----------------------------------------------------------------------

Bist Du interessiert an einem neuen Job in IT-Sicherheit?


Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT-
Sicherheit:
http://secunia.com/secunia_vacancies/

----------------------------------------------------------------------

TITLE:
HP Openview Network Node Manager Arbitrary Command Execution

SECUNIA ADVISORY ID:
SA16555

VERIFY ADVISORY:
http://secunia.com/advisories/16555/

CRITICAL:
Moderately critical

IMPACT:
System access

WHERE:
>From local network

SOFTWARE:
HP OpenView Network Node Manager (NNM) 7.x
http://secunia.com/product/3608/
HP OpenView Network Node Manager (NNM) 6.x
http://secunia.com/product/2384/

DESCRIPTION:
James Fisher has reported a vulnerability in HP Openview Network Node
Manager, which can be exploited by malicious people to compromise a
vulnerable system.

Input passed to the "node" parameter in cgi-bin/connectedNodes.ovpl
is not properly sanitised before being used as command line
arguments. This can be exploited to execute arbitrary shell commands
via a specially crafted string containing shell meta characters.

The cdpView.ovpl, freeIPaddrs.ovpl, and ecscmg.ovpl scripts are
reportedly also vulnerable.

The vulnerability affects versions 6.2, 6.4, 7.01, and 7.50 running
on HP-UX, Solaris, Windows NT, Windows 2000, Windows XP, and Linux.

SOLUTION:
The vendor recommends moving "cgi-bin/connectedNodes.ovpl" into
another directory.

The same should be done for the cdpView.ovpl, freeIPaddrs.ovpl,
ecscmg.ovpl scripts.

PROVIDED AND/OR DISCOVERED BY:
James Fisher, Portcullis Computer Security.

Additional information about three other scripts:
* David Litchfield

ORIGINAL ADVISORY:
HP SSRT051023:
http://itrc.hp.com/service/cki/docDisplay.do?docId=HPSBMA01224

----------------------------------------------------------------------

About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.

Subscribe:
http://secunia.com/secunia_security_advisories/

Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/


Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.

----------------------------------------------------------------------

Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

----------------------------------------------------------------------