Multiple vulnerabilities have been reported in HP OpenView Network Node Manager, which can be exploited by malicious people to compromise a vulnerable system.

1) A boundary error when creating an error message within ovwebsnmpsrv.exe can be exploited to cause a buffer overflow via a specially crafted HTTP request sent to the "jovgraph.exe" CGI program.

2) A boundary error within "getProxiedStorageAddress()" in ovutil.dll can be exploited to cause a buffer overflow via overly large values passed to variables in an HTTP request sent to the "jovgraph.exe" CGI program.

3) A boundary error when parsing command line argument variables within ovwebsnmpsrv.exe can be exploited to cause a buffer overflow via a specially crafted HTTP request to the "jovgraph.exe" CGI program.

4) A boundary error exists within the "OvWwwDebug()" function in ovwww.dll while parsing strings from an HTTP request using the "sprintf()" function. This can be exploited to cause a stack-based buffer overflow by passing an overly long string via the "OvJavaLocale" cookie parameter to the "webappmon.exe" CGI program.

The vulnerabilities are reported in HP OpenView Network Node Manager 7.51 and 7.53 running on HP-UX, Linux, Solaris, and Windows.

Solution
Apply patches.
Further details available in Customer Area

Provided and/or discovered by
1 - 3) An anonymous person, reported via ZDI.
4) Nahuel Riva, Core Security Technologies.

Changelog
Further details available in Customer Area

Original Advisory
HP (HPSBMA02537 SSRT010027):
https://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02217439

HP (HPSBMA02563 SSRT100165):
https://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02446520

ZDI:
http://www.zerodayinitiative.com/advisories/ZDI-10-105/
http://www.zerodayinitiative.com/advisories/ZDI-10-106/
http://www.zerodayinitiative.com/advisories/ZDI-10-108/

Core Security Technologies:
http://www.coresecurity.com/content/hp-nnm-ovjavalocale-buffer-overflow

Deep Links
Links available in Customer Area