Sigurnosni propust u paketima HP Performance Agent i HP Operations Manager mogu iskoristiti lokalni napadači za izmjenu proizvoljnih datoteka.
Paket:
HP OpenView Performance Agent 4.x, HP Operations Manager 8.x
Operacijski sustavi:
HP Tru64 UNIX 4.x, HP Tru64 UNIX 5.x, HP-UX 10.x, HP-UX 11.x
Problem:
neodgovarajuće rukovanje datotekama, pogreška u programskoj komponenti
Iskorištavanje:
lokalno
Posljedica:
izmjena podataka
Rješenje:
zaobilazno rješenje (workaround)
Izvorni ID preporuke:
SA45079
Izvor:
Secunia
Problem:
Propust je otkriven u ovbbccb.exe (eng. OV Communications Broker), a posljedica je nepravilnog rukovanja datotekama iz "Register" zahtjeva.
Posljedica:
Lokalni napadači mogu iskoristiti propust slanjem posebno oblikovanog "Register" zahtjeva na TCP priključnicu 383. Napad rezultira brisanjem proizvoljnih datoteka.
Rješenje:
Kao zaštita se savjetuje ograničavanje pristupa OV Communication Broker servisu.
Secunia Advisory SA45079
HP Operations Manager OV Communication Broker Arbitrary File Deletion
Secunia Advisory SA45079
Release Date 2011-06-28
Criticality level Less criticalLess critical
Impact Manipulation of data
Where From local network
Authentication level Available in Customer Area
Report reliability Available in Customer Area
Solution Status Unpatched
Systems affected Available in Customer Area
Approve distribution Available in Customer Area
Remediation status Secunia VIM
Software:
HP OpenView Performance Agent 4.x
HP Operations Manager (formerly OpenView Operations) 8.x
Secunia CVSS Score Available in Customer Area
CVE Reference(s) No CVE references.
Description
Luigi Auriemma has discovered a vulnerability in HP Operations Manager, which can be exploited by malicious people to delete files on a vulnerable system.
The vulnerability is caused due to the OV Communications Broker service (ovbbccb.exe) deleting a file specified in a received "Register" request. This can be exploited to delete arbitrary files on the system via specially crafted "Register" requests sent to TCP port 383.
The vulnerability is confirmed in HP Performance Agent 4.70 bundling ovbbccb.exe version 6.10.50.0 and HP Operations Manager 8.10 bundling ovbbccb.exe version 6.10.70.0. Other versions may also be affected.
Solution
Restrict access to the OV Communication Broker service.
Provided and/or discovered by
Luigi Auriemma
Original Advisory
Luigi Auriemma:
http://aluigi.altervista.org/adv/ovbbccb_1-adv.txt
Posljednje sigurnosne preporuke