Vulnerability Name:

CVE-2008-1842 (CCN-41737)

Assigned:2008-04-08
Published:2008-04-08
Updated:2018-10-11
Summary:Integer signedness error in ovspmd.exe in HP OpenView Network Node Manager (OV NNM) 8.01, and 7.53 and earlier, allows remote attackers to cause a denial of service (daemon crash) or execute arbitrary code via a long request to TCP port 8886 that begins with a certain negative integer, which passes a signed comparison and triggers a heap-based buffer overflow.
CVSS v3 Severity:7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
7.8 High (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C/E:POC/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
7.5 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
5.9 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-189
Vulnerability Consequences:Gain Access
References:Source: CCN
Type: Luigi Auriemma Advisories, 08 Apr 2008
HP OpenView Network Node Manager

Source: MISC
Type: UNKNOWN
http://aluigi.altervista.org/adv/closedview-adv.txt

Source: MISC
Type: Exploit
http://aluigi.org/poc/closedview.zip

Source: MITRE
Type: CNA
CVE-2008-1842

Source: CCN
Type: HP Security Bulletin HPSBMA02338 SSRT080024, SSRT080041 rev.1
HP OpenView Network Node Manager (OV NNM), Remote Execution of Arbitrary Code, Denial of Service (DoS)

Source: CCN
Type: HP Security Bulletin HPSBMA02338 SSRT080024, SSRT080041 rev.2
HP OpenView Network Node Manager (OV NNM), Remote Execution of Arbitrary Code, Denial of Service (DoS)

Source: HP
Type: UNKNOWN
SSRT080024

Source: CCN
Type: SA29713
HP OpenView Network Node Manager ovspmd.exe Buffer Overflow

Source: SECUNIA
Type: Vendor Advisory
29713

Source: CCN
Type: SECTRACK ID: 1019821
HP OpenView Network Node Manager Buffer Overflow in ovspmd Lets Remote Users Execute Arbitrary Code

Source: SECTRACK
Type: UNKNOWN
1019821

Source: CCN
Type: OSVDB ID: 44235
HP OpenView Network Node Manager (OV NNM) ovspmd.exe Crafted TCP Request Remote Overflow

Source: HP
Type: UNKNOWN
HPSBMA02338

Source: BID
Type: UNKNOWN
28689

Source: CCN
Type: BID-28689
HP OpenView Network Node Manager 'ovspmd' Buffer Overflow Vulnerability

Source: VUPEN
Type: Vendor Advisory
ADV-2008-1159

Source: XF
Type: UNKNOWN
hp-nnm-ovspmd-bo(41737)

Source: XF
Type: UNKNOWN
hp-nnm-ovspmd-bo(41737)

Source: CCN
Type: HP Web site
HP Network Node Manager (NNM) Advanced Edition software

Vulnerable Configuration:Configuration 1:
  • cpe:/a:hp:openview_network_node_manager:4.11:*:*:*:*:*:*:*
  • OR cpe:/a:hp:openview_network_node_manager:5.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:hp:openview_network_node_manager:5.01:*:*:*:*:*:*:*
  • OR cpe:/a:hp:openview_network_node_manager:6.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:hp:openview_network_node_manager:6.1:*:*:*:*:*:*:*
  • OR cpe:/a:hp:openview_network_node_manager:6.2:*:*:*:*:*:*:*
  • OR cpe:/a:hp:openview_network_node_manager:6.4:*:*:*:*:*:*:*
  • OR cpe:/a:hp:openview_network_node_manager:6.10:*:*:*:*:*:*:*
  • OR cpe:/a:hp:openview_network_node_manager:6.20:*:*:*:*:*:*:*
  • OR cpe:/a:hp:openview_network_node_manager:6.31:*:*:*:*:*:*:*
  • OR cpe:/a:hp:openview_network_node_manager:6.41:*:*:*:*:*:*:*
  • OR cpe:/a:hp:openview_network_node_manager:7.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:hp:openview_network_node_manager:7.01:*:*:*:*:*:*:*
  • OR cpe:/a:hp:openview_network_node_manager:7.50:*:*:*:*:*:*:*
  • OR cpe:/a:hp:openview_network_node_manager:7.51:*:*:*:*:*:*:*
  • OR cpe:/a:hp:openview_network_node_manager:*:*:*:*:*:*:*:* (Version <= 7.53)
  • OR cpe:/a:hp:openview_network_node_manager:8.01:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:hp:openview_network_node_manager:7.50:*:*:*:*:*:*:*
  • OR cpe:/a:hp:openview_network_node_manager:7.51:*:*:*:*:*:*:*
  • OR cpe:/a:hp:openview_network_node_manager:7.53:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    hp openview network node manager 4.11
    hp openview network node manager 5.0.1
    hp openview network node manager 5.01
    hp openview network node manager 6.0.1
    hp openview network node manager 6.1
    hp openview network node manager 6.2
    hp openview network node manager 6.4
    hp openview network node manager 6.10
    hp openview network node manager 6.20
    hp openview network node manager 6.31
    hp openview network node manager 6.41
    hp openview network node manager 7.0.1
    hp openview network node manager 7.01
    hp openview network node manager 7.50
    hp openview network node manager 7.51
    hp openview network node manager *
    hp openview network node manager 8.01
    hp openview network node manager 7.50
    hp openview network node manager 7.51
    hp openview network node manager 7.53