Vulnerabilities > CVE-2009-1420 - Stack Buffer Overflow vulnerability in HP OpenView Network Node Manager 'rping'
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
Stack-based buffer overflow in rping in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53, when used with SNMP (aka HPOvNNM.HPOVSNMP) before 1.30.009 and MIB (aka HPOvNNM.HPOVMIB) before 1.30.009, allows remote attackers to execute arbitrary code or cause a denial of service via unknown vectors.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 10 |
Seebug
| bulletinFamily | exploit |
| description | BUGTRAQ ID: 35267 CVE(CAN) ID: CVE-2009-1420 HP OpenView网络节点管理器(OV NNM)是HP公司开发和维护的网络管理系统软件,具有强大的网络节点管理功能。 对于运行SNMP和MIB的OV NNM,远程攻击者可以通过向rping提交恶意请求触发栈溢出,导致执行任意代码。 HP OpenView Network Node Manager 7.53 HP OpenView Network Node Manager 7.51 临时解决方法: * 更改session.conf文件,将UserLogin设置为ON,以要求提供有效的凭据。 厂商补丁: HP -- HP已经为此发布了一个安全公告(HPSBMA02430)以及相应补丁: HPSBMA02430:SSRT080094 rev.1 - HP OpenView Network Node Manager (OV NNM) Running SNMP and MIB, Remote Execution of Arbitrary Code, Denial of Service (DoS) 链接:http://alerts.hp.com/r?2.1.3KT.2ZR.zWmfi.DKo6ig..T.Hyc%5f.1umu.bW89MQ%5f%5fDXcUFWa0 |
| id | SSV:11736 |
| last seen | 2017-11-19 |
| modified | 2009-07-02 |
| published | 2009-07-02 |
| reporter | Root |
| title | HP OpenView网络节点管理器rping栈溢出漏洞 |