Check Point Advisories

HP OpenView Network Node Manager snmpviewer.exe Host Header Buffer Overflow (CVE-2009-4180)

Vulnerability
Protection

Check Point Reference:	CPAI-2014-1742
Date Published:	3 Aug 2014
Severity:	High
Last Updated:	Tuesday 29 July, 2014
Source:	CVE-2009-4180
Protection Provided by:	Security Gateway R77 R76 R75
Who is Vulnerable?	Hewlett-Packard OpenView Network Node Manager (OV NNM) 7.01 Hewlett-Packard OpenView Network Node Manager (OV NNM) 7.51 Hewlett-Packard OpenView Network Node Manager (OV NNM) 7.53
Vulnerability Description	A buffer overflow vulnerability exists in the HP OpenView Network Node Manager (NNM) CGI program snmpviewer.exe. The vulnerability is due to a boundary error when processing the Host header from HTTP requests. A remote unauthenticated attacker can exploit this vulnerability by sending a crafted HTTP request to a target server, potentially causing arbitrary code to be injected and executed in the security context of the Internet Guest account.

Protection Overview

This protection will detect and block attempts to exploit this vulnerability.

In order for the protection to be activated, update your Security Gateway product to the latest IPS update. For information on how to update IPS, go to SBP-2006-05, Protection tab and select the version of your choice.

Security Gateway R77 / R76 / R75 / R71 / R70

In the IPS tab, click Protections and find the HP OpenView Network Node Manager snmpviewer.exe Host Header Buffer Overflow protection using the Search tool and Edit the protection's settings.
Install policy on all modules.

SmartView Tracker will log the following entries:

Attack Name:  HP Products Protection Violation.
Attack Information:  HP OpenView Network Node Manager snmpviewer.exe Host Header Buffer Overflow