Multiple Remote Code Execution Vulnerabilities in HP Data Protector Express

Multiple Remote Code Execution Vulnerabilities in HP Data Protector Express

Release date: 2012-03-13
Updated on:

Affected Systems:
HP Data Protector 6.0.01 0
HP Data Protector 6.0.00 0
HP Data Protector 5.0.01 0
HP Data Protector 5.0.00 0
Unaffected system:
HP Data Protector 6.0.01 build 13958 0
HP Data Protector 6.0.00 build 11974 0
HP Data Protector 5.0.01 build 70262 0
HP Data Protector 5.0.00 build 59287 0
Description:
--------------------------------------------------------------------------------
Bugtraq id: 52431
CVE (CAN) ID: CVE-2012-0121, CVE-2012-0122, CVE-2012-0123, CVE-2012-0124

HP Data Protector Express is designed for backup and recovery and provides security protection for Data, applications, and systems.

Multiple code execution vulnerabilities exist in HP Data Protector Express 5.0.00 build 59287 and versions earlier than 6.0.00 build 11974. After successful exploitation, attackers can execute arbitrary code with system-level permissions.

<* Source: e6af8de8b1d4b2b6d5ba2610cbf9cd38

Link: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp? ObjectID = c03229235
*>

Suggestion:
--------------------------------------------------------------------------------
Vendor patch:

HP
--
HP has released a Security Bulletin (HPSBMU02746) for this purpose and the corresponding patch:

HPSBMU02746: HPSBMU02746 SSRT100781 rev.1-HP Data Protector Express, Remote Denial of Service (DoS), Execution of Arbitrary Code
Link: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp? ObjectID = c03229235