HP OpenView Network Node Manager (CVE-2010-1552) 'doLoad()' Remote Buffer Overflow Vulnerability
BID:40068
Info
HP OpenView Network Node Manager (CVE-2010-1552) 'doLoad()' Remote Buffer Overflow Vulnerability
| Bugtraq ID: | 40068 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2010-1552 |
| Remote: | Yes |
| Local: | No |
| Published: | May 11 2010 12:00AM |
| Updated: | Mar 24 2011 11:16AM |
| Credit: | Anonymous working with Tipping Point and the Zero Day Initiative |
| Vulnerable: |
HP OpenView Network Node Manager 7.53 HP OpenView Network Node Manager 7.51 HP OpenView Network Node Manager 7.01 |
| Not Vulnerable: | |
Discussion
HP OpenView Network Node Manager (CVE-2010-1552) 'doLoad()' Remote Buffer Overflow Vulnerability
HP OpenView Network Node Manager (NNM) is prone to a remote stack-based buffer-overflow vulnerability.
An attacker can exploit this issue to execute arbitrary code with SYSTEM-level privileges. Successful exploits will completely compromise affected computers. Failed exploit attempts will result in a denial-of-service condition.
HP OpenView Network Node Manager (NNM) is prone to a remote stack-based buffer-overflow vulnerability.
An attacker can exploit this issue to execute arbitrary code with SYSTEM-level privileges. Successful exploits will completely compromise affected computers. Failed exploit attempts will result in a denial-of-service condition.
Exploit / POC
HP OpenView Network Node Manager (CVE-2010-1552) 'doLoad()' Remote Buffer Overflow Vulnerability
A commercial proof of concept is available through VUPEN Security - Exploit and PoCs Service. This proof of concept is not otherwise publicly available or known to be circulating in the wild.
The following exploit is available:
A commercial proof of concept is available through VUPEN Security - Exploit and PoCs Service. This proof of concept is not otherwise publicly available or known to be circulating in the wild.
The following exploit is available:
Solution / Fix
HP OpenView Network Node Manager (CVE-2010-1552) 'doLoad()' Remote Buffer Overflow Vulnerability
Solution:
Updates are available. Please see the references for details.
HP OpenView Network Node Manager 7.53
Solution:
Updates are available. Please see the references for details.
HP OpenView Network Node Manager 7.53
-
HP LXOV_00103
Linux RedHatAS2.1
http://support.openview.hp.com/selfsolve/patches -
HP PSOV_03527
Solaris
http://support.openview.hp.com/selfsolve/patches -
HP PHSS_40707
HP-UX (PA)
http://support.openview.hp.com/selfsolve/patches -
HP NNM_01203
Windows
http://support.openview.hp.com/selfsolve/patches -
HP PHSS_40708
HP-UX (IA)
http://support.openview.hp.com/selfsolve/patches -
HP LXOV_00104
Linux RedHat4AS-x86_64
http://support.openview.hp.com/selfsolve/patches
References
HP OpenView Network Node Manager (CVE-2010-1552) 'doLoad()' Remote Buffer Overflow Vulnerability
References:
References:
- HP OpenView Network Node Manager Product Page (HP)
- ZDI-10-083: HP OpenView NNM snmpviewer.exe CGI Multiple Variable Remote Code Exe (TippingPoint Zero Day Initiative)
- ZDI-10-083: HP OpenView NNM snmpviewer.exe CGI Multiple Variable Remote Code Exe (ZDI Disclosures
)