No account yet?
Home » Exploits » HP OpenView Network Node Manager 'OvAcceptLang' Parameter Heap Buffer Overflow Vulnerability
HP OpenView Network Node Manager 'OvAcceptLang' Parameter Heap Buffer Overflow Vulnerability E-mail
Feeds - Exploits
Written by Oren Isacson of Core Security Technologies   
Tuesday, 31 March 2009 22:41
HP OpenView Network Node Manager 'OvAcceptLang' Parameter Heap Buffer Overflow Vulnerability


-\\Bugtraq ID:
34134

-\\Class:
Boundary Condition Error

-\\CVE:
CVE-2009-0920


-\\Remote:
Yes

-\\Local:
No

-\\Published:
Mar 23 2009 12:00AM

-\\Updated:
Mar 31 2009 08:26PM

-\\Credit:
Oren Isacson of Core Security Technologies



-\\Vulnerable:
HP OpenView Network Node Manager 7.0 .1 Windows 2000/XP
HP OpenView Network Node Manager 7.0 .1 Solaris
HP OpenView Network Node Manager 7.0 .1 Linux
HP OpenView Network Node Manager 7.0 .1 HP-UX 11.X
HP OpenView Network Node Manager 7.0 .1
HP OpenView Network Node Manager  7.53
HP OpenView Network Node Manager  7.51
HP OpenView Network Node Manager  7.01
HP OpenView Network Nod Manager  7.53 patch NNM_01195



-\\Discussion
HP OpenView Network Node Manager is prone to a heap-based buffer-overflow vulnerability
because it fails to adequately bounds-check user-supplied input before copying it to
insufficiently sized buffers.

Successfully exploiting this issue may allow an attacker to execute arbitrary code
with the privileges of the user running the affected application. Failed exploit
attempts will likely crash the application.

HP OpenView Network Node Manager 7.51, 7.53, and 7.53 with patch NNM_01195 are vulnerable.



-\\Exploit(s)/PoC(s):
Currently we are not aware of any working exploits. If you feel we are in error or if
 you are aware of more recent information, please mail us at: This e-mail address is being protected from spambots. You need JavaScript enabled to view it .



-\\Solution
Vendor updates are available. Please see the referenced advisories for more information.



-\\References(s)
--HP OpenView Buffer Overflows
http://www.coresecurity.com/content/openview-buffer-overflow  (CORE Security Technologies)
--HP OpenView Network Node Manager Product Page
http://www.openview.hp.com/products/nnm  (HP)
--CORE-2009-0122: HP OpenView Buffer Overflows
http://www.securityfocus.com/archive/1/50205  (CORE Security Technologies Advisories
< This e-mail address is being protected from spambots. You need JavaScript enabled to view it >)
 

Security Services by HSC

Contact us

Become partner
Advertise with us
Join our staff