HP OpenView Network Node Manager Buffer Overflow Vulnerability
From local network
Software:HP OpenView Network Node Manager (NNM) 7.x
This advisory is currently marked as unpatched! - Companies can be alerted when a patch is released!
Aharoni has discovered a vulnerability in HP OpenView Network Node
Manager, which can be exploited by malicious people to compromise a
The vulnerability is caused due to a boundary error within
ovwparser.dll, which can be exploited to cause a stack-based buffer
overflow via an overly long HTTP GET request to ovas.exe on default
Successful exploitation allows execution of arbitrary code.
The vulnerability is confirmed in version 7.51. Other versions may also be affected.Solution:Restrict network access to ovas.exe.Provided and/or discovered by:Mati AharoniOriginal Advisory:http://www.offensive-security.com/0day/hp-nnm-ov.py.txt