1. Symantec/
  2. Security Response/
  3. Attack Signatures/
  4. Web Attack: HP OpenView NNM Hostname CVE-2010-1555

Web Attack: HP OpenView NNM Hostname CVE-2010-1555

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Description

This Signature will detect attempts to exploit a buffer overflow vulnerability in HP OpenView Network Node Manager.

Additional Information

HP OpenView Network Node Manager (NNM) is a fault-management application for IP networks.

NNM is prone to a remote code-execution vulnerability when handling an invalid 'Hostname' parameter. Specifically, the 'getnnmdata.exe' CGI fails to perform a proper length check before copying to a stack buffer.

An attacker can exploit this issue to execute arbitrary code with SYSTEM-level privileges. Successful exploits will completely compromise affected computers. Failed exploit attempts will result in a denial-of-service condition.

Affected

  • Various.

Response

Updates are available. Please see the references for details.
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube