HP Openview Network Node Manager Ovalarmsrv buffer overflow

2008-04-18T00:00:00
ID SAINT:0AE2DE4BCBCF1E6080FBD918EB925928
Type saint
Reporter SAINT Corporation
Modified 2008-04-18T00:00:00

Description

Added: 04/18/2008
CVE: CVE-2008-3544
BID: 28668
OSVDB: 50076

Background

HP OpenView Network Node Manager is network availability and performance management software.

Problem

A buffer overflow vulnerability in the Ovalarmsrv service in Network Node Manager allows remote attackers to execute arbitrary commands.

Resolution

Apply the appropriate patch.

References

<http://aluigi.altervista.org/adv/closedview_old-adv.txt>

Limitations

Exploit works on HP OpenView Network Node Manager 7.50 for Windows and HP OpenView Network Node Manager 7.01 for Linux.

Platforms

Windows 2000
Windows Server 2003
Linux