Vulnerability

    NNM

Affected

    HP Openview Network Node Manager v6.1 (HP-UX 10.20, 11.00, Sun Solaris 2.X, Window NT4.X and Windows 2000)

Description

    Delphis Consulting Internet  Security Team (DCIST)  discovered the
    following vulnerability in HP Openview Node Manager under  Windows
    NT.  By using the Alarm service which is shipped and installed  by
    default with HP  openview network node  manager it is  possible to
    cause a Buffer overrun in OVALARMSRV overwriting the EIP  allowing
    the execution  of arbitry  code.   This is  done be  connecting to
    post  2345  which  the  port  resides  on by default and sending a
    large string.   The string  has to  be a  length of  4064 + EIP (4
    bytes) making a total of 4068 bytes.

Solution

    Currently there is no vendor patch available but the following are
    preventative measures  Delphis Consulting  Internet Security  Team
    would advise users running this service to implement:

        o Access  list  port  2345  on  the  next hop router for  only
          allowed hosts.

    Fixing the problem:

        HP-UX 11.00   HP-UX 10.X    SOLARIS 2.X    WinNT4.X/2000
        PHSS_22407    PHSS_22406    PSOV_02830     NNM_00621

    Please note the dependencies for each.