English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 324607 CVE descriptions
and 145615 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.900243
Category:Web application abuses
Title:HP OpenView Network Node Manager Multiple Vulnerabilities (May 2010)
Summary:HP OpenView Network Node Manager is prone to multiple vulnerabilities.
Description:Summary:
HP OpenView Network Node Manager is prone to multiple vulnerabilities.

Vulnerability Insight:
The specific flaw exists,

- in ovet_demandpoll.exe process, which allows remote attackers to execute
arbitrary code via format string specifiers in the sel parameter.

- when _OVParseLLA function defined within ov.dll is called from netmon.exe
(Network Monitor) daemon, which directly copies the value of the 'sel' POST
variable into a fixed-length without validating the length causing stack
buffer overflow.

- within the snmpviewer.exe CGI. The doLoad function in this process calls
sprintf() with a %s format specifier without sanitizing the user supplied
data from POST variables (act and app) causing stack-based buffer overflow.

- within the getnnmdata.exe CGI. If this CGI is requested with an invalid
MaxAge parameter or invalid iCount POST parameter a sprintf() call is made
without validating the length before coping in to a fixed-length stack
buffer causing stack-based buffer overflow.

Vulnerability Impact:
Successful exploitation will allow attacker to execute arbitrary code in
the context of an application.

Affected Software/OS:
HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53

Solution:
Upgrade to NNM v7.53 and apply the patch from the references.

CVSS Score:
10.0

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2010-1550
Bugtraq: 20100511 ZDI-10-081: HP OpenView NNM ovet_demandpoll sel CGI Variable Format String Remote Code Execution Vulnerability (Google Search)
http://www.securityfocus.com/archive/1/511245/100/0/threaded
HPdes Security Advisory: HPSBMA02527
http://marc.info/?l=bugtraq&m=127360750704351&w=2
HPdes Security Advisory: SSRT010098
HPdes Security Advisory: SSRT090225
http://zerodayinitiative.com/advisories/ZDI-10-081/
Common Vulnerability Exposure (CVE) ID: CVE-2010-1551
BugTraq ID: 40067
http://www.securityfocus.com/bid/40067
Bugtraq: 20100511 ZDI-10-082: HP OpenView NNM netmon sel CGI Variable Remote Code Execution Vulnerability (Google Search)
http://www.securityfocus.com/archive/1/511247/100/0/threaded
HPdes Security Advisory: SSRT090226
http://zerodayinitiative.com/advisories/ZDI-10-082/
Common Vulnerability Exposure (CVE) ID: CVE-2010-1552
Bugtraq: 20100511 ZDI-10-083: HP OpenView NNM snmpviewer.exe CGI Multiple Variable Remote Code Execution Vulnerability (Google Search)
http://www.securityfocus.com/archive/1/511248/100/0/threaded
HPdes Security Advisory: SSRT090227
http://zerodayinitiative.com/advisories/ZDI-10-083/
http://securityreason.com/securityalert/8157
Common Vulnerability Exposure (CVE) ID: CVE-2010-1553
Bugtraq: 20100511 ZDI-10-084: HP OpenView NNM getnnmdata.exe CGI Invalid MaxAge Remote Code Execution Vulnerability (Google Search)
http://www.securityfocus.com/archive/1/511241/100/0/threaded
HPdes Security Advisory: SSRT090228
http://zerodayinitiative.com/advisories/ZDI-10-084/
http://securityreason.com/securityalert/8153
Common Vulnerability Exposure (CVE) ID: CVE-2010-1554
Bugtraq: 20100511 ZDI-10-085: HP OpenView NNM getnnmdata.exe CGI Invalid ICount Remote Code Execution Vulnerability (Google Search)
http://www.securityfocus.com/archive/1/511249/100/0/threaded
http://www.exploit-db.com/exploits/14181
HPdes Security Advisory: SSRT090229
http://zerodayinitiative.com/advisories/ZDI-10-085/
http://securityreason.com/securityalert/8154
CopyrightCopyright (C) 2010 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.



© 1998-2025 E-Soft Inc. All rights reserved.