This Metasploit module exploits a stack overflow in HP OpenView Network Node Manager 7.53. By sending a specially crafted CGI request to ovalarm.exe, an attacker can execute arbitrary code. This specific vulnerability is due to a call to "sprintf_new" in the "isWide" function within "ovalarm.exe". A stack buffer overflow occurs when processing an HTTP request that contains the following. 1. An "Accept-Language" header longer than 100 bytes 2. An "OVABverbose" URI variable set to "on", "true" or "1" The vulnerability is related to "_WebSession::GetWebLocale()" .. NOTE: This exploit has been tested successfully with a reverse_ord_tcp payload.
e54d42cfbc8bbc738ef568c5e491af71d30811bb7fa5db456ba682b823955033HP Security Bulletin - Potential security vulnerabilities have been identified with HP OpenView Network Node Manager (OV NNM). These vulnerabilities could be exploited remotely to execute arbitrary code.
4b95345dd39e85718053b8c02acbf3b6063a33c0f0367ad4bf7808042a164723A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett-Packard OpenView Network Node Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ovalarm.exe CGI application. If the OVABverbose POST variable is set, this process takes the value of the Accept-Language HTTP header and copies it without any length checks into a 0x100 byte stack buffer. By providing a large enough string this buffer can be overrun leading to arbitrary code execution.
7d20c5ff25eafe4a0d9a9a4b4d08d40f2a49c728269fcfbe907eac2b47d120d1
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed