HP OpenView Network Node Manager getcvdata.exe parameter string buffer overflow

Added: 01/14/2009
CVE: CVE-2008-0067
BID: 33147

Background

HP OpenView Network Node Manager is network availability and performance management software.

Problem

A buffer overflow vulnerability allows remote attackers to execute arbitrary commands by sending an HTTP request for the **getcvdata.exe** CGI program with a long, specially crafted parameter string.

Resolution

Restrict access to the **getcvdata.exe** CGI program. Apply a fix when available.

References

<http://secunia.com/secunia_research/2008-13/&gt;

Limitations

Exploit works on HP OpenView Network Node Manager 7.53.

Platforms

Windows 2000