CVE-2011-0923 - Vulnerability Details - OpenCVE

The client in HP Data Protector does not properly validate EXEC_CMD arguments, which allows remote attackers to execute arbitrary Perl code via a crafted command, related to the "local bin directory."

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Hp	Data Protector

Configuration 1 [-]

cpe:2.3:a:hp:data_protector:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://dvlabs.tippingpoint.com/blog/2011/02/07/zdi-disclosure-hp
http://marc.info/?l=bugtraq&m=130391284726795&w=2
http://securityreason.com/securityalert/8261
http://securityreason.com/securityalert/8323
http://securityreason.com/securityalert/8329
http://www.securityfocus.com/bid/46234
http://www.vupen.com/english/advisories/2011/0308
http://zerodayinitiative.com/advisories/ZDI-11-055/

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2011-02-09T00:00:00

Updated: 2024-08-06T22:05:54.391Z

Reserved: 2011-02-08T00:00:00

Link: CVE-2011-0923

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2011-02-09T01:00:09.760

Modified: 2025-04-11T00:51:21.963

Link: CVE-2011-0923

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2011-02-07T00:00:00", "descriptions": [{"lang": "en", "value": "The client in HP Data Protector does not properly validate EXEC_CMD arguments, which allows remote attackers to execute arbitrary Perl code via a crafted command, related to the \"local bin directory.\""}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2016-08-19T15:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "http://dvlabs.tippingpoint.com/blog/2011/02/07/zdi-disclosure-hp"}, {"name": "SSRT100441", "tags": ["vendor-advisory", "x_refsource_HP"], "url": "http://marc.info/?l=bugtraq&m=130391284726795&w=2"}, {"name": "8261", "tags": ["third-party-advisory", "x_refsource_SREASON"], "url": "http://securityreason.com/securityalert/8261"}, {"name": "ADV-2011-0308", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2011/0308"}, {"name": "HPSBMA02654", "tags": ["vendor-advisory", "x_refsource_HP"], "url": "http://marc.info/?l=bugtraq&m=130391284726795&w=2"}, {"name": "8323", "tags": ["third-party-advisory", "x_refsource_SREASON"], "url": "http://securityreason.com/securityalert/8323"}, {"tags": ["x_refsource_MISC"], "url": "http://zerodayinitiative.com/advisories/ZDI-11-055/"}, {"name": "8329", "tags": ["third-party-advisory", "x_refsource_SREASON"], "url": "http://securityreason.com/securityalert/8329"}, {"name": "46234", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/46234"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2011-0923", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The client in HP Data Protector does not properly validate EXEC_CMD arguments, which allows remote attackers to execute arbitrary Perl code via a crafted command, related to the \"local bin directory.\""}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://dvlabs.tippingpoint.com/blog/2011/02/07/zdi-disclosure-hp", "refsource": "MISC", "url": "http://dvlabs.tippingpoint.com/blog/2011/02/07/zdi-disclosure-hp"}, {"name": "SSRT100441", "refsource": "HP", "url": "http://marc.info/?l=bugtraq&m=130391284726795&w=2"}, {"name": "8261", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/8261"}, {"name": "ADV-2011-0308", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2011/0308"}, {"name": "HPSBMA02654", "refsource": "HP", "url": "http://marc.info/?l=bugtraq&m=130391284726795&w=2"}, {"name": "8323", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/8323"}, {"name": "http://zerodayinitiative.com/advisories/ZDI-11-055/", "refsource": "MISC", "url": "http://zerodayinitiative.com/advisories/ZDI-11-055/"}, {"name": "8329", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/8329"}, {"name": "46234", "refsource": "BID", "url": "http://www.securityfocus.com/bid/46234"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T22:05:54.391Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://dvlabs.tippingpoint.com/blog/2011/02/07/zdi-disclosure-hp"}, {"name": "SSRT100441", "tags": ["vendor-advisory", "x_refsource_HP", "x_transferred"], "url": "http://marc.info/?l=bugtraq&m=130391284726795&w=2"}, {"name": "8261", "tags": ["third-party-advisory", "x_refsource_SREASON", "x_transferred"], "url": "http://securityreason.com/securityalert/8261"}, {"name": "ADV-2011-0308", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2011/0308"}, {"name": "HPSBMA02654", "tags": ["vendor-advisory", "x_refsource_HP", "x_transferred"], "url": "http://marc.info/?l=bugtraq&m=130391284726795&w=2"}, {"name": "8323", "tags": ["third-party-advisory", "x_refsource_SREASON", "x_transferred"], "url": "http://securityreason.com/securityalert/8323"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://zerodayinitiative.com/advisories/ZDI-11-055/"}, {"name": "8329", "tags": ["third-party-advisory", "x_refsource_SREASON", "x_transferred"], "url": "http://securityreason.com/securityalert/8329"}, {"name": "46234", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/46234"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2011-0923", "datePublished": "2011-02-09T00:00:00", "dateReserved": "2011-02-08T00:00:00", "dateUpdated": "2024-08-06T22:05:54.391Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:hp:data_protector:*:*:*:*:*:*:*:*", "matchCriteriaId": "BA2D6151-9F6C-4A0B-8A46-E53E65AFADA3", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The client in HP Data Protector does not properly validate EXEC_CMD arguments, which allows remote attackers to execute arbitrary Perl code via a crafted command, related to the \"local bin directory.\""}, {"lang": "es", "value": "El cliente de HP Data Protector no valida correctamente los argumentos de EXEC_CMD, que permite a atacantes remotos ejecutar c\u00f3digo Perl a trav\u00e9s de un comando manipulado, relacionado con el \"directorio local bin\""}], "id": "CVE-2011-0923", "lastModified": "2025-04-11T00:51:21.963", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2011-02-09T01:00:09.760", "references": [{"source": "cve@mitre.org", "url": "http://dvlabs.tippingpoint.com/blog/2011/02/07/zdi-disclosure-hp"}, {"source": "cve@mitre.org", "url": "http://marc.info/?l=bugtraq&m=130391284726795&w=2"}, {"source": "cve@mitre.org", "url": "http://marc.info/?l=bugtraq&m=130391284726795&w=2"}, {"source": "cve@mitre.org", "url": "http://securityreason.com/securityalert/8261"}, {"source": "cve@mitre.org", "url": "http://securityreason.com/securityalert/8323"}, {"source": "cve@mitre.org", "url": "http://securityreason.com/securityalert/8329"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/46234"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2011/0308"}, {"source": "cve@mitre.org", "url": "http://zerodayinitiative.com/advisories/ZDI-11-055/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://dvlabs.tippingpoint.com/blog/2011/02/07/zdi-disclosure-hp"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=bugtraq&m=130391284726795&w=2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=bugtraq&m=130391284726795&w=2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securityreason.com/securityalert/8261"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securityreason.com/securityalert/8323"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securityreason.com/securityalert/8329"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/46234"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2011/0308"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://zerodayinitiative.com/advisories/ZDI-11-055/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}