HP OpenView Storage Data Protector Backup Agent Arbitrary Remote Command Execution

This script is Copyright (C) 2006-2013 Tenable Network Security, Inc.


Synopsis :

It is possible to execute code on the remote host through the backup
agent.

Description :

The remote version of HP OpenView Data Protector is vulnerable to an
authentication bypass attack. By sending specially crafted requests
to the remote host, an attacker may be able to execute unauthorized
Backup commands. Due to the nature of the software, successful
exploitation of this vulnerability could result in remote code
execution.

See also :

http://www.nessus.org/u?cf5c4b17

Solution :

If this service is not needed, disable it or filter incoming traffic
to this port. Otherwise, apply the set of patches for Data Protector
5.10 and 5.50 referenced in HP's advisory above.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 5.5
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

Family: Gain a shell remotely

Nessus Plugin ID: 22225 (hp_data_protector_bypass.nasl)

Bugtraq ID: 19495

CVE ID: CVE-2006-4201