Title: HP Openview Network Node Manager Alarm Service Buffer Overrun Vulnerability
Severity: HIGH
Description:
Quoted from Delphis Security Advisory DST2K0012:
By using the Alarm service which is shipped and installed by default with HP openview network node manager it is possible to cause a Buffer overrun in OVALARMSRV overwriting the EIP allowing the execution of arbitry code. This is done be connecting to post 2345 which the port resides on by default and sending a large string. The string has to be a length of 4064 + EIP (4 bytes) making a total of 4068 bytes.
Affected Products:
- HP OpenView Network Node Manager 6.10.0
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
