Preemptive Protection against HP OpenView Network Node Manager Remote Command Execution Vulnerability
| Attack ID: | CPAI-2005-122 |
 |
|
| Publish Date: | |
|
|
| Last Update: | |
|
|
| Category: | Command Injection |
|
|
| Vulnerable Systems: | HP OpenView Network Node Manager 6.41 |
|
|
| Source: | SecurityTracker Alert ID: 1014791 |
|
|
| Description: | HP OpenView Network Node Manager (NNM) is a software application designed for management, maintenance and monitoring of networks and network devices. A command execution vulnerability exists in HP OpenView Network Node Manager. An attacker can exploit the vulnerability by supplying a specially crafted URL to the target system.This will result in execution of arbitrary commands in the context of the currently running Web service. |
|
|
| Severity: | |
| Details: | The vulnerability exists as a result of improper validation of user supplied input by several scripts prior to using the input as part of a system command. The affected scripts include "ConnectedNodes.ovpl", "cdpView.ovpl", "freeIPaddrs.ovpl" and "ecscmg.ovpl" scripts. |
|
|
| Attack Detection: | Users of VPN-1 NG with Application Intelligence R55W, users of Connectra and users of VPN-1 NGX R60 who have applied the solution outlined below, will be able to identify this attack by logging entries such as the following: Attack Name: Command Injection Information: reason: WSE0050001 command injection detected in URL: 'ipconfig' reason: WSE0050002 command injection detected in request: 'gcc' |
|
|
| Solution: | Users of VPN-1 NG with Application Intelligence R55W, users of Connectra and users of VPN-1 NGX R60 are preemptively protected against this vulnerability. The Web Intelligence Command Injection protection blocks specially crafted URLs containing system commands. The protection is described in detail in CPAI-2004-07.
|
|
|
| Industry Reference: | CVE-2005-2773 |
|
|
| Additional Information: | |
