SecuriTeam - HP OpenView Network Node Manager (OV NNM) Execution of Arbitrary Code

Security News - Security Reviews - Exploits - Tools - UNIX Focus - Windows Focus

Ask the Team
Mailing Lists
Advertising Info
Advisories
About SecuriTeam
Blogs

Brought to you by:

Suppliers of:

SecuriTeam in Your Inbox

New vulnerability?
New tool?
Tell us
(Our PGP key).

CanSecWest 2012

2nd Annual Cyber Security

Hack In Paris

A potential vulnerability has been identified with HP OpenView Network Node Manager (OV NNM). The vulnerability could be exploited remotely to execute arbitrary code.

Credit:
The information has been provided by HP Software Security Response Team.

Website Security Scan	Code Vulnerability Test	Network Assessment Tool
Detect hidden vulnerabilities	Exhaustive automated testing	Real-time, continuous security
Get guidance from professionals	of internal or 3rd party code.	scanning for your entire network

Protect your website!
Use an External Vulnerability Scanner!
Nothing to install. First report in 1 hour!
www.beyondsecurity.com/vulnerability-scanner

Vulnerable Systems:
* HP OpenView Network Node Manager (OV NNM) version 7.01, 7.51, 7.53 running on HP-UX, Linux, Solaris, and Windows

Patch Availability:
Patches are available to resolve the vulnerability for NNM version 7.53. HP has made archive files available to resolve the vulnerability for NNM v7.01.

The patches are available from http://support.openview.hp.com/selfsolve/patches

OV NNM v7.53
Operating System, Required Patch
HP-UX (IA), PHSS_39246 or subsequent
HP-UX (PA), PHSS_39245 or subsequent
Linux RedHatAS2.1, LXOV_00093 or subsequent
Linux RedHat4AS-x86_64, LXOV_00094 or subsequent
Solaris, PSOV_03519 or subsequent
Windows, NNM_01197 or subsequent

The archive files are available from: ftp://ss080125:ss080125@hprc.external.hp.com

To install the archive files for NNM v7.01:
1. Install the required patch listed below
2. Uncompress the archive (SSRT080125.701_IP12.hotfix.tar.gz)
3. Unpack the archive (SSRT080125.701_IP12.hotfix.tar)
4. ovstop -c
5. Follow the instructions in the README.txt file
6. ovstart -c

CVE Information:
CVE-2009-0720

blog comments powered by Disqus

	HP Data Protector LogBackupLocationStatus SQL Injection Vulnerabilty
	InduSoft WebStudio Unauthenticated Operations Code Execution Vulnerabilityy
	InduSoft WebStudio CEServer Operation 0x15 Code Execution Vulnerability
	HP Data Protector Notebook Extension RequestCopy SQL Injection Vulnerabilty
	HP Data Protector Notebook Extension LogClientInstallation SQL Injection Vulnerabilty
	HP Data Protector Notebook Extension GetPolicies SQL Injection Vulnerabilty
	GE Proficy Historian ihDataArchiver.exe Trusted Header Size Code Execution Vulnerability
	HP Data Protector Notebook Extension LogClientHealth SQL Injection Vulnerabilty
	HP Data Protector Notebook Extension LogCopyOperation SQL Injection Vulnerabilty
	HP Data Protector Notebook Extension FinishedCopy SQL Injection Vulnerabilty
	Novell ZENWorks Software Packaging ISGrid.Grid2.1 Text Parameter Code Execution Vulnerabilit
	Adobe Reader BMP Image RLE Decoding Code Execution Vulnerability
	Apple QuickTime H264 Matrix Conversion Code Execution Vulnerability
	Apple QuickTime FLC Delta Decompression Code Execution Vulnerability
	Apple Quicktime PnPixPat PatType 3 Parsing Code Execution Vulnerability