| VID |
20008 |
| Severity |
40 |
| Port |
162 |
| Protocol |
UDP |
| Class |
SNMP |
| Detailed Description |
The Openview/NetView system has a remote command execution vulnerability.
ovactiond is a component of OpenView by Hewlett-Packard Company (HP) and NetView by Tivoli, an IBM Company (Tivoli). These products are used to manage large systems and networks. There is a serious vulnerability in ovactiond that allows remote attackers to execute arbitrary commands with the privileges of the ovactiond process. On UNIX systems, ovactiond typically runs as user bin; on Windows systems it typically runs in the Local System security context. On Windows NT systems, this allows an intruder to gain administrative control of the underlying operating system. On UNIX systems, an intruder may be able to leverage bin access to gain root access.
The default configuration of the daemon as installed with HP OpenView enables the execution of commands upon receiving a trap with the command encapsulated in quotes and escapes. Tivoli Netview is not vulnerable to this by default, but may be if customized.
* References:
http://www.securityfocus.com/bid/2845
http://www.cert.org/advisories/CA-2001-24.html
Vulnerable systems:
* Systems running HP OpenView Network Node Manager (NNM) Version 6.1 and prior on the following platforms:
- HP9000 Servers running HP-UX releases 10.20 and 11.00 (only)
- Sun Microsystems Solaris releases 2.x
- Microsoft Windows NT4.x / Windows 2000
* Systems running Tivoli NetView Versions 5.x and 6.x on the following platforms:
- IBM AIX
- Sun Microsystems Solaris
- Compaq Tru64 Unix
- Microsoft Windows NT4.x / Windows 2000 |
| Recommendation |
For HP-UX 10.20:
Apply the PHSS_23779 patch, available from http://support.openview.hp.com/cpe/patches/
For HP-UX 11.00:
Apply the PHSS_23780 patch, available from http://support.openview.hp.com/cpe/patches/
For Solaris 2.x:
Apply the PSOV_02905 patch, available from http://support.openview.hp.com/cpe/patches/
For Windows:
Apply the NNM_00698 patch, available from http://support.openview.hp.com/cpe/patches/
For Tivoli NetView:
Contact Tivoli Customer Support (http://www.tivoli.com/support/) for information on obtaining an e-fix that addresses the issue. |
| Related URL |
CVE-2001-0552 (CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
