Test ID:	1.3.6.1.4.1.25623.1.0.902076
Category:	Web application abuses
Title:	HP OpenView Network Node Manager Multiple Vulnerabilities
Summary:	HP OpenView Network Node Manager is prone to multiple vulnerabilities.
Description:	Summary: HP OpenView Network Node Manager is prone to multiple vulnerabilities. Vulnerability Insight: The flaws are due to boundary errors, - when creating an error message within 'ovwebsnmpsrv.exe' - within 'getProxiedStorageAddress()' in 'ovutil.dll' - when parsing command line argument variables within 'ovwebsnmpsrv.ex' And an unspecified vulnerability allows remote attackers to cause a denial of service via unknown vectors. Vulnerability Impact: Successful exploitation will allow attacker to cause a buffer overflow via a specially crafted HTTP request to the 'jovgraph.exe' CGI program. Affected Software/OS: HP OpenView Network Node Manager version 7.51 and 7.53 Solution: Apply the patch for OpenView NNM version 7.53. CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2010-1964 BugTraq ID: 40873 http://www.securityfocus.com/bid/40873 Bugtraq: 20100616 ZDI-10-108: HP OpenView NNM ovwebsnmpsrv.exe Command Line Argument Remote Code Execution Vulnerability (Google Search) http://www.securityfocus.com/archive/1/511854/100/0/threaded HPdes Security Advisory: HPSBMA02537 http://seclists.org/bugtraq/2010/Jun/152 HPdes Security Advisory: SSRT010027 http://www.zerodayinitiative.com/advisories/ZDI-10-108 http://osvdb.org/65552 http://securityreason.com/securityalert/8155 Common Vulnerability Exposure (CVE) ID: CVE-2010-1961 BugTraq ID: 40638 http://www.securityfocus.com/bid/40638 Bugtraq: 20100608 ZDI-10-106: Hewlett-Packard OpenView NNM ovutil.dll getProxiedStorageAddress Remote Code Execution Vulnerability (Google Search) http://www.securityfocus.com/archive/1/511731/100/0/threaded http://marc.info/?l=bugtraq&m=127602909915281&w=2 http://www.zerodayinitiative.com/advisories/ZDI-10-106/ http://www.securitytracker.com/id?1024071 http://secunia.com/advisories/40101 XForce ISS Database: ovnnm-getproxiedstorageaddress-bo(59250) https://exchange.xforce.ibmcloud.com/vulnerabilities/59250 Common Vulnerability Exposure (CVE) ID: CVE-2010-1960 BugTraq ID: 40637 http://www.securityfocus.com/bid/40637 Bugtraq: 20100608 ZDI-10-105: Hewlett-Packard OpenView NNM ovwebsnmpsrv.exe Bad Option Remote Code Execution Vulnerability (Google Search) http://www.securityfocus.com/archive/1/511734/100/0/threaded http://www.zerodayinitiative.com/advisories/ZDI-10-105/ XForce ISS Database: ovnnm-ovwebsnmpsrv-bo(59249) https://exchange.xforce.ibmcloud.com/vulnerabilities/59249 Common Vulnerability Exposure (CVE) ID: CVE-2010-3285 HPdes Security Advisory: HPSBMA02585 http://marc.info/?l=bugtraq&m=128525454219838&w=2 HPdes Security Advisory: SSRT100256
Copyright	Copyright (C) 2010 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.