HP OpenView ECSD Buffer Overflow Vulnerability

HP OpenView Network Node Manager (NNM) is a system management software package distributed by HP. It is designed for use on enterprise systems, and offers remote administrative facilities.

A problem in the software could allow a local user elevated privileges. Due to the unsafe handling of command line input by the Event Correlation Services daemon (ecsd), a buffer overflow makes it possible to overwrite stack variables, including the return address.

This problem makes it possible for a local user to execute arbitrary code, and gain elevated privileges on the local system.


Privacy Statement
Copyright 2010, SecurityFocus