HP OpenView网络节点管理器ovspmd远程堆溢出漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1114955 漏洞类型 数字错误
发布时间 2008-04-08 更新时间 2009-03-20
CVE编号 CVE-2008-1842 CNNVD-ID CNNVD-200804-248
漏洞平台 Windows CVSS评分 10.0
|漏洞来源
https://www.exploit-db.com/exploits/31629
https://www.securityfocus.com/bid/28689
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200804-248
|漏洞详情
HPOpenView网络节点管理器(OVNNM)是HP公司开发和维护的网络管理系统软件,具有强大的网络节点管理功能。OVNNM的ovspmd服务实现上存在缓冲区溢出漏洞,远程攻击者可能利用此漏洞控制服务器。OVNNM的ovspmd服务运行在TCP8886端口上,该服务检查长度值是否低于9216字节(目标缓冲区的大小)以防范缓冲区溢出,但这是一个有符比较,因此使用0x80000000和0x80000003之间的负数值就可以触发堆溢出,导致执行任意指令。
|漏洞EXP
source: http://www.securityfocus.com/bid/28689/info

HP OpenView Network Node Manager is prone to a buffer-overflow vulnerability.

Successfully exploiting this issue allows remote attackers to execute arbitrary code in the context of the Network Node Manager process. This facilitates the remote compromise of affected computers.

Network Node Manager 7.53 running on Microsoft Windows is affected by this issue; other versions and platforms may also be vulnerable.

https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/bin-sploits/31629.zip
|受影响的产品
HP OpenView Network Node Manager 7.53 HP OpenView Network Node Manager 7.51 HP OpenView Network Node Manager 7.01
|参考资料

来源:XF
名称:hp-nnm-ovspmd-bo(41737)
链接:http://xforce.iss.net/xforce/xfdb/41737
来源:BID
名称:28689
链接:http://www.securityfocus.com/bid/28689
来源:HP
名称:HPSBMA02338
链接:http://www.securityfocus.com/archive/1/archive/1/493781/100/0/threaded
来源:VUPEN
名称:ADV-2008-1159
链接:http://www.frsirt.com/english/advisories/2008/1159
来源:SECTRACK
名称:1019821
链接:http://securitytracker.com/id?1019821
来源:SECUNIA
名称:29713
链接:http://secunia.com/advisories/29713
来源:HP
名称:HPSBMA02340
链接:http://marc.info/?l=bugtraq&m=121321155405849&w=2
来源:HP
名称:HPSBMA02340
链接:http://marc.info/?l=bugtraq&m=121321155405849&w=2
来源:HP
名称:HPSBMA02340
链接:http://marc.info/?l=bugtraq&m=121321155405849&w=2
来源:MISC
链接:http://aluigi.org/poc/closedview.zip
来源:MISC
链接:http://aluigi.altervista.org/adv/closedview-adv.txt