CVE-2011-3167

Related Files

HP OpenView Network Node Manager ov.dll _OVBuildPath Buffer Overflow

Posted Jan 20, 2012

Authored by sinn3r, Aniway, juan vazquez | Site metasploit.com

This Metasploit module exploits a stack buffer overflow in HP OpenView Network Node Manager 7.53 prior to NNM_01213 without the SSRT100649 hotfix. By specifying a long 'textFile' argument when calling the 'webappmon.exe' CGI program, an attacker can cause a stack-based buffer overflow and execute arbitrary code. The vulnerable code is within the "_OVBuildPath" function within "ov.dll". There are no stack cookies, so exploitation is achieved by overwriting the saved return address. The vulnerability is due to the use of the function "_OVConcatPath" which finally uses "strcat" in a insecure way. User controlled data is concatenated to a string which contains the OpenView installation path. To achieve reliable exploitation a directory traversal in OpenView5.exe (OSVDB 44359) is being used to retrieve OpenView logs and disclose the installation path.

tags | exploit, overflow, arbitrary, cgi

advisories | CVE-2011-3167, OSVDB-76775

SHA-256 | 26a5037665e807931d129cb3332a8855a52fd678003e154545e4f756a1452924

Download | Favorite | View

Zero Day Initiative Advisory 12-002

Posted Jan 6, 2012

Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 12-02 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of OpenView Network Node Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within ov.dll. When processing a user supplied file name for the textFile option, there exists an insufficient boundary check before supplying the value to a format string within _OVBuildPath, causing a stack overflow. This can lead to memory corruption which can be leveraged to execute arbitrary code under the context of the target service.

tags | advisory, remote, overflow, arbitrary

advisories | CVE-2011-3167

SHA-256 | f1580177567598e05d0e1d3eea87033ef77ed54ddde4cf3181022c29695f5d11

Download | Favorite | View

HP Security Bulletin HPSBMU02712 SSRT100649

Posted Nov 1, 2011

Authored by HP | Site hp.com

HP Security Bulletin HPSBMU02712 SSRT100649 - Potential security vulnerabilities have been identified with HP OpenView Network Node Manager (OV NNM). The vulnerabilities could be exploited remotely to execute arbitrary code under the context of the user running the web server. Revision 1 of this advisory.

tags | advisory, web, arbitrary, vulnerability

advisories | CVE-2011-3165, CVE-2011-3166, CVE-2011-3167

SHA-256 | 1f7ca5a0ae58a0027c35ec9e374f938ee845b96cf1e71c8adc37d2ab6740c547

Download | Favorite | View