CVE-2009-3848

Stack-based buffer overflow in nnmRptConfig.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via a long Template parameter, related to the vsprintf function.

CVSS v2.0 10.0 HIGH

10.0^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01950877	Patch Vendor Advisory
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01950877	Patch Vendor Advisory
http://marc.info/?l=bugtraq&m=126046355120442&w=2
http://www.securityfocus.com/archive/1/508346/100/0/threaded
http://www.securityfocus.com/bid/37261
http://www.securityfocus.com/bid/37296
http://zerodayinitiative.com/advisories/ZDI-09-096/
https://exchange.xforce.ibmcloud.com/vulnerabilities/54653
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01950877	Patch Vendor Advisory
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01950877	Patch Vendor Advisory
http://marc.info/?l=bugtraq&m=126046355120442&w=2
http://www.securityfocus.com/archive/1/508346/100/0/threaded
http://www.securityfocus.com/bid/37261
http://www.securityfocus.com/bid/37296
http://zerodayinitiative.com/advisories/ZDI-09-096/
https://exchange.xforce.ibmcloud.com/vulnerabilities/54653

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:hp:openview_network_node_manager:7.0.1::hp_ux:::::
	cpe:2.3:a:hp:openview_network_node_manager:7.0.1::linux:::::
	cpe:2.3:a:hp:openview_network_node_manager:7.0.1::solaris:::::
	cpe:2.3:a:hp:openview_network_node_manager:7.0.1::windows:::::
	cpe:2.3:a:hp:openview_network_node_manager:7.51:-:hp-ux:::::*
	cpe:2.3:a:hp:openview_network_node_manager:7.51:-:linux:::::*
	cpe:2.3:a:hp:openview_network_node_manager:7.51:-:solaris:::::*
	cpe:2.3:a:hp:openview_network_node_manager:7.51:-:windows:::::*
	cpe:2.3:a:hp:openview_network_node_manager:7.53:-:hp-ux:::::*
	cpe:2.3:a:hp:openview_network_node_manager:7.53:-:linux:::::*
	cpe:2.3:a:hp:openview_network_node_manager:7.53:-:solaris:::::*
	cpe:2.3:a:hp:openview_network_node_manager:7.53:-:windows:::::*

History

21 Nov 2024, 01:08

Type	Values Removed	Values Added
References	~~() http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01950877 - Patch, Vendor Advisory~~	() http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01950877 - Patch, Vendor Advisory
References	~~() http://marc.info/?l=bugtraq&m=126046355120442&w=2 -~~	() http://marc.info/?l=bugtraq&m=126046355120442&w=2 -
References	~~() http://www.securityfocus.com/archive/1/508346/100/0/threaded -~~	() http://www.securityfocus.com/archive/1/508346/100/0/threaded -
References	~~() http://www.securityfocus.com/bid/37261 -~~	() http://www.securityfocus.com/bid/37261 -
References	~~() http://www.securityfocus.com/bid/37296 -~~	() http://www.securityfocus.com/bid/37296 -
References	~~() http://zerodayinitiative.com/advisories/ZDI-09-096/ -~~	() http://zerodayinitiative.com/advisories/ZDI-09-096/ -
References	~~() https://exchange.xforce.ibmcloud.com/vulnerabilities/54653 -~~	() https://exchange.xforce.ibmcloud.com/vulnerabilities/54653 -

Information

Published : 2009-12-10 22:30

Updated : 2024-11-21 01:08

NVD link : CVE-2009-3848

Mitre link : CVE-2009-3848

CVE.ORG link : CVE-2009-3848

JSON object : View

Products Affected

openview_network_node_manager

CWE

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

10.0 /10