Info

Disclosure

Feb 28, 2001

Discovery

Unknown

Dates

Exploit

Dec 21, 2000

Solution

Unknown

Description

HP OpenView OmniBack contains a flaw that may allow a remote attacker to gain unauthorized access. The issue is triggered due to an unspecified flaw in the OmniBack client, which may allow a remote attacker to gain administrative access to the system and execute arbitrary commands resulting in a loss of confidentiality and/or integrity.

Classification

Location: Remote / Network Access
Attack Type: Input Manipulation
Impact: Loss of Integrity
Solution: Patch / RCS
Exploit: Exploit Public, Exploit Commercial
Disclosure: OSVDB Verified, Vendor Verified

Solution

Currently, there are no known workarounds or upgrades to correct this issue. However, Hewlett-Packard has released a patch to address this vulnerability.

Products

Hewlett-Packard Development Company, L.P.	OpenView OmniBack	3.50
		3.10
		3.00

References

Bugtraq ID: 11032
Milw0rm: 1114
Exploit Database: 1114
CVE ID: 2001-0311 (see also: NVD)
Metasploit ID: 6018
ISS X-Force ID: 6434
Keyword: HPSBUX0102-142
Generic Exploit URL: http://metasploit.com/projects/Framework/exploits.html#openview_omniback
http://www.saintcorporation.com/cgi-bin/exploit_info/omniback_dir_traversal
Vendor URL: http://www.managementsoftware.hp.com/
Other Advisory URL: http://www.securiteam.com/exploits/6M00O150KG.html
Vendor Specific Advisory URL: http://www.securityfocus.com/advisories/3160

Credit

DiGiT - teddilinux.is -

Direct URL: http://osvdb.org/6018

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

Hewlett-Packard Development Company, L.P.

OpenView OmniBack

References

Credit