Skip to main content

HP OpenView Network Node Manager Buffer Overflow Vulnerabilities

Last Update Date: 28 Jan 2011 Release Date: 11 Jun 2010 5345 Views

RISK: Medium Risk

Two vulnerabilities have been identified in HP OpenView Network Node Manager (OV NNM), which could be exploited by remote attackers to compromise a vulnerable system.

1. A buffer overflow error within the "ovwebsnmpsrv.exe" process (invoked via the "jovgraph.exe" CGI application) when processing unrecognized options, which could be exploited by remote attackers to execute arbitrary code.

2. A buffer overflow error within the "ovutil.dll" module loaded by the "ovwebsnmpsrv.exe" process (invoked via the "jovgraph.exe" CGI application) when processing malformed parameters, which could be exploited by remote attackers to execute arbitrary code.


Impact

  • Remote Code Execution

System / Technologies affected

  • HP OpenView Network Node Manager (OV NNM) version 7.51 (HP-UX, Linux, Solaris, and Windows)
  • HP OpenView Network Node Manager (OV NNM) version 7.53 (HP-UX, Linux, Solaris, and Windows)

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

HP OV NNM v7.53 (HP-UX / IA)
Apply PHSS_40708 or subsequent

HP OV NNM v7.53 (HP-UX / PA)
Apply PHSS_40707 or subsequent

HP OV NNM v7.53 (Linux RedHatAS2.1)
Apply LXOV_00103 or subsequent

HP OV NNM v7.53 (Linux RedHat4AS-x86_64)
Apply LXOV_00104 or subsequent

HP OV NNM v7.53 (Solaris)
Apply PSOV_03527 or subsequent

HP OV NNM v7.53 (Windows)
Apply NNM_01203 or subsequent

HP OV NNM v7.51
Upgrade to NNM v7.53 and apply patches


Vulnerability Identifier


Source


Related Link