|
HP OpenView Network Node Manager Multiple Vulnerabilities
|
|
|
|
|
Secunia Advisory:
|
SA29796
|
|
|
Release Date:
|
2008-04-14
|
|
Last Update:
|
2008-07-09
|
|
|
Critical:
|
Less critical
|
|
Impact:
|
Exposure of system information
Exposure of sensitive information
DoS
|
|
Where:
|
From local network
|
|
Solution Status:
|
Partial Fix
|
|
| Software: | HP OpenView Network Node Manager (NNM) 7.x
|
| | CVE reference: | CVE-2008-0068 (Secunia mirror)
CVE-2008-1851 (Secunia mirror)
CVE-2008-1852 (Secunia mirror)
CVE-2008-1853 (Secunia mirror)
|
|
|
|
|
|
Description:
Some vulnerabilities have been reported in HP OpenView Network Node Manager, which can be exploited by malicious people to disclose certain information or cause a DoS (Denial of Service).
1) An error in the ovtopmd.exe service can be exploited to cause the service to terminate via a type 0x36 request sent to default port 2532/TCP.
2) An input validation error in the ovalarmsrv.exe service can be exploited to cause the service to consume large amounts of CPU resources by sending specially crafted requests (e.g. type 25, 45, 46, 47 and 81) to default port 2954/TCP.
3) A NULL-pointer dereference error within ovalarmsrv.exe can be exploited via a specially crafted request sent to default port 2954/TCP.
4) It is possible to download or view arbitrary files by sending an HTTP request to the OpenView5.exe CGI application and passing strings containing directory traversal sequences to the "Action" parameter.
The vulnerabilities are reported in version 7.53. Other versions may also be affected.
Solution:
A patch/archive file for the directory traversal issue (vulnerability #4) is available.
http://itrc.hp.com
ftp://ss080043:ss080043@hprc.external.hp.com/
OV NNM v7.53:
Apply OpenView5_hotfix_7.53.tar archive file.
OV NNM v7.51:
Apply patch NNM_01168 or subsequent and OpenView5_hotfix_7.51.tar archive file.
OV NNM v7.01:
Apply patch NNM_01159 or subsequent and OpenView5_hotfix_7.01.tar archive file.
Restrict network access to the services.
Provided and/or discovered by:
1-3) Luigi Auriemma
4) Independently discovered by:
* Luigi Auriemma
* JJ Reyes, Secunia Research
Changelog:
2008-04-21: Added CVE reference.
2008-07-09: Updated "Solution" section and added link to vendor's advisory.
Original Advisory:
HPSBMA02349 SSRT080043 rev.1:
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01496048
Luigi Auriemma:
http://aluigi.altervista.org/adv/closedviewx-adv.txt
Secunia Research:
http://secunia.com/secunia_research/2008-4/
|
|
|
|
|
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.
Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
|
|
|
|
14 Related Secunia Security Advisories, displaying 10
|
|
|
1. HP OpenView Network Node Manager Multiple Vulnerabilities
|
|
2. HP OpenView Network Node Manager ovspmd.exe Buffer Overflow
|
|
3. HP OpenView Network Node Manager Buffer Overflow Vulnerability
|
|
4. HP OpenView Network Node Manager Denial of Service
|
|
5. HP OpenView Network Node Manager Multiple Vulnerabilities
|
|
6. HP OpenView Network Node Manager Unspecified Cross-Site Scripting
|
|
7. HP OpenView Products Shared Trace Service Buffer Overflows
|
|
8. HP OpenView Network Node Manager Unspecified Unauthorized Access
|
|
9. HP OpenView Network Node Manager Insecure Default Directory Permissions
|
|
10. HP OpenView Network Node Manager Two Vulnerabilities
|
Show all related advisories
|
|
|
Send Feedback to Secunia
|
|
If you have new information regarding this Secunia advisory or a product in our database, please send it to us using either our web form or email us at vuln@secunia.com.
Ideas, suggestions, and other feedback are most welcome.
|
|
|
|
