This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.
This signature detects a a remote stack-based buffer-overflow vulnerability in the HP OpenView Network Node Manager (NNM).
HP OpenView Network Node Manager (NNM) is a fault-management application for IP networks.
NNM is prone to a remote stack-based buffer-overflow vulnerability in the 'ovalarm.exe' CGI process. This issue occurs because the 'Accept-Language' HTTP header is copied into a fixed-length stack buffer when the 'OVABverbose' POST variable is set. By providing a specially crafted input string, an attacker can exploit this issue to corrupt memory and execute arbitrary code with SYSTEM-level privileges.
Successful exploits will completely compromise affected computers. Failed exploit attempts will result in a denial-of-service condition.
NOTE: This issue was previously covered in BID 37261 (HP OpenView Network Node Manager Multiple Remote Code Execution Vulnerabilities), but has been assigned its own record to better document it.
- HP OpenView Network Node Manager
Updates are available. Please see the references for details.