SAINT CorporationSAINT:4CB770E5686199016EFBB63C1294074BHP OpenView Network Node Manager OvOSLocale cookie buffer overflow
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.752 High
EPSS
Percentile
97.8%
Added: 03/26/2009
CVE: CVE-2009-0920
Background
HP OpenView Network Node Manager is network availability and performance management software.
Problem
A buffer overflow vulnerability allows remote attackers to execute arbitrary commands by sending a long, specially crafted OvOSLocale cookie in an HTTP request for Toolbar.exe.
Resolution
Apply one of the patches referenced in HPSBMA02416 SSRT090008.
References
<http://www.securityfocus.com/archive/1/502054>
Limitations
Exploit works on HP OpenView Network Node Manager 7.53.
On Windows Server 2003, Read and Execute privileges on the file ‘%windir%\system32\cmd.exe’ must be granted to the Internet Guest Account (IUSR_<computername>) in order for the exploit to succeed. The ‘Users’ and ‘Power Users’ groups don’t have such privileges, but the ‘Administrators’ and ‘TelnetClients’ groups can execute ‘cmd.exe’.
The patch KB933729 must be applied on Windows Server 2003 in order to bypass DEP protection.
Platforms
Windows 2000
Windows Server 2003
Related
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.752 High
EPSS
Percentile
97.8%