1. Symantec/
  2. Security Response/
  3. Attack Signatures/
  4. Attack: HP OpenView NetWork Node Manager CVE-2011-0268

Attack: HP OpenView NetWork Node Manager CVE-2011-0268

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Description

This signature detect attemp to exploit multiple remote code execution in HP OpenView Network Nod Manager.

Additional Information

HP OpenView Network Node Manager (NNM) is a fault-management application for IP networks.

OpenView NNM is prone to multiple remote vulnerabilities:

1. A remote code-execution vulnerability affects 'jovgraph.exe', a Java-based grapher. The problem occurs when processing malformed 'displayWidth' options. (CVE-2011-0261)

2. A remote code-execution vulnerability affects the 'ovutil.dll' module when handling overly large values passed through an HTTP request. (CVE-2011-0262)

3. A remote code-execution vulnerability affects the 'ovas.exe' component when handling user-supplied 'Source Node' or 'Destination Node' POST variables. (CVE-2011-0263)

4. A remote code-execution vulnerability affects the 'ovutil.dll' component when handling a malformed cookie variable passed through a GET request. (CVE-2011-0264)

5. A remote code-execution vulnerability affects the 'nnmRptConfig.exe' module when handling an oversized 'data_select1' parameter passed through a POST request. (CVE-2011-0265)

6. A remote code-execution vulnerability affects the 'nnmRptConfig.exe' module when handling an oversized 'nameParams' parameter passed through a POST request. (CVE-2011-0266)

7. A remote code-execution vulnerability affects the 'nnmRptConfig.exe' module when handling oversized 'schdParams' or 'nameParams' parameters passed through a POST request. (CVE-2011-0267)

8. A remote code-execution vulnerability affects the 'nnmRptConfig.exe' module when handling an oversized 'text1' parameter passed through a POST request. (CVE-2011-0268)

9. A remote code-execution vulnerability affects the 'nnmRptConfig.exe' module when handling an oversized 'schd_select1' parameter passed through a POST request. (CVE-2011-0269)

10. A remote code-execution vulnerability affects the 'nnmRptConfig.exe' module because a user-supplied template name is used as a format specifier. (CVE-2011-0270)

11. A remote command-injection vulnerability occurs due to a failure to sanitize an unspecified parameter to the CGI scripts in the NNM Server. An attacker can exploit this issue to inject arbitrary commands and execute them with the privileges of the affected application. (CVE-2011-0271)

Successful exploits may allow an attacker to execute arbitrary code with the privileges of the user running the application's webserver. Failed exploit attempts will likely result in denial-of-service conditions.

OpenView Network Node Manager 7.51 and 7.53 are vulnerable.

Affected

  • OpenView Network Node Manager 7.51 and 7.53 are vulnerable.
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube