COMMAND

    NNM

SYSTEMS AFFECTED

    HP Openview Network Node Manager v6.1 (HP-UX 10.20, 11.00, Sun Solaris 2.X, Window NT4.X and Windows 2000)

PROBLEM

    Delphis Consulting Internet  Security Team (DCIST)  discovered the
    following vulnerability in HP Openview Node Manager under  Windows
    NT.  By using the Alarm service which is shipped and installed  by
    default with HP  openview network node  manager it is  possible to
    cause a Buffer overrun in OVALARMSRV overwriting the EIP  allowing
    the execution  of arbitry  code.   This is  done be  connecting to
    post  2345  which  the  port  resides  on by default and sending a
    large string.   The string  has to  be a  length of  4064 + EIP (4
    bytes) making a total of 4068 bytes.

SOLUTION

    Currently there is no vendor patch available but the following are
    preventative measures  Delphis Consulting  Internet Security  Team
    would advise users running this service to implement:

        o Access  list  port  2345  on  the  next hop router for  only
          allowed hosts.

    Fixing the problem:

        For HP-UX release 10.20 install patch PHSS_22061
            HP-UX release 11.00 install patch PHSS_22062.
        For Sun Solaris 2.X use PSOV_02767,
        Microsoft products use NNM_00581.

    Please note the dependencies for each.