Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
saintSAINT CorporationSAINT:9AD3CB68986F0A2E9C3BCB4A4E9FB1A5
HistoryFeb 20, 2012 - 12:00 a.m.

HP OpenView Network Node Manager OVBuildPath Overflow

2012-02-2000:00:00
SAINT Corporation
www.saintcorporation.com
34

0.964 High

EPSS

Percentile

99.4%

JSON

Added: 02/20/2012
CVE: CVE-2011-3167
BID: 50471
OSVDB: 76775

Background

HP OpenView Network Node Manager (NNM) is a network monitoring solution based on SNMP.

Problem

User supplied data from the NNM web interface is passed to the OVBuildPath function in ov.dll. This function contains a stack overflow vulnerability that may allow an unauthenticated attacker to take control of the server.

Resolution

No patches are available at this time. Restrict access to the web interface of the NNM server.

References

<http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03054052&gt;
<http://www.zerodayinitiative.com/advisories/ZDI-12-002/&gt;
<http://www.zerodayinitiative.com/advisories/ZDI-12-003/&gt;

Limitations

This exploit has been tested against HP OpenView Network Node Manager 7.53 on Windows Server 2003 SP2 English (DEP OptOut) with KB956802 and KB2393802.

Platforms

Windows

Related

securityvulns 3
zdi 1
cvelist 1
cve 1
checkpoint_advisories 1
prion 1
saint 3
packetstorm 1
openvas 1
nessus 1
securityvulns
securityvulns
ZDI-12-002 : HP OpenView NNM ov.dll _OVBuildPath Remote Code Execution Vulnerability
2012-01-09 00:00:00
HP OpenView Network Node Manager code execution
2012-01-09 00:00:00
[security bulletin] HPSBMU02712 SSRT100649 rev.1 - HP OpenView Network Node Manager &#40;OV NNM&#41;, Remote Execution of Arbitrary Code
2011-11-06 00:00:00
zdi
zdi
HP OpenView NNM ov.dll _OVBuildPath Remote Code Execution Vulnerability
2012-01-05 00:00:00
cvelist
cvelist
CVE-2011-3167
2011-11-02 17:00:00
cve
cve
CVE-2011-3167
2011-11-02 17:55:00
checkpoint_advisories
checkpoint_advisories
HP OpenView Network Node Manager ov.dll Buffer Overflow (CVE-2011-3167)
2012-05-14 00:00:00
prion
prion
Code injection
2011-11-02 17:55:00
saint
saint
HP OpenView Network Node Manager OVBuildPath Overflow
2012-02-20 00:00:00
HP OpenView Network Node Manager OVBuildPath Overflow
2012-02-20 00:00:00
HP OpenView Network Node Manager OVBuildPath Overflow
2012-02-20 00:00:00
packetstorm
packetstorm
HP OpenView Network Node Manager ov.dll _OVBuildPath Buffer Overflow
2012-01-20 00:00:00
openvas
openvas
HP OpenView Network Node Manager Multiple Remote Code Execution Vulnerabilities
2011-12-14 00:00:00
nessus
nessus
HP OpenView Network Node Manager Multiple Code Execution Vulnerabilities (HPSBMU02712 SSRT100649)
2012-03-28 00:00:00

0.964 High

EPSS

Percentile

99.4%

JSON
Related for SAINT:9AD3CB68986F0A2E9C3BCB4A4E9FB1A5
securityvulns3zdi1cvelist1cve1checkpoint_advisories1prion1saint3packetstorm1openvas1nessus1