This Metasploit module exploits a stack buffer overflow in HP OpenView Network Node Manager 7.53 prior to NNM_01203. By making a specially crafted HTTP request to the "snmpviewer.exe" CGI program, an attacker can cause a stack-based buffer overflow and execute arbitrary code. The vulnerable code lies within the a function within "snmpviewer.exe" with a timestamp prior to April 7th, 2010. This vulnerability is triggerable via either a GET or POST request. The request must contain 'act' and 'app' parameters which, when combined, total more than the 1024 byte stack buffer can hold.
941d626b048888e533b6035864853431c8dc16bff0ae357bda104698ffecbf13HP Security Bulletin - Potential security vulnerabilities have been identified with HP OpenView Network Node Manager (OV NNM). These vulnerabilities could be exploited remotely to execute arbitrary code.
b8679c50a8aa94d63d460ccd120eae4f0fa1767849203be1affb0687ac3f1934Zero Day Initiative Advisory 10-083 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Network Node Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the snmpviewer.exe CGI. The doLoad function in this process calls sprintf() with a %s format specifier and unsanitized user input retrieved from two separate POST variables (act and app). By providing large enough strings a remote attacker can cause a stack-based buffer overflow and eventually execute arbitrary code under the context of the webserver process.
a162ea1fc08bd65d90da71128b74814b91dad7d4350ac1ae03a0c841a0a550b3
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed