iDefense Security Advisory 02.06.09 - Remote exploitation of a BSS based buffer overflow vulnerability in Hewlett-Packard Development Co. LP (HP)'s Network Node Manager could allow an attacker to execute arbitrary code with the privileges of the affected service. The vulnerability exists within the 'ovlaunch' CGI application, which is used to launch the remote user interface. iDefense has confirmed the existence of this vulnerability in Network Node Manager version 7.53 for Windows. Previous versions may also be affected. The Linux version of 'ovlaunch' contains the vulnerable code, but it is not triggered. The actual hostname is used instead of the attacker supplied 'Host' parameter.
26dfc28bbbebe64ce9d4722f1ae740edae5d75f638211f1f9d97f2ca4be3afd3