HP OpenView OmniBack directory traversal

2006-06-06T00:00:00
ID SAINT:1ED0723862091DC1E551B54F686C85F2
Type saint
Reporter SAINT Corporation
Modified 2006-06-06T00:00:00

Description

Added: 06/06/2006
CVE: CVE-2001-0311
BID: 11032
OSVDB: 6018

Background

HP OpenView is a suite of tools for managing networks. The OmniBack component provides backup and restoration capabilities.

Problem

A directory traversal vulnerability in the OmniBack service allows a remote attacker to run a command processor outside the defined directory. By specifying the path to a shell interpreter, a remote attacker could gain the ability to execute arbitrary commands.

Resolution

Apply the patch referenced in HPSBUX0102-142.

References

<http://www.securiteam.com/exploits/6M00O150KG.html>