Integer overflow in ovalarmsrv.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via a crafted command to TCP port 2954, which triggers a heap-based buffer overflow.
{"checkpoint_advisories": [{"lastseen": "2021-12-17T12:34:36", "description": "HP OpenView product consists of a suite of network and system management software applications developed by HP. It includes hundreds of optional modules and components, for example: OpenView Quality Manager, OpenView Performance Insight, OpenView Network Node Manager, etc. An integer overflow vulnerability exists in HP OpenView Network Node Manager software. The flaw is due to improper validationwhile processing specially crafted requests sent to the ovalarmsrv.exe server. Remote attackers could exploit this vulnerability to inject and execute arbitrary code on the target server. In an attack case where code injection is successful, the behaviour of the target is entirely dependent on the intended function of the injected code. The code in such a case would execute within the security context of the affected process. In an attack case where code injection is not successful, the affected process will terminate abnormally.", "cvss3": {}, "published": "2010-01-31T00:00:00", "type": "checkpoint_advisories", "title": "HP OpenView Network Node Manager ovalarmsrv Integer Overflow (CVE-2008-2438)", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-2438"], "modified": "2015-11-10T00:00:00", "id": "CPAI-2009-387", "href": "", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-11-05T00:12:20", "description": "HP OpenView Network Node Manager (NNM) is a software application designed for management, maintenance and monitoring of networks and network devices. The application fails to properly validate maliciously crafted requests. By sending a crafted request, a remote unauthenticated attacker could overflow a buffer and execute arbitrary code on the target system.", "cvss3": {}, "published": "2009-05-08T00:00:00", "type": "checkpoint_advisories", "title": "Update Protection against HP OpenView Network Node Manager ovalarmsrv Integer Overflow", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-2438"], "modified": "2009-01-01T00:00:00", "id": "CPAI-2009-083", "href": "", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:30", "bulletinFamily": "software", "cvelist": ["CVE-2008-2438"], "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\nSUPPORT COMMUNICATION - SECURITY BULLETIN\r\n\r\nDocument ID: c01723303\r\nVersion: 1\r\n\r\nHPSBMA02424 SSRT080125 rev.1 - HP OpenView Network Node Manager (OV NNM), Remote Execution of\r\nArbitrary Code\r\n\r\nNOTICE: The information in this Security Bulletin should be acted upon as soon as possible.\r\n\r\nRelease Date: 2009-04-27\r\nLast Updated: 2009-04-27\r\n\r\nPotential Security Impact: Remote execution of arbitrary code\r\n\r\nSource: Hewlett-Packard Company, HP Software Security Response Team\r\n\r\nVULNERABILITY SUMMARY\r\nA potential vulnerability has been identified with HP OpenView Network Node Manager (OV NNM).\r\nThe vulnerability could be exploited remotely to execute arbitrary code.\r\n\r\nReferences: CVE-2008-2438\r\n\r\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.\r\nHP OpenView Network Node Manager (OV NNM) v7.01, v7.51, v7.53 running on HP-UX, Linux, Solaris,\r\nand Windows\r\n\r\nBACKGROUND\r\n\r\nCVSS 2.0 Base Metrics \r\n===============================================\r\nReference Base Vector Base Score \r\nCVE-2008-2438 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4\r\n===============================================\r\nInformation on CVSS is documented in HP Customer Notice: HPSN-2008-002.\r\n \r\nThe Hewlett-Packard Company thanks Dyon Balding, Secunia Research for reporting this\r\nvulnerability to security-alert@hp.com.\r\n\r\nRESOLUTION\r\n\r\nHP has made patches available to resolve the vulnerability for NNM v7.53. \r\nHP has made archive files available to resolve the vulnerability for NNM v7.01. \r\n\r\nThe patches are available from http://support.openview.hp.com/selfsolve/patches \r\n\r\nNote: The patches are not available from the HP IT Resource Center (ITRC). \r\n\r\nThe archive files are available from: ftp://ss080125:ss080125@hprc.external.hp.com \r\n\r\nTo install the archive files for NNM v7.01:\r\n===============================\r\n 1. Install the required patch listed below \r\n 2. Uncompress the archive (SSRT080125.701_IP12.hotfix.tar.gz) \r\n 3. Unpack the archive (SSRT080125.701_IP12.hotfix.tar) \r\n 4. ovstop -c \r\n 5. Follow the instructions in the README.txt file \r\n 6. ovstart -c \r\n\r\nOV NNM v7.53 \r\nOperating System\r\n Required Patch\r\n \r\nHP-UX (IA)\r\n PHSS_39246 or subsequent\r\n \r\nHP-UX (PA)\r\n PHSS_39245 or subsequent\r\n \r\nLinux RedHatAS2.1\r\n LXOV_00093 or subsequent\r\n \r\nLinux RedHat4AS-x86_64\r\n LXOV_00094 or subsequent\r\n \r\nSolaris\r\n PSOV_03519 or subsequent\r\n \r\nWindows\r\n NNM_01197 or subsequent\r\n \r\n\r\n\r\nOV NNM v7.51 \r\nUpgrade to NNM v7.53 and apply the NNM v7.53 resolution listed above. Patch bundles for\r\nupgrading from NNM v7.51 to NNM v7.53 are available here:\r\nftp://nnm_753:update@hprc.external.hp.com/ \r\n\r\nOV NNM v7.01 with Intermediate Patch 12 \r\nOperating