Short Name |
APP:HPOV:NNM-SNMP-HOST |
---|---|
Severity |
Major |
Recommended |
No |
Recommended Action |
Drop |
Category |
APP |
Keywords |
HP OpenView Network Node Manager snmpviewer.exe Host Header Buffer Overflow |
Release Date |
2010/10/18 |
Update Number |
1794 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
This signature detects attempts to exploit a known buffer overflow vulnerability in the HP OpenView Network Node Manager (NNM) CGI program snmpviewer.exe. It is due to a boundary error when processing the Host header from HTTP requests. A remote unauthenticated attacker can exploit this by sending a crafted HTTP request to a target server, potentially causing arbitrary code to be injected and executed in the security context of the Internet Guest account. In a successful attack, the behavior of the target is dependent on the logic of the malicious code.
HP OpenView Network Node Manager is prone to multiple remote vulnerabilities: - Multiple remote command-injection vulnerabilities. - Multiple stack-based buffer-overflow vulnerabilities. - Multiple heap-based buffer-overflow vulnerabilities. - An additional unspecified remote code-execution vulnerability. An attacker can exploit these issues to execute arbitrary code with SYSTEM-level privileges. Successful exploits will completely compromise affected computers. Failed exploit attempts will result in a denial-of-service condition. NOTE: This BID is being retired. The following individual records exist to better document these issues: 37294 HP OpenView Network Node Manager Unspecified Stack Buffer Overflow Vulnerability 37295 HP OpenView Network Node Manager 'ovlogin.exe' Multiple Remote Code Execution Vulnerabilities 37296 HP OpenView Network Node Manager 'nnmRptConfig.exe' Remote Code Execution Vulnerability 37298 HP OpenView Network Node Manager 'nnmRptConfig.exe' 'strcat()' Remote Code Execution Vulnerability 37299 HP OpenView Network Node Manager 'Oid' Parameter Remote Buffer Overflow Vulnerability 37300 HP OpenView Network Node Manager Perl CGI Executables Remote Code Execution Vulnerability 37330 HP OpenView Network Node Manager 'ovsessionmgr.exe' Remote Heap Buffer Overflow Vulnerability 37340 HP OpenView Network Node Manager 'OvWebHelp.exe' Remote Heap Buffer Overflow Vulnerability 37341 HP OpenView Network Node Manager 'webappmon.exe' Remote Buffer Overflow Vulnerability 37343 HP OpenView Network Node Manager 'ovwebsnmpsrv.exe' Remote Stack Buffer Overflow Vulnerability 37345 HP OpenView Network Node Manager Unspecified Remote Code Execution Vulnerability 37347 HP OpenView Network Node Manager 'ovalarm.exe' Remote Buffer Overflow Vulnerability 37348 HP OpenView Network Node Manager 'snmpviewer.exe' Remote Code Execution Vulnerability