OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: DST2K0012: BufferOverrun in HP Openview Network Node Manager v6.1
From: Security Team (securityteamDELPHISPLC.COM)
Date: Thu Jun 08 2000 - 08:21:02 CDT


> ==========================================================================
> ======
> Delphis Consulting Plc
> ==========================================================================
> ======
>
> Security Team Advisories
> [06/06/2000]
>
>
> securityteamdelphisplc.com
> [http://www.delphisplc.com/thinking/whitepapers/]
>
> ==========================================================================
> ======
> Adv : DST2K0012
> Title : BufferOverrun in HP Openview Network Node Manager v6.1
> Author : DCIST (securityteamdelphisplc.com)
> O/S : Microsoft Windows NT v4.0 Workstation (SP6)
> Product : HP Openview Network Node Manager v6.1
> Date : 06/06/2000
>
> I. Description
>
> II. Solution
>
> III. Disclaimer
>
>
> ==========================================================================
> ======
>
>
> I. Description
> ==========================================================================
> ======
>
> Vendor URL: http://www.openview.hp.com/
>
> Delphis Consulting Internet Security Team (DCIST) discovered the following
> vulnerability in HP Openview Node Manager under Windows NT.
>
> Severity: high
>
> By using the Alarm service which is shipped and installed by default with
> HP
> openview network node manager it is possible to cause a Buffer overrun in
> OVALARMSRV overwriting the EIP allowing the execution of arbitry code.
> This
> is done be connecting to post 2345 which the port resides on by default
> and
> sending a large string. The string has to be a length of 4064 + EIP (4
> bytes)
> making a total of 4068 bytes.
>
>
> II. Solution
> ==========================================================================
> ======
>
> Vendor Status: Informed
>
> Currently there is no vendor patch available but the following are
> preventative
> measures Delphis Consulting Internet Security Team would advise users
> running
> this service to implement.
>
> o Access list port 2345 on the next hop router for only allowed hosts.
>
> III. Disclaimer
> ==========================================================================
> ======
> THE INFORMATION CONTAINED IN THIS ADVISORY IS BELIEVED TO BE ACCURATE AT
> THE TIME OF PRINTING, BUT NO REPRESENTATION OR WARRANTY IS GIVEN, EXPRESS
> OR
> IMPLIED, AS TO ITS ACCURACY OR COMPLETENESS. NEITHER THE AUTHOR NOR THE
> PUBLISHER ACCEPTS ANY LIABILITY WHATSOEVER FOR ANY DIRECT, INDIRECT OR
> CONSEQUENTIAL LOSS OR DAMAGE ARISING IN ANY WAY FROM ANY USE OF, OR
> RELIANCE
> PLACED ON, THIS INFORMATION FOR ANY PURPOSE.
> ==========================================================================
> ======