‘Hewlett-Packard Data Protector Client EXEC_CMD omni_chk_ds.sh Code Execution Vulnerability’

Summary

This vulnerability allows an attacker to execute remote code on vulnerable installations of the Hewlett-Packard Data Protector client.’

Credit:

‘The original article can be found at: http://www.zerodayinitiative.com/advisories/ZDI-11-054/


Details

Vulnerable Systems:
 * Hewlett-Packard Data Protector

User interaction is not required to exploit this vulnerability.

The specific flaw exists within the filtering of the EXEC_CMD command. The Data Protector client only verifies file names, not their contents. By supplying malicious code within specific script files, arbitrary code execution is possible under the context of the current user.

CVE Information:
CVE-2011-0924

Disclosure Timeline:
2009-01-26 – Vulnerability reported to vendor
2011-02-07 – Coordinated public release of advisory’

Categories: UNIX