Added: 02/20/2012
CVE: CVE-2011-3167
BID: 50471
OSVDB: 76775
HP OpenView Network Node Manager (NNM) is a network monitoring solution based on SNMP.
User supplied data from the NNM web interface is passed to the OVBuildPath function in ov.dll. This function contains a stack overflow vulnerability that may allow an unauthenticated attacker to take control of the server.
No patches are available at this time. Restrict access to the web interface of the NNM server.
<http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03054052>
<http://www.zerodayinitiative.com/advisories/ZDI-12-002/>
<http://www.zerodayinitiative.com/advisories/ZDI-12-003/>
This exploit has been tested against HP OpenView Network Node Manager 7.53 on Windows Server 2003 SP2 English (DEP OptOut) with KB956802 and KB2393802.
Windows