HP OpenView Storage Data Protector Remote Arbitrary Command Execution Vulnerability

Bugtraq ID:	18095
Class:	Input Validation Error
CVE:	CVE-2006-2579
Remote:	Yes
Local:	No
Published:	May 24 2006 12:00AM
Updated:	Jun 27 2007 08:28PM
Credit:	The vendor disclosed this issue.
Vulnerable:	HP OpenView Storage Data Protector 5.5 HP OpenView Storage Data Protector 5.5 HP OpenView Storage Data Protector 5.5 HP OpenView Storage Data Protector 5.1
Not Vulnerable:

HP OpenView Storage Data Protector Remote Arbitrary Command Execution Vulnerability

HP OpenView Storage Data Protector is prone to an arbitrary command-execution vulnerability.

Attackers can exploit this vulnerability to execute arbitrary commands in the context of the affected process. This may aid attackers in the compromise of the underlying system; other attacks are also possible.

HP OpenView Storage Data Protector Remote Arbitrary Command Execution Vulnerability

Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected]

HP OpenView Storage Data Protector Remote Arbitrary Command Execution Vulnerability

Solution:
The vendor has released an advisory along with fixes to address this issue. Please see the referenced advisory for further information on obtaining and applying fixes.

HP OpenView Storage Data Protector Remote Arbitrary Command Execution Vulnerability

References:

• HPSBMA02138 SSRT061184 rev.1 - HP OpenView Storage (HP)
  
• OpenView Storage Data Protector Product Page (HP)