HP OpenView Radia Management Portal Management Agent Arbitrary Command Execution

2005-04-28T10:14:52
ID OSVDB:15960
Type osvdb
Reporter Dominic Beecher(dominic@ngssoftware.com), David Morgan(davidm@ngssoftware.com)
Modified 2005-04-28T10:14:52

Description

Vulnerability Description

HP OpenView Radia Management Portal contains a flaw that allows a remote attacker to execute arbitrary commands. The issue is due to the Management Agent service not properly sanitizing user-supplied input. With a specially crafted packet, a remote attacker could traverse out of the C:\Program Files\Novadigm directory and execute arbitrary commands with LOCAL system privileges resulting in a loss of integrity.

Solution Description

Currently, there are no known workarounds or upgrades to correct this issue. However, Hewlett-Packard has released a patch to address this vulnerability.

Short Description

HP OpenView Radia Management Portal contains a flaw that allows a remote attacker to execute arbitrary commands. The issue is due to the Management Agent service not properly sanitizing user-supplied input. With a specially crafted packet, a remote attacker could traverse out of the C:\Program Files\Novadigm directory and execute arbitrary commands with LOCAL system privileges resulting in a loss of integrity.

References:

Vendor URL: http://www.hp.com/ Vendor Specific Advisory URL Vendor Specific Advisory URL Security Tracker: 1013829 Secunia Advisory ID:15089 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-07/0472.html Mail List Post: http://archives.neohapsis.com/archives/vulnwatch/2005-q2/0025.html Keyword: HPSBMA01138 CVE-2005-1370