---------------------------------------------------------------------- Did you know that a change in our assessment rating, exploit code availability, or if an updated patch is released by the vendor, is not part of this mailing-list? Click here to learn more: http://secunia.com/advisories/business_solutions/ ---------------------------------------------------------------------- TITLE: HP OpenView Network Node Manager Multiple Vulnerabilities SECUNIA ADVISORY ID: SA28074 VERIFY ADVISORY: http://secunia.com/advisories/28074/ CRITICAL: Moderately critical IMPACT: System access WHERE: >From local network SOFTWARE: HP OpenView Network Node Manager (NNM) 7.x http://secunia.com/advisories/product/3608/ DESCRIPTION: Secunia Research has discovered multiple vulnerabilities in HP OpenView Network Node Manager, which can be exploited by malicious people to compromise a vulnerable system. 1) Various boundary errors in the OpenView5.exe CGI application when processing parameters can be exploited to cause stack-based buffer overflows via HTTP requests to the CGI application with overly long parameter strings. 2) A boundary error in ov.dll can be exploited to cause a stack-based buffer overflow by e.g. sending a HTTP request to the OpenView5.exe CGI application with an overly long parameter string. 3) A boundary error in the getcvdata.exe CGI application can be exploited to cause a stack-based buffer overflow by sending a HTTP request to the CGI application with an overly long parameter string. 4) A boundary error in the ovlaunch.exe CGI application can be exploited to cause a stack-based buffer overflow by sending a HTTP request to the CGI application with an overly long parameter string. 5) Boundary errors in the Toolbar.exe CGI application can be exploited to cause a stack-based buffer overflows by sending HTTP requests to the CGI application with overly long parameter strings. Successful exploitation of the vulnerabilities allows execution of arbitrary code. The vulnerabilities are confirmed in version 7.51 with NNM_01168. Other versions may also be affected. SOLUTION: According to the vendor, they are currently working on fixes. Restrict access to all affected CGI applications. PROVIDED AND/OR DISCOVERED BY: JJ Reyes, Secunia Research. ORIGINAL ADVISORY: Secunia Research: http://secunia.com/secunia_research/2008-13/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------