HP OpenView Network Node Manager nnmRptConfig.exe schd_select1 Remote Code Execution
Added: 01/24/2011CVE: CVE-2011-0269
BID: 45762
OSVDB: 70473
Background
HP OpenView Network Node Manager is network availability and performance management software.Problem
A stack buffer overflow vulnerability allows remote attackers to execute arbitrary commands by requesting the nnmRptConfig.exe CGI program with a long, specially crafted schdParams/schd_select1 parameter.Resolution
Apply the appropriate patch.References
http://www.zerodayinitiative.com/advisories/ZDI-11-011/Limitations
Exploit works on HP OpenView Network Node Manager 7.53 with security update KB925902 on Windows Server 2003.On Windows Server 2003, read and execute privileges on the file %windir%\system32\cmd.exe must be granted to the Internet Guest Account IUSR_<computername> for the exploit to work properly. Note that users in the Users and Power Users groups do not have such privileges, but users in the Administrators and TelnetClients groups do.
Platforms
WindowsBack to exploit index