Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-2438

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2008-2438
Last Modified 09 Sep 2009 12:00:00
Published 28 Apr 2009 12:30:03
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-2438

Summary

Integer overflow in ovalarmsrv.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via a crafted command to TCP port 2954, which triggers a heap-based buffer overflow.

Vulnerable Systems

Application

  • Hp Openview Network Node Manager 7.01

  • Hp Openview Network Node Manager 7.51

  • Hp Openview Network Node Manager 7.53


References

BID - 34738

VUPEN - ADV-2009-1187

BUGTRAQ - 20090428 Secunia Research: HP OpenView Network Node Manager "ovalarmsrv" Integer Overflow

HP - SSRT080125

MISC - http://secunia.com/secunia_research/2008-38/

OSVDB - 54107

HP - HPSBMA02424


Last Updated: 27 May 2016 10:49:54