Privacy and Legal Notice

DOE-CIRC TECHNICAL BULLETIN

T-129: HP OpenView Network Node Manager 'ovalarmsrv.exe' Remote Code Execution Vulnerability

[CVE-2009-2438]

May 8, 2009 13:00 GMT
PROBLEM: HP OpenView Network Node Manager (NNM) is prone to a remote code-execution vulnerability caused by an integer-overflow error.
PLATFORM: HP OpenView Network Node Manager 7.53 HP OpenView Network Node Manager 7.51 HP OpenView Network Node Manager 7.01
ABSTRACT: The vulnerability is caused due to an integer overflow in ovalarmsrv.exe and can be exploited to cause a heap-based buffer overflow via specially crafted commands sent to port 2954/TCP.
LINKS:  
  DOE-CIRC BULLETIN: http://www.doecirc.energy.gov/bulletins/t-129.shtml
  OTHER LINKS: Security Focus
http://www.securityfocus.com/bid/34738/info
http://www.securityfocus.com/archive/1/503024
Secunia
http://secunia.com/secunia_research/2008-38/
CVE: CVE-2008-2438
IMPACT ASSESSMENT This risk is medium. Successful exploitation may allow execution of arbitrary code and system compromise. 
[***** Start CVE-2009-2438 *****]
Discussion:
HP OpenView Network Node Manager (NNM) is prone to a remote code-execution vulnerability caused by an integer-overflow
error.  Successfully exploiting this issue allows an attacker to execute arbitrary code with the privileges of the user
running the affected application.

Affected Versions:
HP OpenView Network Node Manager 7.53
HP OpenView Network Node Manager 7.51
HP OpenView Network Node Manager 7.01

Solution:
The vendor has released an advisory and updates. 

HP OpenView Network Node Manager 7.53

    * HP LXOV_00093
      Linux RedHatAS2.1
      http://support.openview.hp.com/selfsolve/patches


    * HP LXOV_00094
      Linux RedHat4AS-x86_64
      http://support.openview.hp.com/selfsolve/patches


    * HP NNM_01197
      Windows
      http://support.openview.hp.com/selfsolve/patches


    * HP PHSS_39245
      HP-UX (PA)
      http://support.openview.hp.com/selfsolve/patches


    * HP PHSS_39246
      HP-UX (IA)
      http://support.openview.hp.com/selfsolve/patches


    * HP PSOV_03519
      Solaris
      http://support.openview.hp.com/selfsolve/patches


HP OpenView Network Node Manager 7.01

    * HP SSRT080125.701_IP12.hotfix.tar.gz
      Windows
      ftp://ss080125:ss080125@hprc.external.hp.com

[***** End CVE-2009-2438 *****]
DOECIRC services are available to DOE, DOE Contractors, and the NIH. DOE-CIRC can be contacted at: 
    Voice:          866-941-2472
    E-mail:          doecirc@doecirc.energy.gov
    World Wide Web:  http://www.doecirc.energy.gov
UCRL-MI-119788