HP OpenView Network Node Manager ovlogin.exe buffer overflow

Added: 12/24/2007
CVE: CVE-2007-6204
BID: 26741
OSVDB: 39529

Background

HP OpenView Network Node Manager is network availability and performance management software.

Problem

A buffer overflow in the Network Node Manager web interface allows remote attackers to execute arbitrary commands by sending a long, specially crafted argument to the ovlogin.exe CGI program.

Resolution

Apply one of the patches referenced in HPSBMA02281 SSRT061261.

References

http://www.zerodayinitiative.com/advisories/ZDI-07-071.html

Limitations

Exploit works on HP OpenView Network Node Manager 6.41 on Windows 2000.

Platforms

Windows

Back to exploit index