Executive Summary
| Summary | |
|---|---|
| Title | HP OpenView Network Node Manager (OV NNM) Remote Unauthorized Execution of Arbitrary Code |
| Informations | |||
|---|---|---|---|
| Name | HPSBMA02281 SSRT061261 | First vendor Publication | 2007-12-05 |
| Vendor | HP | Last vendor Modification | 2007-12-05 |
| Severity (Vendor) | N/A | Revision | 1 |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C) | |||
|---|---|---|---|
| Cvss Base Score | 10 | Attack Range | Network |
| Cvss Impact Score | 10 | Attack Complexity | Low |
| Cvss Expoit Score | 10 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| A potential vulnerability has been identified with HP OpenView Network Node Manager (OV NNM). This vulnerability could be exploited remotely by an unauthorized user to execute arbitrary code with the permissions of the NNM server. |
Original Source
| Url : http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01188923 |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|---|---|
| 100 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
CPE : Common Platform Enumeration
| Type | Description | Count |
|---|---|---|
| Application | 3 |
SAINT Exploits
| Description | Link |
|---|---|
| HP OpenView Network Node Manager ovlogin.exe buffer overflow | More info here |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 39532 | HP OpenView Network Node Manager (OV NNM) webappmon.exe Remote Overflow |
| 39531 | HP OpenView Network Node Manager (OV NNM) snmpviewer.exe Remote Overflow |
| 39530 | HP OpenView Network Node Manager (OV NNM) OpenView5.exe Remote Overflow A buffer overflow exists in OpenView. OpenView5.exe fails to validate CGI variables resulting in a stack overflow. With a specially crafted request, a remote attacker can cause arbitrary code execution resulting in a loss of integrity. |
| 39529 | HP OpenView Network Node Manager (OV NNM) ovlogin.exe Remote Overflow |
Snort® IPS/IDS
| Date | Description |
|---|---|
| 2014-01-10 | HP OpenView CGI parameter buffer overflow attempt RuleID : 13161 - Revision : 13 - Type : SERVER-OTHER |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2007-12-07 | Name : The remote web server contains multiple CGI scripts that allow execution of a... File : openview_cgi_overflows.nasl - Type : ACT_ATTACK |
| 2007-12-04 | Name : The remote HP-UX host is missing a security-related patch. File : hpux_PHSS_37141.nasl - Type : ACT_GATHER_INFO |
| 2007-10-03 | Name : The remote HP-UX host is missing a security-related patch. File : hpux_PHSS_36773.nasl - Type : ACT_GATHER_INFO |
| 2007-10-03 | Name : The remote HP-UX host is missing a security-related patch. File : hpux_PHSS_36901.nasl - Type : ACT_GATHER_INFO |
| 2007-10-03 | Name : The remote HP-UX host is missing a security-related patch. File : hpux_PHSS_36902.nasl - Type : ACT_GATHER_INFO |
Alert History
| Date | Informations |
|---|---|
| 2014-02-17 11:38:12 |
|
