{"vuid":"VU#673228","idnumber":"673228","name":"HP OpenView Storage Data Protector may allow an attacker to execute arbitrary commands","keywords":["HP","OpenView","Storage Data Protector","arbitrary command execution","remote unauthorized user","central backup server","Cell Manager","backup"],"overview":"A vulnerability in HP OpenView Storage Data Protector may allow an attacker to issue arbitrary commands on an affected system.","clean_desc":"HP Openview\nHP Openview is a range of products, distributed and developed by Hewlett Packard, that are used for enterprise system and network monitoring. HP OpenView Storage Data Protector\nHP OpenView Storage Data Protector manages backup and recovery processes across local networks and storage area networks (SAN). The software uses a proprietary protocol for communications between the central backup server (Cell Manager) and clients (Agents). The problem\nOn HP OpenView Storage Data Protector 5.1 and 5.5, it may be possible for an attacker to create a specially crafted packet that will pass commands to the backup agents with no authentication or input validation.","impact":"A remote, unauthenticated attacker may be able execute arbitrary commands on the backup agents with system privileges.","resolution":"Apply a patch from the vendor\nHP has released patches to address this issue. Please see the systems affected section of this document for more information.","workarounds":"Restrict access\nRestricting network access to the backup agents may mitigate this vulnerability. The Administrator's Guide provides instructions on configuring the HP OpenView Storage Data Protector software.","sysaffected":"","thanks":"This vulnerability was originally reported by \nNISCC","author":"This document was written by Ryan Giobbi.","public":["http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c00742778&jumpid=reg_R1002_USEN","http://itrc.hp.com/service/cki/docDisplay.do?docId=c00742778","http://www.uniras.gov.uk/niscc/docs/re-20060811-00547.pdf?lang=en","http://secunia.com/advisories/21485/","http://h20000.www2.hp.com/bc/docs/support/SupportManual/c00663793/c00663793.pdf"],"cveids":["CVE-2006-4201"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2006-08-23T13:41:06Z","publicdate":"2006-08-14T00:00:00Z","datefirstpublished":"2006-08-23T19:42:23Z","dateupdated":"2007-01-12T21:39:30Z","revision":28,"vrda_d1_directreport":"0","vrda_d1_population":"2","vrda_d1_impact":"2","cam_widelyknown":"11","cam_exploitation":"0","cam_internetinfrastructure":"9","cam_population":"2","cam_impact":"11","cam_easeofexploitation":"6","cam_attackeraccessrequired":"19","cam_scorecurrent":"0.9405","cam_scorecurrentwidelyknown":"1.363725","cam_scorecurrentwidelyknownexploited":"2.304225","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":0.9405,"vulnote":null}