| Check Point Reference: |
CPAI-2009-007 |
| Date Published: |
9 Jan 2009 |
| Severity: |
High
|
| Last Updated: |
Thursday 01 January, 2009 |
| Source: |
Security Tracker Alert ID: 1021521
|
| Industry Reference: | CVE-2008-0067 |
| Protection Provided by: |
|
| Who is Vulnerable? | |
| Vulnerability Description |
HP OpenView Network Node Manager (NNM) is a software application designed for management, maintenance and monitoring of networks and network devices. Several vulnerabilities were reported in HP OpenView Network Node Manager CGI applications, enabling a remote user to execute arbitrary code on the target system via a specially crafted HTTP request. |
| Vulnerability Details | HP OpenView Network Node Manager (NNM) supplies several CGI applications to provide management interface of the NNM server. These CGI applications include ovlogin.exe, OpenView5.exe, getcvdata.exe, ovlaunch.exe and others. With these CGI applications, users can control and manage the NNM server using a web browser. Several buffer overflow vulnerabilities exist in HP OpenView Network Node Manager CGI applications due to insufficient boundary checking when handling HTTP request messages. A remote attacker can exploit these vulnerabilities to inject and execute arbitrary code on a vulnerable installation of HP NNM. |
Feedback