HP Database Archiving Software Multiple Remote Arbitrary Code Execution Vulnerabilities
BID:51205
Info
HP Database Archiving Software Multiple Remote Arbitrary Code Execution Vulnerabilities
| Bugtraq ID: | 51205 |
| Class: | Design Error |
| CVE: |
CVE-2011-4163 CVE-2011-4164 CVE-2011-4165 |
| Remote: | Yes |
| Local: | No |
| Published: | Dec 29 2011 12:00AM |
| Updated: | Jun 25 2012 11:00PM |
| Credit: | AbdulAziz Hariri |
| Vulnerable: |
HP Database Archiving Software 6.31 |
| Not Vulnerable: | |
Discussion
HP Database Archiving Software Multiple Remote Arbitrary Code Execution Vulnerabilities
HP Database Archiving Software is prone to multiple remote code-execution vulnerabilities.
These issues can be exploited to execute arbitrary code in the context of the affected application.
HP Database Archiving Software 6.31 is vulnerable; other versions may also be affected.
HP Database Archiving Software is prone to multiple remote code-execution vulnerabilities.
These issues can be exploited to execute arbitrary code in the context of the affected application.
HP Database Archiving Software 6.31 is vulnerable; other versions may also be affected.
Exploit / POC
HP Database Archiving Software Multiple Remote Arbitrary Code Execution Vulnerabilities
Currently, we are not aware of any exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Currently, we are not aware of any exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution / Fix
HP Database Archiving Software Multiple Remote Arbitrary Code Execution Vulnerabilities
Solution:
Updates are available. Please see the references for details.
Solution:
Updates are available. Please see the references for details.
References
HP Database Archiving Software Multiple Remote Arbitrary Code Execution Vulnerabilities
References:
References:
- HP Database Archiving software Homepage (HP)
- [security bulletin] HPSBMU02731 SSRT100518 rev.1 - HP Database Archiving Softwar (Full Disclosure)
- ZDI-12-088 : HP DataDirect OpenAccess GIOP Opcode 0x0E Remote Code Execution Vul (HP)
- ZDI-12-089 : HP DataDirect OpenAccess GIOP Parsing Remote Code Execution Vulnera (HP)
- ZDI-12-099: DataDirect OpenAccess oaagent.exe GIOP Remote Code Execution Vulnera (HP)