SkipNavigation
Home | FAQ | Contact | Privacy Policy
US-CERT
American Flag
  Vulnerability
Notes
Database

Search Vulnerability Notes

Vulnerability Notes Help Information


 
 View Notes By
  Name

ID Number

CVE Name

Date Public

Date Published

Date Updated

Severity Metric
 Other Documents
  Technical Alerts

Technical Bulletins

Alerts

Security Tips

Vulnerability Note VU#952171

Hewlett Packard OpenView and Tivoli NetView do not adequately validate SNMP trap arguments

Overview

Hewlett Packard's (HP) OpenView and Tivoli NetView are system management software packages. There is a vulnerability a component of these packages, ovactiond, that allows intruders to execute arbitrary commands as user bin. This may subsequently lead to a root compromise.

I. Description

HP OpenView and Tivoli NetView are set of tools to manage large networks. Part of OpenView and NetView is a daemon called ovactiond, which is the SNMP trap and event handler. It is possible for an intruder to execute arbitrary commands by sending a malicious message to a vulnerable version of ovactiond. These commands run with the privileges of the ovactiond process, typically bin on Unix systems, and SYSTEM on Windows NT/2000. Often it is possible to use this access to gain root access on Unix systems. An exploit is publicly available. Note that Tivoli NetView is not vulnerable via the default configuration, however, it is likely that customized configurations are vulnerable HP is vulnerable by the default configuration.

For more information, see HP Security Bulletin HPSBUX0106-154 and http://www.tivoli.com/support/.

It has been confirmed with HP that the patch referenced on Security Focus for OpenView Version 5.01 is only for Version 6.1.

II. Impact

An intruder can execute arbitrary commands with the privileges of the ovactiond process, typically bin on Unix systems, and SYSTEM on Window NT/2000 systems.

III. Solution

Apply patches from your vendor as appropriate. HP has released HP Security Bulletin HPSBUX0106-154. Tivoli has information posted on http://www.tivoli.com/support/.

Systems Affected

VendorStatusDate NotifiedDate Updated
AppleNot Vulnerable15-Aug-2001
BSDIUnknown15-Aug-2001
CalderaUnknown15-Aug-2001
Compaq Computer CorporationVulnerable15-Aug-2001
Computer AssociatesNot Vulnerable15-Aug-2001
DebianUnknown15-Aug-2001
DgUnknown15-Aug-2001
FreeBSDNot Vulnerable15-Aug-2001
FujitsuNot Vulnerable15-Aug-2001
Hewlett PackardVulnerable24-Aug-2001
IBMVulnerable15-Aug-2001
MicrosoftVulnerable15-Aug-2001
NECUnknown15-Aug-2001
NetBSDUnknown15-Aug-2001
NeXTUnknown15-Aug-2001
OpenBSDUnknown15-Aug-2001
RedHatUnknown15-Aug-2001
SCOUnknown15-Aug-2001
SequentUnknown15-Aug-2001
SGIUnknown15-Aug-2001
Siemens NixdorfUnknown15-Aug-2001
SonyUnknown15-Aug-2001
SunVulnerable15-Aug-2001
TivoliVulnerable15-Aug-2001
UnisysUnknown15-Aug-2001

References


http://us-support.external.hp.com/cki/bin/doc.pl/screen=ckiDisplayDocument?docId=200000055277985
http://www.tivoli.com/support/
http://www.securityfocus.com/bid/2845

Credit

Our thanks to Milo G. van der Zee, who reported this problem to us and to Hewlett-Packard for the information contained in their advisory.

This document was written by Jason Rafail.

Other Information

Date Public:2001-06-08
Date First Published:2001-06-21
Date Last Updated:2001-09-06
CERT Advisory:CA-2001-24
CVE-ID(s):CAN-2001-0552
NVD-ID(s):CAN-2001-0552
US-CERT Technical Alerts: 
Metric:44.89
Document Revision:18

If you have feedback, comments, or additional information about this vulnerability, please send us email.
 

 
Page Corner Image
Copyright 2001 Carnegie Mellon University
Disclaimers and copyright information
Get Adobe Reader Get Adobe Reader