CVE-2007-3872
published 2007-08-09CVE-2007-3872: Multiple stack-based buffer overflows in the Shared Trace Service (OVTrace) service for HP OpenView Operations A.07.50 for Windows, and possibly earlier…
PriorityP353medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EXPLOIT
EPSS
30.28%
98.0th percentile
Multiple stack-based buffer overflows in the Shared Trace Service (OVTrace) service for HP OpenView Operations A.07.50 for Windows, and possibly earlier versions, allow remote attackers to execute arbitrary code via certain crafted requests.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| hp | openview_operations | <= a.07.50 | — |
| hp | operations_manager | — | — |
| hp | shared_trace_service | <= a.07.50 | — |
Detection & IOCsextracted from sources · hover to see the quote
bytes↗
\x0f\x00\x00\x06\x00
bytes↗
\x81\xc4\xff\xef\xff\xff\x44
- →Detect exploit attempts targeting OVTrace service by monitoring for TCP connections to port 5051 containing the magic packet header bytes \x0f\x00\x00\x06\x00 followed by oversized payload (total >2000 bytes). ↗
- →Flag network traffic to port 5051 containing the stack-adjustment prepend encoder stub \x81\xc4\xff\xef\xff\xff\x44, which is prepended to shellcode in this exploit. ↗
- →The exploit targets HP OpenView Operations version A.07.50 OVTrace service; alert on process crashes or unexpected code execution originating from the OVTrace listener on port 5051. ↗
- →The exploit uses EXITFUNC=process and requires privileged execution; monitor for SYSTEM-level processes spawned as children of the OVTrace service after inbound connections on port 5051. ↗
- ·The Metasploit module only includes a single target (Windows 2000 Advanced Server All English) with a hardcoded return address; the exploit may not work against other OS versions without a different Ret value. ↗
- ·Payload space is constrained to 800 bytes and bad characters \x0a\x0d\x00 must be avoided; shellcode exceeding these constraints or containing bad chars will fail. ↗
- ·CVE-2009-3099 is explicitly noted as a different vulnerability from CVE-2007-3872, both affecting HP OpenView Operations Manager; do not conflate the two when scoping detection or patching. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-m5f4-ppqh-p8pq: Unspecified vulnerability in HP OpenView Operations Manager 8
ghsa_unreviewed·2022-05-02·CVSS 6.8
CVE-2009-3099 [MEDIUM] GHSA-m5f4-ppqh-p8pq: Unspecified vulnerability in HP OpenView Operations Manager 8
Unspecified vulnerability in HP OpenView Operations Manager 8.1 on Windows Server 2003 SP2 allows remote attackers to have an unknown impact, related to a "Remote exploit," as demonstrated by a certain module in VulnDisco Pack Professional 8.11, a different vulnerability than CVE-2007-3872. NOTE: as of 20090903, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes.
GHSA
GHSA-7hp2-wg9m-cm55: Multiple stack-based buffer overflows in the Shared Trace Service (OVTrace) service for HP OpenView Operations A
ghsa_unreviewed·2022-05-01
CVE-2007-3872 [MEDIUM] GHSA-7hp2-wg9m-cm55: Multiple stack-based buffer overflows in the Shared Trace Service (OVTrace) service for HP OpenView Operations A
Multiple stack-based buffer overflows in the Shared Trace Service (OVTrace) service for HP OpenView Operations A.07.50 for Windows, and possibly earlier versions, allow remote attackers to execute arbitrary code via certain crafted requests.
No detection rules found.
Exploit-DB
HP OpenView - Operations OVTrace Buffer Overflow (Metasploit)
exploitdb·2010-06-22
CVE-2007-3872 HP OpenView - Operations OVTrace Buffer Overflow (Metasploit)
HP OpenView - Operations OVTrace Buffer Overflow (Metasploit)
---
##
# $Id: hp_ovtrace.rb 9583 2010-06-22 19:11:05Z todb $
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/framework/
##
require 'msf/core'
class Metasploit3 'HP OpenView Operations OVTrace Buffer Overflow',
'Description' => %q{
This module exploits a stack buffer overflow in HP OpenView Operations version A.07.50.
By sending a specially crafted packet, a remote attacker may be able to execute arbitrary code.
},
'Author' => 'MC',
'Version' => '$Revision: 9583 $',
'References' =>
[
[ 'CVE', '2007-3872' ],
[ 'OSVDB', '39527' ],
[
Metasploit
HP OpenView Operations OVTrace Buffer Overflow
metasploit
HP OpenView Operations OVTrace Buffer Overflow
HP OpenView Operations OVTrace Buffer Overflow
This module exploits a stack buffer overflow in HP OpenView Operations version A.07.50. By sending a specially crafted packet, a remote attacker may be able to execute arbitrary code.
No writeups or analysis indexed.
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01106515http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01109171http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01109584http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01109617http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01110576http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01110627http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01111851http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01112038http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01114023http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01114156http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01115068http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=574http://secunia.com/advisories/26394http://www.securityfocus.com/bid/25255http://www.securitytracker.com/id?1018548http://www.vupen.com/english/advisories/2007/2841https://exchange.xforce.ibmcloud.com/vulnerabilities/35928http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01106515http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01109171http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01109584http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01109617http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01110576http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01110627http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01111851http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01112038http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01114023http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01114156http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01115068http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=574http://secunia.com/advisories/26394http://www.securityfocus.com/bid/25255http://www.securitytracker.com/id?1018548http://www.vupen.com/english/advisories/2007/2841https://exchange.xforce.ibmcloud.com/vulnerabilities/35928
2007-08-09
Published