Tutorial - HP Openview vulnerabilities

HP Openview vulnerabilities

CAN 1999-0333
CVE 2000-0179
CVE 2000-0558

Impact

Vulnerabilities in HP Openview services could allow remote execution of arbitrary commands.

Background

HP Openview is a suite of tools for managing networks. The Network Node Manager provides a graphical view of the network, with the ability to discover new devices and report problems. OmniBack provides backup and restoration capabilities.

The Problems

CVE 2000-0558
The first problem is in the alarm service which is installed by default with the HP Openview Network Node Manager. A buffer overflow condition could allow an attacker to execute remote commands by sending a very long, specially crafted string to this service.

CAN 1999-0333
CVE 2000-0179
The second problem is in the OmniBack utility. There are a number of separate vulnerabilities in OmniBack. The first could allow a remote attacker to execute arbitrary commands by sending the server data which includes certain OmniBack commands followed by semi-colons. The second could also allow execution of commands remotely, by impersonating the OmniBack cell server. The third vulnerability could allow a local user to overwrite arbitrary files by creating a symbolic link from /tmp/util.tmp to the file, which is subsequently overwritten. The fourth problem affects OmniBack 2.55. An attacker could cause a denial-of-service by establishing a number of connections to the server port. A similar denial-of-service problem affects OmniBack 3.00 and 3.10.

Resolution

To prevent the vulnerability in Network Node Manager from being exploited remotely, block port 2345 at the router.

To prevent the vulnerability in OmniBack from being exploited remotely, block port 5555 at the router. Note that this may interfere with other applications which use that port, such as personal-agent. If blocking the port is not possible, apply the the patch, or if that is not possible add access controls to inetd.sec. Note that applying access controls alone is not a complete solution.

Where can I read more about this?

The vulnerability in Network Node Manager was posted to NT Bugtraq. For more information on the first three vulnerabilities in OmniBack, see the X-Force advisory. For more information on the denial-of-service vulnerabilities in OmniBack, see this Bugtraq posting and this Bugtraq posting.