| VID |
23007 |
| Severity |
40 |
| Port |
5555 |
| Protocol |
TCP |
| Class |
OMNIBACK |
| Detailed Description |
HP OpenView OmniBack II is a network backup system and provides the most reliable, high-performance data protection for heterogeneous and Windows-based computing environments. A security vulnerability in the product allows unauthorized remote users to cause the program to execute arbitrary code, allowing compromising of the operating system.
PLATFORM: Windows NT 4.0, Windows 2000, and HP-UX Systems running OmniBack Version 3.00 or later.
* References:
http://www.iss.net/security_center/static/1404.php |
| Recommendation |
Enable the OmniBack security features as described in the Administrator's Guide for version 3.10, Chapter 11, in Section 'Adding Security for Client Access'. For version 3.50 this is described in the 'Installation and Licensing Guide', Chapter 3, Section 'Security Considerations'.
To fully eliminate the problem, install the respective patch on the OmniBack Cell Manager system and on the Installation Server, then distribute the patched binaries to the OmniBack clients using the Client Upgrade action in the OmniBack Manager GUI.
The NT/2000 patch which follows can be obtained at the following site:
http://ovweb.external.hp.com/cpe/patches
OmniBack_00017 - OmniBack version 3.50 on Win NT/2000
while the following HP-UX patches can be obtained from http://itrc.hp.com
PHSS_22914 - OmniBack version 3.50 on HP-UX 10.x
PHSS_22915 - OmniBack version 3.50 on HP-UX 11.x
PHSS_23095 - OmniBack version 3.10 on HP-UX 10.x
PHSS_23096 - OmniBack version 3.10 on HP-UX 11.x
PHSS_23103 - OmniBack version 3.00 on HP-UX 10.x
PHSS_23104 - OmniBack version 3.00 on HP-UX 11.x |
| Related URL |
(CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
