HP Openview Network Node Manager Alarm Service Buffer Overrun Vulnerability

Quoted from Delphis Security Advisory DST2K0012:

By using the Alarm service which is shipped and installed by default with HP openview network node manager it is possible to cause a Buffer overrun in OVALARMSRV overwriting the EIP allowing the execution of arbitry code. This is done be connecting to post 2345 which the port resides on by default and sending a large string. The string has to be a length of 4064 + EIP (4 bytes) making a total of 4068 bytes.


Privacy Statement
Copyright 2010, SecurityFocus