|
|
|
![]() |
Vulnerability Note VU#952171Hewlett Packard OpenView and Tivoli NetView do not adequately validate SNMP trap argumentsOverviewHewlett Packard's (HP) OpenView and Tivoli NetView are system management software packages. There is a vulnerability a component of these packages, ovactiond, that allows intruders to execute arbitrary commands as user bin. This may subsequently lead to a root compromise.I. DescriptionHP OpenView and Tivoli NetView are set of tools to manage large networks. Part of OpenView and NetView is a daemon called ovactiond, which is the SNMP trap and event handler. It is possible for an intruder to execute arbitrary commands by sending a malicious message to a vulnerable version of ovactiond. These commands run with the privileges of the ovactiond process, typically bin on Unix systems, and SYSTEM on Windows NT/2000. Often it is possible to use this access to gain root access on Unix systems. An exploit is publicly available. Note that Tivoli NetView is not vulnerable via the default configuration, however, it is likely that customized configurations are vulnerable HP is vulnerable by the default configuration.For more information, see HP Security Bulletin HPSBUX0106-154 and http://www.tivoli.com/support/.
References
Our thanks to Milo G. van der Zee, who reported this problem to us and to Hewlett-Packard for the information contained in their advisory. This document was written by Jason Rafail.
If you have feedback, comments, or additional information about this vulnerability, please send us
email. |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||