Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
seebugRootSSV:15058
HistoryDec 14, 2009 - 12:00 a.m.

HP OpenView Network Node Manager多个远程代码执行漏洞

2009-12-1400:00:00
Root
www.seebug.org
33

0.967 High

EPSS

Percentile

99.6%

JSON

HP OpenView Network Node Manager是一款HP公司开发和维护的网络管理系统软件,具有强大的网络节点管理功能。
HP OpenView Network Node Manager存在多个安全漏洞:
CVE-2009-3845:
CNCVE ID:CNCVE-20090898
CNCVE-20093845
CNCVE-20093846
CNCVE-20093849
CNCVE-20093848
CNCVE-20094176
CNCVE-20094177
CNCVE-20094178
CNCVE-20094179
CNCVE-20094180
CNCVE-20094181
CNCVE-20093847
CNCVE-20093845

Network Node Manager (NNM)分发的PERL CGI可执行程序存在缺陷,应用程序不正确过滤提交给监听TCP 3443端口的NNM HTTP服务器的hostname HTTP变量,通过提供管道操作符,恶意攻击者可以注入任意命令并在远程服务器上执行。
CVE-2009-3849:
CNCVE ID:CNCVE-20090898
CNCVE-20093845
CNCVE-20093846
CNCVE-20093849
CNCVE-20093848
CNCVE-20094176
CNCVE-20094177
CNCVE-20094178
CNCVE-20094179
CNCVE-20094180
CNCVE-20094181
CNCVE-20093847
CNCVE-20093845
CNCVE-20093849

nnmRptConfig.exe CGI可执行程序可通过监听在80端口的IIS WEB服务器访问,当解析POST变量时,进程使用strcat调用拷贝Template参数到固定栈缓冲区大小,提供超大值可触发缓冲区溢出并导致任意代码执行。
CVE-2009-3848:
CNCVE ID:CNCVE-20090898
CNCVE-20093845
CNCVE-20093846
CNCVE-20093849
CNCVE-20093848
CNCVE-20094176
CNCVE-20094177
CNCVE-20094178
CNCVE-20094179
CNCVE-20094180
CNCVE-20094181
CNCVE-20093847
CNCVE-20093845
CNCVE-20093849
CNCVE-20093848

nnmRptConfig.exe CGI可执行程序可通过监听在80端口的IIS WEB服务器访问,当解析POST变量时,进程使用vsprintf()调用拷贝Template参数到固定栈缓冲区大小,提供超大值可触发缓冲区溢出并导致任意代码执行。
CVE-2009-3849:
CNCVE ID:CNCVE-20090898
CNCVE-20093845
CNCVE-20093846
CNCVE-20093849
CNCVE-20093848
CNCVE-20094176
CNCVE-20094177
CNCVE-20094178
CNCVE-20094179
CNCVE-20094180
CNCVE-20094181
CNCVE-20093847
CNCVE-20093845
CNCVE-20093849
CNCVE-20093848
CNCVE-20093849

snmp.exe CGI可执行程序可通过监听在80端口的IIS WEB服务器访问,当解析POST变量时,进程使用sprintf()调用拷贝Oid参数到固定栈缓冲区大小,提供超大值可触发缓冲区溢出并导致任意代码执行。
CVE-2009-4179:
CNCVE ID:CNCVE-20090898
CNCVE-20093845
CNCVE-20093846
CNCVE-20093849
CNCVE-20093848
CNCVE-20094176
CNCVE-20094177
CNCVE-20094178
CNCVE-20094179
CNCVE-20094180
CNCVE-20094181
CNCVE-20093847
CNCVE-20093845
CNCVE-20093849
CNCVE-20093848
CNCVE-20093849
CNCVE-20094179

ovalarm.exe CGI应用程序存在缺陷,如果设置了OVABverbose POST变量,进程会获取Accept-Language HTTP头字段的值并没有任何长度检查就拷贝到0x100字节栈缓冲区,提供超长字符串可溢出缓冲区,导致任意代码执行。
CVE-2009-3846:
CNCVE ID:CNCVE-20090898
CNCVE-20093845
CNCVE-20093846
CNCVE-20093849
CNCVE-20093848
CNCVE-20094176
CNCVE-20094177
CNCVE-20094178
CNCVE-20094179
CNCVE-20094180
CNCVE-20094181
CNCVE-20093847
CNCVE-20093845
CNCVE-20093849
CNCVE-20093848
CNCVE-20093849
CNCVE-20094179
CNCVE-20093846

