HP OpenView Network Node Manager Insecure Permissions Vulnerability

Bugtraq ID:	22475
Class:	Design Error
CVE:	CVE-2007-0819
Remote:	No
Local:	Yes
Published:	Feb 08 2007 12:00AM
Updated:	May 12 2015 07:34PM
Credit:	3APA3A <[email protected]> discovered this issue.
Vulnerable:	HP OpenView Network Node Manager 7.50 HP OpenView Network Node Manager 7.53 HP OpenView Network Node Manager 7.51
Not Vulnerable:

HP OpenView Network Node Manager Insecure Permissions Vulnerability

HP OpenView Network Node Manager is prone to a local insecure-permissions vulnerability because of a flaw in the application's installation process that will cause insecure permissions of the HP OpenView installation.

Exploiting this issue allows local attackers to access and overwrite arbitrary files in the HP OpenView application directory. This includes overwriting a service executable that is run with SYSTEM-level privileges. This issue facilitates the complete compromise of affected computers.

HP OpenView Network Node Manager Insecure Permissions Vulnerability

To exploit this issue, attackers use standard filesystem utilities to access and overwrite vulnerable files.

HP OpenView Network Node Manager Insecure Permissions Vulnerability

Solution:
The vendor has released an update. Please see the references for details.

HP OpenView Network Node Manager Insecure Permissions Vulnerability

References:

• Network Node Manager Product Page (HP)