ID CVE-2013-2333
Summary Unspecified vulnerability in HP Storage Data Protector 6.20, 6.21, 7.00, and 7.01 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1680.
References
Vulnerable Configurations
  • HP Storage Data Protector 6.20 for HP-UX
    cpe:2.3:a:hp:storage_data_protector:6.20:-:-:-:-:hp-ux
  • HP Storage Data Protector 6.21 for HP-UX
    cpe:2.3:a:hp:storage_data_protector:6.21:-:-:-:-:hp-ux
  • HP Storage Data Protector 6.20 for Windows Server 2003
    cpe:2.3:a:hp:storage_data_protector:6.20:-:-:-:-:windows_server_2003
  • HP Storage Data Protector 6.21 for Windows Server 2003
    cpe:2.3:a:hp:storage_data_protector:6.21:-:-:-:-:windows_server_2003
  • HP Storage Data Protector 6.20 for Windows Server 2008
    cpe:2.3:a:hp:storage_data_protector:6.20:-:-:-:-:windows_server_2008
  • HP Storage Data Protector 6.21 for Windows Server 2008
    cpe:2.3:a:hp:storage_data_protector:6.21:-:-:-:-:windows_server_2008
  • HP Storage Data Protector 6.20 for RedHat Enterprise Linux
    cpe:2.3:a:hp:storage_data_protector:6.20:-:-:-:-:redhat_enterprise_linux
  • HP Storage Data Protector 6.21 for RedHat Enterprise Linux
    cpe:2.3:a:hp:storage_data_protector:6.21:-:-:-:-:redhat_enterprise_linux
  • HP Storage Data Protector 6.20 for SUSE Linux
    cpe:2.3:a:hp:storage_data_protector:6.20:-:-:-:-:suse_linux
  • HP Storage Data Protector 6.21 for SUSE Linux
    cpe:2.3:a:hp:storage_data_protector:6.21:-:-:-:-:suse_linux
  • HP Storage Data Protector 6.20 for Solaris (SunOS)
    cpe:2.3:a:hp:storage_data_protector:6.20:-:-:-:-:sunos
  • HP Storage Data Protector 6.21 for Solaris (SunOS)
    cpe:2.3:a:hp:storage_data_protector:6.21:-:-:-:-:sunos
  • HP Storage Data Protector 7.00 for HP-UX
    cpe:2.3:a:hp:storage_data_protector:7.00:-:-:-:-:hp-ux
  • HP Storage Data Protector 7.01 for HP-UX
    cpe:2.3:a:hp:storage_data_protector:7.01:-:-:-:-:hp-ux
  • HP Storage Data Protector 7.00 for Windows Server 2003
    cpe:2.3:a:hp:storage_data_protector:7.00:-:-:-:-:windows_server_2003
  • HP Storage Data Protector 7.01 for Windows Server 2003
    cpe:2.3:a:hp:storage_data_protector:7.01:-:-:-:-:windows_server_2003
  • HP Storage Data Protector 7.00 for Windows Server 2008
    cpe:2.3:a:hp:storage_data_protector:7.00:-:-:-:-:windows_server_2008
  • HP Storage Data Protector 7.01 for Windows Server 2008
    cpe:2.3:a:hp:storage_data_protector:7.01:-:-:-:-:windows_server_2008
  • HP Storage Data Protector 7.00 for RedHat Enterprise Linux
    cpe:2.3:a:hp:storage_data_protector:7.00:-:-:-:-:redhat_enterprise_linux
  • HP Storage Data Protector 7.01 for RedHat Enterprise Linux
    cpe:2.3:a:hp:storage_data_protector:7.01:-:-:-:-:redhat_enterprise_linux
  • HP Storage Data Protector 7.00 for SUSE Linux
    cpe:2.3:a:hp:storage_data_protector:7.00:-:-:-:-:suse_linux
  • HP Storage Data Protector 7.01 for SUSE Linux
    cpe:2.3:a:hp:storage_data_protector:7.01:-:-:-:-:suse_linux
CVSS
Base: 10.0 (as of 06-06-2013 - 12:40)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
exploit-db via4
description HP Data Protector Cell Request Service Buffer Overflow. CVE-2013-2333. Remote exploit for windows platform
id EDB-ID:28973
last seen 2016-02-03
modified 2013-10-15
published 2013-10-15
reporter metasploit
source https://www.exploit-db.com/download/28973/
title HP Data Protector Cell Request Service Buffer Overflow
metasploit via4
description This module exploits a stack-based buffer overflow in the Hewlett-Packard Data Protector product. The vulnerability, due to the insecure usage of _swprintf, exists at the Cell Request Service (crs.exe) when parsing packets with opcode 211. This module has been tested successfully on HP Data Protector 6.20 and 7.00 on Windows XP SP3.
id MSF:EXPLOIT/WINDOWS/MISC/HP_DATAPROTECTOR_CRS
last seen 2019-03-23
modified 2017-07-24
published 2013-10-10
reliability Normal
reporter Rapid7
source https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/misc/hp_dataprotector_crs.rb
title HP Data Protector Cell Request Service Buffer Overflow
nessus via4
NASL family Misc.
NASL id HP_DATA_PROTECTOR_HPSBMU02833.NASL
description According to its version and build number, the remote instance of HP Data Protector is affected by multiple stack-based buffer overflow conditions in crs.exe when parsing various opcodes. A remote, unauthenticated attacker can exploit these to execute arbitrary code in the context of the SYSTEM user or have other unspecified impact.
last seen 2019-02-21
modified 2018-11-15
plugin id 66849
published 2013-06-10
reporter Tenable
source https://www.tenable.com/plugins/index.php?view=single&id=66849
title HP Data Protector Multiple RCE Vulnerabilities
packetstorm via4
data source https://packetstormsecurity.com/files/download/123604/hp_dataprotector_crs.rb.txt
id PACKETSTORM:123604
last seen 2016-12-05
published 2013-10-14
reporter juan vazquez
source https://packetstormsecurity.com/files/123604/HP-Data-Protector-Cell-Request-Service-Buffer-Overflow.html
title HP Data Protector Cell Request Service Buffer Overflow
refmap via4
hp
  • HPSBMU02883
  • SSRT101053
  • SSRT101227
saint via4
bid 60309
description HP Data Protector CRS Opcode 211 Stack Buffer Overflow
osvdb 93867
title hp_data_protector_opcode_211
type remote
Last major update 06-06-2013 - 00:00
Published 06-06-2013 - 09:02
Back to Top