CERT-In Advisory CIAD-2010-42
HP OpenView Network Node Manager Buffer Overflow Vulnerabilities

Original issue date: June 21, 2010

Severity Rating: High

Systems Affected

• HP OpenView Network Node Manager (OV NNM) version 7.51 (HP-UX, Linux, Solaris, and Windows)
• HP OpenView Network Node Manager (OV NNM) version 7.53 (HP-UX, Linux, Solaris, and Windows)

Overview

Multiple vulnerabilities have been reported in HP OpenView Network Node Manager, which could be exploited remotely to execute arbitrary code under the context of the user running the web server.

Description

1. 'ovwebsnmpsrv.exe' process Bad Option Remote Code     Execution Vulnerability ( CVE-2010-1960 )

This vulnerability is caused by a buffer overflow error within the "ovwebsnmpsrv.exe" process which can be invoked remotely through the "jovgraph.exe" CGI program; while processing unrecognized options. Authentication is not required to exploit this vulnerability.

A remote, unauthentic attacker could exploit this vulnerability by supplying an overly large unrecognized option through an HTTP request to execute arbitrary code under the context of the user running the web server.

2. 'getProxiedStorageAddress' Remote Code Execution     Vulnerability ( CVE-2010-1961 )

This vulnerability is caused by a buffer overflow error within the "ovutil.dll" module loaded by the "ovwebsnmpsrv.exe" process (invoked via the "jovgraph.exe" CGI application) when processing malformed parameters. Authentication is not required to exploit this vulnerability.

A remote, unauthentic attacker could exploit this vulnerability by supplying an overly large values to variables passed through an HTTP request to execute arbitrary code under the context of the user running the web server.

3. 'ovwebsnmpsrv.exe' process Command Line Argument     Remote Code Execution Vulnerability ( CVE-2010-1964 )

This vulnerability is caused by a buffer overflow error within the "ovwebsnmpsrv.exe" process (invoked via the "jovgraph.exe" CGI application) when processing erroneous values. Authentication is not required to exploit this vulnerability.

A remote, unauthentic attacker could exploit this vulnerability by supplying an overly large values to variables passed through an HTTP request to execute arbitrary code under the context of the user running the web server.

Solution

Apply appropriate patches as mentioned in HP Support Document

Vendor Information

HP
http://h20000.www2.hp.com/bizsupport/TechSupport/
Document.jsp?objectID=c02217439

References

VUPEN
http://www.vupen.com/english/advisories/2010/1410

Zero Day Initiative
http://www.zerodayinitiative.com/advisories/ZDI-10-108/
http://www.zerodayinitiative.com/advisories/ZDI-10-106/
http://www.zerodayinitiative.com/advisories/ZDI-10-105/

Secunia
http://secunia.com/advisories/40101

SecurityTracker
http://securitytracker.com/alerts/2010/Jun/1024071.html

SecurityFocus
http://www.securityfocus.com/bid/40637
http://www.securityfocus.com/bid/40638
http://www.securityfocus.com/bid/40873

Disclaimer

The information provided herein is on "as is" basis, without warranty of any kind.

Contact Information

Phone: +91-11-24368572

Postal address

Indian Computer Emergency Response Team (CERT-In)
Ministry of Communications and Information Technology
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003