HP OpenView OmniBack directory traversal
Added: 06/06/2006CVE: CVE-2001-0311
BID: 11032
OSVDB: 6018
Background
HP OpenView is a suite of tools for managing networks. The OmniBack component provides backup and restoration capabilities.Problem
A directory traversal vulnerability in the OmniBack service allows a remote attacker to run a command processor outside the defined directory. By specifying the path to a shell interpreter, a remote attacker could gain the ability to execute arbitrary commands.Resolution
Apply the patch referenced in HPSBUX0102-142.References
http://www.securiteam.com/exploits/6M00O150KG.htmlBack to exploit index