ovlogin.exe CGI应用程序存在缺陷,在验证过程中userid和passwd post变量会传递给这个CGI,并通过sprintf()调用拷贝到静态0x100字节堆缓冲区,提供超长字符串可溢出这个缓冲区导致任意代码执行。
CVE-2009-4176:
CNCVE ID:CNCVE-20090898
CNCVE-20093845
CNCVE-20093846
CNCVE-20093849
CNCVE-20093848
CNCVE-20094176
CNCVE-20094177
CNCVE-20094178
CNCVE-20094179
CNCVE-20094180
CNCVE-20094181
CNCVE-20093847
CNCVE-20093845
CNCVE-20093849
CNCVE-20093848
CNCVE-20093849
CNCVE-20094179
CNCVE-20093846
CNCVE-20094176

ovsessionmgr.exe应用程序存在缺陷,会话管理器从ovlogin.exe CGI应用程序发送的POST变量中获取凭证信息,'userid’和’passwd’变量通过sprintf()调用拷贝到静态0x100字节堆缓冲区,提供超长字符串可溢出这个缓冲区导致任意代码执行。
CVE-2009-4178:
CNCVE ID:CNCVE-20090898
CNCVE-20093845
CNCVE-20093846
CNCVE-20093849
CNCVE-20093848
CNCVE-20094176
CNCVE-20094177
CNCVE-20094178
CNCVE-20094179
CNCVE-20094180
CNCVE-20094181
CNCVE-20093847
CNCVE-20093845
CNCVE-20093849
CNCVE-20093848
CNCVE-20093849
CNCVE-20094179
CNCVE-20093846
CNCVE-20094176
CNCVE-20094178

OvWebHelp.exe CGI应用程序存在缺陷,在字符串串联过程中。进程获取Topic POST变量值并没有任何长度检查拷贝到0x400字节堆缓冲区中,提供超长字符串可溢出这个缓冲区导致任意代码执行。
CVE-2009-4181:
CNCVE ID:CNCVE-20090898
CNCVE-20093845
CNCVE-20093846
CNCVE-20093849
CNCVE-20093848
CNCVE-20094176
CNCVE-20094177
CNCVE-20094178
CNCVE-20094179
CNCVE-20094180
CNCVE-20094181
CNCVE-20093847
CNCVE-20093845
CNCVE-20093849
CNCVE-20093848
CNCVE-20093849
CNCVE-20094179
CNCVE-20093846
CNCVE-20094176
CNCVE-20094178
CNCVE-20094181

jovgraph.exe CGI应用程序接收到请求时会启用ovwebsnmpsrv.exe应用程序,ovwebsnmpsrv.exe应用程序存在漏洞,进程会拷贝’sel’ POST变量内容以用户可控的次数拷贝数据到静态栈缓冲区中,通过重复特定字符串作为’arg’ POST变量内容,可溢出此缓冲区导致任意代码执行。
CVE-2009-4180:
CNCVE ID:CNCVE-20090898
CNCVE-20093845
CNCVE-20093846
CNCVE-20093849
CNCVE-20093848
CNCVE-20094176
CNCVE-20094177
CNCVE-20094178
CNCVE-20094179
CNCVE-20094180
CNCVE-20094181
CNCVE-20093847
CNCVE-20093845
CNCVE-20093849
CNCVE-20093848
CNCVE-20093849
CNCVE-20094179
CNCVE-20093846
CNCVE-20094176
CNCVE-20094178
CNCVE-20094181
CNCVE-20094180

snmpviewer.exe CGI应用程序存在设计缺陷,进程使用strcat调用把HTTP请求中的HOST头字段数据拷贝到固定长度的缓冲区中,提供超长字符串可溢出这个缓冲区导致任意代码执行。
CVE-2009-4177:
CNCVE ID:CNCVE-20090898
CNCVE-20093845
CNCVE-20093846
CNCVE-20093849
CNCVE-20093848
CNCVE-20094176
CNCVE-20094177
CNCVE-20094178
CNCVE-20094179
CNCVE-20094180
CNCVE-20094181
CNCVE-20093847
CNCVE-20093845
CNCVE-20093849
CNCVE-20093848
CNCVE-20093849
CNCVE-20094179
CNCVE-20093846
CNCVE-20094176
CNCVE-20094178
CNCVE-20094181
CNCVE-20094180
CNCVE-20094177

webappmon.exe CGI应用程序存在设计缺陷,进程使用strcat调用把HTTP请求中的HOST头字段数据拷贝到位于.DATA段中的固定长度缓冲区中,提供超长字符串可溢出这个缓冲区导致任意代码执行。

