|
Family: Gain root remotely --> Category: infos
HP OpenView Storage Data Protector Backup Agent Remote Arbitrary Command Execution Vulnerability Vulnerability Scan
Vulnerability Scan Summary Checks for Data Protector version
Detailed Explanation for this Vulnerability Test
Synopsis :
It is possible to execute code on the remote host through the backup
agent.
Description :
The remote version of HP OpenView Data Protector is vulnerable to an
authentication bypass vulnerability. By sending specially crafted
requests to the remote host, a possible hacker may be able to execute
unauthorized Backup commands.
Due to the nature of the software, a successful exploitation of this
vulnerability could result in remote code execution.
See also :
http://www.niscc.gov.uk/niscc/docs/br-20060811-00550.html
Solution :
If this service is not needed, disable it or filter incoming traffic
to this port.
HP has released a set of patches for Data Protector 5.10 and 5.50:
http://itrc.hp.com/service/cki/docDisplay.do?docId=c00742778
Threat Level:
None
Click HERE for more information and discussions on this network vulnerability scan.
|