HP OpenView NNM
Template Parameters Remote Buffer Overflow Vulnerability
Date Discovered:
12/10/2009
Severity:
High
Applications Affected:
HP OpenView Network
Node Manager 7.01
HP OpenView Network Node Manager 7.51
HP OpenView Network Node Manager 7.53
Type:
Remote
Identifiers:
CVE-2009-3848
Synopsis
A Buffer
Overflows Vulnerability has been discovered in HP OpenView Network Node
Manager 7.01, 7.51 and 7.53 in the way that this application handles
specially crafted invalid Template parameter to some CGI script.
Recommended Actions
Update with the latest patches as recommended by vender.
Threat Analysis
HP OpenView Network Node Manager is useful for
maintenance and monitoring of your company's networks and computers.
This tool automatically discovers computer networks, displays network
topologies, correlates and manages events and SNMP traps for recovery,
monitors network health, and gathers performance data. In this way this
tool increases the network visibility for the network administrators.
A Stack-based Buffer Overflows Vulnerability has been discovered in HP
OpenView Network Node Manager. This vulnerability exists when invalid
crafted “Template” parameter is send to nnmRptConfig.exe
CGI script. Successful exploitation allows remote attacker can execute
arbitrary code in security context of administrator.
