HP OpenView Network Node Manager (CVE-2010-1551) '_OVParseLLA()' Remote Code Execution Vulnerability
BID:40067
Info
HP OpenView Network Node Manager (CVE-2010-1551) '_OVParseLLA()' Remote Code Execution Vulnerability
| Bugtraq ID: | 40067 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2010-1551 |
| Remote: | Yes |
| Local: | No |
| Published: | May 11 2010 12:00AM |
| Updated: | Jun 07 2010 03:59PM |
| Credit: | Anonymous working with Tipping Point and the Zero Day Initiative |
| Vulnerable: |
HP OpenView Network Node Manager 7.53 HP OpenView Network Node Manager 7.51 HP OpenView Network Node Manager 7.01 |
| Not Vulnerable: | |
Discussion
HP OpenView Network Node Manager (CVE-2010-1551) '_OVParseLLA()' Remote Code Execution Vulnerability
HP OpenView Network Node Manager (NNM) is prone to an unspecified remote code-execution vulnerability.
An attacker can exploit this issue to execute arbitrary code with SYSTEM-level privileges. Successful exploits will completely compromise affected computers. Failed exploit attempts will result in a denial-of-service condition.
HP OpenView Network Node Manager (NNM) is prone to an unspecified remote code-execution vulnerability.
An attacker can exploit this issue to execute arbitrary code with SYSTEM-level privileges. Successful exploits will completely compromise affected computers. Failed exploit attempts will result in a denial-of-service condition.
Exploit / POC
HP OpenView Network Node Manager (CVE-2010-1551) '_OVParseLLA()' Remote Code Execution Vulnerability
A working commercial exploit is available through VUPEN Security - Exploit and PoCs Service. This exploit is not otherwise publicly available or known to be circulating in the wild.
A working commercial exploit is available through VUPEN Security - Exploit and PoCs Service. This exploit is not otherwise publicly available or known to be circulating in the wild.
Solution / Fix
HP OpenView Network Node Manager (CVE-2010-1551) '_OVParseLLA()' Remote Code Execution Vulnerability
Solution:
Updates are available. Please see the references for details.
HP OpenView Network Node Manager 7.53
Solution:
Updates are available. Please see the references for details.
HP OpenView Network Node Manager 7.53
-
HP LXOV_00103
Linux RedHatAS2.1
http://support.openview.hp.com/selfsolve/patches -
HP LXOV_00104
Linux RedHat4AS-x86_64
http://support.openview.hp.com/selfsolve/patches -
HP NNM_01203
Windows
http://support.openview.hp.com/selfsolve/patches -
HP PHSS_40707
HP-UX (PA)
http://support.openview.hp.com/selfsolve/patches -
HP PHSS_40708
HP-UX (IA)
http://support.openview.hp.com/selfsolve/patches -
HP PSOV_03527
Solaris
http://support.openview.hp.com/selfsolve/patches
References
HP OpenView Network Node Manager (CVE-2010-1551) '_OVParseLLA()' Remote Code Execution Vulnerability
References:
References:
- HP OpenView Network Node Manager Product Page (HP)
- ZDI-10-082: HP OpenView NNM netmon sel CGI Variable Remote Code Execution Vulner (TippingPoint Zero Day Initiative)
- ZDI-10-082: HP OpenView NNM netmon sel CGI Variable Remote Code Execution Vulner (ZDI Disclosures
)