SynopsisThe remote web server contains multiple CGI scripts that allow execution of arbitrary commands.
DescriptionThe remote version of HP OpenView Network Node Manager fails to sanitize user-supplied input to various parameters used in the 'Openview5', 'snmpview', 'ovlogin' scripts before using it.
By sending long parameters, an attacker would be able to produce a stack-based overflow and exploit it to execute code on the remote host with the web server privileges.
Bad permissions on the web server directory allow a full system compromise.
SolutionApply patched referenced in the vendor advisory above.