1. Symantec/
  2. Security Response/
  3. Attack Signatures/
  4. Web Attack: HP OpenView NNM Request BO1

Web Attack: HP OpenView NNM Request BO1

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Description

This signature detects a a remote stack-based buffer-overflow vulnerability in the HP OpenView Network Node Manager (NNM).

Additional Information

HP OpenView Network Node Manager (NNM) is a fault-management application for IP networks.

NNM is prone to a remote stack-based buffer-overflow vulnerability in the 'ovalarm.exe' CGI process. This issue occurs because the 'Accept-Language' HTTP header is copied into a fixed-length stack buffer when the 'OVABverbose' POST variable is set. By providing a specially crafted input string, an attacker can exploit this issue to corrupt memory and execute arbitrary code with SYSTEM-level privileges.

Successful exploits will completely compromise affected computers. Failed exploit attempts will result in a denial-of-service condition.

NOTE: This issue was previously covered in BID 37261 (HP OpenView Network Node Manager Multiple Remote Code Execution Vulnerabilities), but has been assigned its own record to better document it.

Affected

  • HP OpenView Network Node Manager

Response

Updates are available. Please see the references for details.
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube