|
HP OpenView Network Node Manager Multiple Vulnerabilities
|
|
Secunia Advisory:
|
SA27964
|
|
|
Release Date:
|
2007-12-07
|
|
Popularity:
|
6,933 views
|
|
|
Critical:
|
Moderately critical
|
|
Impact:
|
System access
|
|
Where:
|
From local network
|
|
Solution Status:
|
Vendor Patch
|
|
| Software: | HP OpenView Network Node Manager (NNM) 6.x
HP OpenView Network Node Manager (NNM) 7.x
|
|
|
Binary Analysis:
|
BA311 :: Available for 1 Credit 
BA322 :: Available for 1 Credit
|
|
|
Subscribe:
|
Instant alerts on relevant vulnerabilities
|
| | CVE reference: | CVE-2007-6204
|
|
Description:
Some vulnerabilities have been reported in HP OpenView Network Node Manager, which can be exploited by malicious people to compromise a vulnerable system.
The vulnerabilities are caused due to boundary errors in several CGI applications (ovlogin.exe, OpenView5.exe, snmpviewer.exe, webappmon.exe). These can be exploited to cause stack-based buffer overflows by sending overly long arguments to certain CGI variables.
Successful exploitation allows execution of arbitrary code.
The vulnerabilities affect versions 6.41, 7.01, 7.51 running on HP-UX B.11.00, B.11.11, and B.11.23, Solaris, Windows NT, Windows 2000, Windows XP, and Linux.
Solution:
Apply patches.
http://support.openview.hp.com/patches/patch_index.jsp
-- OpenView Network Node Manager (OV NNM) 7.51 --
HP-UX B.11.23 (IA):
Apply PHSS_36902 or subsequent.
HP-UX B.11.23 (PA):
Apply PHSS_36901 or subsequent.
HP-UX B.11.11:
Apply PHSS_36901 or subsequent.
HP-UX B.11.00:
Apply PHSS_36901 or subsequent.
Linux RedHatAS2.1:
Apply LXOV_00054 or subsequent.
Solaris:
Apply PSOV_03482 or subsequent.
Windows:
Apply NNM_01161 or subsequent.
-- OpenView Network Node Manager (OV NNM) 7.01 --
HP-UX B.11.11:
Apply PHSS_36773 or subsequent.
HP-UX B.11.00:
Apply PHSS_36773 or subsequent.
Solaris:
Apply PSOV_03480 or subsequent.
Windows:
Apply NNM_01159 or subsequent.
-- OpenView Network Node Manager (OV NNM) 6.41 --
HP-UX B.11.11:
Apply PHSS_37141 or subsequent.
Apply HP-UX B.11.00:
Apply PHSS_37141 or subsequent.
Solaris:
Apply PSOV_03489 or subsequent.
Windows:
Apply NNM_01167 or subsequent.
Provided and/or discovered by:
Discovered by Tenable Network Security and reported via ZDI.
Original Advisory:
HPSBMA02281 SSRT061261:
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01188923
ZDI:
http://www.zerodayinitiative.com/advisories/ZDI-07-071.html
|
|
|
Track this Secunia Advisory
|
Customers of the Secunia Vulnerability Intelligence solutions will automatically receive updates when new information regarding this advisory is released.
Read more about our Vulnerability Intelligence solutions and what they can do for you and your company.
|
|
|
About this Secunia Advisory
|
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.
Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
|
|
|
7th Oct, 2008
|
New advisories:
|
19 |
|
New vulnerabilities:
|
68 |
|
Updated advisories:
|
62 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
 Solutions | More...
|
|
