---------------------------------------------------------------------- 2003: 2,700 advisories published 2004: 3,100 advisories published 2005: 4,600 advisories published 2006: 5,300 advisories published How do you know which Secunia advisories are important to you? The Secunia Vulnerability Intelligence Solutions allows you to filter and structure all the information you need, so you can address issues effectively. Get a free trial of the Secunia Vulnerability Intelligence Solutions: http://corporate.secunia.com/how_to_buy/38/vi/?ref=secadv ---------------------------------------------------------------------- TITLE: HP OpenView Network Node Manager Multiple Vulnerabilities SECUNIA ADVISORY ID: SA27964 VERIFY ADVISORY: http://secunia.com/advisories/27964/ CRITICAL: Moderately critical IMPACT: System access WHERE: >From local network SOFTWARE: HP OpenView Network Node Manager (NNM) 6.x http://secunia.com/product/2384/ HP OpenView Network Node Manager (NNM) 7.x http://secunia.com/product/3608/ DESCRIPTION: Some vulnerabilities have been reported in HP OpenView Network Node Manager, which can be exploited by malicious people to compromise a vulnerable system. The vulnerabilities are caused due to boundary errors in several CGI applications (ovlogin.exe, OpenView5.exe, snmpviewer.exe, webappmon.exe). These can be exploited to cause stack-based buffer overflows by sending overly long arguments to certain CGI variables. Successful exploitation allows execution of arbitrary code. The vulnerabilities affect versions 6.41, 7.01, 7.51 running on HP-UX B.11.00, B.11.11, and B.11.23, Solaris, Windows NT, Windows 2000, Windows XP, and Linux. SOLUTION: Apply patches. http://support.openview.hp.com/patches/patch_index.jsp -- OpenView Network Node Manager (OV NNM) 7.51 -- HP-UX B.11.23 (IA): Apply PHSS_36902 or subsequent. HP-UX B.11.23 (PA): Apply PHSS_36901 or subsequent. HP-UX B.11.11: Apply PHSS_36901 or subsequent. HP-UX B.11.00: Apply PHSS_36901 or subsequent. Linux RedHatAS2.1: Apply LXOV_00054 or subsequent. Solaris: Apply PSOV_03482 or subsequent. Windows: Apply NNM_01161 or subsequent. -- OpenView Network Node Manager (OV NNM) 7.01 -- HP-UX B.11.11: Apply PHSS_36773 or subsequent. HP-UX B.11.00: Apply PHSS_36773 or subsequent. Solaris: Apply PSOV_03480 or subsequent. Windows: Apply NNM_01159 or subsequent. -- OpenView Network Node Manager (OV NNM) 6.41 -- HP-UX B.11.11: Apply PHSS_37141 or subsequent. Apply HP-UX B.11.00: Apply PHSS_37141 or subsequent. Solaris: Apply PSOV_03489 or subsequent. Windows: Apply NNM_01167 or subsequent. PROVIDED AND/OR DISCOVERED BY: Discovered by Tenable Network Security and reported via ZDI. ORIGINAL ADVISORY: HPSBMA02281 SSRT061261: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01188923 ZDI: http://www.zerodayinitiative.com/advisories/ZDI-07-071.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------