HP OpenView Network Node Manager getnnmdata.exe CGI Hostname buffer overflow

2010-05-2800:00:00

SAINT Corporation

my.saintcorporation.com

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

EPSS

0.961

Percentile

99.5%

JSON

Added: 05/28/2010
CVE: CVE-2010-1555
BID: 40072
OSVDB: 64976

Background

HP OpenView Network Node Manager is network availability and performance management software.

Problem

A buffer overflow vulnerability in Network Node Manager allows remote attackers to execute arbitrary commands by sending a request for the getnnmdata.exe CGI program with a specially crafted Hostname parameter.

Resolution

Apply the fix referenced in HPSBMA02527 SSRT010098.

References

<http://zerodayinitiative.com/advisories/ZDI-10-086/>

Limitations

Exploit works on HP OpenView Network Node Manager 7.53.

On Windows Server 2003, Read and Execute privileges on the file ‘%windir%\system32\cmd.exe’ must be granted to the Internet Guest Account “IUSR_<computername>” for the exploit to work properly.