HP OpenView Performance Insight Server Backdoor Account

2011-03-03T00:00:00
ID SAINT:EDEA47E1E827D075C2146A728AAD9C48
Type saint
Reporter SAINT Corporation
Modified 2011-03-03T00:00:00

Description

Added: 03/03/2011
CVE: CVE-2011-0276
BID: 46079
OSVDB: 70754

Background

HP OpenView Performance Insight (OVPI) Server is a management utility that monitors and reports on the performance of services.

Problem

A backdoor account may allow an attacker to execute arbitrary code on the system.

Resolution

Apply patch 5.41.002 piweb HF02.

References

<http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02695453>
<http://secunia.com/advisories/43145>
<http://osvdb.org/70754>
<http://www.securityfocus.com/bid/46079>

Limitations

This exploit works against HP OpenView Performance Insight (OVPI) 5.41.0 on Windows Server 2003 SP2 English (DEP OptOut) and Windows Server 2008 SP1 English (DEP OptOut).

Platforms

Windows