HP OpenView Network Node Manager OvOSLocale cookie buffer overflow

Added: 03/26/2009
CVE: CVE-2009-0920

Background

HP OpenView Network Node Manager is network availability and performance management software.

Problem

A buffer overflow vulnerability allows remote attackers to execute arbitrary commands by sending a long, specially crafted OvOSLocale cookie in an HTTP request for Toolbar.exe.

Resolution

Apply one of the patches referenced in HPSBMA02416 SSRT090008.

References

http://www.securityfocus.com/archive/1/502054

Limitations

Exploit works on HP OpenView Network Node Manager 7.53.

On Windows Server 2003, Read and Execute privileges on the file '%windir%\system32\cmd.exe' must be granted to the Internet Guest Account (IUSR_<computername>) in order for the exploit to succeed. The 'Users' and 'Power Users' groups don't have such privileges, but the 'Administrators' and 'TelnetClients' groups can execute 'cmd.exe'.

The patch KB933729 must be applied on Windows Server 2003 in order to bypass DEP protection.

Platforms

Windows 2000
Windows Server 2003

Back to exploit index