Command Execution Vulnerability in HP OpenView Client
CVE-2006-5782

Currently unrated

Key Information:

Vendor: HP
Status: Openview Client Configuraton Manager
Vendor: CVE Published:; 9 November 2006

Summary

In the HP OpenView Client Configuration Manager, the radexecd.exe component fails to enforce authentication before executing commands from the installation directory. This flaw enables remote attackers to initiate a denial of service by invoking radbootw.exe, leading to system reboots, or to create arbitrary files by calling radcrecv, thus compromising the integrity and availability of the affected system.

References

http://www.securityfocus.com/archive/1/450942/100/0/threaded

mailing-listx_refsource_BUGTRAQ

http://secunia.com/advisories/22780

third-party-advisoryx_refsource_SECUNIA

http://h20000.www2.hp.com/bizsupport/TechSupport/Document...

vendor-advisoryx_refsource_HP

Timeline

Vulnerability published
Nov 9, 2006
Vulnerability Reserved
Nov 7, 2006