Signature Detail

APP: HP OpenView Network Node Manager Event Correlation Service Command Injection

This signature detects a command injection in HP OpenView. Version 7.5 and prior are vulnerable. A successful exploitation could lead to arbitrary remote command execution.

Extended Description

HP OpenView Network Node Manager is prone to multiple remote arbitrary command-execution vulnerabilities. These issue arise when the user-specified 'node' URI parameter of various scripts is used as part of a command to be executed with the 'system()' function. These issues may facilitate unauthorized remote access in the context of the webserver to the affected computer. These issues affect version 6.41 and 7.5 on the Solaris platform. Unknown versions of the package on Microsoft Windows platforms are also affected. Other versions and platforms are also likely affected.

Affected Products

• HP OpenView Network Node Manager 6.10.0
• HP OpenView Network Node Manager 6.2.0
• HP OpenView Network Node Manager 6.2.0 NT 4.X/Windows 2000
• HP OpenView Network Node Manager 6.2.0 Solaris
• HP OpenView Network Node Manager 6.31.0
• HP OpenView Network Node Manager 6.31.0 NT 4.X/Windows 2000
• HP OpenView Network Node Manager 6.4.0
• HP OpenView Network Node Manager 6.4.0 NT 4.X/Windows 2000
• HP OpenView Network Node Manager 6.4.0 Solaris
• HP OpenView Network Node Manager 6.41
• HP OpenView Network Node Manager 6.41.0 Solaris
• HP OpenView Network Node Manager 7.0.0.1
• HP OpenView Network Node Manager 7.0.0.1 HP-UX 11.X
• HP OpenView Network Node Manager 7.0.0.1 Linux
• HP OpenView Network Node Manager 7.0.0.1 Solaris
• HP OpenView Network Node Manager 7.0.0.1 Windows 2000/XP
• HP OpenView Network Node Manager 7.50.0
• HP OpenView Network Node Manager 7.50.0 HP-UX 11.X
• HP OpenView Network Node Manager 7.50.0 Solaris
• HP OpenView Network Node Manager 7.50.0 Windows 2000/XP

References

• BugTraq: 14662
• CVE: CVE-2005-2773
• URL: http://www.securityfocus.com/advisories/9150
• URL: http://www.securityfocus.com/archive/1/409179