HP OpenView Network Node Manager Buffer Overflow Vulnerabilities
Last Update Date:
28 Jan 2011
Release Date:
22 Jul 2010
4719
Views
RISK: Medium Risk
Two vulnerabilitieshave been identified in HP OpenView Network Node Manager (OV NNM), which could be exploited by remote attackers to compromise a vulnerable system.
1. Due to a buffer overflow error in the "nnmrptconfig.exe" CGI executable when processing an overly long parameter value, which could be exploited by remote unauthenticated attackers to execute arbitrary code.
2. Due to a buffer overflow error in the "ov.dll" library when processing certain arguments supplied via CGI executables, which could be exploited by remote unauthenticated attackers to execute arbitrary code.
Impact
- Remote Code Execution
System / Technologies affected
- HP OpenView Network Node Manager (OV NNM) version 7.51
- HP OpenView Network Node Manager (OV NNM) version 7.53
Solutions
Before installation of the software, please visit the software manufacturer web-site for more details.
- The patches are available from
- http://support.openview.hp.com/selfsolve/patches - HP OV NNM v7.53 (HP-UX / IA) - Apply PHSS_40708 and hotfix SSRT100158
- HP OV NNM v7.53 (HP-UX / PA) - Apply PHSS_40707 and hotfix SSRT100158
- HP OV NNM v7.53 (Linux RedHatAS2.1) - Apply LXOV_00103 and hotfix SSRT100158
- HP OV NNM v7.53 (Linux RedHat4AS-x86_64) - Apply LXOV_00104 and hotfix SSRT100158
- HP OV NNM v7.53 (Solaris) - Apply PSOV_03527 and hotfix SSRT100158
- HP OV NNM v7.53 (Windows) - Apply NNM_01203 and hotfix SSRT100025 and SSRT100158
- HP OV NNM v7.51 - Upgrade to NNM v7.53 and apply NNM_01203 and hotfix SSRT100025 and SSRT100158
Vulnerability Identifier
Source
Related Link
Share with