Check Point Advisories

HP OpenView Client Configuration Manager Radia Notify Code Execution (CVE-2006-5782)

Vulnerability
Protection

Check Point Reference:	CPAI-2006-275
Date Published:	21 Jun 2010
Severity:	Critical
Last Updated:	Monday 21 June, 2010
Source:
Industry Reference:	CVE-2006-5782
Protection Provided by:	Security Gateway R81, R80, R77, R75
Who is Vulnerable?
Vulnerability Description	An authentication weakness vulnerability exists in the Radia Notify Daemon component of HP OpenView Client Configuration Manager. The flaw is created by improper handling of user supplied data passed to the affected Radia Notify Daemon on TCP port 3465. By sending a crafted message, the attacker can execute commands within the security context of the of the Radia Notify Daemon, which is System by default. Upon a successful attack, the behavior of the target host is entirely dependent on the intended function of the supplied executable file within the radexecd.exe install directory. The file in such a case would execute within the security context of the Radia Notify Daemon, which is System by default.

Protection Overview

This protection will detect and block attempts to exploit this vulnerability.

In order for the protection to be activated, update your Security Gateway product to the latest IPS update. For information on how to update IPS, go to SBP-2006-05, click on Protection tab and select the version of your choice.

Security Gateway R80 / R77 / R75

In the IPS tab, click Protections and find the HP OpenView Client Configuration Manager Radia Notify Code Execution protection using the Search tool and Edit the protection's settings.
Install policy on all Security Gateways.

This protection's log will contain the following information:

Attack Name: HP Products Protection Violation.
Attack Information: HP OpenView client configuration manager Radia notify code execution