HP OpenView Network Node Manager Buffer Overflow Vulnerability

HP OpenView Network Node Manager Buffer Overflow Vulnerability Secunia Advisory: SA29641   Release Date: 2008-04-03 Critical: Moderately critical Impact: System access Where: From local network Solution Status: Unpatched Software:HP OpenView Network Node Manager (NNM) 7.x This advisory is currently marked as unpatched! - Companies can be alerted when a patch is released! Description:Mati Aharoni has discovered a vulnerability in HP OpenView Network Node Manager, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to a boundary error within ovwparser.dll, which can be exploited to cause a stack-based buffer overflow via an overly long HTTP GET request to ovas.exe on default port 7510/TCP. Successful exploitation allows execution of arbitrary code. The vulnerability is confirmed in version 7.51. Other versions may also be affected.Solution:Restrict network access to ovas.exe.Provided and/or discovered by:Mati AharoniOriginal Advisory:http://www.offensive-security.com/0day/hp-nnm-ov.py.txt

Döküman Arama

Başlık :