HP OpenView Network Node Manager Buffer Overflow Vulnerability - Security - World -


Editor Login \| Register		Ekle

> World > Security

HP OpenView Network Node Manager Buffer Overflow Vulnerability - Security - World -

(Date : 03.04.2008 21:36:08)

HP OpenView Network Node Manager Buffer Overflow Vulnerability

Secunia Advisory:	SA29641
Release Date:	2008-04-03

Critical:	Moderately critical
Impact:	System access
Where:	From local network
Solution Status:	Unpatched

Software:	HP OpenView Network Node Manager (NNM) 7.x

	This advisory is currently marked as unpatched! - Companies can be alerted when a patch is released!

Description: Mati Aharoni has discovered a vulnerability in HP OpenView Network Node Manager, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to a boundary error within ovwparser.dll, which can be exploited to cause a stack-based buffer overflow via an overly long HTTP GET request to ovas.exe on default port 7510/TCP. Successful exploitation allows execution of arbitrary code. The vulnerability is confirmed in version 7.51. Other versions may also be affected. Solution: Restrict network access to ovas.exe. Provided and/or discovered by: Mati Aharoni Original Advisory: http://www.offensive-security.com/0day/hp-nnm-ov.py.txt

Derecelendir

Kaynak

http://secunia.com/advisories/29641/

İçerik İhbarı

Bağlantılar: bilgininefendisi.net

Open Source Document Project