ID CVE-2011-3167
Summary Unspecified vulnerability in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1210.
References
Vulnerable Configurations
  • HP OpenView Network Node Manager 7.51
    cpe:2.3:a:hp:openview_network_node_manager:7.51
  • HP OpenView Network Node Manager 7.53
    cpe:2.3:a:hp:openview_network_node_manager:7.53
CVSS
Base: 10.0 (as of 03-11-2011 - 09:19)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
exploit-db via4
description HP OpenView Network Node Manager ov.dll _OVBuildPath Buffer Overflow. CVE-2011-3167. Remote exploit for windows platform
id EDB-ID:18388
last seen 2016-02-02
modified 2012-01-20
published 2012-01-20
reporter metasploit
source https://www.exploit-db.com/download/18388/
title HP OpenView Network Node Manager ov.dll _OVBuildPath Buffer Overflow
metasploit via4
description This module exploits a stack buffer overflow in HP OpenView Network Node Manager 7.53 prior to NNM_01213 without the SSRT100649 hotfix. By specifying a long 'textFile' argument when calling the 'webappmon.exe' CGI program, an attacker can cause a stack-based buffer overflow and execute arbitrary code. The vulnerable code is within the "_OVBuildPath" function within "ov.dll". There are no stack cookies, so exploitation is achieved by overwriting the saved return address. The vulnerability is due to the use of the function "_OVConcatPath" which finally uses "strcat" in an insecure way. User controlled data is concatenated to a string which contains the OpenView installation path. To achieve reliable exploitation a directory traversal in OpenView5.exe (OSVDB 44359) is being used to retrieve OpenView logs and disclose the installation path. If the installation path cannot be guessed the default installation path is used.
id MSF:EXPLOIT/WINDOWS/HTTP/HP_NNM_OVBUILDPATH_TEXTFILE
last seen 2019-03-26
modified 2017-09-14
published 2012-01-18
reliability Normal
reporter Rapid7
source https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/http/hp_nnm_ovbuildpath_textfile.rb
title HP OpenView Network Node Manager ov.dll _OVBuildPath Buffer Overflow
nessus via4
NASL family Gain a shell remotely
NASL id HP_NNM_MULTIPLE_CODE_EXECUTION.NASL
description The installed version of HP Network Node Manager is affected by the following vulnerabilities : - A remote code execution vulnerability exists because the 'nnmRptConfig.exe' CGI application does not adequately validate user-supplied input. (CVE-2011-3165) - A remote code execution vulnerability exists within ov.dll. Insufficient boundary checking before supplying the value to a format string within _OVBuildPath can cause a stack overflow, leading to memory corruption, which could allow an attacker to execute arbitrary code within the context of the target service. (CVE-2011-3166) - A remote code execution vulnerability exists within the webappmon.exe CGI program. The vulnerability is due an insufficient boundary check before supplying a format string with the values. This causes a stack overflow, which can lead to memory corruption that can be exploited to execute arbitrary code within the context of the target service. (CVE-2011-3167)
last seen 2019-02-21
modified 2018-11-15
plugin id 58516
published 2012-03-28
reporter Tenable
source https://www.tenable.com/plugins/index.php?view=single&id=58516
title HP OpenView Network Node Manager Multiple Code Execution Vulnerabilities (HPSBMU02712 SSRT100649)
packetstorm via4
data source https://packetstormsecurity.com/files/download/108874/hp_nnm_ovbuildpath_textfile.rb.txt
id PACKETSTORM:108874
last seen 2016-12-05
published 2012-01-20
reporter sinn3r
source https://packetstormsecurity.com/files/108874/HP-OpenView-Network-Node-Manager-ov.dll-_OVBuildPath-Buffer-Overflow.html
title HP OpenView Network Node Manager ov.dll _OVBuildPath Buffer Overflow
refmap via4
hp
  • HPSBMU02712
  • SSRT100649
sectrack 1026260
sreason 8484
saint via4
bid 50471
description HP OpenView Network Node Manager OVBuildPath Overflow
id net_ovnodemgrver
osvdb 76775
title openview_nnm_ovbuildpath
type remote
Last major update 14-02-2012 - 23:09
Published 02-11-2011 - 13:55
Back to Top