HP OVIS Probe Builder Service (PBOVISServer.exe) Arbitrary Remote Process Termination

This script is Copyright (C) 2008-2015 Tenable Network Security, Inc.


Synopsis :

The remote Windows host has an application that can be used to
terminate arbitrary processes.

Description :

HP OpenView Internet Services (OVIS) is installed on the remote host.
It provides a single, integrated view of an organization's Internet
infrastructure.

The Probe Builder component included with the installation of HP OVIS
on the remote host allows an unauthenticated, remote attacker to
terminate any process on that host by sending a specially crafted
request packet to the Probe Builder Service, which listens by default
on TCP port 32968. The attacker must supply a valid process ID, but
can brute-force the ID and kill critical system processes, thereby
causing the system to crash.

See also :

http://www.nessus.org/u?2d66c58c
http://www.securityfocus.com/archive/1/494855
http://www.nessus.org/u?e1c57ffd

Solution :

Apply the patch referenced in HP's advisory above and ensure the file
version of PBOVISServer.exe is 1.2.20.901.

Risk factor :

High / CVSS Base Score : 7.8
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C)
CVSS Temporal Score : 6.4
(CVSS2#E:F/RL:OF/RC:C)
Public Exploit Available : true

Family: Windows

Nessus Plugin ID: 33771 (hp_openview_isvc_probe_builder_dos.nasl)

Bugtraq ID: 30403

CVE ID: CVE-2008-1667

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now