System\r\n Required Patch\r\n Archive File\r\n Archive File MD5 Sum\r\n \r\nHP-UX (PA)\r\n PHSS_38761\r\n SSRT080125.701_IP12.hotfix.tar\r\n dbe7aec4e4a800c13eee0a46cd93f516\r\n \r\nSolaris\r\n PSOV_03516\r\n SSRT080125.701_IP12.hotfix.tar\r\n dbe7aec4e4a800c13eee0a46cd93f516\r\n \r\nWindows\r\n NNM_01194\r\n SSRT080125.701_IP12.hotfix.tar\r\n dbe7aec4e4a800c13eee0a46cd93f516\r\n \r\n\r\nMANUAL ACTIONS: Yes - NonUpdate \r\nApply the appropriate archive as described in the Resolution. \r\n\r\nPRODUCT SPECIFIC INFORMATION \r\n\r\nHP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces\r\nHP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended\r\nactions that may apply to a specific HP-UX system. It can also download patches and create a\r\ndepot automatically. For more information see https://www.hp.com/go/swa \r\n\r\nThe following text is for use by the HP-UX Software Assistant.\r\n\r\nAFFECTED VERSIONS (for HP-UX)\r\n\r\nFor HP-UX OV NNM 7.51 and 7.53 \r\nHP-UX B.11.31 \r\nHP-UX B.11.23 (IA) \r\nHP-UX B.11.23 (PA) \r\nHP-UX B.11.11 \r\n============= \r\nOVNNMgr.OVNNM-RUN,fr=B.07.50.00 \r\naction: install the patches and archive files listed in the Resolution \r\nURL: ftp://ss080125:ss080125@hprc.external.hp.com \r\n\r\nFor HP-UX OV NNM 7.01 \r\nHP-UX B.11.11 \r\n============= \r\nOVNNMgr.OVNNM-RUN,fr=B.07.01.00 \r\naction: install the patches and archive files listed in the Resolution \r\nURL: ftp://ss080125:ss080125@hprc.external.hp.com \r\n\r\nEND AFFECTED VERSIONS (for HP-UX)\r\n\r\nHISTORY \r\nVersion:1 (rev.1) - 27 April 2009 Initial release \r\n\r\nThird Party Security Patches: Third party security patches that are to be installed on systems\r\nrunning HP software products should be applied in accordance with the customer's patch management\r\npolicy. \r\n\r\nSupport: For further information, contact normal HP Services support channel.\r\n\r\nReport: To report a potential security vulnerability with any HP supported product, send Email\r\nto: security-alert@hp.com \r\nIt is strongly recommended that security related information being communicated to HP be\r\nencrypted using PGP, especially exploit information. \r\nTo get the security-alert PGP key, please send an e-mail message as follows:\r\n To: security-alert@hp.com \r\n Subject: get key\r\n\r\nSubscribe: To initiate a subscription to receive future HP Security Bulletins via Email: \r\nhttp://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC\r\nOn the web page: ITRC security bulletins and patch sign-up \r\nUnder Step1: your ITRC security bulletins and patches \r\n - check ALL categories for which alerts are required and continue.\r\nUnder Step2: your ITRC operating systems \r\n - verify your operating system selections are checked and save.\r\n\r\n\r\nTo update an existing subscription: http://h30046.www3.hp.com/subSignIn.php \r\nLog in on the web page: Subscriber's choice for Business: sign-in. \r\nOn the web page: Subscriber's Choice: your profile summary - use Edit Profile to update\r\nappropriate sections.\r\n\r\n\r\nTo review previously published Security Bulletins visit:\r\nhttp://www.itrc.hp.com/service/cki/secBullArchive.do \r\n\r\n\r\n* The Software Product Category that this Security Bulletin relates to is represented by the 5th\r\nand 6th characters of the Bulletin number in the title: \r\n\r\nGN = HP General SW\r\nMA = HP Management Agents\r\nMI = Misc. 3rd Party SW\r\nMP = HP MPE/iX\r\nNS = HP NonStop Servers\r\nOV = HP OpenVMS\r\nPI = HP Printing & Imaging\r\nST = HP Storage SW\r\nTL = HP Trusted Linux\r\nTU = HP Tru64 UNIX\r\nUX = HP-UX\r\nVV = HP VirtualVault\r\n \r\nSystem management and security procedures must be reviewed frequently to maintain system\r\nintegrity. HP is continually reviewing and enhancing the security features of software products\r\nto provide customers with current secure solutions.\r\n\r\n\r\n"HP is broadly distributing this Security Bulletin in order to bring to the attention of users\r\nof the affected HP products the important security information contained in this Bulletin. HP\r\nrecommends that all users determine the applicability of this information to their individual\r\nsituations and take appropriate action. HP does not warrant that this information is necessarily\r\naccurate or complete for all user situations and, consequently, HP will not be responsible for\r\nany damages resulting from user's use or disregard of the information provided in this Bulletin.\r\nTo the extent permitted by law, HP disclaims all warranties, either express or implied, including\r\nthe warranties of merchantability and fitness for a particular purpose, title and\r\nnon-infringement."\r\n\r\n\u00a9Copyright 2009 Hewlett-Packard Development Company, L.P. \r\n\r\nHewlett-Packard Company shall not be liable for technical or editorial errors or omissions\r\ncontained herein. The information provided is provided "as is" without warranty of any kind. To\r\nthe extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be\r\nliable for incidental, special or consequential damages including downtime cost; lost profits;\r\ndamages relating to the procurement of substitute products or services; or damages for loss of\r\ndata, or software restoration. The information in this document is subject to change without\r\nnotice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are\r\ntrademarks of Hewlett-Packard Company in the United States and other countries. Other product and\r\ncompany names mentioned herein may be trademarks of their respective owners.\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: PGP 8.1\r\n\r\niQA/AwUBSfW8kOAfOvwtKn1ZEQKwKACcC+BvfjBbpm6WNpe9TY9OQYjLp8MAoOA2\r\n7aVK05XyyOhCe9kEu8f2v6BW\r\n=X22X\r\n-----END PGP SIGNATURE-----", "edition": 1, "modified": "2009-04-28T00:00:00", "published": "2009-04-28T00:00:00", "id": "SECURITYVULNS:DOC:21747", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:21747", "title": "[security bulletin] HPSBMA02424 SSRT080125 rev.1 - HP OpenView Network Node Manager (OV NNM), Remote Execution of Arbitrary Code", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:30", "bulletinFamily": "software", "cvelist": ["CVE-2008-2438"], "description": "====================================================================== \r\n\r\n Secunia Research 28/04/2009\r\n\r\n - HP OpenView Network Node Manager "ovalarmsrv" Integer Overflow -\r\n\r\n====================================================================== \r\nTable of Contents\r\n\r\nAffected Software....................................................1\r\nSeverity.............................................................2\r\nVendor's Description of Software.....................................3\r\nDescription of Vulnerability.........................................4\r\nSolution.............................................................5\r\nTime Table...........................................................6\r\nCredits..............................................................7\r\nReferences...........................................................8\r\nAbout Secunia........................................................9\r\nVerification........................................................10\r\n\r\n====================================================================== \r\n1) Affected Software \r\n\r\n* HP Network Node Manager 7.53\r\n\r\nNOTE: Other versions may also be affected.\r\n\r\n====================================================================== \r\n2) Severity \r\n\r\nRating: Moderately critical\r\nImpact: System compromise\r\nWhere: Local network\r\n\r\n====================================================================== \r\n3) Vendor's Description of Software \r\n\r\n"This software provides a vast amount of automation, including event \r\ncorrelation and automated monitoring of your network to improve the \r\nefficiency and productivity of your IT staff."\r\n\r\nProduct Link:\r\nhttp://www.openview.hp.com/products/nnm/\r\n\r\n====================================================================== \r\n4) Description of Vulnerability\r\n\r\nSecunia Research has discovered a vulnerability in HP OpenView Network\r\nNode Manager, which can be exploited by malicious people to compromise\r\na vulnerable system.\r\n\r\nThe vulnerability is caused due to an integer overflow in \r\novalarmsrv.exe and can be exploited to cause a heap-based buffer \r\noverflow via specially crafted commands sent to port 2954/TCP.\r\n\r\nSuccessful exploitation may allow execution of arbitrary code.\r\n\r\n====================================================================== \r\n5) Solution \r\n\r\nApply patches.\r\n\r\n====================================================================== \r\n6) Time Table \r\n\r\n08/09/2008 - Vendor notified.\r\n08/09/2008 - Vendor response.\r\n09/10/2008 - Status update requested.\r\n17/10/2008 - Vendor provides status update.\r\n31/03/2009 - Status update requested.\r\n07/04/2009 - Vendor provides status update.\r\n20/04/2009 - Vendor provides status update.\r\n28/04/2009 - Public disclosure.\r\n\r\n====================================================================== \r\n7) Credits \r\n\r\nDiscovered by Dyon Balding, Secunia Research.\r\n\r\n====================================================================== \r\n8) References\r\n\r\nThe Common Vulnerabilities and Exposures (CVE) project has assigned \r\nCVE-2008-2438 for the vulnerability.\r\n\r\n====================================================================== \r\n9) About Secunia\r\n\r\nSecunia offers vulnerability management solutions to corporate\r\ncustomers with verified and reliable vulnerability intelligence\r\nrelevant to their specific system configuration:\r\n\r\nhttp://secunia.com/advisories/business_solutions/\r\n\r\nSecunia also provides a publicly accessible and comprehensive advisory\r\ndatabase as a service to the security community and private \r\nindividuals, who are interested in or concerned about IT-security.