HP OpenView Network Node Manager 'getnnmdata.exe' Remote Code Execution Vulnerability
BID:40070
Info
HP OpenView Network Node Manager 'getnnmdata.exe' Remote Code Execution Vulnerability
| Bugtraq ID: | 40070 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2010-1553 |
| Remote: | Yes |
| Local: | No |
| Published: | May 11 2010 12:00AM |
| Updated: | Jul 02 2010 10:27PM |
| Credit: | Anonymous working with Tipping Point and the Zero Day Initiative |
| Vulnerable: |
HP OpenView Network Node Manager 7.53 HP OpenView Network Node Manager 7.51 HP OpenView Network Node Manager 7.01 |
| Not Vulnerable: | |
Discussion
HP OpenView Network Node Manager 'getnnmdata.exe' Remote Code Execution Vulnerability
HP OpenView Network Node Manager (NNM) is prone to an remote code-execution vulnerability.
An attacker can exploit this issue to execute arbitrary code with SYSTEM-level privileges. Successful exploits will completely compromise affected computers. Failed exploit attempts will result in a denial-of-service condition.
HP OpenView Network Node Manager (NNM) is prone to an remote code-execution vulnerability.
An attacker can exploit this issue to execute arbitrary code with SYSTEM-level privileges. Successful exploits will completely compromise affected computers. Failed exploit attempts will result in a denial-of-service condition.
Exploit / POC
HP OpenView Network Node Manager 'getnnmdata.exe' Remote Code Execution Vulnerability
A working commercial exploit is available through VUPEN Security - Exploit and PoCs Service. This exploit is not otherwise publicly available or known to be circulating in the wild.
The following exploit is available:
A working commercial exploit is available through VUPEN Security - Exploit and PoCs Service. This exploit is not otherwise publicly available or known to be circulating in the wild.
The following exploit is available:
Solution / Fix
HP OpenView Network Node Manager 'getnnmdata.exe' Remote Code Execution Vulnerability
Solution:
Updates are available. Please see the references for details.
HP OpenView Network Node Manager 7.53
Solution:
Updates are available. Please see the references for details.
HP OpenView Network Node Manager 7.53
-
HP LXOV_00103
Linux RedHatAS2.1
http://support.openview.hp.com/selfsolve/patches -
HP LXOV_00104
Linux RedHat4AS-x86_64
http://support.openview.hp.com/selfsolve/patches -
HP NNM_01203
Windows
http://support.openview.hp.com/selfsolve/patches -
HP PHSS_40707
HP-UX (PA)
http://support.openview.hp.com/selfsolve/patches -
HP PHSS_40708
HP-UX (IA)
http://support.openview.hp.com/selfsolve/patches -
HP PSOV_03527
Solaris
http://support.openview.hp.com/selfsolve/patches
References
HP OpenView Network Node Manager 'getnnmdata.exe' Remote Code Execution Vulnerability
References:
References: