1. Symantec/
  2. Security Response/
  3. Attack Signatures/
  4. Web Attack: HP OpenView NNM BO

Web Attack: HP OpenView NNM BO

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Description

This Signature detect attempts to exploit a buffer overflow vulnerability in HP OpenView Network Node Manager.

Additional Information

HP OpenView Network Node Manager (NNM) is a fault-management application for IP networks.

NNM is prone to a remote stack-based buffer-overflow vulnerability affecting the 'snmpviewer.exe' CGI application. Specifically, the 'doLoad()' function passes data from the 'act' and 'app' POST parameters to the 'snprintf()' function in an unsafe manner. Attackers can exploit this issue by supplying excessive data to the affected parameters.

An attacker can exploit this issue to execute arbitrary code with SYSTEM-level privileges. Successful exploits will completely compromise affected computers. Failed exploit attempts will result in a denial-of-service condition.

Affected

  • Various.

Response

Updates are available. Please see the references for details.
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube