|
|
|
|
| |
Credit:
The information has been provided by iDefense Labs.
The original article can be found at: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=652
|
| |
Vulnerable Systems:
* HP's OpenView Network Node Manager version 7.5 with all updates applied as of May 14th, 2007
The ovtopmd process contains an implementation error, in which it attempts to access an invalid memory address based on data within the TCP stream. By sending a specially crafted request, an attacker can cause the service to crash.
Analysis:
Exploitation allows an attacker to crash the ovtopmd process. In order to exploit this vulnerability, an attacker must be able to establish a session with the service on TCP port 2532. No authentication is required to access the vulnerable code path.
Vendor response:
Hewlett-Packard has addressed this vulnerability in the HPSBMA02307 (SSRT071420) security bulletin. For more information, visit the following URL: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01321117
CVE Information:
CVE-2008-0212
Disclosure timeline:
05/14/2007 - Initial vendor notification
05/15/2007 - Initial vendor response
02/04/2008 - Coordinated public disclosure
|
|
|
|
|
