APP: HP OpenView Network Node Manager snmpviewer.exe Host Header Buffer Overflow
This signature detects attempts to exploit a known buffer overflow vulnerability in the HP OpenView Network Node Manager (NNM) CGI program snmpviewer.exe. It is due to a boundary error when processing the Host header from HTTP requests. A remote unauthenticated attacker can exploit this by sending a crafted HTTP request to a target server, potentially causing arbitrary code to be injected and executed in the security context of the Internet Guest account. In a successful attack, the behavior of the target is dependent on the logic of the malicious code.
Extended Description
HP OpenView Network Node Manager is prone to multiple remote vulnerabilities: - Multiple remote command-injection vulnerabilities. - Multiple stack-based buffer-overflow vulnerabilities. - Multiple heap-based buffer-overflow vulnerabilities. - An additional unspecified remote code-execution vulnerability. An attacker can exploit these issues to execute arbitrary code with SYSTEM-level privileges. Successful exploits will completely compromise affected computers. Failed exploit attempts will result in a denial-of-service condition. NOTE: This BID is being retired. The following individual records exist to better document these issues: 37294 HP OpenView Network Node Manager Unspecified Stack Buffer Overflow Vulnerability 37295 HP OpenView Network Node Manager 'ovlogin.exe' Multiple Remote Code Execution Vulnerabilities 37296 HP OpenView Network Node Manager 'nnmRptConfig.exe' Remote Code Execution Vulnerability 37298 HP OpenView Network Node Manager 'nnmRptConfig.exe' 'strcat()' Remote Code Execution Vulnerability 37299 HP OpenView Network Node Manager 'Oid' Parameter Remote Buffer Overflow Vulnerability 37300 HP OpenView Network Node Manager Perl CGI Executables Remote Code Execution Vulnerability 37330 HP OpenView Network Node Manager 'ovsessionmgr.exe' Remote Heap Buffer Overflow Vulnerability 37340 HP OpenView Network Node Manager 'OvWebHelp.exe' Remote Heap Buffer Overflow Vulnerability 37341 HP OpenView Network Node Manager 'webappmon.exe' Remote Buffer Overflow Vulnerability 37343 HP OpenView Network Node Manager 'ovwebsnmpsrv.exe' Remote Stack Buffer Overflow Vulnerability 37345 HP OpenView Network Node Manager Unspecified Remote Code Execution Vulnerability 37347 HP OpenView Network Node Manager 'ovalarm.exe' Remote Buffer Overflow Vulnerability 37348 HP OpenView Network Node Manager 'snmpviewer.exe' Remote Code Execution Vulnerability
Affected Products
Hp openview_network_node_manager
Short Name
APP:HPOV:NNM-SNMP-HOST
Severity
Major
Recommended
False
Recommended Action
Drop
Category
APP
Keywords
Buffer CVE-2009-4177 CVE-2009-4180 HP Header Host Manager Network Node OpenView Overflow bid:37261 bid:37341 snmpviewer.exe
Release Date
10/18/2010
Supported Platforms
srx-branch-19.3
vsrx3bsd-19.2
srx-19.4
vsrx3bsd-19.4
srx-branch-19.4
vsrx-19.4
vsrx-19.2
srx-19.3
srx-branch-12.3
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx-12.3
vmx-19.3
srx-12.3
Sigpack Version
3336
False Positive
Unknown
Vendors
Hp
CVSS Score
10.0