Home Page | Skip to Navigation | Skip to Content | Skip to Search | Skip to Footer

Update Protection against HP OpenView Products OVTrace Service Stack Buffer Overflow Vulnerability

Subscribe

Check Point Reference: CPAI-2008-065
Date Published:
Severity:
Source: Secunia Advisory: SA26394
Industry Reference(s): CVE-2007-3872
Protection Provided by: VPN-1
  • NGX R65
  • NGX R62
  • NGX R61
  • NGX R60
  • NG with Application Intelligence R55
VSX
  • NGX
  • NGX R65
InterSpect
  • NGX
Connectra
  • NGX R62
  • NGX R61
Who is Vulnerable?
HP OpenView Business Process Insight (OVBPI) 1.x
HP OpenView Business Process Insight (OVBPI) 2.x
HP OpenView Dashboard 2.x
HP OpenView Internet Service (OVIS) 6.x
HP OpenView Network Node Manager 6.x
HP OpenView Network Node Manager 7.x
HP OpenView Operations Manager for Windows (OVOW) 7.x
HP OpenView OVO Agents 8.x
HP OpenView Performance Agent (OVPA) 4.x
HP OpenView Performance Insight (OVPI) 5.x
HP OpenView Performance Manager (OVPM) 5.x
HP OpenView Performance Manager (OVPM) 6.x
HP OpenView Quality Manager (OV SQM) 1.x
HP OpenView Reporter 3.x
HP OpenView Service Desk Process Insight (SDPI) 1.x
HP OpenView Service Desk Process Insight (SDPI) 2.x
HP OpenView Operations HTTPS Agent 8.x
HP OpenView Service Quality Manager (OV SQM) 1.x
Vulnerability Description
A buffer overflow vulnerability was reported in HP OpenView products OVTrace server. OpenView product consists of a suite of network and systems management software applications that include hundreds of optional modules and components. A remote attacker may exploit this issue to execute arbitrary code on a vulnerable system.
Update/Patch Available
Install Hotfix:
HPSBMA02235 SSRT061260 rev.1
Vulnerability Details
The vulnerability is due to a boundary error in HP OVTrace server that fails to properly process trace requests. In order to exploit this vulnerability, an attacker can send a specially crafted trace request to a vulnerable server.  Successful exploitation may allow the attacker to inject and execute arbitrary code on the target system.

Protection Overview
By enabling this protection, SmartDefense will detect and block crafted requests sent to the vulnerable server.

In order for the protection to be activated, update your VPN-1/InterSpect/Connectra product to the latest SmartDefense update. For information on how to update SmartDefense, go to SBP-2006-05, Protection tab and select the version of your choice.

To configure the defense, select your product from the list below and follow the related protection steps.

VPN-1 NGX R65 & R62

How Can I Protect My Network?
1. In the SmartDefense tab, click Application Intelligence > HP Products.
2. Select the following:

Block HP OpenView Trace Request Vulnerability

3. In the configuration pane, under Settings > Mode, check Active.
4. Install policy on all modules.

How Do I Know if My Network is Under Attack?
SmartView Tracker will log the following entries:

Attack Name: HP Products Protection Violation
Attack Information: HP OpenView trace request buffer overflow vulnerability

VPN-1 NGX R61 & R60

How Can I Protect My Network?
1. In the SmartDefense tree, click Application Intelligence > HP Products.
2. Select the following:

Block HP OpenView Trace Request Vulnerability

3. Install policy on all modules.

How Do I Know if My Network is Under Attack?
SmartView Tracker will log the following entries:

Attack Name: HP Products Protection Violation
Attack Information: HP OpenView trace request buffer overflow vulnerability

VPN-1 NG with Application Intelligence R55

How Can I Protect My Network?
1. In the SmartDefense tree, click Application Intelligence > HP Products.
2. Select the following:

Block HP OpenView Trace Request Vulnerability

3. Install policy on all modules.

How Do I Know if My Network is Under Attack?
Rule #99913 will appear on the SmartView Tracker.

VPN-1 VSX NGX R65

How Can I Protect My Network?
1. In the SmartDefense tab, click Application Intelligence > HP Products.
2. Select the following:

Block HP OpenView Trace Request Vulnerability

3. In the configuration pane, under Settings > Mode, check Active.
4. Install policy on all modules.

How Do I Know if My Network is Under Attack?
SmartView Tracker will log the following entries:

Attack Name: HP Products Protection Violation
Attack Information: HP OpenView trace request buffer overflow vulnerability

VPN-1 VSX NGX

How Can I Protect My Network?
1. In the SmartDefense tree, click Application Intelligence > HP Products.
2. Select the following:

Block HP OpenView Trace Request Vulnerability

3. Install policy on all modules.

How Do I Know if My Network is Under Attack?
Rule #99913 will appear on the SmartView Tracker.

InterSpect NGX

How Can I Protect My Network?
1. In the left pane, select Profiles > Default Protection and select the SmartDefense page of the profile.
2. In the SmartDefense tree, click Application Intelligence > HP Products.
3. Select the following protection:

Block HP OpenView Trace Request Vulnerability

4. Install security policy on all modules.

How Do I Know if My Network is Under Attack?
SmartView Tracker will log the following entries:

Attack Name: HP Products Protection Violation
Attack Information: HP OpenView trace request buffer overflow vulnerability

Connectra NGX R62 & R61

How Can I Protect My Network?
1. In the left-hand menu, click Security > SmartDefense > Application Intelligence.
2. In the Dynamic Attacks pane, select the following protection:

Block HP OpenView Trace Request Vulnerability

3. Install policy on all modules.

How Do I Know if My Network is Under Attack?
Upon attack, the following entries will be logged:

Attack Name: HP Products Protection Violation
Attack Information: HP OpenView trace request buffer overflow vulnerability