| VID |
23175 |
| Severity |
40 |
| Port |
5555 |
| Protocol |
TCP |
| Class |
Daemon |
| Detailed Description |
The HP OpenView Storage Data Protector, according to its version number, has an authentication bypass vulnerability. HP OpenView Storage Data Protector 5.1 and 5.5 could allow a remote attacker to execute arbitrary commands on the affected system, caused due to a combination of an input validation error and a bad authentication mechanism in the backup agents when communicating with the central backup server (Cell Manager). A remote attacker could exploit this vulnerability to pass and execute arbitrary commands to the backup agents without being authenticated by manipulating certain fields used by the proprietary protocol.
* References:
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c00742778
http://archives.neohapsis.com/archives/bugtraq/2006-08/0273.html
http://www.niscc.gov.uk/niscc/docs/br-20060811-00550.html
http://secunia.com/advisories/21485/
http://www.uniras.gov.uk/niscc/docs/re-20060811-00547.pdf?lang=en
* Platforms Affected:
HP OpenView Storage Data Protector 5.1, 5.5
HP-UX Any version
IBM AIX Any version
Linux Any version
Microsoft Windows NT 4.0, 2000 Server, XP
Sun Solaris Any version |
| Recommendation |
Apply the appropriate patch for Data Protector 5.10 or 5.50, as listed in Hewlett-Packard Company Security Bulletin HPSBMA02138 SSRT061184 at http://itrc.hp.com/service/cki/docDisplay.do?docId=c00742778 |
| Related URL |
CVE-2006-4201 (CVE) |
| Related URL |
19495 (SecurityFocus) |
| Related URL |
28348 (ISS) |
|
