HP OpenView Network Node Manager Multiple CGI Remote Overflows

high Nessus Plugin ID 29249
New! Plugin Severity Now Using CVSS v3

The calculated severity for Plugins has been updated to use CVSS v3 by default. Plugins that do not have a CVSS v3 score will fall back to CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Synopsis

The remote web server contains multiple CGI scripts that allow execution of arbitrary commands.

Description

The remote version of HP OpenView Network Node Manager fails to sanitize user-supplied input to various parameters used in the 'Openview5', 'snmpview', 'ovlogin' scripts before using it.

By sending long parameters, an attacker would be able to produce a stack-based overflow and exploit it to execute code on the remote host with the web server privileges.

Bad permissions on the web server directory allow a full system compromise.

Solution

Apply patched referenced in the vendor advisory above.

See Also

https://www.tenable.com/security/research/tra-2007-09

https://www.zerodayinitiative.com/advisories/ZDI-07-071/

https://softwaresupport.softwaregrp.com

Plugin Details

Severity: High

ID: 29249

File Name: openview_cgi_overflows.nasl

Version: 1.20

Type: remote

Family: CGI abuses

Published: 12/7/2007

Updated: 1/19/2021

Dependencies: http_version.nasl

Risk Information

VPR

Risk Factor: High

Score: 7.4

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.2

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Temporal Vector: E:F/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:ahp:openview_network_node_manager

Excluded KB Items: Settings/disable_cgi_scanning

Exploit Ease: No exploit is required

Exploitable With

Metasploit (HP OpenView Network Node Manager OpenView5.exe CGI Buffer Overflow)

Reference Information

CVE: CVE-2007-6204

BID: 26741

TRA: TRA-2007-09

CWE: 119