CVE-2010-2703

Related Files

HP NNM CGI webappmon.exe execvp Buffer Overflow

Posted Mar 23, 2011

Authored by sinn3r, Shahin | Site metasploit.com

This Metasploit module exploits a buffer overflow in HP NNM's webappmon.exe. The vulnerability occurs when function "execvp_nc" fails to do any bounds-checking before strcat is used to append user-supplied input to a buffer.

tags | exploit, overflow

advisories | CVE-2010-2703, OSVDB-66514

SHA-256 | bf5a083c853de0a9689a85f8964a561ceaf21211433507a6060dcd2fcafba338

Download | Favorite | View

Month Of Abysssec Undisclosed Bugs - HP OpenView NNM

Posted Sep 8, 2010

Authored by Abysssec, Shahin | Site abysssec.com

Month Of Abysssec Undisclosed Bugs - HP OpenView NNM suffers from a remote code execution vulnerability in webappmon.exe.

tags | exploit, remote, code execution

advisories | CVE-2010-2703

SHA-256 | 12ef3455516aa84e3f29c5a3ac446c11e7008731039e239c72ffb0cfe850f707

Download | Favorite | View

Month Of Abysssec Undisclosed Bugs - HP OpenView NNM

Posted Sep 8, 2010

Authored by Abysssec, Shahin | Site abysssec.com

Month Of Abysssec Undisclosed Bugs - HP OpenView NNM suffers from a remote code execution vulnerability in webappmon.exe.

tags | advisory, remote, code execution

advisories | CVE-2010-2703

SHA-256 | 710c1a5cb834ba899d29c9c85f5b1dae4fb8987d5eb5a2c32d178d3639543f12

Download | Favorite | View

Zero Day Initiative Advisory 10-137

Posted Jul 22, 2010

Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 10-137 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett-Packard OpenView Network Node Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ov.dll module which is loaded by the webappmon.exe CGI program. This DLL defines a function execvp_nc which unsafely concatenates a controllable command string into a statically allocated stack buffer. By supplying overly large values to variables passed through an HTTP request a strcat_new can be made to overflow this buffer. An attacker can leverage this to execute arbitrary code under the context of the user running the webserver.

tags | advisory, remote, web, overflow, arbitrary, cgi

advisories | CVE-2010-2703

SHA-256 | 4357fb05cdbff5f38d74f3d1f6bd8c381ce35de1debafee648b5140a050a7975

Download | Favorite | View

HP OpenView Network Node Manager nnmrptconfig.exe Buffer Overflow

Posted Jul 22, 2010

Authored by Sebastien Renaud | Site vupen.com

VUPEN Vulnerability Research Team discovered a critical vulnerability in HP OpenView Network Node Manager (OV NNM). This vulnerability is caused by a buffer overflow error in the "nnmrptconfig.exe" CGI when processing an overly long parameter value, which could be exploited by remote unauthenticated attackers to execute arbitrary code.

tags | advisory, remote, overflow, arbitrary, cgi

advisories | CVE-2010-2703

SHA-256 | 1117cd79239d8fd237e9ff9b178664136be4d9c9bfe965119bf853f606ba7bdc

Download | Favorite | View

HP Security Bulletin HPSBMA02557 SSRT100025

Posted Jul 21, 2010

Authored by Hewlett Packard | Site hp.com

HP Security Bulletin - A potential vulnerability has been identified with HP OpenView Network Node Manager (OV NNM) running on Windows. The vulnerability could be exploited remotely to execute arbitrary code.

tags | advisory, arbitrary

systems | windows

advisories | CVE-2010-2703

SHA-256 | ad437943a99a94a28a643b15ae3422e9d2fa3ce412d8fefb9c02b0cf8f0668f2

Download | Favorite | View