HP OpenView Network Node Manager ovspmd.exe Buffer Overflow - Security


Editor Login \| Register		Ekle

> World > Security

HP OpenView Network Node Manager ovspmd.exe Buffer Overflow - Security - World -

CWRedLight

(Date : 09.04.2008 19:38:58)

HP OpenView Network Node Manager ovspmd.exe Buffer Overflow

Secunia Advisory:	SA29713
Release Date:	2008-04-09

Critical:	Moderately critical
Impact:	DoS System access
Where:	From local network
Solution Status:	Unpatched

Software:	HP OpenView Network Node Manager (NNM) 7.x

Description:
Luigi Auriemma has discovered a vulnerability in HP OpenView Network Node Manager, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise a vulnerable system.

The vulnerability is caused due to an input validation error within ovspmd.exe and can be exploited to cause a heap-based buffer overflow by sending a specially crafted, overly long packet to default port 8886/TCP.

Successful exploitation may allow execution of arbitrary code.

The vulnerability is confirmed in version 7.53 and 7.51. Other versions may also be affected.

Solution:
Restrict network access to ovspmd.exe.

Provided and/or discovered by:
Luigi Auriemma

Original Advisory:
http://aluigi.altervista.org/adv/closedview-adv.txt

Derecelendir

Kaynak

http://secunia.com/advisories/29713/

İçerik İhbarı

Bağlantılar: bilgininefendisi.net

Open Source Document Project

AUP&TOS