HP OpenView Network Node Manager ovwebsnmpsrv.exe ovutil.dll stringToSeconds Buffer Overflow

2011-05-23T00:00:00
ID SAINT:7BBA63E56AAA239B8BF37CEE4A9EBA04
Type saint
Reporter SAINT Corporation
Modified 2011-05-23T00:00:00

Description

Added: 05/23/2011
CVE: CVE-2011-0262
BID: 45762
OSVDB: 70470

Background

HP OpenView Network Node Manager is network availability and performance management software.

Problem

A buffer overflow vulnerability affecting **ovwebsnmpsrv.exe**, in the **stringToSeconds** function in **ovutil.dll**, allows remote attackers to execute arbitrary commands by sending a specially crafted HTTP request.

Resolution

Apply the appropriate patch.

References

<http://www.zerodayinitiative.com/advisories/ZDI-11-004/>

Limitations

Exploit works on HP OpenView Network Node Manager 7.53 on Windows Server 2003 with DEP AlwaysOff.

On Windows Server 2003, read and execute privileges on the file **_%windir%_\system32\cmd.exe** must be granted to the Internet Guest Account **IUSR__&lt;computername&gt;_** for the exploit to work properly. Note that users in the **Users** and **Power Users** groups do not have such privileges, but users in the **Administrators** and **TelnetClients** groups do.

Platforms

Windows Server 2003