HP OpenView Network Node Manager 7.50 Windows 2000/XP
HP OpenView Network Node Manager 7.50 Solaris
HP OpenView Network Node Manager 7.50 Linux
HP OpenView Network Node Manager 7.50 HP-UX 11.X
HP OpenView Network Node Manager 7.50
HP OpenView Network Node Manager 7.53
HP OpenView Network Node Manager 7.51
HP OpenView Network Node Manager 7.50
HP OpenView Network Node Manager 7.01
用户可参考如下安全公告获得补丁信息:
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01950877

Related

securityvulns 11
nessus 4
checkpoint_advisories 15
prion 10
packetstorm 4
cve 10
zdi 4
d2 3
saint 12
securityvulns
securityvulns
HP OpenView NNM multiple security vulnerabilities
2009-12-10 00:00:00
[security bulletin] HPSBMA02483 SSRT090257 rev.1 - HP OpenView Network Node Manager (OV NNM), Remote Execution of Arbitrary Code
2009-12-10 00:00:00
ZDI-09-097: Hewlett-Packard OpenView NNM nnmRptConfig.exe Template Variable strcat Overflow Vulnerability
2009-12-09 00:00:00
nessus
nessus
HP-UX PHSS_40705 : s700_800 11.11 OV NNM7.01 Intermediate Patch 13
2010-05-10 00:00:00
HP-UX PHSS_40374 : s700_800 11.X OV NNM7.53 PA-RISC Intermediate Patch 25
2009-12-14 00:00:00
HP-UX PHSS_40375 : s700_800 11.X OV NNM7.53 IA-64 Intermediate Patch 25
2009-12-14 00:00:00
checkpoint_advisories
checkpoint_advisories
HP OpenView Network Node Manager Multiple Buffer Overflows (CVE-2009-3846; CVE-2009-4176)
2009-12-30 00:00:00
HP OpenView Network Node Manager CGI Host Header Buffer Overflow (CVE-2009-4177)
2010-01-31 00:00:00
Preemptive Protection against HP OpenView Network Node Manager webappmon.exe CGI Host Header Buffer Overflow
2009-12-23 00:00:00
prion
prion
Buffer overflow
2009-12-10 22:30:00
Heap overflow
2009-12-10 22:30:00
Stack overflow
2009-12-10 22:30:00
packetstorm
packetstorm
HP OpenView NNM OvWebHelp.exe CGI Topic Overflow
2010-03-31 00:00:00
HP OpenView Network Node Manager OvWebHelp.exe CGI Buffer Overflow
2010-04-01 00:00:00
HP OpenView Network Node Manager Snmp.exe CGI Buffer Overflow
2009-12-31 00:00:00
cve
cve
CVE-2009-4178
2009-12-10 22:30:00
CVE-2009-4177
2009-12-10 22:30:00
CVE-2009-4176
2009-12-10 22:30:00
zdi
zdi
Hewlett-Packard OpenView NNM nnmRptConfig.exe Template Variable strcat Overflow Vulnerability
2009-12-09 00:00:00
Hewlett-Packard OpenView NNM Snmp.exe Oid Variable Buffer Overflow Vulnerability
2009-12-09 00:00:00
Hewlett-Packard OpenView NNM Multiple Command Injection Vulnerabilities
2009-12-09 00:00:00
d2
d2
DSquare Exploit Pack: D2SEC_HPNNM3
2009-12-10 22:30:00
DSquare Exploit Pack: D2SEC_HPNNM4
2009-12-10 22:30:00
DSquare Exploit Pack: D2SEC_HPNNM2
2009-12-10 22:30:00
saint
saint
HP OpenView Network Node Manager ovalarm.exe Accept-Language buffer overflow
2009-12-22 00:00:00
HP OpenView Network Node Manager ovalarm.exe Accept-Language buffer overflow
2009-12-22 00:00:00
HP OpenView Network Node Manager nnmRptConfig.exe CGI Template Buffer Overflow
2010-01-09 00:00:00

0.967 High

EPSS

Percentile

99.6%

JSON
Related for SSV:15058
securityvulns11nessus4checkpoint_advisories15prion10packetstorm4cve10zdi4d23saint12