HP OpenView Network Node Manager Buffer Overflow Vulnerabilities
RISK: Medium Risk
Two vulnerabilities have been identified in HP OpenView Network Node Manager (OV NNM), which could be exploited by remote attackers to compromise a vulnerable system.
1. A buffer overflow error within the "ovwebsnmpsrv.exe" process (invoked via the "jovgraph.exe" CGI application) when processing unrecognized options, which could be exploited by remote attackers to execute arbitrary code.
2. A buffer overflow error within the "ovutil.dll" module loaded by the "ovwebsnmpsrv.exe" process (invoked via the "jovgraph.exe" CGI application) when processing malformed parameters, which could be exploited by remote attackers to execute arbitrary code.
Impact
- Remote Code Execution
System / Technologies affected
- HP OpenView Network Node Manager (OV NNM) version 7.51 (HP-UX, Linux, Solaris, and Windows)
- HP OpenView Network Node Manager (OV NNM) version 7.53 (HP-UX, Linux, Solaris, and Windows)
Solutions
Before installation of the software, please visit the software manufacturer web-site for more details.
HP OV NNM v7.53 (HP-UX / IA)
Apply PHSS_40708 or subsequentHP OV NNM v7.53 (HP-UX / PA)
Apply PHSS_40707 or subsequentHP OV NNM v7.53 (Linux RedHatAS2.1)
Apply LXOV_00103 or subsequentHP OV NNM v7.53 (Linux RedHat4AS-x86_64)
Apply LXOV_00104 or subsequentHP OV NNM v7.53 (Solaris)
Apply PSOV_03527 or subsequentHP OV NNM v7.53 (Windows)
Apply NNM_01203 or subsequentHP OV NNM v7.51
Upgrade to NNM v7.53 and apply patches
Vulnerability Identifier
Source
Related Link
Share with