Lucene search

SAINT CorporationSAINT:4DBEF05031B06AE05590661C70DB2247

HistoryJan 09, 2009 - 12:00 a.m.

HP OpenView Network Node Manager Toolbar.exe CGI buffer overflow

2009-01-0900:00:00

SAINT Corporation

my.saintcorporation.com

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.835 High

EPSS

Percentile

98.5%

JSON

Added: 01/09/2009
CVE: CVE-2008-0067
BID: 33147

Background

HP OpenView Network Node Manager is network availability and performance management software.

Problem

A buffer overflow vulnerability allows remote attackers to execute arbitrary commands by requesting the **Toolbar.exe** CGI program with a long, specially crafted parameter.

Resolution

Apply a fix when available, or restrict access to the **Toolbar.exe** CGI program.

References

<http://secunia.com/secunia_research/2008-13/>

Limitations

Exploit works on HP OpenView Network Node Manager 7.5 on Windows 2000.

Platforms

Windows

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.835 High

EPSS

Percentile

98.5%

JSON

Related for SAINT:4DBEF05031B06AE05590661C70DB2247