CVE-2008-1842: Buffer Overflow
First published: Wed Apr 16 2008(Updated: )
Integer signedness error in ovspmd.exe in HP OpenView Network Node Manager (OV NNM) 8.01, and 7.53 and earlier, allows remote attackers to cause a denial of service (daemon crash) or execute arbitrary code via a long request to TCP port 8886 that begins with a certain negative integer, which passes a signed comparison and triggers a heap-based buffer overflow.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| HP OpenView Network Node Manager | =7.51 | |
| HP OpenView Network Node Manager | =4.11 | |
| HP OpenView Network Node Manager | =6.41 | |
| HP OpenView Network Node Manager | =5.0.1 | |
| HP OpenView Network Node Manager | =6.20 | |
| HP OpenView Network Node Manager | =6.2 | |
| HP OpenView Network Node Manager | =7.01 | |
| HP OpenView Network Node Manager | =7.0.1 | |
| HP OpenView Network Node Manager | =8.01 | |
| HP OpenView Network Node Manager | =5.01 | |
| HP OpenView Network Node Manager | =6.0.1 | |
| HP OpenView Network Node Manager | =6.1 | |
| HP OpenView Network Node Manager | =6.31 | |
| HP OpenView Network Node Manager | <=7.53 | |
| HP OpenView Network Node Manager | =6.10 | |
| HP OpenView Network Node Manager | =7.50 | |
| HP OpenView Network Node Manager | =6.4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://aluigi.altervista.org/adv/closedview-adv.txt
- http://aluigi.org/poc/closedview.zip
- http://www.securityfocus.com/bid/28689
- http://securitytracker.com/id?1019821
- http://secunia.com/advisories/29713
- http://marc.info/?l=bugtraq&m=121321155405849&w=2
- http://www.vupen.com/english/advisories/2008/1159
- https://exchange.xforce.ibmcloud.com/vulnerabilities/41737
- http://www.securityfocus.com/archive/1/493781/100/0/threaded
Frequently Asked Questions
What is the severity of CVE-2008-1842?
CVE-2008-1842 is considered to have a critical severity due to the potential for denial of service and arbitrary code execution.
How do I fix CVE-2008-1842?
To fix CVE-2008-1842, ensure that you upgrade HP OpenView Network Node Manager to a version higher than 8.01 or the patched versions recommended by HP.
Which versions of HP OpenView Network Node Manager are affected by CVE-2008-1842?
CVE-2008-1842 affects HP OpenView Network Node Manager versions up to and including 8.01, as well as various earlier versions.
What type of attack does CVE-2008-1842 enable?
CVE-2008-1842 allows remote attackers to perform denial of service attacks or execute arbitrary code via specifically crafted requests.
Is there a way to mitigate the risk of CVE-2008-1842 without upgrading?
Temporary mitigation for CVE-2008-1842 can be achieved by implementing network security measures, such as firewalls or access controls, to restrict access to TCP port 8886.
- agent/softwarecombine
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/last-modified-date
- agent/references
- agent/author
- agent/severity
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/hp
- canonical/hp openview network node manager
- version/hp openview network node manager/7.51
- version/hp openview network node manager/4.11
- version/hp openview network node manager/6.41
- version/hp openview network node manager/5.0.1
- version/hp openview network node manager/6.20
- version/hp openview network node manager/6.2
- version/hp openview network node manager/7.01
- version/hp openview network node manager/7.0.1
- version/hp openview network node manager/8.01
- version/hp openview network node manager/5.01
- version/hp openview network node manager/6.0.1
- version/hp openview network node manager/6.1
- version/hp openview network node manager/6.31
- version/hp openview network node manager/7.53
- version/hp openview network node manager/6.10
- version/hp openview network node manager/7.50
- version/hp openview network node manager/6.4