CVE-2007-6204high
New! CVE Severity Now Using CVSS v3
The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.
Description
Multiple stack-based buffer overflows in HP OpenView Network Node Manager (OV NNM) 6.41, 7.01, and 7.51 allow remote attackers to execute arbitrary code via unspecified long arguments to (1) ovlogin.exe, (2) OpenView5.exe, (3) snmpviewer.exe, and (4) webappmon.exe, as demonstrated via a long Action parameter to OpenView5.exe.
References
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01188923
http://secunia.com/advisories/27964
http://securityreason.com/securityalert/3441
http://www.securityfocus.com/archive/1/484704/100/0/threaded
http://www.securityfocus.com/bid/26741
http://www.securitytracker.com/id?1019055
http://www.vupen.com/english/advisories/2007/4111
http://www.zerodayinitiative.com/advisories/ZDI-07-071.html
Vulnerable Software
Configuration 1
OR
cpe:2.3:a:hp:openview_network_node_manager:6.41:*:*:*:*:*:*:*
cpe:2.3:a:hp:openview_network_node_manager:7.0.1:*:*:*:*:*:*:*
cpe:2.3:a:hp:openview_network_node_manager:7.51:*:*:*:*:*:*:*
Tenable Plugins
| ID | Name | Product | Family | Severity |
|---|---|---|---|---|
| 29249 | HP OpenView Network Node Manager Multiple CGI Remote Overflows | Nessus | CGI abuses | high |
| 29200 | HP-UX PHSS_37141 : s700_800 11.X OV NNM6.4x/ET2.0x Intermediate Patch 17 | Nessus | HP-UX Local Security Checks | critical |
| 26898 | HP-UX PHSS_36902 : s700_800 11.X OV NNM7.51 IA-64 Intermediate Patch 17 | Nessus | HP-UX Local Security Checks | critical |
| 26897 | HP-UX PHSS_36901 : s700_800 11.X OV NNM7.51 PA-RISC Intermediate Patch 17 | Nessus | HP-UX Local Security Checks | critical |
| 26896 | HP-UX PHSS_36773 : s700_800 11.X OV NNM7.01 Intermediate Patch 11 | Nessus | HP-UX Local Security Checks | critical |