CVE-2010-1964

Related Files

HP OpenView Network Node Manager ovwebsnmpsrv.exe main Buffer Overflow

Posted Mar 24, 2011

Authored by jduck | Site metasploit.com

This Metasploit module exploits a stack buffer overflow in HP OpenView Network Node Manager 7.53 prior to NNM_01203. By specifying a long 'arg' parameter when executing the 'jovgraph.exe' CGI program, an attacker can cause a stack-based buffer overflow and execute arbitrary code. This vulnerability is triggerable via either a GET or POST request. The buffer being written to is 1024 bytes in size. It is important to note that this vulnerability must be exploited by overwriting SEH. Otherwise, CVE-2010-1961 is triggered! The vulnerable code is within the "main" function within "ovwebsnmpsrv.exe" with a timestamp prior to April 7th, 2010. There are no stack cookies, so exploitation is easily achieved by overwriting SEH structures. There exists some unreliability when running this exploit. It is not completely clear why at this time, but may be related to OVWDB or session management. Also, on some attempts OV NNM may report invalid characters in the URL. It is not clear what is causing this either.

tags | exploit, overflow, arbitrary, cgi

advisories | CVE-2010-1964, OSVDB-65552

SHA-256 | 6b4d95471d68cca9d3ef11a5eae191b4a98a078054233598f568e7012765400b

Download | Favorite | View

HP NNM 7.53 ovwebsnmpsrv.exe Buffer Overflow

Posted Jul 7, 2010

Authored by bitform

HP NNM version 7.53 suffers from a buffer overflow vulnerability in ovwebsnmpsrv.exe.

tags | exploit, overflow

advisories | CVE-2010-1964

SHA-256 | 6eeaab66bff0c4a05ace7074273ab99bbee5174fa6079fd37637c4ceb165dd30

Download | Favorite | View

Zero Day Initiative Advisory 10-108

Posted Jun 17, 2010

Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 10-108 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett-Packard OpenView Network Node Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ovwebsnmpsrv.exe process which can be reached remotely through the jovgraph.exe CGI program. By supplying overly large values to variables passed through an HTTP request a strcpy call within the main() function can be made to overflow a static buffer. An attacker can leverage this to execute arbitrary code under the context of the user running the webserver.

tags | advisory, remote, web, overflow, arbitrary, cgi

advisories | CVE-2010-1964

SHA-256 | 00278e85899dd283e140d40875be47b96c833e538416bebb14d77122837ee655

Download | Favorite | View