Release DateJan 05, 2010 |
Severitycritical |
ImpactSystem Compromise: Remote attackers can gain control of vulnerable systems. |
DescriptionThis indicates an attack attempt against a buffer overflow vulnerability in Hewlett-Packard OpenView Network Node Manager.The vulnerability is caused by an error when the vulnerable software handles a overlong "Template" variable that is passed to "nnmRptConfig.exe". It allows a remote attacker to execute arbitrary code via sending a crafted HTTP POST request. |
Affected ProductsHP OpenView Network Node Manager 7.50 Windows 2000/XPHP OpenView Network Node Manager 7.50 Solaris HP OpenView Network Node Manager 7.50 Linux HP OpenView Network Node Manager 7.50 HP-UX 11.X HP OpenView Network Node Manager 7.50 HP OpenView Network Node Manager 7.53 HP OpenView Network Node Manager 7.51 HP OpenView Network Node Manager 7.50 HP OpenView Network Node Manager 7.01 |
Recommended ActionsRefer to the vendor's web site for suggested workaround.http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01950877 |
Coverage IPS
VCM |
Common Vulnerabilities and Exposures (CVE)CVE-2009-3849CVE-2009-3848 |
Reference/shttp://www.zerodayinitiative.com/advisories/ZDI-09-097/http://www.securityfocus.com/bid/37261 (BugTraq) http://www.zerodayinitiative.com/advisories/ZDI-09-096/ |
