nv-l
[Top] [All Lists]

ovactiond ....

To: nv-l@lists.tivoli.com
Subject: ovactiond ....
From: "Westphal, Raymond" <RWestphal@erac.com>
Date: Thu, 16 Aug 2001 07:14:20 -0500
Hello Everyone.

NetView for UNIX 6.0.2 on AIX 4.3.3 w/ ML 4 applied.

Have any of you had experience with ovactiond security alert posted by CERT?
Supposedly NetView has posted a fix for it.
See APAR IY21527. Here's an excerpt from the advisory.

   There  is  a  potential  security  exposure whereby an unauthorized user
   could  gain  root  or superuser access to a NetView server by generating
   and sending an SNMP trap containing an imbedded UNIX command from either
   internally or externally to the NetView server.

   Tivoli  NetView  includes a daemon, ovactiond, which performs automation
   based  on  appropriately customized SNMP trap definitions. Under certain
   circumstances  it  is possible for an unauthorized individual to execute
   malicious  commands  by sending a trap containing commands as legitimate
   data.   The command will run with the privileges of ovactiond, typically
   init,  root,  or  bin.  It is therefore possible for a malicious user to
   exploit this feature to gain root access.

   The security exposure only comes into play if an authorized user at some
   point configures additional actions for a trap defined in NetView's
   configuration and uses a trap variable in the configuration.  Varbinds
   (variable components of trap data) of types string and opaque, from
   within a trap and matching trap definition, if containing appropriately
   enveloped Unix commands and using Unix command substitution, can be
   exploited to breech the security of the NetView server.

   The  exposure  does not exist in SNMP trap definitions in the product as
   it  is  shipped  but  can  occur after trap customization by the NetView
   administrator  or  anyone  with  root  authority  on the NetView system.
   Legitimately  customized  or  other  added  trap  definitions  could  be
   exploited,  so  a  review  of  such  trap  definitions  for exposures is
   warranted.

Thanks.


<Prev in Thread] Current Thread [Next in Thread>
  • ovactiond ...., Westphal, Raymond <=

Archive operated by Skills 1st Ltd

See also: The NetView Web