HP OpenView Network Node Manager OvOSLocale cookie buffer overflow

2009-03-2600:00:00

SAINT Corporation

download.saintcorporation.com

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

EPSS

0.66

Percentile

98.0%

JSON

Added: 03/26/2009
CVE: CVE-2009-0920

Background

HP OpenView Network Node Manager is network availability and performance management software.

Problem

A buffer overflow vulnerability allows remote attackers to execute arbitrary commands by sending a long, specially crafted OvOSLocale cookie in an HTTP request for Toolbar.exe.

Resolution

Apply one of the patches referenced in HPSBMA02416 SSRT090008.

References

<http://www.securityfocus.com/archive/1/502054>

Limitations

Exploit works on HP OpenView Network Node Manager 7.53.

On Windows Server 2003, Read and Execute privileges on the file ‘%windir%\system32\cmd.exe’ must be granted to the Internet Guest Account (IUSR_<computername>) in order for the exploit to succeed. The ‘Users’ and ‘Power Users’ groups don’t have such privileges, but the ‘Administrators’ and ‘TelnetClients’ groups can execute ‘cmd.exe’.

The patch KB933729 must be applied on Windows Server 2003 in order to bypass DEP protection.