Command Execution Vulnerability in HP OpenView Client
CVE-2006-5782

Currently unrated

Key Information:

Vendor: HP
Status: Openview Client Configuraton Manager
Vendor: CVE Published:; 9 November 2006

What is CVE-2006-5782?

In the HP OpenView Client Configuration Manager, the radexecd.exe component fails to enforce authentication before executing commands from the installation directory. This flaw enables remote attackers to initiate a denial of service by invoking radbootw.exe, leading to system reboots, or to create arbitrary files by calling radcrecv, thus compromising the integrity and availability of the affected system.

References

http://www.securityfocus.com/archive/1/450942/100/0/threaded

mailing-listx_refsource_BUGTRAQ

http://secunia.com/advisories/22780

third-party-advisoryx_refsource_SECUNIA

http://h20000.www2.hp.com/bizsupport/TechSupport/Document...

vendor-advisoryx_refsource_HP

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 9, 2006
Vulnerability Reserved
Nov 7, 2006