Lucene search
AnonymousZDI-09-095HistoryDec 09, 2009 - 12:00 a.m.
Hewlett-Packard OpenView NNM Snmp.exe Oid Variable Buffer Overflow Vulnerability
2009-12-0900:00:00
Anonymous
www.zerodayinitiative.com
14
EPSS
0.967
Percentile
99.7%
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett-Packard OpenView Network Node Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the snmp.exe CGI executable accessible via the IIS web server listening by default on TCP port 80. While parsing POST variables this process copies the contents of the Oid parameter into a fixed length stack buffer using a sprintf() call. By supplying a large enough value this buffer can be overflowed leading to arbitrary code execution.
Related
checkpoint_advisories
checkpoint_advisories
metasploit
metasploit
HP OpenView Network Node Manager Snmp.exe CGI Buffer Overflow
2009-12-12 20:06:14
prion
prion
Stack overflow
2009-12-10 22:30:00
d2
d2
DSquare Exploit Pack: D2SEC_HPNNM3
2009-12-10 22:30:00
packetstorm
packetstorm
HP OpenView Network Node Manager Snmp.exe CGI Buffer Overflow
2009-12-31 00:00:00
nvd
nvd
CVE-2009-3849
2009-12-10 22:30:00
cve
cve
CVE-2009-3849
2009-12-10 22:30:00
zdi
zdi
securityvulns
securityvulns
ZDI-09-095: Hewlett-Packard OpenView NNM Snmp.exe Oid Variable Buffer Overflow Vulnerability
2009-12-09 00:00:00
ZDI-09-097: Hewlett-Packard OpenView NNM nnmRptConfig.exe Template Variable strcat Overflow Vulnerability
2009-12-09 00:00:00
HP OpenView NNM multiple security vulnerabilities
2009-12-10 00:00:00
exploitdb
exploitdb
cvelist
cvelist
CVE-2009-3849
2009-12-10 22:00:00
seebug
seebug
HP OpenView Network Node Manager多个远程代码执行漏洞
2009-12-14 00:00:00
nessus
nessus
HP-UX PHSS_40705 : s700_800 11.11 OV NNM7.01 Intermediate Patch 13
2010-05-10 00:00:00
HP-UX PHSS_40374 : s700_800 11.X OV NNM7.53 PA-RISC Intermediate Patch 25
2009-12-14 00:00:00
HP-UX PHSS_40375 : s700_800 11.X OV NNM7.53 IA-64 Intermediate Patch 25
2009-12-14 00:00:00