Web application abuses : HP OpenView Network Node Manager Multiple Vulnerabilities (May 2010)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.900243

Categoría: Web application abuses

Título: HP OpenView Network Node Manager Multiple Vulnerabilities (May 2010)

Resumen: HP OpenView Network Node Manager is prone to multiple vulnerabilities.

Descripción: Summary:
HP OpenView Network Node Manager is prone to multiple vulnerabilities.

Vulnerability Insight:
The specific flaw exists,

- in ovet_demandpoll.exe process, which allows remote attackers to execute
arbitrary code via format string specifiers in the sel parameter.

- when _OVParseLLA function defined within ov.dll is called from netmon.exe
(Network Monitor) daemon, which directly copies the value of the 'sel' POST
variable into a fixed-length without validating the length causing stack
buffer overflow.

- within the snmpviewer.exe CGI. The doLoad function in this process calls
sprintf() with a %s format specifier without sanitizing the user supplied
data from POST variables (act and app) causing stack-based buffer overflow.

- within the getnnmdata.exe CGI. If this CGI is requested with an invalid
MaxAge parameter or invalid iCount POST parameter a sprintf() call is made
without validating the length before coping in to a fixed-length stack
buffer causing stack-based buffer overflow.

Vulnerability Impact:
Successful exploitation will allow attacker to execute arbitrary code in
the context of an application.

Affected Software/OS:
HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53

Solution:
Upgrade to NNM v7.53 and apply the patch from the references.

CVSS Score:
10.0

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2010-1550
Bugtraq: 20100511 ZDI-10-081: HP OpenView NNM ovet_demandpoll sel CGI Variable Format String Remote Code Execution Vulnerability (Google Search)
http://www.securityfocus.com/archive/1/511245/100/0/threaded
HPdes Security Advisory: HPSBMA02527
http://marc.info/?l=bugtraq&m=127360750704351&w=2
HPdes Security Advisory: SSRT010098
HPdes Security Advisory: SSRT090225
http://zerodayinitiative.com/advisories/ZDI-10-081/
Common Vulnerability Exposure (CVE) ID: CVE-2010-1551
BugTraq ID: 40067
http://www.securityfocus.com/bid/40067
Bugtraq: 20100511 ZDI-10-082: HP OpenView NNM netmon sel CGI Variable Remote Code Execution Vulnerability (Google Search)
http://www.securityfocus.com/archive/1/511247/100/0/threaded
HPdes Security Advisory: SSRT090226
http://zerodayinitiative.com/advisories/ZDI-10-082/
Common Vulnerability Exposure (CVE) ID: CVE-2010-1552
Bugtraq: 20100511 ZDI-10-083: HP OpenView NNM snmpviewer.exe CGI Multiple Variable Remote Code Execution Vulnerability (Google Search)
http://www.securityfocus.com/archive/1/511248/100/0/threaded
HPdes Security Advisory: SSRT090227
http://zerodayinitiative.com/advisories/ZDI-10-083/
http://securityreason.com/securityalert/8157
Common Vulnerability Exposure (CVE) ID: CVE-2010-1553
Bugtraq: 20100511 ZDI-10-084: HP OpenView NNM getnnmdata.exe CGI Invalid MaxAge Remote Code Execution Vulnerability (Google Search)
http://www.securityfocus.com/archive/1/511241/100/0/threaded
HPdes Security Advisory: SSRT090228
http://zerodayinitiative.com/advisories/ZDI-10-084/
http://securityreason.com/securityalert/8153
Common Vulnerability Exposure (CVE) ID: CVE-2010-1554
Bugtraq: 20100511 ZDI-10-085: HP OpenView NNM getnnmdata.exe CGI Invalid ICount Remote Code Execution Vulnerability (Google Search)
http://www.securityfocus.com/archive/1/511249/100/0/threaded
http://www.exploit-db.com/exploits/14181
HPdes Security Advisory: SSRT090229
http://zerodayinitiative.com/advisories/ZDI-10-085/
http://securityreason.com/securityalert/8154

