HP OpenView Network Node Manager Multiple Vulnerabilities - May10

Summary
This host is running HP OpenView Network Node Manager and is prone to multiple vulnerabilities.
Impact
Successful exploitation will allow attacker to execute arbitrary code in the context of an application. Impact Level: System/Application
Solution
Upgrade to NNM v7.53 and apply the patch http://support.openview.hp.com/selfsolve/patches http://marc.info/?l=bugtraq&m=127360750704351&w=2 ***** NOTE : Ignore this warning, if above mentioned patch is already applied. *****
Insight
The specific flaw exists, - in ovet_demandpoll.exe process, which allows remote attackers to execute arbitrary code via format string specifiers in the sel parameter. - when _OVParseLLA function defined within ov.dll is called from netmon.exe (Network Monitor) daemon, which directly copies the value of the 'sel' POST variable into a fixed-length without validating the length causing stack buffer overflow. - within the snmpviewer.exe CGI. The doLoad function in this process calls sprintf() with a %s format specifier without sanitizing the user supplied data from POST variables (act and app) causing stack-based buffer overflow. - within the getnnmdata.exe CGI. If this CGI is requested with an invalid MaxAge parameter or invalid iCount POST parameter a sprintf() call is made without validating the length before coping in to a fixed-length stack buffer causing stack-based buffer overflow.
Affected
HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53
References