Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
saintSAINT CorporationSAINT:C916F4A0797235A447C47DE1AF7926B8
HistoryApr 18, 2011 - 12:00 a.m.

HP OpenView Network Node Manager malformed displayWidth option to jovgraph.exe

2011-04-1800:00:00
SAINT Corporation
download.saintcorporation.com
16

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.951 High

EPSS

Percentile

99.1%

JSON

Added: 04/18/2011
CVE: CVE-2011-0261
BID: 45762
OSVDB: 70469

Background

HP OpenView Network Node Manager is network availability and performance management software.

Problem

A buffer overflow vulnerability in **jovgraph.exe** allows remote attackers to execute arbitrary commands by sending an overly long **displayWidth** option in the **arg** parameter to the **jovgraph.exe** CGI program.

Resolution

Apply the appropriate patch.

References

<http://www.zerodayinitiative.com/advisories/ZDI-11-003/&gt;

Limitations

Exploit works on HP OpenView Network Node Manager 7.53 on Windows Server 2003 with DEP AlwaysOff.

On Windows Server 2003, read and execute privileges on the file **_%windir%_\system32\cmd.exe** must be granted to the Internet Guest Account **IUSR__&lt;computername&gt;_** for the exploit to work properly. Note that users in the **Users** and **Power Users** groups do not have such privileges, but users in the **Administrators** and **TelnetClients** groups do.

Platforms

Windows

Related

cve 1
prion 1
cvelist 1
saint 3
zdi 1
securityvulns 2
openvas 1
nessus 3
cve
cve
CVE-2011-0261
2011-01-13 19:00:05
prion
prion
Code injection
2011-01-13 19:00:00
cvelist
cvelist
CVE-2011-0261
2011-01-13 18:35:00
saint
saint
HP OpenView Network Node Manager malformed displayWidth option to jovgraph.exe
2011-04-18 00:00:00
HP OpenView Network Node Manager malformed displayWidth option to jovgraph.exe
2011-04-18 00:00:00
HP OpenView Network Node Manager malformed displayWidth option to jovgraph.exe
2011-04-18 00:00:00
zdi
zdi
HP OpenView Network Node Manager jovgraph.exe displayWidth Remote Code Execution Vulnerability
2011-01-10 00:00:00
securityvulns
securityvulns
[security bulletin] HPSBMA02621 SSRT100352 rev.2 - HP OpenView Network Node Manager &#40;OV NNM&#41;, Remote Execution of Arbitrary Code
2011-01-13 00:00:00
HP OpenView Network Node Manager code execution
2011-01-13 00:00:00
openvas
openvas
HP OpenView Network Node Manager Multiple Remote Code Execution Vulnerabilities
2011-01-13 00:00:00
nessus
nessus
HP OpenView Network Node Manager Remote Execution of Arbitrary Code (HPSBMA02621 SSRT100352)
2011-01-21 00:00:00
HP-UX PHSS_41606 : s700_800 11.X OV NNM7.53 PA-RISC Intermediate Patch 28
2012-03-06 00:00:00
HP-UX PHSS_41607 : s700_800 11.X OV NNM7.53 IA-64 Intermediate Patch 28
2012-03-06 00:00:00

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.951 High

EPSS

Percentile

99.1%

JSON
Related for SAINT:C916F4A0797235A447C47DE1AF7926B8
cve1prion1cvelist1saint3zdi1securityvulns2openvas1nessus3