---------------------------------------------------------------------- Bist Du interessiert an einem neuen Job in IT-Sicherheit? Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT- Sicherheit: http://secunia.com/secunia_vacancies/ ---------------------------------------------------------------------- TITLE: HP Openview Network Node Manager Arbitrary Command Execution SECUNIA ADVISORY ID: SA16555 VERIFY ADVISORY: http://secunia.com/advisories/16555/ CRITICAL: Moderately critical IMPACT: System access WHERE: >From local network SOFTWARE: HP OpenView Network Node Manager (NNM) 7.x http://secunia.com/product/3608/ HP OpenView Network Node Manager (NNM) 6.x http://secunia.com/product/2384/ DESCRIPTION: James Fisher has reported a vulnerability in HP Openview Network Node Manager, which can be exploited by malicious people to compromise a vulnerable system. Input passed to the "node" parameter in cgi-bin/connectedNodes.ovpl is not properly sanitised before being used as command line arguments. This can be exploited to execute arbitrary shell commands via a specially crafted string containing shell meta characters. The cdpView.ovpl, freeIPaddrs.ovpl, and ecscmg.ovpl scripts are reportedly also vulnerable. The vulnerability affects versions 6.2, 6.4, 7.01, and 7.50 running on HP-UX, Solaris, Windows NT, Windows 2000, Windows XP, and Linux. SOLUTION: The vendor recommends moving "cgi-bin/connectedNodes.ovpl" into another directory. The same should be done for the cdpView.ovpl, freeIPaddrs.ovpl, ecscmg.ovpl scripts. PROVIDED AND/OR DISCOVERED BY: James Fisher, Portcullis Computer Security. Additional information about three other scripts: * David Litchfield ORIGINAL ADVISORY: HP SSRT051023: http://itrc.hp.com/service/cki/docDisplay.do?docId=HPSBMA01224 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------