Computer Security
[EN] securityvulns.ru no-pyccku


HP OpenView Network Node Manager multiple security vulnerabilities
updated since 10.01.2009
Published:07.02.2009
Source:
SecurityVulns ID:9567
Type:remote
Threat Level:
6/10
Description:Multiple vulnerabilities in CGI interface.
Affected:HP : OpenView Network Node Manager 7.51
CVE:CVE-2008-4562 (Buffer overflow in the ovlaunch CGI program in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 on Windows allows remote attackers to execute arbitrary code via a crafted Host parameter. NOTE: this issue may be partially covered by CVE-2009-0205.)
 CVE-2008-4560 (HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to obtain sensitive information via (1) a crafted request to the nnmRptConfig.exe CGI program, which reveals the pathname of log directories; or (2) a crafted parameter in a request to the ovlaunch.exe CGI program, which reveals configuration details. NOTE: this issue may be partially covered by CVE-2009-0205.)
 CVE-2008-4559 (HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via shell metacharacters in argument fields to the (1) webappmon.exe or (2) OpenView5.exe CGI program. NOTE: this issue may be partially covered by CVE-2009-0205.)
 CVE-2008-0067 (Multiple stack-based buffer overflows in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allow remote attackers to execute arbitrary code via (1) long string parameters to the OpenView5.exe CGI program; (2) a long string parameter to the OpenView5.exe CGI program, related to ov.dll; or a long string parameter to the (3) getcvdata.exe, (4) ovlaunch.exe, or (5) Toolbar.exe CGI program.)
Original documentdocumentIDEFENSE, [Full-disclosure] iDefense Security Advisory 02.06.09: HP Network Node Manager ovlaunch CGI BSS Overflow Vulnerability (07.02.2009)
 documentIDEFENSE, iDefense Security Advisory 02.06.09: HP Network Node Manager Multiple Information Disclosure Vulnerabilities (07.02.2009)
 documentIDEFENSE, iDefense Security Advisory 02.06.09: HP Network Node Manager Multiple Command Injection Vulnerabilities (07.02.2009)
 documentHP, [security bulletin] HPSBMA02400 SSRT080144 rev.1 - HP OpenView Network Node Manager (OV NNM), Remote Execution of Arbitrary Code (20.01.2009)
 documentSECUNIA, Secunia Research: HP OpenView Network Node Manager Multiple Vulnerabilities (10.01.2009)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod