This Metasploit module exploits a stack buffer overflow in HP Network Node Manager I (NNMi). The vulnerability exists in the pmd service, due to the insecure usage of functions like strcpy and strcat while handling stack_option packets with user controlled data. In order to bypass ASLR this module uses a proto_tbl packet to leak an libov pointer from the stack and finally build the rop chain to avoid NX.
ed8dcf6077fc962dee63928b9374f08f765d9613b6097985fa09b44f33f8d338HP Security Bulletin HPSBMU03075 - A potential security vulnerability has been identified with HP Network Node Manager I (NNMi) on Windows and Linux. This vulnerability could be exploited remotely to allow arbitrary code execution. Revision 1 of this advisory.
045e91742bf0a51854d6e5c29dec360e40077d54bb40679404151c3b61dec485
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed