HP OpenView Network Node Manager ovwebsnmpsrv.exe buffer overflow via jovgraph.exe

Added: 06/23/2010
CVE: CVE-2009-4181
BID: 37261
OSVDB: 60932

Background

HP OpenView Network Node Manager is network availability and performance management software.

Problem

A buffer overflow vulnerability in ovwebsnmpsrv.exe allows remote attackers to execute arbitrary commands by sending specially crafted sel and arg parameters to the jovgraph.exe CGI program.

Resolution

Apply the fix referenced in HPSBMA02483 SSRT090257.

References

http://archives.neohapsis.com/archives/bugtraq/2009-12/0166.html

Limitations

Exploit works on HP OpenView Network Node Manager 7.53 with the patch NNM_01200.

Platforms

Windows

Back to exploit index