Search:

August 2006

NISCC Vulnerability Advisory 412866/NISCC/OPENVIEW

ID: 00550
Ref: 527/2006
Date: 11 August 2006:14:01:24
Version: 1

Title: NISCC Vulnerability Advisory 412866/NISCC/OPENVIEW
Abstract: Vulnerability Issues with HP OpenView Storage Data Protector
Vendors affected: Hewlett Packard
Operating systems affected: Hewlett Packard
Applications affected: Hewlett Packard

Title
=====

NISCC Vulnerability Advisory 412866/NISCC/OPENVIEW

Detail
======

Vulnerability Issues with HP OpenView Storage Data Protector

Version Information
- -------------------
Advisory Reference 412866/NISCC/OPENVIEW
Release Date 11 August 2006
Last Revision 11 August 2006
Version Number 1.0

What is affected?
- -----------------
The following products are affected:

- - HP OpenView Storage Data Protector 5.1 on Linux
- - HP OpenView Storage Data Protector 5.5 on Linux

Please note that installation on other operating systems may also be affected.

Impact
- ------
If exploited, this vulnerability could potentially allow arbitrary code to be executed.

Severity
- --------
High

Summary
- -------
This vulnerability concerns HP OpenView Storage Data Protector for Linux. The HP OpenView Storage Data Protector is a piece of software that manages backup and recovery from both disks and tapes.

The vulnerability is located in the backup agent installed on clients that will be backed up.

Hewlett-Packard (HP) is aware of this vulnerability and has produced patches to address the problem. Please see 'Solution' for details on patches required to address this flaw.

Details
- -------
HP OpenView Storage Data Protector uses a proprietary protocol to communicate between the central backup server (Cell Manager) and backup agents.

The vulnerability is a combination of bad authentication mechanisms and non-validation of input data. By manipulating certain fields in the proprietary protocol, it is possible to pass commands to the backup agents even without being authenticated first.

Although only predefined commands can in principle be interpreted, but due to the lack of input validation of the commands, any in reality can be sent and executed with the same privileges as that of the program.

Mitigation
- ----------
It is possible to protect against the vulnerability by adding the address of the Cell Manager into the 'allow_hosts' file on the backup agents.

Solution
- --------
Patches are available from HP. Please contact them for details on how you can obtain the required patches.

Vendor Information
- ------------------
Hewlett-Packard was founded in 1939 by Stanford University classmates Bill Hewlett and Dave Packard. HP's headquarter is based in USA, but operates in more than 170 countries around the world. HP provides infrastructure and business offerings that span from handheld devices to supercomputer installations. HP also offers consumers a wide range of products and services from digital photography to digital entertainment and from computing to home printing.

For further information about HP, please visit their website at http://www.hp.com.

Credits
- -------
The NISCC Vulnerability Management Team would like to thank HP for their co-operation and assistance in the handling of this vulnerability.

Contact Information
- -------------------
The NISCC Vulnerability Management Team can be contacted as follows:

Email vulteam@niscc.gov.uk
Please quote the advisory reference in the subject line

Telephone +44 (0)870 487 0748 Ext 4511
Monday - Friday 08:30 - 17:00

Fax +44 (0)870 487 0749

Post Vulnerability Management Team
NISCC
PO Box 832
London
SW1P 1BG