Update Protection against HP OpenView Network Node Manager OvWebHelp.exe Buffer Overflow Vulnerability
| Check Point Reference: | CPAI-2009-332 | |
| Date Published: | ||
| Severity: | ||
| Last Updated: | ||
| Source: | Secunia Advisory: SA37665 | |
| Industry Reference(s): | CVE-2009-4178 | |
| Protection Provided by: |
Security Gateway
|
|
| Who is Vulnerable? HP OpenView Network Node Manager (OV NNM) 7.01 HP OpenView Network Node Manager (OV NNM) 7.51 HP OpenView Network Node Manager (OV NNM) 7.53 | ||
| Vulnerability Description A buffer overflow vulnerability has been reported in HP OpenView Network Node Manager (NNM). The NNM is an HP OpenView product which manages networks. It determines and displays physical and logical connectivity in networks, as well as information referring to protocols running over the network. A remote attacker could exploit this vulnerability to inject and execute arbitrary code on a target server. |
||
|
Update/Patch Available Apply patches: HP Support Document ID: c01950877 |
|
|
Vulnerability Details The vulnerability is due to a boundary error in HP OpenView Network Node Manager when the CGI program OvWebHelp.exe processes the Topic variable in an HTTP POST request. To trigger this issue, a remote attacker can send a specially crafted HTTP POST request to a vulnerable server. Successful exploitation may allow the attacker to inject and execute arbitrary code on the target system, or cause the affected process to terminate abnormally. |
Protection Overview
This protection will detect and block crafted HTTP POST requests sent to the vulnerable server.
In order for the protection to be activated, update your Security Gateway product to the latest IPS update. For information on how to update IPS, go to SBP-2006-05, Protection tab and select the version of your choice.
To configure the defense, select your product from the list below and follow the related protection steps.