Reported September 26, 2000 by Delphis Consulting

VERSIONS AFFECTED
  • HP Openview Node Manager v6.1

DESCRIPTION

Running under Windows NT Server 4.0 (SP6), HP Openview Node Manager 6.1 is vulnerable to a buffer overrun that causes the system to stop responding.

DEMONSTRATION

An attacker has to simply connect to port 80 and send a large GET string that including the EIP is 136 bytes in length.  For example (will be wrapped);

http://127.0.0.1/OvCgi/OpenView5.exe?Context=SNMP&Action=SNMP&Host=&Oid=AA(x 132 bytes)

VENDOR RESPONSE

HP had been made aware of the vulnerability and has released a patch available at http://ovweb.external.hp.com/cpe/patches/

CREDIT
Discovered by Delphis Consulting