Published: 16/04/2008 Updated: 11/10/2018

CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10

VMScore: 1000

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Subscribe to Openview Network Node Manager

Integer signedness error in ovspmd.exe in HP OpenView Network Node Manager (OV NNM) 8.01, and 7.53 and previous versions, allows remote malicious users to cause a denial of service (daemon crash) or execute arbitrary code via a long request to TCP port 8886 that begins with a certain negative integer, which passes a signed comparison and triggers a heap-based buffer overflow.

Vulnerable Product	Search on Vulmon	Subscribe to Product
hp openview network node manager 7.50
hp openview network node manager 7.51
hp openview network node manager 6.2
hp openview network node manager 6.20
hp openview network node manager 5.01
hp openview network node manager 6.0.1
hp openview network node manager 7.0.1
hp openview network node manager 7.01
hp openview network node manager
hp openview network node manager 8.01
hp openview network node manager 6.1
hp openview network node manager 6.10
hp openview network node manager 4.11
hp openview network node manager 5.0.1
hp openview network node manager 6.31
hp openview network node manager 6.4
hp openview network node manager 6.41

source: wwwsecurityfocuscom/bid/28689/info HP OpenView Network Node Manager is prone to a buffer-overflow vulnerability Successfully exploiting this issue allows remote attackers to execute arbitrary code in the context of the Network Node Manager process This facilitates the remote compromise of affected computers Network Node Manag ...

CWE-189 http://aluigi.altervista.org/adv/closedview-adv.txt http://aluigi.org/poc/closedview.zip http://www.securityfocus.com/bid/28689 http://securitytracker.com/id?1019821 http://secunia.com/advisories/29713 http://marc.info/?l=bugtraq&m=121321155405849&w=2 http://www.vupen.com/english/advisories/2008/1159 https://exchange.xforce.ibmcloud.com/vulnerabilities/41737 http://www.securityfocus.com/archive/1/493781/100/0/threaded https://nvd.nist.gov https://www.exploit-db.com/exploits/31629/

CVE-2008-1842

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect