RETIRED: HP OpenView Network Node Manager Multiple Remote Code Execution Vulnerabilities

HP OpenView Network Node Manager is prone to multiple remote vulnerabilities:

- Multiple remote command-injection vulnerabilities.
- Multiple stack-based buffer-overflow vulnerabilities.
- Multiple heap-based buffer-overflow vulnerabilities.
- An additional unspecified remote code-execution vulnerability.

An attacker can exploit these issues to execute arbitrary code with SYSTEM-level privileges. Successful exploits will completely compromise affected computers. Failed exploit attempts will result in a denial-of-service condition.

NOTE: This BID is being retired. The following individual records exist to better document these issues:

37294 HP OpenView Network Node Manager Unspecified Stack Buffer Overflow Vulnerability
37295 HP OpenView Network Node Manager 'ovlogin.exe' Multiple Remote Code Execution Vulnerabilities
37296 HP OpenView Network Node Manager 'nnmRptConfig.exe' Remote Code Execution Vulnerability
37298 HP OpenView Network Node Manager 'nnmRptConfig.exe' 'strcat()' Remote Code Execution Vulnerability
37299 HP OpenView Network Node Manager 'Oid' Parameter Remote Buffer Overflow Vulnerability
37300 HP OpenView Network Node Manager Perl CGI Executables Remote Code Execution Vulnerability
37330 HP OpenView Network Node Manager 'ovsessionmgr.exe' Remote Heap Buffer Overflow Vulnerability
37340 HP OpenView Network Node Manager 'OvWebHelp.exe' Remote Heap Buffer Overflow Vulnerability
37341 HP OpenView Network Node Manager 'webappmon.exe' Remote Buffer Overflow Vulnerability
37343 HP OpenView Network Node Manager 'ovwebsnmpsrv.exe' Remote Stack Buffer Overflow Vulnerability
37345 HP OpenView Network Node Manager Unspecified Remote Code Execution Vulnerability
37347 HP OpenView Network Node Manager 'ovalarm.exe' Remote Buffer Overflow Vulnerability
37348 HP OpenView Network Node Manager 'snmpviewer.exe' Remote Code Execution Vulnerability


 

Privacy Statement
Copyright 2010, SecurityFocus