Vulnerabilities > CVE-2011-3167 - Unspecified vulnerability in HP Openview Network Node Manager 7.51/7.53
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
Unspecified vulnerability in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1210.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 2 |
Exploit-Db
description | HP OpenView Network Node Manager ov.dll _OVBuildPath Buffer Overflow. CVE-2011-3167. Remote exploit for windows platform |
id | EDB-ID:18388 |
last seen | 2016-02-02 |
modified | 2012-01-20 |
published | 2012-01-20 |
reporter | metasploit |
source | https://www.exploit-db.com/download/18388/ |
title | HP OpenView Network Node Manager ov.dll _OVBuildPath Buffer Overflow |
Metasploit
description | This module exploits a stack buffer overflow in HP OpenView Network Node Manager 7.53 prior to NNM_01213 without the SSRT100649 hotfix. By specifying a long 'textFile' argument when calling the 'webappmon.exe' CGI program, an attacker can cause a stack-based buffer overflow and execute arbitrary code. The vulnerable code is within the "_OVBuildPath" function within "ov.dll". There are no stack cookies, so exploitation is achieved by overwriting the saved return address. The vulnerability is due to the use of the function "_OVConcatPath" which finally uses "strcat" in an insecure way. User controlled data is concatenated to a string which contains the OpenView installation path. To achieve reliable exploitation a directory traversal in OpenView5.exe (OSVDB 44359) is being used to retrieve OpenView logs and disclose the installation path. If the installation path cannot be guessed the default installation path is used. |
id | MSF:EXPLOIT/WINDOWS/HTTP/HP_NNM_OVBUILDPATH_TEXTFILE |
last seen | 2020-06-01 |
modified | 2019-08-02 |
published | 2012-01-18 |
references | |
reporter | Rapid7 |
source | https://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/windows/http/hp_nnm_ovbuildpath_textfile.rb |
title | HP OpenView Network Node Manager ov.dll _OVBuildPath Buffer Overflow |
Nessus
NASL family | Gain a shell remotely |
NASL id | HP_NNM_MULTIPLE_CODE_EXECUTION.NASL |
description | The installed version of HP Network Node Manager is affected by the following vulnerabilities : - A remote code execution vulnerability exists because the |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 58516 |
published | 2012-03-28 |
reporter | This script is Copyright (C) 2012-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/58516 |
title | HP OpenView Network Node Manager Multiple Code Execution Vulnerabilities (HPSBMU02712 SSRT100649) |
code |
|
Packetstorm
data source | https://packetstormsecurity.com/files/download/108874/hp_nnm_ovbuildpath_textfile.rb.txt |
id | PACKETSTORM:108874 |
last seen | 2016-12-05 |
published | 2012-01-20 |
reporter | sinn3r |
source | https://packetstormsecurity.com/files/108874/HP-OpenView-Network-Node-Manager-ov.dll-_OVBuildPath-Buffer-Overflow.html |
title | HP OpenView Network Node Manager ov.dll _OVBuildPath Buffer Overflow |
Saint
bid | 50471 |
description | HP OpenView Network Node Manager OVBuildPath Overflow |
id | net_ovnodemgrver |
osvdb | 76775 |
title | openview_nnm_ovbuildpath |
type | remote |