HP OpenView Network Node Manager Multiple Vulnerabilities
Critical Nessus Plugin ID 42879
SynopsisA database service on the remote Windows host is affected by multiple vulnerabilities.
DescriptionThe version of HP OpenView Network Node Manager (NNM) installed on the remote Windows host is affected by multiple vulnerabilities :
- The embedded DB service is affected by a denial of service vulnerability that is triggered when it receives a packet with an error code of less than -1. An unauthenticated, remote attacker can exploit this to crash the service. (CVE-2009-3840)
- An unspecified flaw exists that allows an unauthenticated, remote attacker to execute arbitrary code. No other details are available. (CVE-2010-2710)
This plugin only checks OpenView NNM running on Windows, though other platforms are affected.
SolutionApply the patch referenced in the vendor advisory.