HOME > ADVISORIES


   ADVISORY

CERT-In Advisory CIAD-2009-05
HP OpenView Network Node Manager Multiple Vulnerabilities

Original issue date: February 11, 2009

Severity Rating: High

Systems Affected

  • HP OpenView Network Node Manager (NNM) 7.x

Overview

Multiple vulnerabilities have been reported in HP Open View Network Node Manager. Successful exploitation of these vulnerabilities may compromise a vulnerable system and either executes arbitrary code with the privileges of the affected service or disclose information.

Description

HP OpenView Network Node Manager (NNM) is a product which manages networks. It uses SNMP to talk to network devices, allowing them to be discovered automatically, monitored and controlled. NNM determines and displays physical and logical connectivity in networks, as well as information pertaining to protocols running over the network. It also allows historical data to be collected and viewed/graphed.

1. HP Network Node Manager Multiple Command Injection     Vulnerabilities (CVE-2008-4559)

These command injection vulnerabilities are caused by input validation errors in the "webappmon.exe" and "OpenView5.exe" CGI applications when processing user-supplied arguments while starting external programs which may contain shell meta-characters. This could allow attackers to inject and execute arbitrary shell commands being run on the host.

Successful exploitation of these vulnerabilities results in the execution of arbitrary code with the privileges of the affected service.


Workaround

  • Change the “session.conf” file and set “UserLogin” to ON, in order to run NNM CGI applications with valid credentials.

2. HP Network Node Manager Multiple Information Disclosure     Vulnerabilities (CVE-2008-4560)

Information Disclosure Vulnerabilities have been reported in two CGI applications “nnmRptConfig.exe” and “ovlaunch.exe” which are distributed with HP Network Node Manager.

"nnmRptConfig.exe" discloses the location of log directories when responding to specifically crafted requests and "ovlaunch.exe" returns various configuration details when responding to requests containing a malformed parameter.

3. HP Network Node Manager ovlaunch CGI BSS Overflow     Vulnerability (CVE-2008-4562)

The vulnerability exists within the 'ovlaunch' CGI application by sending a specially crafted request which triggers a buffer overflow in an unchecked function call. The buffer that is overflowed makes it possible to overwrite various pointers that are located after the buffer in memory.

Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code with the privileges of the affected service.

Solution

Apply appropriate Patches as mentioned in the HP Advisory

Vendor Information

HP
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?
objectID=c01661610


References

 iDefense
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=770
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=771
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=772

Secunia
http://secunia.com/advisories/33857/

Security Tracker
http://securitytracker.com/alerts/2009/Feb/1021691.html

VUPEN
http://www.vupen.com/english/advisories/2009/0351

SecurityFocus
http://www.securityfocus.com/bid/33666/
http://www.securityfocus.com/bid/33667
http://www.securityfocus.com/bid/33668

CVE Name
CVE-2008-4559
CVE-2008-4560
CVE-2008-4562

Disclaimer

The information provided herein is on "as is" basis, without warranty of any kind.

Contact Information


Phone: +91-11-24368572

Postal address

Indian Computer Emergency Response Team (CERT-In)
Ministry of Communications and Information Technology
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003