Both links for more information are "dead" in this plugin.
results|x.x.x|y.y.y.y|personal-agent (5555/tcp)|22225|Security Hole|Synopsis :\n\nIt is possible to execute code on the remote host through the backup\nagent. \n\nDescription :\n\nThe remote version of HP OpenView Data Protector is vulnerable to an\nauthentication bypass vulnerability. By sending specially-crafted\nrequests to the remote host, an attacker may be able to execute\nunauthorized Backup commands. Due to the nature of the software, a\nsuccessful exploitation of this vulnerability could result in remote\ncode execution. \n\nSee also : \n\nhttp://www.niscc.gov.uk/niscc/docs/br-20060811-00550.html [1] \n\nSolution :\n\nIf this service is not needed, disable it or filter incoming traffic\nto this port. HP has released a set of patches for Data Protector\n5.10 and 5.50:\n\nhttp://itrc.hp.com/service/cki/docDisplay.do?docId=c00742778 [2]\n\n / CVSS Base Score : 7.5\n(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)\nCVE : CVE-2006-4201\nBID : 19495\n
[1] http://www.niscc.gov.uk/niscc/docs/br-20060811-00550.html is a 404.[2] http://itrc.hp.com/service/cki/docDisplay.do?docId=c00742778 requires registration.
Of course, the CVE entry and BID are correct. Perhaps updating the link [1] to be http://www.kb.cert.org/vuls/id/673228 would be more useful? Link [2] could be updated to http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c00742778&jumpid=reg_R1002_USEN, which is an URL from HP that does not require registration.
This is a tenable maintained plugin or I would have contacted the author. -- _______________________________________________________________________ Nathan Grandbois, CISSP [EMAIL PROTECTED] Security Analyst (614) 351-1237 x 212 PGP Key Available by Request MicroSolved is security expertise you can trust! HoneyPoint Security Server Attackers get stung, instead of you! http://www.microsolved.com/honeypoint
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ Nessus mailing list [email protected] http://mail.nessus.org/mailman/listinfo/nessus
