Информационная безопасность
[RU] switch to English


Многочисленные уязвимости в HP OpenView Network Node Manager
дополнено с 10 января 2009 г.
Опубликовано:7 февраля 2009 г.
Источник:
SecurityVulns ID:9567
Тип:удаленная
Уровень опасности:
6/10
Описание:Многочисленные уязвимости в CGI-компонентах.
Затронутые продукты:HP : OpenView Network Node Manager 7.51
CVE:CVE-2008-4562 (Buffer overflow in the ovlaunch CGI program in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 on Windows allows remote attackers to execute arbitrary code via a crafted Host parameter. NOTE: this issue may be partially covered by CVE-2009-0205.)
 CVE-2008-4560 (HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to obtain sensitive information via (1) a crafted request to the nnmRptConfig.exe CGI program, which reveals the pathname of log directories; or (2) a crafted parameter in a request to the ovlaunch.exe CGI program, which reveals configuration details. NOTE: this issue may be partially covered by CVE-2009-0205.)
 CVE-2008-4559 (HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via shell metacharacters in argument fields to the (1) webappmon.exe or (2) OpenView5.exe CGI program. NOTE: this issue may be partially covered by CVE-2009-0205.)
 CVE-2008-0067 (Multiple stack-based buffer overflows in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allow remote attackers to execute arbitrary code via (1) long string parameters to the OpenView5.exe CGI program; (2) a long string parameter to the OpenView5.exe CGI program, related to ov.dll; or a long string parameter to the (3) getcvdata.exe, (4) ovlaunch.exe, or (5) Toolbar.exe CGI program.)
Оригинальный текстdocumentIDEFENSE, [Full-disclosure] iDefense Security Advisory 02.06.09: HP Network Node Manager ovlaunch CGI BSS Overflow Vulnerability (07.02.2009)
 documentIDEFENSE, iDefense Security Advisory 02.06.09: HP Network Node Manager Multiple Information Disclosure Vulnerabilities (07.02.2009)
 documentIDEFENSE, iDefense Security Advisory 02.06.09: HP Network Node Manager Multiple Command Injection Vulnerabilities (07.02.2009)
 documentHP, [security bulletin] HPSBMA02400 SSRT080144 rev.1 - HP OpenView Network Node Manager (OV NNM), Remote Execution of Arbitrary Code (20.01.2009)
 documentSECUNIA, Secunia Research: HP OpenView Network Node Manager Multiple Vulnerabilities (10.01.2009)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород