Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-1842

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2008-1842
Last Modified 11 Oct 2011 12:00:00
Published 16 Apr 2008 01:05:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-1842

Summary

Integer signedness error in ovspmd.exe in HP OpenView Network Node Manager (OV NNM) 8.01, and 7.53 and earlier, allows remote attackers to cause a denial of service (daemon crash) or execute arbitrary code via a long request to TCP port 8886 that begins with a certain negative integer, which passes a signed comparison and triggers a heap-based buffer overflow.

Vulnerable Systems

Application

  • Hp Openview Network Node Manager 4.11

  • Hp Openview Network Node Manager 5.0.1

  • Hp Openview Network Node Manager 5.01

  • Hp Openview Network Node Manager 6.0.1

  • Hp Openview Network Node Manager 6.1

  • Hp Openview Network Node Manager 6.10

  • Hp Openview Network Node Manager 6.2

  • Hp Openview Network Node Manager 6.20

  • Hp Openview Network Node Manager 6.31

  • Hp Openview Network Node Manager 6.4

  • Hp Openview Network Node Manager 6.41

  • Hp Openview Network Node Manager 7.0.1

  • Hp Openview Network Node Manager 7.01

  • Hp Openview Network Node Manager 7.50

  • Hp Openview Network Node Manager 7.51

  • Hp Openview Network Node Manager 7.53

  • Hp Openview Network Node Manager 8.01


References

XF - hp-nnm-ovspmd-bo(41737)

VUPEN - ADV-2008-1159

BID - 28689

HP - HPSBMA02338

SECTRACK - 1019821

SECUNIA - 29713

HP - SSRT080041

MISC - http://aluigi.org/poc/closedview.zip

MISC - http://aluigi.altervista.org/adv/closedview-adv.txt

HP - SSRT080024

HP - HPSBMA02340


Last Updated: 27 May 2016 10:47:28