Family: Gain root remotely --> Category: infos
HP OpenView Storage Data Protector Backup Agent Remote Arbitrary Command Execution Vulnerability Vulnerability Scan
Vulnerability Scan Summary
Checks for Data Protector version
Detailed Explanation for this Vulnerability Test
It is possible to execute code on the remote host through the backup
The remote version of HP OpenView Data Protector is vulnerable to an
authentication bypass vulnerability. By sending specially crafted
requests to the remote host, a possible hacker may be able to execute
unauthorized Backup commands.
Due to the nature of the software, a successful exploitation of this
vulnerability could result in remote code execution.
See also :
If this service is not needed, disable it or filter incoming traffic
to this port.
HP has released a set of patches for Data Protector 5.10 and 5.50:
Click HERE for more information and discussions on this network vulnerability scan.