Home    |    View Topics    |    Search    |    Contact Us    |   



Category:   Application (Generic)  >   HPE OpenView Network Node Manager Vendors:   HPE
HP OpenView Network Node Manager Buffer Overflow in OVAS.EXE Lets Remote Users Execute Arbitrary Code
SecurityTracker Alert ID:  1019782
SecurityTracker URL:
CVE Reference:   CVE-2008-1697   (Links to External Site)
Updated:  May 11 2009
Original Entry Date:  Apr 3 2008
Impact:   Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  Exploit Included:  Yes  
Version(s): 7.01, 7.51, 7.53
Description:   A vulnerability was reported in OpenView. A remote user can execute arbitrary code on the target system.

A remote user can send specially crafted data to TCP port 7510 trigger a buffer overflow in 'OVAS.exe' and execute arbitrary code on the target system. The code will run with the privileges of the target service.

Mati Aharoni of reported this vulnerability.

The original advisory and demonstration exploit is available at:

Impact:   A remote user can execute arbitrary code on the target system.
Solution:   The vendor has issued the following fixes.

OV NNM v7.53

HP-UX (IA) PHSS_38489 or subsequent
HP-UX (PA) PHSS_38488 or subsequent
Linux RedHatAS2.1 LXOV_00087 or subsequent
Linux RedHat4AS-x86_64 LXOV_00088 or subsequent
Solaris PSOV_03515 or subsequent
Windows NNM_01193 or subsequent

For HP-UX OV NNM 7.51, upgrade to 7.53 and apply patch.

For HP-UX OV NNM 7.01:

HP-UX (PA) PHSS_36773 or subsequent
Solaris PSOV_03480 or subsequent
Windows NNM_01159 or subsequent

The vendor's advisory is available at:

Vendor URL: (Links to External Site)
Cause:   Boundary error
Underlying OS:  Linux (Red Hat Enterprise), UNIX (HP/UX), UNIX (Solaris - SunOS), Windows (Any)
Underlying OS Comments:  Tested on Windows 2003 SP1

Message History:   None.

 Source Message Contents

[Original Message Not Available for Viewing]

Go to the Top of This SecurityTracker Archive Page

Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, LLC