TITLE: HP OpenView Storage Data Protector Arbitrary Command Execution SECUNIA ADVISORY ID: SA20196 VERIFY ADVISORY: http://secunia.com/advisories/20196/ CRITICAL: Moderately critical IMPACT: System access WHERE: >From local network SOFTWARE: HP OpenView Storage Data Protector 5.x http://secunia.com/product/2636/ DESCRIPTION: A vulnerability has been reported in HP OpenView Storage Data Protector, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to an unspecified error. This can be exploited by malicious people to execute arbitrary commands. The vulnerability has been reported in version 5.1 and 5.5 running on HP-UX, IBM AIX, Linux, Microsoft Windows, and Solaris. SOLUTION: Apply patches. (See vendor's advisory for installation instructions) ftp://ss061157:ss061157@hprc.external.hp.com/ ftp://ss061157:ss061157@192.170.19.100/ HP OpenView Storage Data Protector 5.1 for HP-UX, IBM AIX, and Linux: SSPUX510_091.shar md5 sum: 4d3c046c57c0d1d5e157ad669d5a7fcd HP OpenView Storage Data Protector 5.1 for Solaris: SSPSOL510_017.shar md5 sum: baf1abe0c6a3d94746e0ba5eaa6cfee0 HP OpenView Storage Data Protector 5.1 for Windows: SSPNT510_080.exe md5 sum: 60cd226ccad50a7eb88ce8cd1962e141 SSPNT510_080.txt md5 sum: 4235f1c22b2964e38c3ff9d868c6bc8e HP OpenView Storage Data Protector 5.5 for HP-UX, IBM AIX, and Linux: SSPUX550_108.shar md5 sum: 3ebe295708b80a50425e7eff06f65c52 HP OpenView Storage Data Protector 5.5 for Solaris: SSPSOL550_030.shar md5 sum: 0f9a9e8c2308dd0d067e50e9d0f9cef4 HP OpenView Storage Data Protector 5.5 for Windows: SSPNT550_110.exe md5 sum: 978425b36b2964fecc841b0366b95b83 SSPNT550_110.txt md5 sum: 2fb38e4db600380235cb02edc4b0774e PROVIDED AND/OR DISCOVERED BY: Reported by vendor. ORIGINAL ADVISORY: HPSBMA02121 SSRT061157: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00671912 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------