HP OpenView Network Node Manager Code Execution Vulnerabilities

Last Update Date: 28 Jan 2011 Release Date: 13 May 2010 5440 Views

RISK: Medium Risk

Medium Risk

Multiple vulnerabilities have been identified in HP OpenView Network Node Manager (OV NNM), which could be exploited by remote attackers to compromise a vulnerable system.

1. A format string error within the "ovet_demandpoll.exe" process (invoked via the "webappmon.exe" CGI application) when processing a malformed "sel" POST parameter, which could be exploited by remote attackers to execute arbitrary code.

2. A stack overflow error within the "netmon.exe" daemon (invoked via the "webappmon.exe" CGI application) when processing a malformed "sel" POST parameter, which could be exploited by remote attackers to execute arbitrary code.

3. A stack overflow errors within the "snmpviewer.exe" CGI application when processing a malformed parameters, which could be exploited by remote attackers to execute arbitrary code.

4. A stack overflow error within the "getnnmdata.exe" CGI application when processing a malformed "MaxAge" parameter, which could be exploited by remote attackers to execute arbitrary code.

5. A stack overflow error within the "getnnmdata.exe" CGI application when processing a malformed "iCount" POST parameter, which could be exploited by remote attackers to execute arbitrary code.

6. A stack overflow error within the "getnnmdata.exe" CGI application when processing a malformed "Hostname" parameter, which could be exploited by remote attackers to execute arbitrary code.

Impact

  • Remote Code Execution

System / Technologies affected

  • HP OpenView Network Node Manager (OV NNM) version 7.01 (HP-UX, Linux, Solaris, and Windows)
  • HP OpenView Network Node Manager (OV NNM) version 7.51 (HP-UX, Linux, Solaris, and Windows)
  • HP OpenView Network Node Manager (OV NNM) version 7.53 (HP-UX, Linux, Solaris, and Windows)

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

HP OV NNM v7.53 (HP-UX / IA) - Apply PHSS_40708 or subsequent

HP OV NNM v7.53 (HP-UX / PA) - Apply PHSS_40707 or subsequent

HP OV NNM v7.53 (Linux RedHatAS2.1) - Apply LXOV_00103 or subsequent

HP OV NNM v7.53 (Linux RedHat4AS-x86_64) - Apply LXOV_00104 or subsequent

HP OV NNM v7.53 (Solaris) - Apply PSOV_03527 or subsequent

HP OV NNM v7.53 (Windows) - Apply NNM_01203 or subsequent

HP OV NNM v7.51 - Upgrade to NNM v7.53 and apply patches

HP OV NNM v7.01 (IA) - Upgrade to NNM v7.53 and apply patches

HP OV NNM v7.01 (HP-UX / PA) - Apply PHSS_40705 or subsequent

HP OV NNM v7.01 (Solaris / PA) - Apply PSOV_03526 or subsequent

HP OV NNM v7.01 (Windows / PA) - Apply NNM_01202 or subsequent

Download locations for this patch
http://support.openview.hp.com/selfsolve/patches

Vulnerability Identifier

Source

Related Link

Share with

Previous

IrfanView PSD Image Parsing Multiple Vulnerabilities

13 May 2010 5228 Views

Next

Adobe Shockwave Player Multiple Code Execution Vulnerabilities

13 May 2010 5207 Views

We use cookies to give you the best possible experience on our website. By continuing to browse this site, you give consent for cookies to be used. For more details please read our Cookie Policy.

PRIVACY POLICY