Check Point Advisories

Update Protection against HP OpenView Network Node Manager ovlogin.exe Buffer Overflow

Check Point Reference: CPAI-2009-313
Date Published: 23 Dec 2009
Severity: Critical
Last Updated: Thursday 01 January, 2009
Source: Secunia Advisory: 37665
Industry Reference:CVE-2009-3846
Protection Provided by:
Who is Vulnerable? HP OpenView Network Node Manager (OV NNM) 7.01
HP OpenView Network Node Manager (OV NNM) 7.51
HP OpenView Network Node Manager (OV NNM) 7.53
Vulnerability Description A buffer overflow vulnerability exists in HP OpenView Network Node Manager (NNM). The vulnerability is due to a boundary error in ovlogin.exe, the login process of a CGI application shipped with OpenView NNM. A remote unauthenticated attacker can exploit this vulnerability by sending a crafted HTTP request to a target server, potentially causing arbitrary code injection and execution on the target system.
Update/Patch AvaliableHP has released an advisory addressing this vulnerability:
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01950877
Vulnerability DetailsThe vulnerability is due to insufficient boundary checking when processing userid and passwd parameters sent in a HTTP request. A remote unauthenticated attacker can exploit this vulnerability by sending a crafted HTTP request to a target server. Successful exploitation could result in execution of arbitrary code.

Protection Overview

×
  Feedback
This website uses cookies for its functionality and for analytics and marketing purposes. By continuing to use this website, you agree to the use of cookies. For more information, please read our Cookies Notice.
OK