HP OpenView Network Node Manager getnnmdata.exe CGI MaxAge buffer overflow
Added: 05/21/2010CVE: CVE-2010-1553
BID: 40070
OSVDB: 64976
Background
HP OpenView Network Node Manager is network availability and performance management software.Problem
A buffer overflow vulnerability in Network Node Manager allows remote attackers to execute arbitrary commands by sending a request for the getnnmdata.exe CGI program with a specially crafted MaxAge parameter.Resolution
Apply the fix referenced in HPSBMA02527 SSRT010098.References
http://www.zerodayinitiative.com/advisories/ZDI-10-084/Limitations
Exploit works on HP OpenView Network Node Manager 7.53.On Windows Server 2003, Read and Execute privileges on the file '%windir%\system32\cmd.exe' must be granted to the Internet Guest Account "IUSR_<computername>" for the exploit to work properly.
Platforms
WindowsBack to exploit index