of boundary checks on the username field in EXEC_BAR requests. A remote, unauthenticated attacker could exploit this vulnerability by sending malformed requests to the HPE Data Protector OmniInet.exe service. Successful exploitation could lead to arbitrary code execution under the security context of SYSTEM. The following versions are affected: HPE Data Protector before 7.03_108, 8.x before 8.15, and 9.x before 9.06. | |
| Impact: | A buffer overflow vulnerability can be triggered by an attacker in the context of the vulnerable product. Further attacks includes arbitrary code execution and denial of service. | |
| Affected OS: | Windows, Others | |
| Reference: | SecurityTrackerID:1035631 ZeroDayInitiative:ZDI-16-245 https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05085988 |
|
| Solutions |
|---|
| The vendors have released upgrade patches to fix vulnerabilities, please visit: http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05085988 |