Lucene search
SAINT CorporationSAINT:4C4E1B817EDCE1F9B13110CDFAC660A7HistoryMay 21, 2010 - 12:00 a.m.
HP OpenView Network Node Manager getnnmdata.exe CGI MaxAge buffer overflow
2010-05-2100:00:00
SAINT Corporation
www.saintcorporation.com
16
EPSS
0.961
Percentile
99.5%
Added: 05/21/2010
CVE: CVE-2010-1553
BID: 40070
OSVDB: 64976
Background
HP OpenView Network Node Manager is network availability and performance management software.
Problem
A buffer overflow vulnerability in Network Node Manager allows remote attackers to execute arbitrary commands by sending a request for the getnnmdata.exe CGI program with a specially crafted MaxAge parameter.
Resolution
Apply the fix referenced in HPSBMA02527 SSRT010098.
References
<http://www.zerodayinitiative.com/advisories/ZDI-10-084/>
Limitations
Exploit works on HP OpenView Network Node Manager 7.53.
On Windows Server 2003, Read and Execute privileges on the file ‘%windir%\system32\cmd.exe’ must be granted to the Internet Guest Account “IUSR_<computername>” for the exploit to work properly.
Platforms
Windows
Related
metasploit
metasploit
HP OpenView Network Node Manager getnnmdata.exe (MaxAge) CGI Buffer Overflow
2011-03-23 21:57:16
saint
saint
HP OpenView Network Node Manager getnnmdata.exe CGI MaxAge buffer overflow
2010-05-21 00:00:00
HP OpenView Network Node Manager getnnmdata.exe CGI MaxAge buffer overflow
2010-05-21 00:00:00
HP OpenView Network Node Manager getnnmdata.exe CGI MaxAge buffer overflow
2010-05-21 00:00:00
nvd
nvd
CVE-2010-1553
2010-05-13 17:30:02
cvelist
cvelist
CVE-2010-1553
2010-05-13 17:00:00
zdt
zdt
HP OpenView Network Node Manager getnnmdata.exe (MaxAge) CGI BOF
2011-03-25 00:00:00
HP OpenView NNM getnnmdata.exe CGI Invalid MaxAge Code Execution
2010-07-02 00:00:00
cve
cve
CVE-2010-1553
2010-05-13 17:30:02
packetstorm
packetstorm
HP OpenView NNM getnnmdata.exe CGI Invalid MaxAge Remote Code Execution
2010-07-03 00:00:00
HP OpenView Network Node Manager getnnmdata.exe (MaxAge) CGI Buffer Overflow
2011-03-24 00:00:00
d2
d2
DSquare Exploit Pack: D2SEC_HPNNM5
2010-05-13 17:30:00
checkpoint_advisories
checkpoint_advisories
securityvulns
securityvulns
ZDI-10-084: HP OpenView NNM getnnmdata.exe CGI Invalid MaxAge Remote Code Execution Vulnerability
2010-05-12 00:00:00
[security bulletin] HPSBMA02527 SSRT010098 rev.1 - HP OpenView Network Node Manager (OV NNM), Remote Execution of Arbitrary Code
2010-05-12 00:00:00
HP OpenView Network Node Manage multiple security vulnerabilities
2010-05-12 00:00:00
exploitdb
exploitdb
prion
prion
Stack overflow
2010-05-13 17:30:00
exploitpack
exploitpack
zdi
zdi
seebug
seebug
HP OpenView NNM getnnmdata.exe CGI Invalid MaxAge Remote Code Execution
2014-07-01 00:00:00
openvas
openvas
HP OpenView Network Node Manager Multiple Vulnerabilities (May 2010)
2010-06-01 00:00:00
nessus
nessus
HP-UX PHSS_40707 : s700_800 11.X OV NNM7.53 PA-RISC Intermediate Patch 26
2010-05-17 00:00:00
HP-UX PHSS_40708 : s700_800 11.X OV NNM7.53 IA-64 Intermediate Patch 26
2010-05-17 00:00:00
HP-UX PHSS_40705 : s700_800 11.11 OV NNM7.01 Intermediate Patch 13
2010-05-10 00:00:00