| Vulnerability Name: | CVE-2008-0067 (CCN-47801) | ||||||||
| Assigned: | 2008-01-03 | ||||||||
| Published: | 2009-01-07 | ||||||||
| Updated: | 2018-10-15 | ||||||||
| Summary: | Multiple stack-based buffer overflows in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allow remote attackers to execute arbitrary code via (1) long string parameters to the OpenView5.exe CGI program; (2) a long string parameter to the OpenView5.exe CGI program, related to ov.dll; or a long string parameter to the (3) getcvdata.exe, (4) ovlaunch.exe, or (5) Toolbar.exe CGI program. | ||||||||
| CVSS v3 Severity: | 7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
| ||||||||
| CVSS v2 Severity: | 10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C) 7.4 High (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
5.5 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
| ||||||||
| Vulnerability Type: | CWE-119 | ||||||||
| Vulnerability Consequences: | Gain Access | ||||||||
| References: | Source: MITRE Type: CNA CVE-2008-0067 Source: CCN Type: HP Security Bulletin HPSBMA02400 SSRT080144 rev.1 HP OpenView Network Node Manager (OV NNM), Remote Execution of Arbitrary Code Source: HP Type: UNKNOWN HPSBMA02400 Source: CCN Type: SA28074 HP OpenView Network Node Manager Multiple Vulnerabilities Source: SECUNIA Type: Vendor Advisory 28074 Source: CCN Type: Secunia Research 07/01/2009 HP OpenView Network Node Manager Multiple Vulnerabilities Source: MISC Type: Vendor Advisory http://secunia.com/secunia_research/2008-13/ Source: SREASON Type: UNKNOWN 4885 Source: SREASON Type: UNKNOWN 8307 Source: CCN Type: SECTRACK ID: 1021521 HP OpenView Network Node Manager Buffer Overflows Let Remote Users Execute Arbitrary Code Source: SECTRACK Type: UNKNOWN 1021521 Source: BUGTRAQ Type: UNKNOWN 20090107 Secunia Research: HP OpenView Network Node Manager Multiple Vulnerabilities Source: BID Type: UNKNOWN 33147 Source: CCN Type: BID-33147 HP OpenView Network Node Manager HTTP Request Multiple Buffer Overflow Vulnerabilities Source: XF Type: UNKNOWN hp-nnm-openview5-bo(47801) Source: CCN Type: HP Web site HP Network Node Manager (NNM) Advanced Edition software - HP - BTO Software: | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| Vulnerability Name: | CVE-2008-0067 (CCN-47802) | ||||||||
| Assigned: | 2008-01-03 | ||||||||
| Published: | 2009-01-07 | ||||||||
| Updated: | 2009-01-07 | ||||||||
| Summary: | HP OpenView Network Node Manager is vulnerable to a stack-based buffer overflow, caused by improper bounds checking by ov.dll. By sending an HTTP request containing overly long parameter strings to the OpenView5.exe CGI application, a remote attacker could overflow a buffer and execute arbitrary code on the system with the privileges of the vulnerable service or cause the application to crash. | ||||||||
| CVSS v3 Severity: | 7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
| ||||||||
| CVSS v2 Severity: | 10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C) 7.4 High (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
5.5 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
| ||||||||
| Vulnerability Consequences: | Gain Access | ||||||||
| References: | Source: MITRE Type: CNA CVE-2008-0067 Source: CCN Type: HP Security Bulletin HPSBMA02400 SSRT080144 rev.1 HP OpenView Network Node Manager (OV NNM), Remote Execution of Arbitrary Code Source: CCN Type: SA28074 HP OpenView Network Node Manager Multiple Vulnerabilities Source: CCN Type: Secunia Research 07/01/2009 HP OpenView Network Node Manager Multiple Vulnerabilities Source: CCN Type: SECTRACK ID: 1021521 HP OpenView Network Node Manager Buffer Overflows Let Remote Users Execute Arbitrary Code Source: CCN Type: BID-33147 HP OpenView Network Node Manager HTTP Request Multiple Buffer Overflow Vulnerabilities Source: XF Type: UNKNOWN hp-nnm-ov-bo(47802) Source: CCN Type: HP Web site HP Network Node Manager (NNM) Advanced Edition software - HP - BTO Software: | ||||||||
| Vulnerable Configuration: | Configuration CCN 1: Denotes that component is vulnerable | ||||||||
| Vulnerability Name: | CVE-2008-0067 (CCN-47803) | ||||||||
| Assigned: | 2008-01-03 | ||||||||
| Published: | 2009-01-07 | ||||||||
| Updated: | 2009-01-07 | ||||||||
| Summary: | HP OpenView Network Node Manager is vulnerable to a stack-based buffer overflow, caused by improper bounds checking by the getcvdata.exe CGI application. By sending an HTTP request containing overly long parameter strings to the CGI application, a remote attacker could overflow a buffer and execute arbitrary code on the system with the privileges of the vulnerable service or cause the application to crash. | ||||||||
| CVSS v3 Severity: | 7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
| ||||||||
| CVSS v2 Severity: | 10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C) 8.3 High (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C/E:F/RL:OF/RC:C)
