Signature Detail

APP: HP OpenView Network Node Manager ovwebsnmpsrv.exe OVwSelection Buffer Overflow

This signature detects attempts to exploit a known buffer overflow vulnerability in HP OpenView Network Node Manager (NNM) program ovwebsnmpsrv.exe. It is due to a boundary error when handling HTTP requests sent to the jovgraph.exe CGI application. A remote unauthenticated attacker can exploit this by sending a crafted HTTP request to a target server, potentially causing arbitrary code to be injected and executed in the security context of the Internet Guest account. The behavior of the target is dependent on the logic of the malicious code.

Extended Description

HP OpenView Network Node Manager (NNM) is prone to a remote stack-based buffer-overflow vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker can exploit this issue to execute arbitrary code with SYSTEM-level privileges. Successful exploits will completely compromise affected computers. Failed exploit attempts will result in a denial-of-service condition. NOTE: This issue was previously covered in BID 37261 (HP OpenView Network Node Manager Multiple Remote Code Execution Vulnerabilities), but has been assigned its own record to better document it.

Affected Products

• Hp openview_network_node_manager 7.01
• Hp openview_network_node_manager 7.50
• Hp openview_network_node_manager 7.50.0
• Hp openview_network_node_manager 7.50.0 HP-UX 11.X
• Hp openview_network_node_manager 7.50.0 Linux
• Hp openview_network_node_manager 7.50.0 Solaris
• Hp openview_network_node_manager 7.50.0 Windows 2000/XP
• Hp openview_network_node_manager 7.51
• Hp openview_network_node_manager 7.53

References

• BugTraq: 37343
• CVE: CVE-2009-4181