Published: 09/02/2011 Updated: 23/08/2016

CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10

VMScore: 1000

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

The client in HP Data Protector does not properly validate EXEC_CMD arguments, which allows remote malicious users to execute arbitrary Perl code via a crafted command, related to the "local bin directory."

Vulnerable Product	Search on Vulmon	Subscribe to Product
hp data protector

#!/bin/bash # Exploit Title: HP Data Protector Remote Root Shell for Linux # Date: 2011-08-10 # Author: SZ # Software Link:www8hpcom/us/en/software/software- # producthtml?compURI=tcm:245-936920&pageTitle=data-protector # Version: 09 # Tested on: HP-UX, Linux # CVE: CVE-2011-0923 # Notes: ZDI-11-055 # Reference: wwwzerodayini ...

# Exploit Title: HP Data Protector Client EXEC_CMD Remote Code Execution Vulnerability PoC (ZDI-11-055) # Date: 2011-05-28 # Author: @fdiskyou # e-mail: rui at deniableorg # Version: 611 # Tested on: Windows 2003 Server SP2 en # CVE: CVE-2011-0923 # Notes: ZDI-11-055 # Reference: wwwzerodayinitiativecom/advisories/ZDI-11-055/ # Reference ...

#!/bin/bash # Exploit Title: HP Data Protector Remote Shell for HPUX # Date: 2011-08-02 # Author: Adrian Puente Z # Software Link:www8hpcom/us/en/software/software- # producthtml?compURI=tcm:245-936920&pageTitle=data-protector # Version: 09 # Tested on: HPUX # CVE: CVE-2011-0923 # Notes: ZDI-11-055 # Reference: wwwzerodayin ...

""" HP Data Protector Arbitrary Remote Command Execution This script allows to execute a command with an arbitrary number of arguments The trick calls 'perlexe' interpreter installed with HP Data Protector inside the directory {install_path}/bin/ The main goal of the script is to bypass the limitation of executing only a single command without ...

## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions Please see the Metasploit # Framework web site for more information on licensing and terms of use # metasploitcom/framework/ ## require 'msf/core' class Metasploit3 < Msf::Exploit::Remote Rank = ExcellentRanking ...

HP Data Protector Client remote code execution proof of concept exploit ...

This python script allows execution of a command with an arbitrary number of arguments The trick calls 'perlexe' interpreter installed with HP Data Protector inside the directory {install_path}/bin/ The main goal of the script is to bypass the limitation of executing only a single command without any parameter, as provided by already existing ex ...

HP Data Protector remote shell for HP-UX that leverages improper filtering of arguments to the EXEC_CMD command ...

CWE-20 http://www.securityfocus.com/bid/46234 http://zerodayinitiative.com/advisories/ZDI-11-055/http://www.vupen.com/english/advisories/2011/0308 http://dvlabs.tippingpoint.com/blog/2011/02/07/zdi-disclosure-hp http://securityreason.com/securityalert/8261 http://securityreason.com/securityalert/8329 http://securityreason.com/securityalert/8323 http://marc.info/?l=bugtraq&m=130391284726795&w=2 https://nvd.nist.gov https://www.exploit-db.com/exploits/17648/

CVE-2011-0923

Vulnerability Summary

Vulnerability Trend

Exploits

References

Vulmon Search

About

Products

Connect