|
HP OpenView Products Shared Trace Service Buffer Overflows
|
|
Secunia Advisory:
|
SA26394
|
|
|
Release Date:
|
2007-08-10
|
|
Last Update:
|
2008-04-09
|
|
Popularity:
|
8,917 views
|
|
|
Critical:
|
Moderately critical
|
|
Impact:
|
System access
|
|
Where:
|
From local network
|
|
Solution Status:
|
Vendor Patch
|
|
| Software: | HP Business Process Insight (HPBPI) 1.x
HP Business Process Insight (HPBPI) 2.x
HP OpenView Business Process Insight (OVBPI) 1.x
HP OpenView Business Process Insight (OVBPI) 2.x
HP OpenView Dashboard 2.x
HP OpenView Internet Service (OVIS) 6.x
HP OpenView Network Node Manager (NNM) 6.x
HP OpenView Network Node Manager (NNM) 7.x
HP OpenView Operations HTTPS Agent 8.x
HP OpenView Operations Manager for Windows (OVOW) 7.x
HP OpenView Performance Agent
HP OpenView Performance Insight (OVPI) 5.x
HP OpenView Performance Manager (OVPM) 5.x
HP OpenView Performance Manager (OVPM) 6.x
HP OpenView Reporter 3.x
HP OpenView Service Desk Process Insight (SDPI) 1.x
HP OpenView Service Desk Process Insight (SDPI) 2.x
HP OpenView Service Quality Manager (OV SQM) 1.x
HP Service Desk Process Insight (HPSDPI) 1.x
HP Service Desk Process Insight (HPSDPI) 2.x
|
|
|
Binary Analysis:
|
BA175 :: Available for 1 Credit 
|
|
|
Subscribe:
|
Instant alerts on relevant vulnerabilities
|
| | CVE reference: | CVE-2007-1676
CVE-2007-3872
|
|
Description:
Some vulnerabilities have been reported in HP OpenView products, which can be exploited by malicious people to compromise a vulnerable system.
The vulnerabilities are caused due to boundary errors in the Shared Trace Service component within ovtrcsvc.exe and OVTrace.exe when handling certain requests. These can be exploited to cause stack-based buffer overflows via sending specially crafted requests (opcode handler 0x1a or 0x0f) to the service.
The vulnerabilities affect the following products and versions:
* HP OpenView Internet Service (OVIS) v6.00, v6.10, v6.11 (Japanese), v6.20 running HP OpenView Cross Platform Component (XPL) vB.60.81.00, vB.60.90.00, and vB.61.90.000
* HP OpenView Performance Manager (OVPM) 5.x and 6.x
* HP OpenView Performance Agent (OVPA) 4.5 and 4.6
* HP OpenView Reporter 3.7
* HP OpenView Operations (OVO) Agents OVO8.x HTTPS agents
* HP OpenView Operations Manager for Windows (OVOW) v7.5 with the OpenView Operations (OVO) add on module for OpenView Operations-Business Availability Center (OVO-BAC)
* HP OpenView Quality Manager (OV SQM) v1.2 SP1, v1.3, v1.40 running HP OpenView Cross Platform Component (XPL) 2.60.041, 2.61.060 and 2.61.110
* HP OpenView Network Node Manager (OV NNM) v6.41, v7.01, v7.50, v7.51 running XPL earlier than 03.10.040
* HP OpenView Business Process Insight (OVBPI), HP Business Process Insight (HPBPI) , HP OpenView Service Desk Process Insight (SDPI), and HP Service Desk Process Insight (HPSDPI) versions 1.0, 1.1x, 2.0x and 2.10x
* HP OpenView Dashboard v2.01 running HP OpenView Cross Platform Component (XPL) vB.60.90.00 and vB.61.90.000
* HP OpenView Performance Insight (OVPI) v5.0, v5.1, v5.1.1, v5.1.2, v5.2 running HP OpenView Cross Platform Component (XPL) earlier than v3.10.040
Solution:
Apply hotfixes. Please see the vendor's advisories for details.
Provided and/or discovered by:
1) Cody Pierce, Pedram Amini, and Aaron Portnoy of TippingPoint DV Labs
2) An anonymous researcher, reported via iDefense Labs.
Changelog:
2007-08-15: Updated "Description" and credits section. Added link to TippingPoint. Added CVE reference.
2007-08-20: Updated "Description" section to include HP OpenView Network Node Manager version 7.51 in list of affected versions.
2007-08-31: The vendor has updated HPSBMA02239 SSRT061260 with information about OV NNM and that patches PHSS_35457 and ITOSOL_00530 are available.
2008-04-09: The vendor has updated HPSBMA02242 SSRT061260 with information about OV NNM and that patches are available.
Original Advisory:
HPSBMA02235 SSRT061260:
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01106515
HPSBMA02236 SSRT061260:
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01109171
HPSBMA02237 SSRT061260:
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01109584
HPSBMA02238 SSRT061260:
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01109617
HPSBMA02239 SSRT061260:
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01110576
HPSBMA02240 SSRT061260:
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01110627
HPSBMA02241 SSRT061260:
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01111851
HPSBMA02242 SSRT061260:
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01112038
HPSBMA02244 SSRT061260:
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01114023
HPSBMA02245 SSRT061260:
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01114156
HPSBMA02246 SSRT061260:
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01115068
iDefense Labs:
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=574
TippingPoint:
http://dvlabs.tippingpoint.com/advisory/TPTI-07-14
|
|
|
Track this Secunia Advisory
|
Customers of the Secunia Vulnerability Intelligence solutions will automatically receive updates when new information regarding this advisory is released.
Read more about our Vulnerability Intelligence solutions and what they can do for you and your company.
|
|
|
About this Secunia Advisory
|
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.
Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
|
|
|
Today
|
New advisories:
|
19 |
|
New vulnerabilities:
|
31 |
|
Updated advisories:
|
28 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
 Solutions | More...
|
|
