HP OpenView Network Node Manager ovet_demandpoll Format String Remote Code Execution Vulnerability
BID:40065
Info
HP OpenView Network Node Manager ovet_demandpoll Format String Remote Code Execution Vulnerability
| Bugtraq ID: | 40065 |
| Class: | Failure to Handle Exceptional Conditions |
| CVE: |
CVE-2010-1550 |
| Remote: | Yes |
| Local: | No |
| Published: | May 11 2010 12:00AM |
| Updated: | Jun 02 2010 06:00PM |
| Credit: | Anonymous working with Tipping Point and the Zero Day Initiative |
| Vulnerable: |
HP OpenView Network Node Manager 7.53 HP OpenView Network Node Manager 7.51 HP OpenView Network Node Manager 7.01 |
| Not Vulnerable: | |
Discussion
HP OpenView Network Node Manager ovet_demandpoll Format String Remote Code Execution Vulnerability
HP OpenView Network Node Manager (NNM) is prone to a remote code-execution vulnerability in the 'ovet_demandpoll.exe' process.
An attacker can exploit this issue to execute arbitrary code with SYSTEM-level privileges. Successful exploits will completely compromise affected computers. Failed exploit attempts will result in a denial-of-service condition.
HP OpenView Network Node Manager (NNM) is prone to a remote code-execution vulnerability in the 'ovet_demandpoll.exe' process.
An attacker can exploit this issue to execute arbitrary code with SYSTEM-level privileges. Successful exploits will completely compromise affected computers. Failed exploit attempts will result in a denial-of-service condition.
Exploit / POC
HP OpenView Network Node Manager ovet_demandpoll Format String Remote Code Execution Vulnerability
Currently we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
A commercial proof of concept is available through VUPEN Security - Exploit and PoCs Service. This proof of concept is not otherwise publicly available or known to be circulating in the wild.
Currently we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
A commercial proof of concept is available through VUPEN Security - Exploit and PoCs Service. This proof of concept is not otherwise publicly available or known to be circulating in the wild.
Solution / Fix
HP OpenView Network Node Manager ovet_demandpoll Format String Remote Code Execution Vulnerability
Solution:
Updates are available. Please see the references for details.
HP OpenView Network Node Manager 7.53
Solution:
Updates are available. Please see the references for details.
HP OpenView Network Node Manager 7.53
-
HP LXOV_00103
Linux RedHatAS2.1
http://support.openview.hp.com/selfsolve/patches -
HP LXOV_00104
Linux RedHat4AS-x86_64
http://support.openview.hp.com/selfsolve/patches -
HP NNM_01203
Windows
http://support.openview.hp.com/selfsolve/patches -
HP PHSS_40707
HP-UX (PA)
http://support.openview.hp.com/selfsolve/patches -
HP PHSS_40708
HP-UX (IA)
http://support.openview.hp.com/selfsolve/patches -
HP PSOV_03527
Solaris
http://support.openview.hp.com/selfsolve/patches
References
HP OpenView Network Node Manager ovet_demandpoll Format String Remote Code Execution Vulnerability
References:
References: