Release DateApr 14, 2008 |
Severityhigh |
ImpactSystem compromise: remote code execution. |
DescriptionThis indicates an attempt to exploit a buffer overflow vulnerability in HP OpenView Network Node Manager.The vulnerability is in OVAS.EXE, and is caused by a faulty user input check of the HTTP URL length. It can be triggered by an overly long HTTP GET request sent to port 7510/TCP. As a result, a remote attacker may be able to execute arbitrary code. |
Affected ProductsOpenview 7.5.1 and prior. |
Recommended ActionsCurrently we are not aware of any vendor supplied patch for this issue. |
Coverage IPS
VCM |
Common Vulnerabilities and Exposures (CVE)CVE-2008-1697 |
Reference/shttp://secunia.com/advisories/29641/http://www.frsirt.com/english/advisories/2008/1085 (FrSIRT) http://www.milw0rm.com/exploits/5342 |
