HP OpenView Network Node Manager OVBuildPath Overflow

Added: 02/20/2012
CVE: CVE-2011-3167
BID: 50471
OSVDB: 76775

Background

HP OpenView Network Node Manager (NNM) is a network monitoring solution based on SNMP.

Problem

User supplied data from the NNM web interface is passed to the OVBuildPath function in ov.dll. This function contains a stack overflow vulnerability that may allow an unauthenticated attacker to take control of the server.

Resolution

No patches are available at this time. Restrict access to the web interface of the NNM server.

References

http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03054052
http://www.zerodayinitiative.com/advisories/ZDI-12-002/
http://www.zerodayinitiative.com/advisories/ZDI-12-003/

Limitations

This exploit has been tested against HP OpenView Network Node Manager 7.53 on Windows Server 2003 SP2 English (DEP OptOut) with KB956802 and KB2393802.

Platforms

Windows

Back to exploit index