Skip to main content

HP OpenView Network Node Manager Buffer Overflow Vulnerabilities

Last Update Date: 28 Jan 2011 Release Date: 25 Mar 2009 4373 Views

RISK: Medium Risk

Multiple vulnerabilities have been identified in HP OpenView Network Node Manager (OV NNM), which could be exploited by remote attackers to compromise a vulnerable system.

1. Due to a stack overflow error in the "OvCgi/Toolbar.exe" CGI when processing an overly long "OvOSLocale" cookie parameter, which could be exploited by remote attackers to execute arbitrary code via a specially crafted HTTP request.

2. Due to a heap overflow error in the "OvCgi/Toolbar.exe" CGI when processing an overly long "OvAcceptLang" cookie parameter, which could be exploited by remote attackers to execute arbitrary code via a specially crafted HTTP request.

3. Due to a heap overflow error in the "OvCgi/Toolbar.exe" CGI when processing an overly long "Accept-Language" header value, which could be exploited by remote attackers to execute arbitrary code via a specially crafted HTTP request.


Impact

  • Remote Code Execution

System / Technologies affected

  • HP OpenView Network Node Manager (OV NNM) version 7.01 (HP-UX, Linux, Solaris, and Windows)
  • HP OpenView Network Node Manager (OV NNM) version 7.51 (HP-UX, Linux, Solaris, and Windows)
  • HP OpenView Network Node Manager (OV NNM) version 7.53 (HP-UX, Linux, Solaris, and Windows)

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.


Vulnerability Identifier


Source


Related Link