Skip to main content

HP OpenView Network Node Manager Code Execution Vulnerabilities

Last Update Date: 28 Jan 2011 Release Date: 13 May 2010 5609 Views

RISK: Medium Risk

Multiple vulnerabilities have been identified in HP OpenView Network Node Manager (OV NNM), which could be exploited by remote attackers to compromise a vulnerable system.

1. A format string error within the "ovet_demandpoll.exe" process (invoked via the "webappmon.exe" CGI application) when processing a malformed "sel" POST parameter, which could be exploited by remote attackers to execute arbitrary code.

2. A stack overflow error within the "netmon.exe" daemon (invoked via the "webappmon.exe" CGI application) when processing a malformed "sel" POST parameter, which could be exploited by remote attackers to execute arbitrary code.

3. A stack overflow errors within the "snmpviewer.exe" CGI application when processing a malformed parameters, which could be exploited by remote attackers to execute arbitrary code.

4. A stack overflow error within the "getnnmdata.exe" CGI application when processing a malformed "MaxAge" parameter, which could be exploited by remote attackers to execute arbitrary code.

5. A stack overflow error within the "getnnmdata.exe" CGI application when processing a malformed "iCount" POST parameter, which could be exploited by remote attackers to execute arbitrary code.

6. A stack overflow error within the "getnnmdata.exe" CGI application when processing a malformed "Hostname" parameter, which could be exploited by remote attackers to execute arbitrary code.


Impact

  • Remote Code Execution

System / Technologies affected

  • HP OpenView Network Node Manager (OV NNM) version 7.01 (HP-UX, Linux, Solaris, and Windows)
  • HP OpenView Network Node Manager (OV NNM) version 7.51 (HP-UX, Linux, Solaris, and Windows)
  • HP OpenView Network Node Manager (OV NNM) version 7.53 (HP-UX, Linux, Solaris, and Windows)

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

HP OV NNM v7.53 (HP-UX / IA) - Apply PHSS_40708 or subsequent

HP OV NNM v7.53 (HP-UX / PA) - Apply PHSS_40707 or subsequent

HP OV NNM v7.53 (Linux RedHatAS2.1) - Apply LXOV_00103 or subsequent

HP OV NNM v7.53 (Linux RedHat4AS-x86_64) - Apply LXOV_00104 or subsequent

HP OV NNM v7.53 (Solaris) - Apply PSOV_03527 or subsequent

HP OV NNM v7.53 (Windows) - Apply NNM_01203 or subsequent

HP OV NNM v7.51 - Upgrade to NNM v7.53 and apply patches

HP OV NNM v7.01 (IA) - Upgrade to NNM v7.53 and apply patches

HP OV NNM v7.01 (HP-UX / PA) - Apply PHSS_40705 or subsequent

HP OV NNM v7.01 (Solaris / PA) - Apply PSOV_03526 or subsequent

HP OV NNM v7.01 (Windows / PA) - Apply NNM_01202 or subsequent

Download locations for this patch
http://support.openview.hp.com/selfsolve/patches


Vulnerability Identifier


Source


Related Link