HP OpenView Storage Data Protector is prone to an overflow condition. The Backup Client Service, OmniInet.exe, fails to properly sanitize user-supplied input when processing stutil messages, resulting in a stack-based buffer overflow. With a specially crafted packet sent to TCP port 5555, a remote attacker can potentially execute arbitrary code.

Upgrade to version A.06.20 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

• Security Tracker: 1025454
• CVE ID: 2011-1732 (see also: NVD)
• Secunia Advisory ID: 44402
• Bugtraq ID: 47638
• ISS X-Force ID: 67205
• Related OSVDB ID: 72187 72188 72189 72190 72192 72193 72194 72195
• Vendor Specific Advisory URL: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02810240
• Mail List Post: http://seclists.org/bugtraq/2011/Apr/282
  http://seclists.org/fulldisclosure/2011/Apr/526
• Other Advisory URL: http://www.zerodayinitiative.com/advisories/ZDI-11-148/

• Aniway - Zero Day Initiative (ZDI)