APP: HP OpenView Network Node Manager ovwebsnmpsrv.exe OVwSelection Buffer Overflow
This signature detects attempts to exploit a known buffer overflow vulnerability in HP OpenView Network Node Manager (NNM) program ovwebsnmpsrv.exe. It is due to a boundary error when handling HTTP requests sent to the jovgraph.exe CGI application. A remote unauthenticated attacker can exploit this by sending a crafted HTTP request to a target server, potentially causing arbitrary code to be injected and executed in the security context of the Internet Guest account. The behavior of the target is dependent on the logic of the malicious code.
Extended Description
HP OpenView Network Node Manager (NNM) is prone to a remote stack-based buffer-overflow vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker can exploit this issue to execute arbitrary code with SYSTEM-level privileges. Successful exploits will completely compromise affected computers. Failed exploit attempts will result in a denial-of-service condition. NOTE: This issue was previously covered in BID 37261 (HP OpenView Network Node Manager Multiple Remote Code Execution Vulnerabilities), but has been assigned its own record to better document it.
Affected Products
Hp openview_network_node_manager
Short Name
APP:HPOV:NNM-SNMP-BOF
Severity
Major
Recommended
False
Recommended Action
Drop
Category
APP
Keywords
Buffer CVE-2009-4181 HP Manager Network Node OVwSelection OpenView Overflow bid:37343 ovwebsnmpsrv.exe
Release Date
10/18/2010
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3336
False Positive
Unknown
Vendors
Hp
CVSS Score
10.0