Bugtraq mailing list archives
DST2K0014: BufferOverrun in HP Openview Network Node Manager v6.1 (Round2)
From: Security Team <SecurityTeam () DELPHISPLC COM>
Date: Tue, 26 Sep 2000 06:53:22 +0100
============================================================================ Delphis Consulting Plc ============================================================================ Security Team Advisories [13/06/2000] securityteam () delphisplc com [http://www.delphisplc.com/thinking/whitepapers/] ============================================================================ Adv : DST2K0014 Title : BufferOverrun in HP Openview Network Node Manager v6.1 (Round2) Author : DCIST (securityteam () delphisplc com) O/S : Microsoft Windows NT v4.0 Server (SP6) Product : HP Openview Node Manager v6.1 Date : 13/06/2000 I. Description II. Solution III. Disclaimer ============================================================================ I. Description ============================================================================ Vendor URL: http://www.openview.hp.com/ Delphis Consulting Internet Security Team (DCIST) discovered the following vulnerability in HP Openview Node Manager under Windows NT. Severity: high By using the OverView5 CGI interface which is shipped and installed by default with HPOpenView network node manager it is possible to cause a BufferOverRun in SNMP.EXE. This is done be connecting to port 80 which the WWW service resides on by default and sending a large GET string. The string has to be a length of 132 + EIP (4 bytes making a total of 136 bytes). This will cause the above application to BufferOverRun over writing EIP. Example: (URL will be wrapped) http://127.0.0.1/OvCgi/OpenView5.exe?Context=Snmp&Action=Snmp&Host=&Oid=A0B 0C0D0E0F0G0H0I0J0K0L0M0N0O0P0Q0R0S0T0U0V0W0X0Y0a0b0c0d0e0f0g0h0i0j0k0l0m0n 0o0p0q0r0s0t0u0v0w0x0y0A1B1C1D1E1F1G1H1I1J1K1L1M1N1O1P1ZZZZ II. Solution ============================================================================ Vendor Status: Informed We are happy to announce a patch for the above advisory: HPID: HPSBUX0009-121 Sec. Vulnerability OpenView NNM Object IDs URL: http://ovweb.external.hp.com/cpe/patches/ We would like to take this opportunity to thank everyone at HP on how responsive they have been to our research over the past 3 months. III. Disclaimer ============================================================================ THE INFORMATION CONTAINED IN THIS ADVISORY IS BELIEVED TO BE ACCURATE AT THE TIME OF PRINTING, BUT NO REPRESENTATION OR WARRANTY IS GIVEN, EXPRESS OR IMPLIED, AS TO ITS ACCURACY OR COMPLETENESS. NEITHER THE AUTHOR NOR THE PUBLISHER ACCEPTS ANY LIABILITY WHATSOEVER FOR ANY DIRECT, INDIRECT OR CONSEQUENTIAL LOSS OR DAMAGE ARISING IN ANY WAY FROM ANY USE OF, OR RELIANCE PLACED ON, THIS INFORMATION FOR ANY PURPOSE. ============================================================================ This e-mail and any files transmitted with it are intended solely for the addressee and are confidential. They may also be legally privileged.Copyright in them is reserved by Delphis Consulting PLC ["Delphis"] and they must not be disclosed to, or used by, anyone other than the addressee.If you have received this e-mail and any accompanying files in error, you may not copy, publish or use them in any way and you should delete them from your system and notify us immediately.E-mails are not secure. Delphis does not accept responsibility for changes to e-mails that occur after they have been sent. Any opinions expressed in this e-mail may be personal to the author and may not necessarily reflect the opinions of Delphis
Current thread:
- DST2K0014: BufferOverrun in HP Openview Network Node Manager v6.1 (Round2) Security Team (Sep 27)