HP OpenView Network Node Manager Multiple Code Execution Vulnerabilities (HPSBMU02712 SSRT100649)
Critical Nessus Plugin ID 58516
SynopsisThe version of HP Network Node Manager running on the remote host is affected by multiple code execution vulnerabilities.
DescriptionThe installed version of HP Network Node Manager is affected by the following vulnerabilities :
- A remote code execution vulnerability exists because the 'nnmRptConfig.exe' CGI application does not adequately validate user-supplied input. (CVE-2011-3165)
- A remote code execution vulnerability exists within ov.dll. Insufficient boundary checking before supplying the value to a format string within _OVBuildPath can cause a stack overflow, leading to memory corruption, which could allow an attacker to execute arbitrary code within the context of the target service. (CVE-2011-3166)
- A remote code execution vulnerability exists within the webappmon.exe CGI program. The vulnerability is due an insufficient boundary check before supplying a format string with the values. This causes a stack overflow, which can lead to memory corruption that can be exploited to execute arbitrary code within the context of the target service. (CVE-2011-3167)
SolutionUpgrade to B.07.53 Patchlevel NNM_01213 or its equivalent.