Security News -  Security Reviews -   Exploits -  Tools -  UNIX Focus -  Windows Focus
SecuriTeam™  Beyond Security®  SecuriTeam™ Home  Ask the Team  Mailing Lists  Advertising Info  Blogs SecuriTeam™ in Your Inbox   E-mail this CVE-2007-3872 to a friend New vulnerability? New tool? Tell us	CVE-2007-3872 Hewlett-Packard OpenView Operations OVTrace Buffer Overflow Vulnerabilities     Credit: The information has been provided by iDefense. The original article can be found at: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=574 Website Security Scan Code Vulnerability Test Network Assessment Tool Detect hidden vulnerabilities Exhaustive automated testing Real-time, continuous security Get guidance from professionals of internal or 3rd party code. scanning for your entire network    CVE-2007-3872 Details Check for CVE-2007-3872 Vulnerability Assessment and Management. Automated Pen Testing for 50 to 50,000 nodes beyondsecurity.com/vulnerability-scanner Vulnerable Systems:  * HP OpenView version A.07.50 for Windows, with all patches applied as of Jun 27, 2007.  * (Previous versions may also be affected.) The vulnerabilities exist within functions responsible for handling requests. These functions take a string from the request and copy it into fixed-size stack buffers. Since the length has not been properly validated, this results in an exploitable stack-based buffer overflow. Exploitation of these vulnerabilities results in arbitrary code execution with SYSTEM privileges. The OVTrace service, while not crucial to normal operations, is started by default. The OVTrace service is also present on systems that have only the management console installed as well as systems that have a full installation of the server and console installed. Workaround: Employing firewalls to limit access to the affected service will mitigate exposure to these vulnerabilities. Vendor Status: Hewlett-Packard Co. has addressed these vulnerabilities by releasing patches for all HP OpenView products that contain the Shared Trace Service component. For more information consult the following HP Support Documents; c01106515, c01109171, c01109584, c01109617, c01110576, c01110627, c01111851, c01112038, c01114023, c01114156, c01115068 at the URLs shown below. http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01106515 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01109171 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01109584 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01109617 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01110576 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01110627 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01111851 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01112038 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01114023 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01114156 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01115068 CVE Information: CVE-2007-3872 Disclosure Timeline:  * 07/12/2007 - Initial vendor notification  * 07/13/2007 - Initial vendor response  * 08/09/2007 - Coordinated public disclosure  Comments on CVE-2007-3872:  Add new comment:  Subject:  Name/Nick/Email:          Chars Left:	All Sections Security News Unix focus Exploits Tools Windows focus Security Reviews
	Security News - Security Reviews - Exploits - Tools - UNIX Focus - Windows Focus

Copyright © 1998-2010 Beyond Security® All rights reserved.
Terms of Use Site Privacy Statement.
SecuriTeam™ is a trademark of Beyond Security®