Copyright Copyright (C) 2010 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.900243
Categoría:	Web application abuses
Título:	HP OpenView Network Node Manager Multiple Vulnerabilities (May 2010)
Resumen:	HP OpenView Network Node Manager is prone to multiple vulnerabilities.
Descripción:	Summary: HP OpenView Network Node Manager is prone to multiple vulnerabilities. Vulnerability Insight: The specific flaw exists, - in ovet_demandpoll.exe process, which allows remote attackers to execute arbitrary code via format string specifiers in the sel parameter. - when _OVParseLLA function defined within ov.dll is called from netmon.exe (Network Monitor) daemon, which directly copies the value of the 'sel' POST variable into a fixed-length without validating the length causing stack buffer overflow. - within the snmpviewer.exe CGI. The doLoad function in this process calls sprintf() with a %s format specifier without sanitizing the user supplied data from POST variables (act and app) causing stack-based buffer overflow. - within the getnnmdata.exe CGI. If this CGI is requested with an invalid MaxAge parameter or invalid iCount POST parameter a sprintf() call is made without validating the length before coping in to a fixed-length stack buffer causing stack-based buffer overflow. Vulnerability Impact: Successful exploitation will allow attacker to execute arbitrary code in the context of an application. Affected Software/OS: HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 Solution: Upgrade to NNM v7.53 and apply the patch from the references. CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2010-1550 Bugtraq: 20100511 ZDI-10-081: HP OpenView NNM ovet_demandpoll sel CGI Variable Format String Remote Code Execution Vulnerability (Google Search) http://www.securityfocus.com/archive/1/511245/100/0/threaded HPdes Security Advisory: HPSBMA02527 http://marc.info/?l=bugtraq&m=127360750704351&w=2 HPdes Security Advisory: SSRT010098 HPdes Security Advisory: SSRT090225 http://zerodayinitiative.com/advisories/ZDI-10-081/ Common Vulnerability Exposure (CVE) ID: CVE-2010-1551 BugTraq ID: 40067 http://www.securityfocus.com/bid/40067 Bugtraq: 20100511 ZDI-10-082: HP OpenView NNM netmon sel CGI Variable Remote Code Execution Vulnerability (Google Search) http://www.securityfocus.com/archive/1/511247/100/0/threaded HPdes Security Advisory: SSRT090226 http://zerodayinitiative.com/advisories/ZDI-10-082/ Common Vulnerability Exposure (CVE) ID: CVE-2010-1552 Bugtraq: 20100511 ZDI-10-083: HP OpenView NNM snmpviewer.exe CGI Multiple Variable Remote Code Execution Vulnerability (Google Search) http://www.securityfocus.com/archive/1/511248/100/0/threaded HPdes Security Advisory: SSRT090227 http://zerodayinitiative.com/advisories/ZDI-10-083/ http://securityreason.com/securityalert/8157 Common Vulnerability Exposure (CVE) ID: CVE-2010-1553 Bugtraq: 20100511 ZDI-10-084: HP OpenView NNM getnnmdata.exe CGI Invalid MaxAge Remote Code Execution Vulnerability (Google Search) http://www.securityfocus.com/archive/1/511241/100/0/threaded HPdes Security Advisory: SSRT090228 http://zerodayinitiative.com/advisories/ZDI-10-084/ http://securityreason.com/securityalert/8153 Common Vulnerability Exposure (CVE) ID: CVE-2010-1554 Bugtraq: 20100511 ZDI-10-085: HP OpenView NNM getnnmdata.exe CGI Invalid ICount Remote Code Execution Vulnerability (Google Search) http://www.securityfocus.com/archive/1/511249/100/0/threaded http://www.exploit-db.com/exploits/14181 HPdes Security Advisory: SSRT090229 http://zerodayinitiative.com/advisories/ZDI-10-085/ http://securityreason.com/securityalert/8154
Copyright	Copyright (C) 2010 Greenbone AG