\r\n\r\nhttp://secunia.com/advisories/\r\n\r\nSecunia believes that it is important to support the community and to\r\ndo active vulnerability research in order to aid improving the \r\nsecurity and reliability of software in general:\r\n\r\nhttp://secunia.com/secunia_research/\r\n\r\nSecunia regularly hires new skilled team members. Check the URL below\r\nto see currently vacant positions:\r\n\r\nhttp://secunia.com/corporate/jobs/\r\n\r\nSecunia offers a FREE mailing list called Secunia Security Advisories:\r\n\r\nhttp://secunia.com/advisories/mailing_lists/\r\n\r\n====================================================================== \r\n10) Verification \r\n\r\nPlease verify this advisory by visiting the Secunia website:\r\nhttp://secunia.com/secunia_research/2008-38/\r\n\r\nComplete list of vulnerability reports published by Secunia Research:\r\nhttp://secunia.com/secunia_research/\r\n\r\n======================================================================", "edition": 1, "modified": "2009-04-29T00:00:00", "published": "2009-04-29T00:00:00", "id": "SECURITYVULNS:DOC:21749", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:21749", "title": "Secunia Research: HP OpenView Network Node Manager "ovalarmsrv" Integer Overflow", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:09:32", "bulletinFamily": "software", "cvelist": ["CVE-2008-2438", "CVE-2009-0720"], "description": "ovalarmsrv integer overflow", "edition": 1, "modified": "2009-05-07T00:00:00", "published": "2009-05-07T00:00:00", "id": "SECURITYVULNS:VULN:9878", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:9878", "title": "HP OpenView Network Node Manager code execution", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "nessus": [{"lastseen": "2021-08-19T13:07:37", "description": "s700_800 11.X OV NNM7.53 PA-RISC Intermediate Patch 22 : \n\nThe remote HP-UX host is affected by multiple vulnerabilities :\n\n - A potential vulnerability has been identified with HP OpenView Network Node Manager (OV NNM). The vulnerability could be exploited remotely to execute arbitrary code. (HPSBMA02424 SSRT080125)\n\n - A potential vulnerability has been identified with HP OpenView Network Node Manager (OV NNM). The vulnerability could be exploited remotely to execute arbitrary code. (HPSBMA02425 SSRT080091)\n\n - Potential security vulnerabilities have been identified with HP OpenView Network Node Manager (OV NNM). These vulnerabilities could be exploited remotely to allow execution of arbitrary code. (HPSBMA02400 SSRT080144)", "cvss3": {"score": null, "vector": null}, "published": "2009-06-15T00:00:00", "type": "nessus", "title": "HP-UX PHSS_39245 : s700_800 11.X OV NNM7.53 PA-RISC Intermediate Patch 22", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-0067", "CVE-2008-2438", "CVE-2009-0720"], "modified": "2021-01-11T00:00:00", "cpe": ["cpe:/o:hp:hp-ux"], "id": "HPUX_PHSS_39245.NASL", "href": "https://www.tenable.com/plugins/nessus/39383", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and patch checks in this plugin were \n# extracted from HP patch PHSS_39245. The text itself is\n# copyright (C) Hewlett-Packard Development Company, L.P.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(39383);\n script_version(\"1.37\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2008-0067\", \"CVE-2008-2438\", \"CVE-2009-0720\");\n script_bugtraq_id(34738, 34812);\n script_xref(name:\"HP\", value:\"emr_na-c01646081\");\n script_xref(name:\"HP\", value:\"emr_na-c01723303\");\n script_xref(name:\"HP\", value:\"emr_na-c01728300\");\n script_xref(name:\"HP\", value:\"SSRT080091\");\n script_xref(name:\"HP\", value:\"SSRT080125\");\n script_xref(name:\"HP\", value:\"SSRT080144\");\n\n script_name(english:\"HP-UX PHSS_39245 : s700_800 11.X OV NNM7.53 PA-RISC Intermediate Patch 22\");\n script_summary(english:\"Checks for the patch in the swlist output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote HP-UX host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"s700_800 11.X OV NNM7.53 PA-RISC Intermediate Patch 22 : \n\nThe remote HP-UX host is affected by multiple vulnerabilities :\n\n - A potential vulnerability has been identified with HP\n OpenView Network Node Manager (OV NNM). The\n vulnerability could be exploited remotely to execute\n arbitrary code. (HPSBMA02424 SSRT080125)\n\n - A potential vulnerability has been identified with HP\n OpenView Network Node Manager (OV NNM). The\n vulnerability could be exploited remotely to execute\n arbitrary code. (HPSBMA02425 SSRT080091)\n\n - Potential security vulnerabilities have been identified\n with HP OpenView Network Node Manager (OV NNM). These\n vulnerabilities could be exploited remotely to allow\n execution of arbitrary code. (HPSBMA02400 SSRT080144)\"\n );\n # http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01646081\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?cdefacfb\"\n );\n # http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01723303\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?45827469\"\n );\n # http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01728300\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?0bbcab1d\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Install patch PHSS_39245 or subsequent.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'HP OpenView Network Node Manager Toolbar.exe CGI Buffer Overflow');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_cwe_id(94, 119, 189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:hp:hp-ux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/03/18\");\n script_set_attribute(attribute:\"patch_modification_date\", value:\"2010/05/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/06/15\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"HP-UX Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/HP-UX/version\", \"Host/HP-UX/swlist\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"hpux.