Users of ZDI-10-137 please be advised of a Remote Code Execution Vulnerability that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)
Amplify’d from www.criticalwatch.com
ZDI-10-137: ZDI-10-137: Hewlett-Packard OpenView NNM webappmon.exe execvp_nc Remote Code Execution Vulnerability
ZDI-10-137
Vulnerability Details:
This vulnerability allows remote attackers to execute arbitrary code on
vulnerable installations of Hewlett-Packard OpenView Network Node
Manager. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the ov.dll module which is loaded by the
webappmon.exe CGI program. This DLL defines a function execvp_nc which
unsafely concatenates a controllable command string into a statically
allocated stack buffer. By supplying overly large values to variables
passed through an HTTP request
a strcat_new can be made to overflow this buffer. An attacker can
leverage this to execute arbitrary code under the context of the user
running the webserver.
-- Vendor Response:
Hewlett-Packard states:
http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02286088
Account Required for access.
-- Disclosure Timeline:
2010-02-02 - Vulnerability reported to vendor
2010-07-21 - Coordinated public release of advisory
Read more at www.criticalwatch.com
See this Amp at http://bit.ly/aRZGiO
No comments:
Post a Comment