HP OpenView Network Node Manager 6.10 - SNMP DoS Vulnerability

2000-09-26T00:00:00
ID EDB-ID:20239
Type exploitdb
Reporter DCIST
Modified 2000-09-26T00:00:00

Description

HP OpenView Network Node Manager 6.10 SNMP DoS Vulnerability. CVE-2000-1058. Dos exploits for multiple platform

                                        
                                            source: http://www.securityfocus.com/bid/1713/info

The OverView5 CGI interface by default is shipped with HP Openview Node Manager.

HP Openview Node Manager can be compromised due to an unchecked buffer. By sending a specially crafted GET request comprised of 136 bytes to the web services (default port 80) through the Overview5 CGI interface, the SNMP service will crash.

Successful exploitation, depending on the data entered, will allow the execution of arbitrary code.

http://target/OvCgi/OpenView5.exe?Context=Snmp&Action=Snmp&Host=&Oid=<string of characters consisting of 136 bytes>