HP OpenView Radia Management Portal Management Agent Arbitrary Command Execution
Remote / Network Access
Loss of Integrity
HP OpenView Radia Management Portal contains a flaw that allows a remote attacker to execute arbitrary commands. The issue is due to the Management Agent service not properly sanitizing user-supplied input. With a specially crafted packet, a remote attacker could traverse out of the C:\Program Files\Novadigm directory and execute arbitrary commands with LOCAL system privileges resulting in a loss of integrity.
Currently, there are no known workarounds or upgrades to correct this issue. However, Hewlett-Packard has released a patch to address this vulnerability.
David Morgan and Dominic Beecher are credited with the discovery of this issue.
HP Radia Management Portal 2.0
HP Radia Management Portal 1.0
A remote command execution vulnerability affects HP OpenView Radia Management Portal. This issue is due to a failure of the application to properly secure access to critical functionality. This is due to a directory traversal issue that will permit a remote user to execute any program on the affected computer.
An unauthenticated, remote attacker may leverage this issue to execute arbitrary commands on an affected computer with Local System privileges on the Microsoft Windows platform and elevated privileges on UNIX-based platforms.
There is no exploit required. The following example was provided using the bash shell and netcat to send a request to the vulnerable computer:
HP has released security bulletin SSRT5958 dealing with this issue. HP advises all users to acquire the patches through HP Software Support Online; authentication is required to obtain the patches. Please see the referenced advisory for more information.