Lucene search
SAINT CorporationSAINT:5157E1EE79D3383F561C1B10DFB1581FHistoryMay 28, 2010 - 12:00 a.m.
HP OpenView Network Node Manager getnnmdata.exe CGI Hostname buffer overflow
2010-05-2800:00:00
SAINT Corporation
www.saintcorporation.com
19
EPSS
0.961
Percentile
99.5%
Added: 05/28/2010
CVE: CVE-2010-1555
BID: 40072
OSVDB: 64976
Background
HP OpenView Network Node Manager is network availability and performance management software.
Problem
A buffer overflow vulnerability in Network Node Manager allows remote attackers to execute arbitrary commands by sending a request for the getnnmdata.exe CGI program with a specially crafted Hostname parameter.
Resolution
Apply the fix referenced in HPSBMA02527 SSRT010098.
References
<http://zerodayinitiative.com/advisories/ZDI-10-086/>
Limitations
Exploit works on HP OpenView Network Node Manager 7.53.
On Windows Server 2003, Read and Execute privileges on the file ‘%windir%\system32\cmd.exe’ must be granted to the Internet Guest Account “IUSR_<computername>” for the exploit to work properly.
Platforms
Windows
Related
exploitpack
exploitpack
securityvulns
securityvulns
ZDI-10-086: HP OpenView NNM getnnmdata.exe CGI Invalid Hostname Remote Code Execution Vulnerability
2010-05-12 00:00:00
[security bulletin] HPSBMA02527 SSRT010098 rev.1 - HP OpenView Network Node Manager (OV NNM), Remote Execution of Arbitrary Code
2010-05-12 00:00:00
HP OpenView Network Node Manage multiple security vulnerabilities
2010-05-12 00:00:00
prion
prion
Stack overflow
2010-05-13 17:30:00
seebug
seebug
HP OpenView NNM getnnmdata.exe CGI Invalid Hostname Remote Code Execution
2014-07-01 00:00:00
zdt
zdt
HP OpenView NNM getnnmdata.exe CGI Invalid Hostname Code Execution
2010-07-02 00:00:00
HP OpenView Network Node Manager getnnmdata.exe (Hostname) CGI BOF
2011-03-26 00:00:00
exploitdb
exploitdb
cve
cve
CVE-2010-1555
2010-05-13 17:30:02
metasploit
metasploit
cvelist
cvelist
CVE-2010-1555
2010-05-13 17:00:00
packetstorm
packetstorm
HP OpenView NNM getnnmdata.exe CGI Invalid Hostname Remote Code Execution
2010-07-03 00:00:00
checkpoint_advisories
checkpoint_advisories
saint
saint
HP OpenView Network Node Manager getnnmdata.exe CGI Hostname buffer overflow
2010-05-28 00:00:00
HP OpenView Network Node Manager getnnmdata.exe CGI Hostname buffer overflow
2010-05-28 00:00:00
HP OpenView Network Node Manager getnnmdata.exe CGI Hostname buffer overflow
2010-05-28 00:00:00
nvd
nvd
CVE-2010-1555
2010-05-13 17:30:02
zdi
zdi
nessus
nessus
HP-UX PHSS_40707 : s700_800 11.X OV NNM7.53 PA-RISC Intermediate Patch 26
2010-05-17 00:00:00
HP-UX PHSS_40708 : s700_800 11.X OV NNM7.53 IA-64 Intermediate Patch 26
2010-05-17 00:00:00
HP-UX PHSS_40705 : s700_800 11.11 OV NNM7.01 Intermediate Patch 13
2010-05-10 00:00:00