HP OpenView Network Node Manager Multiple CGI Remote Overflows

high Nessus Plugin ID 29249

Synopsis

The remote web server contains multiple CGI scripts that allow execution of arbitrary commands.

Description

The remote version of HP OpenView Network Node Manager fails to sanitize user-supplied input to various parameters used in the 'Openview5', 'snmpview', 'ovlogin' scripts before using it.

By sending long parameters, an attacker would be able to produce a stack-based overflow and exploit it to execute code on the remote host with the web server privileges.

Bad permissions on the web server directory allow a full system compromise.

Solution

Apply patched referenced in the vendor advisory above.

See Also

https://www.tenable.com/security/research/tra-2007-09

https://www.zerodayinitiative.com/advisories/ZDI-07-071/

https://softwaresupport.softwaregrp.com

Plugin Details

Severity: High

ID: 29249

File Name: openview_cgi_overflows.nasl

Version: 1.20

Type: remote

Family: CGI abuses

Published: 12/7/2007

Updated: 1/19/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.4

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.2

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: cpe:/a:ahp:openview_network_node_manager

Excluded KB Items: Settings/disable_cgi_scanning

Exploit Ease: No exploit is required

Exploitable With

Metasploit (HP OpenView Network Node Manager OpenView5.exe CGI Buffer Overflow)

Reference Information

CVE: CVE-2007-6204

BID: 26741

CWE: 119

TRA: TRA-2007-09