CVE-2011-2608

Description

ovbbccb.exe 6.20.50.0 and other versions in HP OpenView Performance Agent 4.70 and 5.0; and Operations Agent 11.0, 8.60.005, 8.60.006, 8.60.007, 8.60.008, 8.60.501, and 8.53; allows remote attackers to delete arbitrary files via a full pathname in the File field in a Register command.

Affected products

• HP / openview_performance_agent4.70 – 4.70
• HP / openview_performance_agent5.0 – 5.0
• HP / operations_agent8.53 – 8.53
• HP / operations_agent8.60.005 – 8.60.005
• HP / operations_agent8.60.006 – 8.60.006
• HP / operations_agent8.60.007 – 8.60.007
• HP / operations_agent8.60.008 – 8.60.008
• HP / operations_agent8.60.501 – 8.60.501
• HP / operations_agent11.0 – 11.0

References

• MISChttp://securitytracker.com/id?1025715
• MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/68269
• MAILING_LISThttp://marc.info/?l=bugtraq&m=131188898632504&w=2
• MAILING_LISThttp://marc.info/?l=bugtraq&m=131188898632504&w=2
• MISChttp://aluigi.altervista.org/adv/ovbbccb_1-adv.txt
• MISChttp://www.securityfocus.com/bid/48481
• VENDOR_ADVISORYhttp://secunia.com/advisories/45079