Vulnerability CVE-2010-1961 - CERT Civis.Net

Vulnerability Name:

CVE-2010-1961 (CCN-59250)

Assigned:

2010-06-08

Published:

2010-06-08

Updated:

2018-10-10

Summary:

Buffer overflow in ovutil.dll in ovwebsnmpsrv.exe in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to execute arbitrary code via unspecified variables to jovgraph.exe, which are not properly handled in a call to the sprintf function.

CVSS v3 Severity:

10.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Changed
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

CVSS v2 Severity:

10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
8.3 High (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C/E:F/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

10.0 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
8.3 High (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C/E:F/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

Vulnerability Type:

Vulnerability Consequences:

Gain Access

References:

Source: MITRE
Type: CNA
CVE-2010-1961

Source: CCN
Type: HP Security Bulletin HPSBMA02537 SSRT010027
OpenView Network Node Manager (OV NNM), Remote Execution of Arbitrary Code

Source: HP
Type: Patch, Vendor Advisory
HPSBMA02537

Source: CCN
Type: SA40101
HP OpenView Network Node Manager Buffer Overflow Vulnerabilities

Source: SECUNIA
Type: Vendor Advisory
40101

Source: CCN
Type: SECTRACK ID: 1024071
HP OpenView Network Node Manager 'jovgraph.exe' Lets Remote Users Execute Arbitrary Code

Source: CCN
Type: OSVDB ID: 65428
HP OpenView Network Node Manager ovwebsnmpsrv.exe ovutil.dll sprintf Function Overflow

Source: BUGTRAQ
Type: UNKNOWN
20100608 ZDI-10-106: Hewlett-Packard OpenView NNM ovutil.dll getProxiedStorageAddress Remote Code Execution Vulnerability

Source: BID
Type: UNKNOWN
40638

Source: CCN
Type: BID-40638
HP OpenView Network Node Manager 'ovutil.dll' Stack Buffer Overflow Vulnerability

Source: SECTRACK
Type: UNKNOWN
1024071

Source: MISC
Type: UNKNOWN
http://www.zerodayinitiative.com/advisories/ZDI-10-106/

Source: XF
Type: UNKNOWN
ovnnm-getproxiedstorageaddress-bo(59250)

Source: XF
Type: UNKNOWN
ovnnm-getproxiedstorageaddress-bo(59250)

Source: EXPLOIT-DB
Type: EXPLOIT
Offensive Security Exploit Database [03-23-2011]

Source: CCN
Type: ZDI-10-106
Hewlett-Packard OpenView NNM ovutil.dll getProxiedStorageAddress Remote Code Execution Vulnerability

Vulnerable Configuration:

Configuration 1:

cpe:/a:hp:openview_network_node_manager:7.51:*:*:*:*:*:*:*

OR cpe:/a:hp:openview_network_node_manager:7.51:-:hp-ux:*:*:*:*:*

OR cpe:/a:hp:openview_network_node_manager:7.51:-:linux:*:*:*:*:*

OR cpe:/a:hp:openview_network_node_manager:7.51:-:solaris:*:*:*:*:*

OR cpe:/a:hp:openview_network_node_manager:7.51:-:windows:*:*:*:*:*

OR cpe:/a:hp:openview_network_node_manager:7.53:*:*:*:*:*:*:*

OR cpe:/a:hp:openview_network_node_manager:7.53:-:hp-ux:*:*:*:*:*

OR cpe:/a:hp:openview_network_node_manager:7.53:-:linux:*:*:*:*:*

OR cpe:/a:hp:openview_network_node_manager:7.53:-:solaris:*:*:*:*:*

OR cpe:/a:hp:openview_network_node_manager:7.53:-:windows:*:*:*:*:*

Configuration CCN 1:

cpe:/a:hp:openview_network_node_manager:7.51:-:hp-ux:*:*:*:*:*

OR cpe:/a:hp:openview_network_node_manager:7.51:-:linux:*:*:*:*:*

OR cpe:/a:hp:openview_network_node_manager:7.51:-:solaris:*:*:*:*:*

OR cpe:/a:hp:openview_network_node_manager:7.51:-:windows:*:*:*:*:*

OR cpe:/a:hp:openview_network_node_manager:7.53:-:hp-ux:*:*:*:*:*

OR cpe:/a:hp:openview_network_node_manager:7.53:-:linux:*:*:*:*:*

OR cpe:/a:hp:openview_network_node_manager:7.53:-:solaris:*:*:*:*:*

OR cpe:/a:hp:openview_network_node_manager:7.53:-:windows:*:*:*:*:*

Denotes that component is vulnerable