CVE-2009-4181

Related Files

HP Security Bulletin HPSBMA02483 SSRT090257

Posted Dec 10, 2009

Authored by Hewlett Packard | Site hp.com

HP Security Bulletin - Potential security vulnerabilities have been identified with HP OpenView Network Node Manager (OV NNM). These vulnerabilities could be exploited remotely to execute arbitrary code.

tags | advisory, arbitrary, vulnerability

advisories | CVE-2009-0898, CVE-2009-3845, CVE-2009-3846, CVE-2009-3847, CVE-2009-3848, CVE-2009-3849, CVE-2009-4176, CVE-2009-4177, CVE-2009-4178, CVE-2009-4179, CVE-2009-4180, CVE-2009-4181

SHA-256 | 4b95345dd39e85718053b8c02acbf3b6063a33c0f0367ad4bf7808042a164723

Download | Favorite | View

HP OpenView NNM ovwebsnmpsrv.exe OVwSelection Stack Overflow

Posted Dec 10, 2009

Authored by Aaron Portnoy | Site tippingpoint.com

A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett-Packard OpenView Network Node Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ovwebsnmpsrv.exe application which is launched when a request is received for the jovgraph.exe CGI application. This process copies the contents of the 'sel' POST variable a user-controllable amount of times into a static stack buffer. By repeating a specific string as the contents of the 'arg' POST variable this buffer can be overflowed leading to arbitrary code execution.

tags | advisory, remote, overflow, arbitrary, cgi, code execution

advisories | CVE-2009-4181

SHA-256 | 28ad9e9af0c800bc5f8a1ddce5cb1893870ca2cd7788f4e97910230fc8ae3a63

Download | Favorite | View