HP OpenView OmniBack directory traversal

Added: 06/06/2006
CVE: CVE-2001-0311
BID: 11032
OSVDB: 6018

Background

HP OpenView is a suite of tools for managing networks. The OmniBack component provides backup and restoration capabilities.

Problem

A directory traversal vulnerability in the OmniBack service allows a remote attacker to run a command processor outside the defined directory. By specifying the path to a shell interpreter, a remote attacker could gain the ability to execute arbitrary commands.

Resolution

Apply the patch referenced in HPSBUX0102-142.

References

http://www.securiteam.com/exploits/6M00O150KG.html

Back to exploit index