Back to search
CVE-2008-1842
Published: Apr 16, 2008
Modified: Aug 7, 2024
PUBLISHED
Description
Integer signedness error in ovspmd.exe in HP OpenView Network Node Manager (OV NNM) 8.01, and 7.53 and earlier, allows remote attackers to cause a denial of service (daemon crash) or execute arbitrary code via a long request to TCP port 8886 that begins with a certain negative integer, which passes a signed comparison and triggers a heap-based buffer overflow.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
http://aluigi.altervista.org/adv/closedview-adv.txt
x_refsource_MISC
SSRT080024
vendor-advisory
x_refsource_HP
hp-nnm-ovspmd-bo(41737)
vdb-entry
x_refsource_XF
HPSBMA02340
vendor-advisory
x_refsource_HP
SSRT080041
vendor-advisory
x_refsource_HP
http://aluigi.org/poc/closedview.zip
x_refsource_MISC
ADV-2008-1159
vdb-entry
x_refsource_VUPEN
28689
vdb-entry
x_refsource_BID
29713
third-party-advisory
x_refsource_SECUNIA
HPSBMA02338
vendor-advisory
x_refsource_HP
1019821
vdb-entry
x_refsource_SECTRACK
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now