Juniper Networks
Solutions
Products & Services
Company
Partners
Support
Education

Signature Detail

Security Intelligence Center
Signatures
Print

This site is deprecated. Please CLICK HERE for latest updates

Short Name

 APP:HPOV:NNM-SNMP-HOST

Severity

 Major

Recommended

 No

Recommended Action

 Drop

Category

 APP

Keywords

 HP OpenView Network Node Manager snmpviewer.exe Host Header Buffer Overflow

Release Date

 2010/10/18

Update Number

 1794

Supported Platforms

 idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+

APP: HP OpenView Network Node Manager snmpviewer.exe Host Header Buffer Overflow


This signature detects attempts to exploit a known buffer overflow vulnerability in the HP OpenView Network Node Manager (NNM) CGI program snmpviewer.exe. It is due to a boundary error when processing the Host header from HTTP requests. A remote unauthenticated attacker can exploit this by sending a crafted HTTP request to a target server, potentially causing arbitrary code to be injected and executed in the security context of the Internet Guest account. In a successful attack, the behavior of the target is dependent on the logic of the malicious code.

Extended Description

HP OpenView Network Node Manager is prone to multiple remote vulnerabilities: - Multiple remote command-injection vulnerabilities. - Multiple stack-based buffer-overflow vulnerabilities. - Multiple heap-based buffer-overflow vulnerabilities. - An additional unspecified remote code-execution vulnerability. An attacker can exploit these issues to execute arbitrary code with SYSTEM-level privileges. Successful exploits will completely compromise affected computers. Failed exploit attempts will result in a denial-of-service condition. NOTE: This BID is being retired. The following individual records exist to better document these issues: 37294 HP OpenView Network Node Manager Unspecified Stack Buffer Overflow Vulnerability 37295 HP OpenView Network Node Manager 'ovlogin.exe' Multiple Remote Code Execution Vulnerabilities 37296 HP OpenView Network Node Manager 'nnmRptConfig.exe' Remote Code Execution Vulnerability 37298 HP OpenView Network Node Manager 'nnmRptConfig.exe' 'strcat()' Remote Code Execution Vulnerability 37299 HP OpenView Network Node Manager 'Oid' Parameter Remote Buffer Overflow Vulnerability 37300 HP OpenView Network Node Manager Perl CGI Executables Remote Code Execution Vulnerability 37330 HP OpenView Network Node Manager 'ovsessionmgr.exe' Remote Heap Buffer Overflow Vulnerability 37340 HP OpenView Network Node Manager 'OvWebHelp.exe' Remote Heap Buffer Overflow Vulnerability 37341 HP OpenView Network Node Manager 'webappmon.exe' Remote Buffer Overflow Vulnerability 37343 HP OpenView Network Node Manager 'ovwebsnmpsrv.exe' Remote Stack Buffer Overflow Vulnerability 37345 HP OpenView Network Node Manager Unspecified Remote Code Execution Vulnerability 37347 HP OpenView Network Node Manager 'ovalarm.exe' Remote Buffer Overflow Vulnerability 37348 HP OpenView Network Node Manager 'snmpviewer.exe' Remote Code Execution Vulnerability

Affected Products

  • Hp openview_network_node_manager 7.01
  • Hp openview_network_node_manager 7.50
  • Hp openview_network_node_manager 7.50.0
  • Hp openview_network_node_manager 7.50.0 HP-UX 11.X
  • Hp openview_network_node_manager 7.50.0 Linux
  • Hp openview_network_node_manager 7.50.0 Solaris
  • Hp openview_network_node_manager 7.50.0 Windows 2000/XP
  • Hp openview_network_node_manager 7.51
  • Hp openview_network_node_manager 7.53

References

  • BugTraq: 37261
  • BugTraq: 37341
  • CVE: CVE-2009-4177
  • CVE: CVE-2009-4180

Site Map
RSS Feeds
Careers
Accessibility
Feedback
Privacy Policy
Legal Notices
Copyright © 1999-2010 Juniper Networks, Inc. All rights reserved.
Help
|
My Account
|
Log Out