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/HP-UX/version\")) audit(AUDIT_OS_NOT, \"HP-UX\");\nif (!get_kb_item(\"Host/HP-UX/swlist\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nif (!hpux_check_ctx(ctx:\"11.11 11.23 11.31\", proc:\"parisc\"))\n{\n exit(0, \"The host is not affected since PHSS_39245 applies to a different OS release / architecture.\");\n}\n\npatches = make_list(\"PHSS_39245\", \"PHSS_39639\", \"PHSS_39944\", \"PHSS_40374\", \"PHSS_40707\", \"PHSS_41242\", \"PHSS_41606\", \"PHSS_41857\", \"PHSS_42232\", \"PHSS_43046\", \"PHSS_43353\");\nforeach patch (patches)\n{\n if (hpux_installed(app:patch))\n {\n exit(0, \"The host is not affected because patch \"+patch+\" is installed.\");\n }\n}\n\n\nflag = 0;\nif (hpux_check_patch(app:\"OVNNMETCore.OVNNMET-CORE\", version:\"B.07.50.00\")) flag++;\nif (hpux_check_patch(app:\"OVNNMETCore.OVNNMET-IPV6\", version:\"B.07.50.00\")) flag++;\nif (hpux_check_patch(app:\"OVNNMETCore.OVNNMET-JPN\", version:\"B.07.50.00\")) flag++;\nif (hpux_check_patch(app:\"OVNNMETCore.OVNNMET-PD\", version:\"B.07.50.00\")) flag++;\nif (hpux_check_patch(app:\"OVNNMETCore.OVNNMET-PESA\", version:\"B.07.50.00\")) flag++;\nif (hpux_check_patch(app:\"OVNNMgr.OVMIB-CONTRIB\", version:\"B.07.50.00\")) flag++;\nif (hpux_check_patch(app:\"OVNNMgr.OVNNM-RUN\", version:\"B.07.50.00\")) flag++;\nif (hpux_check_patch(app:\"OVNNMgr.OVNNMGR-JPN\", version:\"B.07.50.00\")) flag++;\nif (hpux_check_patch(app:\"OVNNMgr.OVNNMGR-KOR\", version:\"B.07.50.00\")) flag++;\nif (hpux_check_patch(app:\"OVNNMgr.OVNNMGR-SCH\", version:\"B.07.50.00\")) flag++;\nif (hpux_check_patch(app:\"OVNNMgr.OVRPT-RUN\", version:\"B.07.50.00\")) flag++;\nif (hpux_check_patch(app:\"OVNNMgr.OVWWW-JPN\", version:\"B.07.50.00\")) flag++;\nif (hpux_check_patch(app:\"OVNNMgr.OVWWW-KOR\", version:\"B.07.50.00\")) flag++;\nif (hpux_check_patch(app:\"OVNNMgr.OVWWW-SCH\", version:\"B.07.50.00\")) flag++;\nif (hpux_check_patch(app:\"OVNNMgrMan.OVNNM-RUN-MAN\", version:\"B.07.50.00\")) flag++;\nif (hpux_check_patch(app:\"OVNNMgrRtDOC.OVNNM-ENG-DOC\", version:\"B.07.50.00\")) flag++;\nif (hpux_check_patch(app:\"OVPlatform.OVDB-RUN\", version:\"B.07.50.00\")) flag++;\nif (hpux_check_patch(app:\"OVPlatform.OVEVENT-MIN\", version:\"B.07.50.00\")) flag++;\nif (hpux_check_patch(app:\"OVPlatform.OVMIN\", version:\"B.07.50.00\")) flag++;\nif (hpux_check_patch(app:\"OVPlatform.OVPMD-MIN\", version:\"B.07.50.00\")) flag++;\nif (hpux_check_patch(app:\"OVPlatform.OVWIN\", version:\"B.07.50.00\")) flag++;\nif (hpux_check_patch(app:\"OVPlatform.OVWWW-EVNT\", version:\"B.07.50.00\")) flag++;\nif (hpux_check_patch(app:\"OVPlatform.OVWWW-FW\", version:\"B.07.50.00\")) flag++;\nif (hpux_check_patch(app:\"OVPlatform.OVWWW-SRV\", version:\"B.07.50.00\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:hpux_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T13:07:31", "description": "s700_800 11.X OV NNM7.53 IA-64 Intermediate Patch 22 : \n\nThe remote HP-UX host is affected by multiple vulnerabilities :\n\n - Potential security vulnerabilities have been identified with HP OpenView Network Node Manager (OV NNM). These vulnerabilities could be exploited remotely to allow execution of arbitrary code. (HPSBMA02400 SSRT080144)\n\n - A potential vulnerability has been identified with HP OpenView Network Node Manager (OV NNM). The vulnerability could be exploited remotely to execute arbitrary code. (HPSBMA02424 SSRT080125)\n\n - A potential vulnerability has been identified with HP OpenView Network Node Manager (OV NNM). The vulnerability could be exploited remotely to execute arbitrary code. (HPSBMA02425 SSRT080091)", "cvss3": {"score": null, "vector": null}, "published": "2009-06-15T00:00:00", "type": "nessus", "title": "HP-UX PHSS_39246 : s700_800 11.X OV NNM7.53 IA-64 Intermediate Patch 22", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-0067", "CVE-2008-2438", "CVE-2009-0720"], "modified": "2021-01-11T00:00:00", "cpe": ["cpe:/o:hp:hp-ux"], "id": "HPUX_PHSS_39246.NASL", "href": "https://www.tenable.com/plugins/nessus/39384", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and patch checks in this plugin were \n# extracted from HP patch PHSS_39246. The text itself is\n# copyright (C) Hewlett-Packard Development Company, L.P.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(39384);\n script_version(\"1.35\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2008-0067\", \"CVE-2008-2438\", \"CVE-2009-0720\");\n script_bugtraq_id(34738, 34812);\n script_xref(name:\"HP\", value:\"emr_na-c01646081\");\n script_xref(name:\"HP\", value:\"emr_na-c01723303\");\n script_xref(name:\"HP\", value:\"emr_na-c01728300\");\n script_xref(name:\"HP\", value:\"SSRT080091\");\n script_xref(name:\"HP\", value:\"SSRT080125\");\n script_xref(name:\"HP\", value:\"SSRT080144\");\n\n script_name(english:\"HP-UX PHSS_39246 : s700_800 11.X OV NNM7.53 IA-64 Intermediate Patch 22\");\n script_summary(english:\"Checks for the patch in the swlist output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote HP-UX