Release DateJun 23, 2009 |
Severitycritical |
ImpactSystem compromise |
DescriptionThis indicates an attack attempt against an integer-overflow vulnerability in HP OpenView Network Node Manager software.The vulnerability is caused by an error when the ovalarmsrv.exe server handles a specially crafted request. It allows a remote attacker to execute arbitrary code. |
Affected ProductsHP OpenView Network Node Manager (OV NNM) version 7.01HP OpenView Network Node Manager (OV NNM) version 7.51 HP OpenView Network Node Manager (OV NNM) version 7.53 |
Recommended ActionsApply the patch supplied by the vendor:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01723303 |
Coverage IPS
VCM |
Common Vulnerabilities and Exposures (CVE)CVE-2008-2438 |
Reference/shttp://www.frsirt.com/english/advisories/2009/1187 (FrSIRT)http://www.securityfocus.com/bid/34738 (BugTraq) |
