Executive Summary
This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
| Summary | |
|---|---|
| Title | HP OpenView Network Node Manager (OV NNM), Remote Execution of Arbitrary Code |
| Informations | |||
|---|---|---|---|
| Name | HPSBMA02621 SSRT100352 | First vendor Publication | 2011-01-10 |
| Vendor | HP | Last vendor Modification | 2011-01-12 |
| Severity (Vendor) | N/A | Revision | 2 |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C) | |||
|---|---|---|---|
| Cvss Base Score | 10 | Attack Range | Network |
| Cvss Impact Score | 10 | Attack Complexity | Low |
| Cvss Expoit Score | 10 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| Potential security vulnerabilities have been identified with HP OpenView Network Node Manager (OV NNM). The vulnerabilities could be exploited remotely to execute arbitrary code under the context of the user running the web server. |
Original Source
| Url : http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02670501 |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|---|---|
| 80 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
| 10 % | CWE-134 | Uncontrolled Format String (CWE/SANS Top 25) |
| 10 % | CWE-78 | Improper Sanitization of Special Elements used in an OS Command ('OS Command Injection') (CWE/SANS Top 25) |
CPE : Common Platform Enumeration
| Type | Description | Count |
|---|---|---|
| Application | 2 |
SAINT Exploits
| Description | Link |
|---|---|
| HP OpenView Network Node Manager nnmRptConfig.exe nameParams text1 Buffer Overflow | More info here |
| HP OpenView Network Node Manager ovwebsnmpsrv.exe ovutil.dll stringToSeconds Buffer Overflow | More info here |
| HP OpenView Network Node Manager malformed displayWidth option to jovgraph.exe | More info here |
| HP OpenView Network Node Manager nnmRptConfig.exe schd_select1 Remote Code Execution | More info here |
OpenVAS Exploits
| Date | Description |
|---|---|
| 2011-01-13 | Name : HP OpenView Network Node Manager Multiple Remote Code Execution Vulnerabilities File : nvt/gb_hp_openview_nnm_45762.nasl |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 70475 | HP OpenView Network Node Manager (OV NNM) CGI Scripts Command Injection Arbit... HP OpenView Network Node Manager contains a flaw related to the CGI scripts failure to properly validate an unspecified parameter. This may be exploited by a remote attacker via a command string for this parameter's value to execute arbitrary code. |
| 70474 | HP OpenView Network Node Manager (OV NNM) nnmRptConfig.exe Invalid Template N... HP OpenView Network Node Manager contains a Format string vulnerability in 'nnmRptConfig.exe'. The issue is triggered when the application uses user supplied data as a format specifier during creation of an error message when parsing an invalid template name. This may be exploited by a remote attacker via a crafted invalid template name to execute arbitrary code. |
| 70473 | HP OpenView Network Node Manager (OV NNM) nnmRptConfig.exe Multiple Parameter... HP OpenView Network Node Manager is prone to multiple overflow conditions. The 'nnmRptConfig.exe' module fails to properly sanitize user-supplied input resulting in buffer overflows. With a specially crafted overly long 'data_select1', 'nameParams', 'schdParams', 'nameParams', 'text1' or 'schd_select1' parameter sent via a POST request to one of the CGI functions of NNM, a remote attacker can potentially execute arbitrary code. |
| 70472 | HP OpenView Network Node Manager (OV NNM) ovutil.dll COOKIE Variable Remote O... HP OpenView Network Node Manager is prone to an overflow condition. The ovutil.dll component fails to properly sanitize user-supplied input resulting in a stack-based buffer overflow. With a specially crafted COOKIE variable, a remote attacker can potentially execute arbitrary code. |
| 70471 | HP OpenView Network Node Manager (OV NNM) OVAS Service ovas.exe Multiple Over... HP OpenView Network Node Manager is prone to an overflow condition. ovas.exe in the OVAS service fails to properly sanitize user-supplied input resulting in multiple stack-based buffer overflows. With a specially crafted Source Node or Destination Node name POST variable, a remote attacker can potentially execute arbitrary code. |
| 70470 | HP OpenView Network Node Manager (OV NNM) ovwebsnmpsrv.exe ovutil.dll stringT... HP OpenView Network Node Manager is prone to an overflow condition. The 'stringToSeconds' function in 'ovutil.dll 'in 'ovwebsnmpsrv.exe' fails to properly sanitize user-supplied input resulting in a buffer overflow. With a specially crafted HTTP request, a remote attacker can potentially execute arbitrary code. |
| 70469 | HP OpenView Network Node Manager (OV NNM) jovgraph jovgraph.exe arg Parameter... HP OpenView Network Node Manager contains a flaw related to the jovgraph.exe grapher's processing of malformed displayWidth options passed from the arg parameter. The issue is triggered when a remote attacker uses a crafted HTTP request to exploit this. This may allow an attacker to execute arbitrary code. |
Snort® IPS/IDS
| Date | Description |
|---|---|
| 2014-11-16 | HP OpenView NNM ovwebsnmpsrv.exe command line argument buffer overflow attempt RuleID : 31373 - Revision : 4 - Type : SERVER-WEBAPP |
| 2014-01-10 | HP OpenView Network Node Manager nnmRptConfig.exe multiple parameters buffer ... RuleID : 24147 - Revision : 6 - Type : SERVER-WEBAPP |
| 2014-01-10 | HP OpenView NNM ovwebsnmpsrv.exe command line argument buffer overflow attempt RuleID : 18998 - Revision : 13 - Type : SERVER-WEBAPP |
| 2014-01-10 | HP OpenView Network Node Manager server name exploit attempt RuleID : 18993 - Revision : 7 - Type : SERVER-WEBAPP |
| 2014-01-10 | HP OpenView Network Node Manager nnmRptConfig.exe Template format string code... RuleID : 18930 - Revision : 11 - Type : SERVER-WEBAPP |
| 2014-01-10 | HP OpenView Network Node Manager nnmRptConfig.exe multiple parameters buffer ... RuleID : 18764 - Revision : 14 - Type : SERVER-WEBAPP |
| 2014-01-10 | HP OpenView Network Node Manager ovwebsnmpsrv.exe displayWidth buffer overflo... RuleID : 18760 - Revision : 10 - Type : SERVER-WEBAPP |
| 2014-01-10 | HP OpenView Network Node Manager ovwebsnmpsrv.exe displayWidth buffer overflo... RuleID : 18759 - Revision : 10 - Type : SERVER-WEBAPP |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2012-03-06 | Name : The remote HP-UX host is missing a security-related patch. File : hpux_PHSS_41606.nasl - Type : ACT_GATHER_INFO |
| 2012-03-06 | Name : The remote HP-UX host is missing a security-related patch. File : hpux_PHSS_41607.nasl - Type : ACT_GATHER_INFO |
| 2011-01-21 | Name : The remote web server contains a CGI application that allows remote code exec... File : openview_nnm_execvp_nc.nasl - Type : ACT_ATTACK |
Alert History
| Date | Informations |
|---|---|
| 2014-02-17 11:38:17 |
|