host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"s700_800 11.X OV NNM7.53 IA-64 Intermediate Patch 22 : \n\nThe remote HP-UX host is affected by multiple vulnerabilities :\n\n - Potential security vulnerabilities have been identified\n with HP OpenView Network Node Manager (OV NNM). These\n vulnerabilities could be exploited remotely to allow\n execution of arbitrary code. (HPSBMA02400 SSRT080144)\n\n - A potential vulnerability has been identified with HP\n OpenView Network Node Manager (OV NNM). The\n vulnerability could be exploited remotely to execute\n arbitrary code. (HPSBMA02424 SSRT080125)\n\n - A potential vulnerability has been identified with HP\n OpenView Network Node Manager (OV NNM). The\n vulnerability could be exploited remotely to execute\n arbitrary code. (HPSBMA02425 SSRT080091)\"\n );\n # http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01646081\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?cdefacfb\"\n );\n # http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01723303\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?45827469\"\n );\n # http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01728300\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?0bbcab1d\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Install patch PHSS_39246 or subsequent.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'HP OpenView Network Node Manager Toolbar.exe CGI Buffer Overflow');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_cwe_id(94, 119, 189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:hp:hp-ux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/03/18\");\n script_set_attribute(attribute:\"patch_modification_date\", value:\"2010/05/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/06/15\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"HP-UX Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/HP-UX/version\", \"Host/HP-UX/swlist\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"hpux.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/HP-UX/version\")) audit(AUDIT_OS_NOT, \"HP-UX\");\nif (!get_kb_item(\"Host/HP-UX/swlist\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nif (!hpux_check_ctx(ctx:\"11.23 11.31\", proc:\"ia64\"))\n{\n exit(0, \"The host is not affected since PHSS_39246 applies to a different OS release / architecture.\");\n}\n\npatches = make_list(\"PHSS_39246\", \"PHSS_39640\", \"PHSS_39945\", \"PHSS_40375\", \"PHSS_40708\", \"PHSS_41243\", \"PHSS_41607\", \"PHSS_41858\", \"PHSS_42233\", \"PHSS_43047\", \"PHSS_43354\");\nforeach patch (patches)\n{\n if (hpux_installed(app:patch))\n {\n exit(0, \"The host is not affected because patch \"+patch+\" is installed.\");\n }\n}\n\n\nflag = 0;\nif (hpux_check_patch(app:\"OVNNMETCore.OVNNMET-CORE\", version:\"B.07.50.00\")) flag++;\nif (hpux_check_patch(app:\"OVNNMETCore.OVNNMET-IPV6\", version:\"B.07.50.00\")) flag++;\nif (hpux_check_patch(app:\"OVNNMETCore.OVNNMET-JPN\", version:\"B.07.50.00\")) flag++;\nif (hpux_check_patch(app:\"OVNNMETCore.OVNNMET-PD\", version:\"B.07.50.00\")) flag++;\nif (hpux_check_patch(app:\"OVNNMETCore.OVNNMET-PESA\", version:\"B.07.50.00\")) flag++;\nif (hpux_check_patch(app:\"OVNNMgr.OVMIB-CONTRIB\", version:\"B.07.50.00\")) flag++;\nif (hpux_check_patch(app:\"OVNNMgr.OVNNM-RUN\", version:\"B.07.50.00\")) flag++;\nif (hpux_check_patch(app:\"OVNNMgr.OVNNMGR-JPN\", version:\"B.07.50.00\")) flag++;\nif (hpux_check_patch(app:\"OVNNMgr.OVNNMGR-KOR\", version:\"B.07.50.00\")) flag++;\nif (hpux_check_patch(app:\"OVNNMgr.OVNNMGR-SCH\", version:\"B.07.50.00\")) flag++;\nif (hpux_check_patch(app:\"OVNNMgr.OVRPT-RUN\", version:\"B.07.50.00\")) flag++;\nif (hpux_check_patch(app:\"OVNNMgr.OVWWW-JPN\", version:\"B.07.50.00\")) flag++;\nif (hpux_check_patch(app:\"OVNNMgr.OVWWW-KOR\", version:\"B.07.50.00\")) flag++;\nif (hpux_check_patch(app:\"OVNNMgr.OVWWW-SCH\", version:\"B.07.50.00\")) flag++;\nif (hpux_check_patch(app:\"OVNNMgrMan.OVNNM-RUN-MAN\", version:\"B.07.50.00\")) flag++;\nif (hpux_check_patch(app:\"OVNNMgrRtDOC.OVNNM-DOC-REUS\", version:\"B.07.50.00\")) flag++;\nif (hpux_check_patch(app:\"OVNNMgrRtDOC.OVNNM-ENG-DOC\", version:\"B.07.50.00\")) flag++;\nif (hpux_check_patch(app:\"OVPlatform.OVDB-RUN\", version:\"B.07.50.00\")) flag++;\nif (hpux_check_patch(app:\"OVPlatform.OVEVENT-MIN\", version:\"B.07.50.00\")) flag++;\nif (hpux_check_patch(app:\"OVPlatform.OVMIN\", version:\"B.07.50.00\")) flag++;\nif (hpux_check_patch(app:\"OVPlatform.OVPMD-MIN\", version:\"B.07.50.00\")) flag++;\nif (hpux_check_patch(app:\"OVPlatform.OVWIN\", version:\"B.07.50.00\")) flag++;\nif (hpux_check_patch(app:\"OVPlatform.OVWWW-EVNT\", version:\"B.07.50.00\")) flag++;\nif (hpux_check_patch(app:\"OVPlatform.OVWWW-FW\", version:\"B.07.50.00\")) flag++;\nif (hpux_check_patch(app:\"OVPlatform.OVWWW-SRV\", version:\"B.07.50.00\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:hpux_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T13:04:28", "description": "s700_800 11.11 OV NNM7.01 Intermediate Patch 13 : \n\nThe remote HP-UX host is affected by multiple vulnerabilities :\n\n - A potential vulnerability has been identified with HP OpenView Network Node Manager (OV NNM). The vulnerability could be exploited remotely to execute arbitrary code. (HPSBMA02424 SSRT080125)\n\n - Potential security vulnerabilities have been identified with HP OpenView Network Node Manager (OV NNM). These vulnerabilities could be exploited remotely to execute arbitrary code. References: CVE-2009-0898 (SSRT090101) CVE-2009-3845 (SSRT090037, ZDI-CAN-453) CVE-2009-3846 (SSRT090122, ZDI-CAN-526) CVE-2009-3847 (SSRT090128, ZDI-CAN-532) CVE-2009-3848 (SSRT090129, ZDI-CAN-522) CVE-2009-3849 (SSRT090130, ZDI-CAN-523) CVE-2009-4176 (SSRT090131, ZDI-CAN-532) CVE-2009-4177 (SSRT090132, ZDI-CAN-538) CVE-2009-4178 (SSRT090133, ZDI-CAN-539) CVE-2009-4179 (SSRT090134, ZDI-CAN-540) CVE-2009-4180 (SSRT090135, ZDI-CAN-542) CVE-2009-4181 (SSRT090164, ZDI-CAN-549). (HPSBMA02483 SSRT090257)\n\n - Potential security vulnerabilities have been identified with HP OpenView Network Node Manager (OV NNM). These vulnerabilities could be exploited remotely to allow execution of arbitrary code. (HPSBMA02400 SSRT080144)\n\n - Potential vulnerabilities have been identified with HP OpenView Network Node Manager (OV NNM). The vulnerabilities could be exploited remotely to execute arbitrary code. (HPSBMA02416 SSRT090008)\n\n - Potential security vulnerabilities have been identified with HP OpenView Network Node Manager (OV NNM). These vulnerabilities could be exploited remotely to execute arbitrary code. References: CVE-2010-1550 (SSRT090225, ZDI-CAN-563) CVE-2010-1551 (SSRT090226, ZDI-CAN-564) CVE-2010-1552 (SSRT090227, ZDI-CAN-566) CVE-2010-1553 (SSRT090228, ZDI-CAN-573) CVE-2010-1554 (SSRT090229, ZDI-CAN-574) CVE-2010-1555 (SSRT090230, ZDI-CAN-575).\n (HPSBMA02527 SSRT010098)\n\n - A potential vulnerability has been identified with HP OpenView Network Node Manager (OV NNM). The vulnerability could be exploited remotely to execute arbitrary code. (HPSBMA02425 SSRT080091)", "cvss3": {"score": null, "vector": null}, "published": "2010-05-10T00:00:00", "type": "nessus", "title": "HP-UX PHSS_40705 : s700_800 11.11 OV NNM7.01 Intermediate Patch 13", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-0067", "CVE-2008-2438", "CVE-2009-0720", "CVE-2009-0898", "CVE-2009-0920", "CVE-2009-0921", "CVE-2009-3845", "CVE-2009-3846", "CVE-2009-3847", "CVE-2009-3848", "CVE-2009-3849", "CVE-2009-4176", "CVE-2009-4177", "CVE-2009-4178", "CVE-2009-4179", "CVE-2009-4180", "CVE-2009-4181", "CVE-2010-1550", "CVE-2010-1551", "CVE-2010-1552", "CVE-2010-1553", "CVE-2010-1554", "CVE-2010-1555"], "modified": "2021-01-11T00:00:00", "cpe": ["cpe:/o:hp:hp-ux"], "id": "HPUX_PHSS_40705.NASL", "href": "https://www.tenable.com/plugins/nessus/46261", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and patch checks in this plugin were \n# extracted from HP patch PHSS_40705. The text itself is\n# copyright (C) Hewlett-Packard Development Company, L.P.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(46261);\n script_version(\"1.24\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2008-0067\", \"CVE-2008-2438\", \"CVE-2009-0720\", \"CVE-2009-0898\", \"CVE-2009-0920\", \"CVE-2009-0921\", \"CVE-2009-3845\", \"CVE-2009-3846\", \"CVE-2009-3847\", \"CVE-2009-3848\", \"CVE-2009-3849\", \"CVE-2009-4176\", \"CVE-2009-4177\", \"CVE-2009-4178\", \"CVE-2009-4179\", \"CVE-2009-4180\", \"CVE-2009-4181\", \"CVE-2010-1550\", \"CVE-2010-1551\", \"CVE-2010-1552\", \"CVE-2010-1553\", \"CVE-2010-1554\", \"CVE-2010-1555\");\n script_bugtraq_id(34738, 34812);\n script_xref(name:\"HP\", value:\"emr_na-c01646081\");\n script_xref(name:\"HP\", value:\"emr_na-c01696729\");\n script_xref(name:\"HP\", value:\"emr_na-c01723303\");\n script_xref(name:\"HP\", value:\"emr_na-c01728300\");\n script_xref(name:\"HP\", value:\"emr_na-c01950877\");\n script_xref(name:\"HP\", value:\"emr_na-c02153379\");\n script_xref(name:\"HP\", value:\"SSRT010098\");\n script_xref(name:\"HP\", value:\"SSRT080091\");\n script_xref(name:\"HP\", value:\"SSRT080125\");\n script_xref(name:\"HP\", value:\"SSRT080144\");\n script_xref(name:\"HP\", value:\"SSRT090008\");\n script_xref(name:\"HP\", value:\"SSRT090257\");\n\n script_name(english:\"HP-UX PHSS_40705 : s700_800 11.11 OV NNM7.01 Intermediate Patch 13\");\n script_summary(english:\"Checks for the patch in the swlist output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote HP-UX host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"s700_800 11.11 OV NNM7.01 Intermediate Patch 13 : \n\nThe remote HP-UX host is affected by multiple vulnerabilities :\n\n - A potential vulnerability has been identified with HP\n OpenView Network Node Manager (OV NNM). The\n vulnerability could be exploited remotely to execute\n arbitrary code. (HPSBMA02424 SSRT080125)\n\n - Potential security vulnerabilities have been identified\n with HP OpenView Network Node Manager (OV NNM). These\n vulnerabilities could be exploited remotely to execute\n arbitrary code. References: CVE-2009-0898 (SSRT090101)\n CVE-2009-3845 (SSRT090037, ZDI-CAN-453) CVE-2009-3846\n (SSRT090122, ZDI-CAN-526) CVE-2009-3847 (SSRT090128,\n ZDI-CAN-532) CVE-2009-3848 (SSRT090129, ZDI-CAN-522)\n CVE-2009-3849 (SSRT090130, ZDI-CAN-523) CVE-2009-4176\n (SSRT090131, ZDI-CAN-532) CVE-2009-4177 (SSRT090132,\n ZDI-CAN-538) CVE-2009-4178 (SSRT090133, ZDI-CAN-539)\n CVE-2009-4179 (SSRT090134, ZDI-CAN-540) CVE-2009-4180\n (SSRT090135, ZDI-CAN-542) CVE-2009-4181 (SSRT090164,\n ZDI-CAN-549). (HPSBMA02483 SSRT090257)\n\n - Potential security vulnerabilities have been identified\n with HP OpenView Network Node Manager (OV NNM). These\n vulnerabilities could be exploited remotely to allow\n execution of arbitrary code. (HPSBMA02400 SSRT080144)\n\n - Potential vulnerabilities have been identified with HP\n OpenView Network Node Manager (OV NNM). The\n vulnerabilities could be exploited remotely to execute\n arbitrary code. (HPSBMA02416 SSRT090008)\n\n - Potential security vulnerabilities have been identified\n with HP OpenView Network Node Manager (OV NNM). These\n vulnerabilities could be exploited remotely to execute\n arbitrary code. References: CVE-2010-1550 (SSRT090225,\n ZDI-CAN-563) CVE-2010-1551 (SSRT090226, ZDI-CAN-564)\n CVE-2010-1552 (SSRT090227, ZDI-CAN-566) CVE-2010-1553\n (SSRT090228, ZDI-CAN-573) CVE-2010-1554 (SSRT090229,\n ZDI-CAN-574) CVE-2010-1555 (SSRT090230, ZDI-CAN-575).\n (HPSBMA02527 SSRT010098)\n\n - A potential vulnerability has been identified with HP\n OpenView Network Node Manager (OV NNM). The\n vulnerability could be exploited remotely to execute\n arbitrary code. (HPSBMA02425 SSRT080091)\"\n );\n # http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01646081\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?cdefacfb\"\n );\n # http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01696729\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?ed695dee\"\n );\n # http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01723303\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?45827469\"\n );\n # http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01728300\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?0bbcab1d\"\n );\n # http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01950877\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?422f4693\"\n );\n # http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02153379\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?d5f413ca\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Install patch PHSS_40705 or subsequent.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'HP OpenView Network Node Manager getnnmdata.exe (Hostname) CGI Buffer Overflow');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'White_Phosphorus');\n script_cwe_id(94, 119, 189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:hp:hp-ux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/02/26\");\n script_set_attribute(attribute:\"patch_modification_date\", value:\"2010/05/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/05/10\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 Tenable Network Security, Inc.\");\n script_family(english:\"HP-UX Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/HP-UX/version\", \"Host/HP-UX/swlist\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"hpux.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/HP-UX/version\")) audit(AUDIT_OS_NOT, \"HP-UX\");\nif (!get_kb_item(\"Host/HP-UX/swlist\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nif (!hpux_check_ctx(ctx:\"11.11\"))\n{\n exit(0, \"The host is not affected since PHSS_40705 applies to a different OS release.\");\n}\n\npatches = make_list(\"PHSS_40705\");\nforeach patch (patches)\n{\n if (hpux_installed(app:patch))\n {\n exit(0, \"The host is not affected because patch \"+patch+\" is installed.\");\n }\n}\n\n\nflag = 0;\nif (hpux_check_patch(app:\"OVNNMETCore.OVNNMET-CORE\", version:\"B.07.01.00\")) flag++;\nif (hpux_check_patch(app:\"OVNNMETCore.OVNNMET-PD\", version:\"B.07.01.00\")) flag++;\nif (hpux_check_patch(app:\"OVNNMETCore.OVNNMET-PESA\", version:\"B.07.01.00\")) flag++;\nif (hpux_check_patch(app:\"OVNNMgr.OVMIB-CONTRIB\", version:\"B.07.01.00\")) flag++;\nif (hpux_check_patch(app:\"OVNNMgr.OVNNM-RUN\", version:\"B.07.01.00\")) flag++;\nif (hpux_check_patch(app:\"OVNNMgr.OVNNMGR-JPN\", version:\"B.07.01.00\")) flag++;\nif (hpux_check_patch(app:\"OVNNMgr.OVNNMGR-SCH\", version:\"B.07.01.00\")) flag++;\nif (hpux_check_patch(app:\"OVNNMgr.OVRPT-RUN\", version:\"B.07.01.00\")) flag++;\nif (hpux_check_patch(app:\"OVNNMgr.OVWWW-JPN\", version:\"B.07.01.00\")) flag++;\nif (hpux_check_patch(app:\"OVNNMgr.OVWWW-SCH\", version:\"B.07.01.00\")) flag++;\nif (hpux_check_patch(app:\"OVNNMgrMan.OVNNM-RUN-MAN\", version:\"B.07.01.00\")) flag++;\nif (hpux_check_patch(app:\"OVPlatform.OVDB-RUN\", version:\"B.07.01.00\")) flag++;\nif (hpux_check_patch(app:\"OVPlatform.OVEVENT-MIN\", version:\"B.07.01.00\")) flag++;\nif (hpux_check_patch(app:\"OVPlatform.OVMIN\", version:\"B.07.01.00\")) flag++;\nif (hpux_check_patch(app:\"OVPlatform.OVSNMP-MIN\", version:\"B.07.01.00\")) flag++;\nif (hpux_check_patch(app:\"OVPlatform.OVWIN\", version:\"B.07.01.00\")) flag++;\nif (hpux_check_patch(app:\"OVPlatform.OVWWW-EVNT\", version:\"B.07.01.00\")) flag++;\nif (hpux_check_patch(app:\"OVPlatform.OVWWW-FW\", version:\"B.07.01.00\")) flag++;\nif (hpux_check_patch(app:\"OVPlatform.OVWWW-SRV\", version:\"B.07.01.00\")) flag++;\nif (hpux_check_patch(app:\"OVPlatformMan.OVEVENTMIN-MAN\", version:\"B.07.01.00\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:hpux_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}]}