Detections
Analytics

HP OpenView Network Node Manager Multiple Services Remote Overflow

critical Nessus Plugin ID 19707

Language:

Synopsis

Arbitrary code can be executed on the remote host due to a flaw in the HP OpenView Topology Manager Daemon.

Description

The remote host is running HP OpenView Topology Manager Daemon for IP discovery and layout.

The remote version of this software has a heap overflow vulnerability.

An unauthenticated attacker can exploit this flaw by sending a specialy crafted packet to the remote host. Successful exploitation of this vulnerability would result in remote code execution with the privileges of the daemon itself.

Note that other OV NNM services are affected by this flaw as well.

Solution

Install one of the patches listed in the advisory referenced above.

See Also

http://www.securityfocus.com/advisories/8372

Plugin Details

Severity: Critical

ID: 19707

File Name: hp_openview_nnm_overflow.nasl

Version: 1.17

Type: remote

Published: 9/15/2005

Updated: 7/12/2018

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.4

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 7.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/a:hp:openview_network_node_manager

Exploit Ease: No known exploits are available

Patch Publication Date: 4/5/2005

Vulnerability Publication Date: 4/5/2005

Reference Information

CVE: CVE-2005-1056

BID: 13029