| Name | HP.OpenView.NNM.Snmp.EXE.Oid.Variable.Buffer.Overflow |
| Last Updated Date | Mar 09, 2010 |
| Release Date | Jan 07, 2010 |
| Severity | Critical |
| Impact | System Compromise: Remote attackers can gain control of vulnerable systems. |
| Description | This indicates an attack attempt against a buffer overflow vulnerability in Hewlett-Packard OpenView Network Node Manager.
The vulnerability is caused by an error when the vulnerable software handles a overlong "Oid" variable that is passed to "snmp.exe". It allows a remote attacker to execute arbitrary code via sending a crafted HTTP request. |
| Affected Products | HP OpenView Network Node Manager 7.50 Windows 2000/XP
HP OpenView Network Node Manager 7.50 Solaris
HP OpenView Network Node Manager 7.50 Linux
HP OpenView Network Node Manager 7.50 HP-UX 11.X
HP OpenView Network Node Manager 7.50
HP OpenView Network Node Manager 7.53
HP OpenView Network Node Manager 7.51
HP OpenView Network Node Manager 7.50
HP OpenView Network Node Manager 7.01 |
| Recommended Actions | Refer to the vendor's web site for suggested workaround.
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c
01950877 |
| Common Vulnerabilities and Exposures (CVE) | http://cve.mitre.org/cgi-bin/cvename.cgi?name=2009-3849
|
| Reference/s | http://www.securityfocus.com/bid/32761 (BugTraq)
http://www.zerodayinitiative.com/advisories/ZDI-09-095/
|