HP OpenView Network Node Manager getnnmdata.exe CGI MaxAge buffer overflowAdded: 05/21/2010
BackgroundHP OpenView Network Node Manager is network availability and performance management software.
ProblemA buffer overflow vulnerability in Network Node Manager allows remote attackers to execute arbitrary commands by sending a request for the getnnmdata.exe CGI program with a specially crafted MaxAge parameter.
ResolutionApply the fix referenced in HPSBMA02527 SSRT010098.
LimitationsExploit works on HP OpenView Network Node Manager 7.53.
On Windows Server 2003, Read and Execute privileges on the file '%windir%\system32\cmd.exe' must be granted to the Internet Guest Account "IUSR_<computername>" for the exploit to work properly.
Back to exploit index