VRDA Feed by JPCERT/CC
  Vulnerability Response Decision Assistance Feed : Information for vulnerability impact analysis
[ about VRDA Feed | JPCERT/CC



 
Vulnerability Analysis Result (Revision No : 1) [ Download XML
CVE-2010-1961
openview_network_node_manager: Buffer overflow in ovutil.dll in ovwebsnmpsrv.exe i...
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1961

Original

Buffer overflow in ovutil.dll in ovwebsnmpsrv.exe in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to execute arbitrary code via unspecified variables to jovgraph.exe, which are not properly handled in a call to the sprintf function.

Translation   (Show)





About This Analysis Information
Analysis Information Provider:
NIST NVD
First Published:
2010-06-10
Source Information Category:
Advisory, Alert
Last Updated:
2010-06-10




Affected Product Tags
cpe:/a:hp:openview_network_node_manager:7.51
cpe:/a:hp:openview_network_node_manager:7.51:-:hp-ux
cpe:/a:hp:openview_network_node_manager:7.51:-:linux
cpe:/a:hp:openview_network_node_manager:7.51:-:solaris
cpe:/a:hp:openview_network_node_manager:7.51:-:windows
cpe:/a:hp:openview_network_node_manager:7.53
cpe:/a:hp:openview_network_node_manager:7.53:-:hp-ux
cpe:/a:hp:openview_network_node_manager:7.53:-:linux
cpe:/a:hp:openview_network_node_manager:7.53:-:solaris
cpe:/a:hp:openview_network_node_manager:7.53:-:windows
 


Vulnerability Analysis Results
[Access Vector]  [?]
Undefined [?]

Local [?]
Adjacent Network [?]
X Network [?]
[Access Complexit]  [?]
Undefined [?]

High [?]
Medium [?]
X Low [?]
[Authentication]  [?]
Undefined [?]

Multiple [?]
Single [?]
X None [?]
[Confidentiality Impact]  [?]
Undefined [?]

None [?]
Partial [?]
X Complete [?]
[Integrity Impact]  [?]
Undefined [?]

None [?]
Partial [?]
X Complete [?]
[Availability Impact]  [?]
Undefined [?]

None [?]
Partial [?]
X Complete [?]
Alternatives




References
BID 40638




BUGTRAQ 20100608 ZDI-10-106: Hewlett-Packard OpenView NNM ovutil.dll getProxiedStorageAddress Remote Code Execution Vulnerability




HP SSRT010027




HP HPSBMA02537




MISC http://www.zerodayinitiative.com/advisories/ZDI-10-106/




SECTRACK 1024071




SECUNIA 40101




Vulnerability Type Buffer Errors (CWE-119)




Copyright © 2010 JPCERT/CC All Rights Reserved.