Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
Subject: DST2K0014: BufferOverrun in HP Openview Network Node Manager v6.1 (Round2)
From: Security Team (SecurityTeamDELPHISPLC.COM)
Date: Tue Sep 26 2000 - 00:53:22 CDT
- Next message: Steve: "UPDATE: DoS Attack in Eserv 2.92"
- Previous message: Georgi Guninski: "IE 5.5/Outlook Express security vulnerability - GetObject() expose user's files"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Delphis Consulting Plc
Security Team Advisories
Adv : DST2K0014
Title : BufferOverrun in HP Openview Network Node Manager
Author : DCIST (securityteamdelphisplc.com)
O/S : Microsoft Windows NT v4.0 Server (SP6)
Product : HP Openview Node Manager v6.1
Date : 13/06/2000
Vendor URL: http://www.openview.hp.com/
Delphis Consulting Internet Security Team (DCIST) discovered the following
vulnerability in HP Openview Node Manager under Windows NT.
By using the OverView5 CGI interface which is shipped and installed by
default with HPOpenView network node manager it is possible to cause a
BufferOverRun in SNMP.EXE. This is done be connecting to port 80 which the
WWW service resides on by default and sending a large GET string. The string
has to be a length of 132 + EIP (4 bytes making a total of 136 bytes). This
will cause the above application to BufferOverRun over writing EIP.
Example: (URL will be wrapped)
Vendor Status: Informed
We are happy to announce a patch for the above advisory:
HPID: HPSBUX0009-121 Sec. Vulnerability OpenView NNM Object IDs
We would like to take this opportunity to thank everyone at HP on how
responsive they have been to our research over the past 3 months.
THE INFORMATION CONTAINED IN THIS ADVISORY IS BELIEVED TO BE ACCURATE AT
THE TIME OF PRINTING, BUT NO REPRESENTATION OR WARRANTY IS GIVEN, EXPRESS OR
IMPLIED, AS TO ITS ACCURACY OR COMPLETENESS. NEITHER THE AUTHOR NOR THE
PUBLISHER ACCEPTS ANY LIABILITY WHATSOEVER FOR ANY DIRECT, INDIRECT OR
CONSEQUENTIAL LOSS OR DAMAGE ARISING IN ANY WAY FROM ANY USE OF, OR RELIANCE
PLACED ON, THIS INFORMATION FOR ANY PURPOSE.
This e-mail and any files transmitted with it are intended solely for the
addressee and are confidential. They may also be legally
privileged.Copyright in them is reserved by Delphis Consulting PLC
["Delphis"] and they must not be disclosed to, or used by, anyone other than
the addressee.If you have received this e-mail and any accompanying files in
error, you may not copy, publish or use them in any way and you should
delete them from your system and notify us immediately.E-mails are not
secure. Delphis does not accept responsibility for changes to e-mails that
occur after they have been sent. Any opinions expressed in this e-mail may
be personal to the author and may not necessarily reflect the opinions of
** TO UNSUBSCRIBE, send the command "UNSUBSCRIBE win2ksecadvice"
** FOR A WEEKLY DIGEST, send the command "SET win2ksecadvice DIGEST"
SEND ALL COMMANDS TO: listservlistserv.ntsecurity.net