发布时间 :2005-05-03 00:00:00
修订时间 :2017-07-10 21:32:37

[原文]Unknown vulnerability in Radia Management Agent (RMA) in HP OpenView Radia Management Portal (RMP) 1.x and 2.x allows remote attackers to execute arbitrary commands via unknown vectors.

[CNNVD]HP OpenView Radia Management Agent漏洞(CNNVD-200505-863)

        HP的OpenView Radia Management Portal (RMP) Radia Management Agent (RMA)中存在漏洞,可能允许在受影响主机上非授权以高权限帐号权限(Windows操作系统中的本地系统权限)远程执行任意命令。攻击者可以向TCP端口发送特制的报文,遍历出当前的工作目录,运行同一逻辑磁盘分区中的任意可执行程序。

- CVSS (基础分值)

CVSS分值: 7.5 [严重(HIGH)]
机密性影响: [--]
完整性影响: [--]
可用性影响: [--]
攻击复杂度: [--]
攻击向量: [--]
身份认证: [--]

- CPE (受影响的平台与产品)

cpe:/a:hp:openview_radia_management_portal:1.0HP OpenView Radia Management Portal 1.0
cpe:/a:hp:openview_radia_management_portal:2.0HP OpenView Radia Management Portal 2.0

- OVAL (用于检测的技术细节)


- 官方数据库链接
(官方数据源) MITRE
(官方数据源) NVD
(官方数据源) CNNVD

- 其它链接及资源
(UNKNOWN)  BUGTRAQ  20050428 High risk flaw in HP OpenView Radia Management Agent
(PATCH)  SECTRACK  1013829
(UNKNOWN)  BID  13414
(UNKNOWN)  XF  hp-openview-radia-gain-access(20307)

- 漏洞信息

HP OpenView Radia Management Agent漏洞
高危 访问验证错误
2005-05-03 00:00:00 2005-10-20 00:00:00
        HP的OpenView Radia Management Portal (RMP) Radia Management Agent (RMA)中存在漏洞,可能允许在受影响主机上非授权以高权限帐号权限(Windows操作系统中的本地系统权限)远程执行任意命令。攻击者可以向TCP端口发送特制的报文,遍历出当前的工作目录,运行同一逻辑磁盘分区中的任意可执行程序。

- 公告与补丁


- 漏洞信息

HP OpenView Radia Management Portal Management Agent Arbitrary Command Execution
Remote / Network Access Input Manipulation
Loss of Integrity
Exploit Public

- 漏洞描述

HP OpenView Radia Management Portal contains a flaw that allows a remote attacker to execute arbitrary commands. The issue is due to the Management Agent service not properly sanitizing user-supplied input. With a specially crafted packet, a remote attacker could traverse out of the C:\Program Files\Novadigm directory and execute arbitrary commands with LOCAL system privileges resulting in a loss of integrity.

- 时间线

2005-04-28 Unknow
2005-07-28 Unknow

- 解决方案

Currently, there are no known workarounds or upgrades to correct this issue. However, Hewlett-Packard has released a patch to address this vulnerability.

- 相关参考

- 漏洞作者

- 漏洞信息

HP OpenView Radia Management Portal Remote Command Execution Vulnerability
Access Validation Error 13414
Yes No
2005-04-28 12:00:00 2009-07-12 02:06:00
David Morgan and Dominic Beecher are credited with the discovery of this issue.

- 受影响的程序版本

HP Radia Management Portal 2.0
HP Radia Management Portal 1.0

- 漏洞讨论

A remote command execution vulnerability affects HP OpenView Radia Management Portal. This issue is due to a failure of the application to properly secure access to critical functionality. This is due to a directory traversal issue that will permit a remote user to execute any program on the affected computer.

An unauthenticated, remote attacker may leverage this issue to execute arbitrary commands on an affected computer with Local System privileges on the Microsoft Windows platform and elevated privileges on UNIX-based platforms.

- 漏洞利用

There is no exploit required. The following example was provided using the bash shell and netcat to send a request to the vulnerable computer:

bash$ printf "\x00\x00\x00../../windows/system32/whoami.exe\x00" | nc -v
xx.xx.xx.xx 1065

- 解决方案

HP has released security bulletin SSRT5958 dealing with this issue. HP advises all users to acquire the patches through HP Software Support Online; authentication is required to obtain the patches. Please see the referenced advisory for more information.

HP Radia Management Portal 1.0

HP Radia Management Portal 2.0

- 相关参考