Executive Summary
| Informations | |||
|---|---|---|---|
| Name | CVE-2008-0067 | First vendor Publication | 2009-01-08 |
| Vendor | Cve | Last vendor Modification | 2018-10-15 |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C) | |||
|---|---|---|---|
| Cvss Base Score | 10 | Attack Range | Network |
| Cvss Impact Score | 10 | Attack Complexity | Low |
| Cvss Expoit Score | 10 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| Multiple stack-based buffer overflows in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allow remote attackers to execute arbitrary code via (1) long string parameters to the OpenView5.exe CGI program; (2) a long string parameter to the OpenView5.exe CGI program, related to ov.dll; or a long string parameter to the (3) getcvdata.exe, (4) ovlaunch.exe, or (5) Toolbar.exe CGI program. |
Original Source
| Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0067 |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|---|---|
| 100 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
CPE : Common Platform Enumeration
| Type | Description | Count |
|---|---|---|
| Application | 1 |
SAINT Exploits
| Description | Link |
|---|---|
| HP OpenView Network Node Manager getcvdata.exe parameter string buffer overflow | More info here |
| HP OpenView Network Node Manager OpenView5.exe buffer overflow | More info here |
| HP OpenView Network Node Manager Toolbar.exe CGI buffer overflow | More info here |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 53222 | HP OpenView Network Node Manager (OV NNM) Toolbar.exe Remote Overflow A buffer overflow exists in OpenView Network Node Manager. Toolbar.exe fails to validate CGI variables resulting in a stack overflow. With a specially crafted request, a remote attacker can cause arbitrary code execution resulting in a loss of integrity. |
| 53221 | HP OpenView Network Node Manager (OV NNM) ovlaunch.exe Remote Overflow |
| 53220 | HP OpenView Network Node Manager (OV NNM) getcvdata.exe Remote Overflow |
| 53219 | HP OpenView Network Node Manager (OV NNM) ov.dll Remote Overflow |
| 53218 | HP OpenView Network Node Manager (OV NNM) OpenView5.exe Remote Overflow |
Snort® IPS/IDS
| Date | Description |
|---|---|
| 2014-01-10 | HP OpenView Network Node Manager OpenView5 CGI buffer overflow attempt RuleID : 18579 - Revision : 6 - Type : SERVER-WEBAPP |
| 2014-01-10 | HP OpenView Network Node Manager OvOSLocale parameter buffer overflow attempt RuleID : 15434 - Revision : 15 - Type : SERVER-WEBAPP |
| 2014-01-10 | HP OpenView Network Node Manager Toolbar.exe HTTP request buffer overflow att... RuleID : 15242 - Revision : 5 - Type : WEB-CLIENT |
| 2014-01-10 | HP OpenView CGI parameter buffer overflow attempt RuleID : 13161 - Revision : 13 - Type : SERVER-OTHER |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2010-05-10 | Name : The remote HP-UX host is missing a security-related patch. File : hpux_PHSS_40705.nasl - Type : ACT_GATHER_INFO |
| 2009-06-15 | Name : The remote HP-UX host is missing a security-related patch. File : hpux_PHSS_39245.nasl - Type : ACT_GATHER_INFO |
| 2009-06-15 | Name : The remote HP-UX host is missing a security-related patch. File : hpux_PHSS_39246.nasl - Type : ACT_GATHER_INFO |
Sources (Detail)
Alert History
| Date | Informations |
|---|---|
| 2021-05-04 12:06:56 |
|
| 2021-04-22 01:07:25 |
|
| 2020-05-23 13:16:50 |
|
| 2020-05-23 00:21:03 |
|
| 2018-10-16 00:19:23 |
|
| 2016-04-26 16:59:00 |
|
| 2016-02-28 09:24:04 |
|
| 2016-02-28 05:24:14 |
|
| 2014-02-17 10:43:16 |
|
| 2014-01-19 21:24:40 |
|
| 2013-05-11 00:05:58 |
|
