CVE-2010-2709

Related Files

HP NNM CGI webappmon.exe OvJavaLocale Buffer Overflow

Posted Mar 23, 2011

Authored by Nahuel Riva, sinn3r | Site metasploit.com

This Metasploit module exploits a stack-based overflow in HP NNM's webappmon.exe. The vulnerability occurs when a long string of data is sent as OvJavaLocale's cookie value, OvWww.dll fails to properly do any bounds checking before this input is parsed in function OvWwwDebug(), which causes an overflow when sprintf_new() is called.

tags | exploit, overflow

advisories | CVE-2010-2709, OSVDB-66932

SHA-256 | ec5c964f51636ce7ba31b28775d66861ded19652e6b8966cbb73d25ac422b9da

Download | Favorite | View

Core Security Technologies Advisory 2010.0608

Posted Aug 5, 2010

Authored by Core Security Technologies | Site coresecurity.com

Core Security Technologies Advisory - There is a buffer overflow vulnerability in the webappmon.exe CGI application included with HP OpenView NNM. This bug can be exploited by sending a cookie header with a maliciously crafted 'OvJavaLocale' value. Code execution is likely achievable in a reliable way.

tags | exploit, overflow, cgi, code execution

advisories | CVE-2010-2709

SHA-256 | 48e7d6969af75120e25212535b0e4de84aa95958a93d04dd51c78c5ec17eb64f

Download | Favorite | View

HP Security Bulletin HPSBMA02563 SSRT100165

Posted Aug 3, 2010

Authored by Hewlett Packard | Site hp.com

HP Security Bulletin - A potential security vulnerability has been identified with HP OpenView Network Node Manager (OV NNM). The vulnerability could be exploited remotely to execute arbitrary code under the context of the user running the web server.

tags | advisory, web, arbitrary

advisories | CVE-2010-2709

SHA-256 | bc287d97a9bfa180171e916bd3e2792b459885e7615497ab4f8b65e777854e22

Download | Favorite | View