Check Point Reference: | CPAI-2009-083 |
Date Published: | 8 May 2009 |
Severity: | High |
Last Updated: | Thursday 01 January, 2009 |
Source: | Secunia Advisory: SA31672 |
Industry Reference: | |
Protection Provided by: | |
Who is Vulnerable? | HP OpenView Network Node Manager (OV NNM) 7.01 HP OpenView Network Node Manager (OV NNM) 7.51 HP OpenView Network Node Manager (OV NNM) 7.53 |
Vulnerability Description | HP OpenView Network Node Manager (NNM) is a software application designed for management, maintenance and monitoring of networks and network devices. The application fails to properly validate maliciously crafted requests. By sending a crafted request, a remote unauthenticated attacker could overflow a buffer and execute arbitrary code on the target system. |
Update/Patch Avaliable | HP has released an advisory: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01723303 |
Vulnerability Details | The vulnerability specifically exists in OpenView Network Node Manager ovalarmsrv.exe program which is installed by default with HP OpenView to listen for client requests. An attacker can trigger the vulnerability by sending crafted requests to the ovalarmsrv.exe. |