6.2 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:F/RL:OF/RC:C)
| ||||||||
| Vulnerability Consequences: | Gain Access | ||||||||
| References: | Source: MITRE Type: CNA CVE-2008-0067 Source: CCN Type: HP Security Bulletin HPSBMA02400 SSRT080144 rev.1 HP OpenView Network Node Manager (OV NNM), Remote Execution of Arbitrary Code Source: CCN Type: SA28074 HP OpenView Network Node Manager Multiple Vulnerabilities Source: CCN Type: Secunia Research 07/01/2009 HP OpenView Network Node Manager Multiple Vulnerabilities Source: CCN Type: SECTRACK ID: 1021521 HP OpenView Network Node Manager Buffer Overflows Let Remote Users Execute Arbitrary Code Source: CCN Type: BID-33147 HP OpenView Network Node Manager HTTP Request Multiple Buffer Overflow Vulnerabilities Source: XF Type: UNKNOWN hp-nnm-getcvdata-bo(47803) Source: CCN Type: HP Web site HP Network Node Manager (NNM) Advanced Edition software - HP - BTO Software: Source: EXPLOIT-DB Type: EXPLOIT Offensive Security Exploit Database [07-16-2011] | ||||||||
| Vulnerable Configuration: | Configuration CCN 1: Denotes that component is vulnerable | ||||||||
| Vulnerability Name: | CVE-2008-0067 (CCN-47804) | ||||||||
| Assigned: | 2008-01-03 | ||||||||
| Published: | 2009-01-07 | ||||||||
| Updated: | 2018-10-15 | ||||||||
| Summary: | Multiple stack-based buffer overflows in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allow remote attackers to execute arbitrary code via (1) long string parameters to the OpenView5.exe CGI program; (2) a long string parameter to the OpenView5.exe CGI program, related to ov.dll; or a long string parameter to the (3) getcvdata.exe, (4) ovlaunch.exe, or (5) Toolbar.exe CGI program. | ||||||||
| CVSS v3 Severity: | 7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
| ||||||||
| CVSS v2 Severity: | 10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C) 8.3 High (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C/E:F/RL:OF/RC:C)
6.2 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:F/RL:OF/RC:C)
| ||||||||
| Vulnerability Type: | CWE-119 | ||||||||
| Vulnerability Consequences: | Gain Access | ||||||||
| References: | Source: MITRE Type: CNA CVE-2008-0067 Source: CCN Type: HP Security Bulletin HPSBMA02400 SSRT080144 rev.1 HP OpenView Network Node Manager (OV NNM), Remote Execution of Arbitrary Code Source: CCN Type: SA28074 HP OpenView Network Node Manager Multiple Vulnerabilities Source: CCN Type: Secunia Research 07/01/2009 HP OpenView Network Node Manager Multiple Vulnerabilities Source: CCN Type: SECTRACK ID: 1021521 HP OpenView Network Node Manager Buffer Overflows Let Remote Users Execute Arbitrary Code Source: CCN Type: BID-33147 HP OpenView Network Node Manager HTTP Request Multiple Buffer Overflow Vulnerabilities Source: XF Type: UNKNOWN hp-nnm-ovlaunch-bo(47804) Source: CCN Type: HP Web site HP Network Node Manager (NNM) Advanced Edition software - HP - BTO Software: | ||||||||
| Vulnerability Name: | CVE-2008-0067 (CCN-47805) | ||||||||
| Assigned: | 2008-01-03 | ||||||||
| Published: | 2009-01-07 | ||||||||
| Updated: | 2009-01-07 | ||||||||
| Summary: | HP OpenView Network Node Manager is vulnerable to a stack-based buffer overflow, caused by improper bounds checking by the Toolbar.exe CGI application. By sending an HTTP request containing overly long parameter strings to the CGI application, a remote attacker could overflow a buffer and execute arbitrary code on the system with the privileges of the vulnerable service or cause the application to crash. | ||||||||
| CVSS v3 Severity: | 7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
| ||||||||
| CVSS v2 Severity: | 10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C) 7.4 High (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
5.5 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
| ||||||||
| Vulnerability Consequences: | Gain Access | ||||||||
| References: | Source: MITRE Type: CNA CVE-2008-0067 Source: CCN Type: HP Security Bulletin HPSBMA02400 SSRT080144 rev.1 HP OpenView Network Node Manager (OV NNM), Remote Execution of Arbitrary Code Source: CCN Type: SA28074 HP OpenView Network Node Manager Multiple Vulnerabilities Source: CCN Type: Secunia Research 07/01/2009 HP OpenView Network Node Manager Multiple Vulnerabilities Source: CCN Type: SECTRACK ID: 1021521 HP OpenView Network Node Manager Buffer Overflows Let Remote Users Execute Arbitrary Code Source: CCN Type: BID-33147 HP OpenView Network Node Manager HTTP Request Multiple Buffer Overflow Vulnerabilities Source: XF Type: UNKNOWN hp-nnm-toolbar-bo(47805) Source: CCN Type: HP Web site HP Network Node Manager (NNM) Advanced Edition software - HP - BTO Software: | ||||||||
| Vulnerable Configuration: | Configuration CCN 1: Denotes that component is vulnerable | ||||||||
| BACK | |||||||||