HP OpenView Network Node Manager connectedNodes.ovpl command execution

Added: 07/02/2008
CVE: CVE-2005-2773
BID: 14662
OSVDB: 19057

Background

HP OpenView Network Node Manager is network availability and performance management software.

Problem

A command injection vulnerability in the connectedNodes.ovpl CGI script allows remote attackers to execute arbitrary commands by sending a specially crafted node parameter to the script.

Resolution

Apply the fix referenced in SSRT 051023.

References

http://archives.neohapsis.com/archives/bugtraq/2005-08/0333.html

Limitations

Exploit requires the "nc" utility to be present on the target system, and the URI PERL module to be present on the SAINTexploit host.
Back to exploit index