Detections
Analytics

HP OpenView Network Node Manager Multiple CGI Remote Overflows

high Nessus Plugin ID 29249

Language:

Synopsis

The remote web server contains multiple CGI scripts that allow execution of arbitrary commands.

Description

The remote version of HP OpenView Network Node Manager fails to sanitize user-supplied input to various parameters used in the 'Openview5', 'snmpview', 'ovlogin' scripts before using it.

By sending long parameters, an attacker would be able to produce a stack-based overflow and exploit it to execute code on the remote host with the web server privileges.

Bad permissions on the web server directory allow a full system compromise.

Solution

Apply patched referenced in the vendor advisory above.

See Also

https://www.tenable.com/security/research/tra-2007-09

https://www.zerodayinitiative.com/advisories/ZDI-07-071/

https://softwaresupport.softwaregrp.com

Plugin Details

Severity: High

ID: 29249

File Name: openview_cgi_overflows.nasl

Version: 1.20

Type: remote

Family: CGI abuses

Published: 12/7/2007

Updated: 1/19/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.4

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.2

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: cpe:/a:ahp:openview_network_node_manager

Excluded KB Items: Settings/disable_cgi_scanning

Exploit Ease: No exploit is required

Exploitable With

Metasploit (HP OpenView Network Node Manager OpenView5.exe CGI Buffer Overflow)

Reference Information

CVE: CVE-2007-6204

BID: 26741

CWE: 119

TRA: TRA-2007-09