HP Data Protector remote shell for HP-UX that leverages improper filtering of arguments to the EXEC_CMD command.
6138083e044eab7159ad69d78d1317b09b2c2cab7f6ff4f168534e4b35537ed8Zero Day Initiative Advisory 11-055 - This vulnerability allows an attacker to execute remote code on vulnerable installations of the Hewlett-Packard Data Protector client. User interaction is not required to exploit this vulnerability. The specific flaw exists within the filtering of arguments to the EXEC_CMD command. The Data Protector client allows remote connections to execute files within it's local bin directory. By supplying maliciously crafted input to the EXEC_CMD a remote attacker can interact with a Perl interpreter and execute arbitrary code under the context of the current user.
885f54a9069da9e9cb634791db785c52c386d15c8de917dbaf539b1ddf1c0b01
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed