Vulnerability Scanning Solutions, LLC.
Home
Our Process
Residential
Corporate
What We Scan For
Sample Report
Client List
Terms
Contact Us
What We Scan For
Family: Gain root remotely --> Category: infos

HP OpenView Storage Data Protector Backup Agent Remote Arbitrary Command Execution Vulnerability Vulnerability Scan


Vulnerability Scan Summary
Checks for Data Protector version

Detailed Explanation for this Vulnerability Test

Synopsis :

It is possible to execute code on the remote host through the backup
agent.

Description :

The remote version of HP OpenView Data Protector is vulnerable to an
authentication bypass vulnerability. By sending specially crafted
requests to the remote host, a possible hacker may be able to execute
unauthorized Backup commands.
Due to the nature of the software, a successful exploitation of this
vulnerability could result in remote code execution.

See also :

http://www.niscc.gov.uk/niscc/docs/br-20060811-00550.html

Solution :

If this service is not needed, disable it or filter incoming traffic
to this port.
HP has released a set of patches for Data Protector 5.10 and 5.50:

http://itrc.hp.com/service/cki/docDisplay.do?docId=c00742778

Threat Level:

None

Click HERE for more information and discussions on this network vulnerability scan.

VSS, LLC.

P.O. Box 827051

Pembroke Pines, FL 33082-7051

Vulnerability Scanning Solutions, LLC.