Update Protection against HP OpenView Network Node Manager nnmRptConfig.exe schd_select1 Remote Code Execution Vulnerability
| Check Point Reference: | CPAI-2011-037 | |
| Date Published: | ||
| Severity: | ||
| Last Updated: | ||
| Source: | Secunia Advisory: SA40686 | |
| Industry Reference(s): | CVE-2011-0269 | |
| Protection Provided by: |
Security Gateway
|
|
| Who is Vulnerable? HP OpenView Network Node Manager (OV NNM) 7.51 HP OpenView Network Node Manager (OV NNM) 7.53 | ||
| Vulnerability Description A buffer overflow vulnerability has been reported in the HP OpenView Network Node Manager (NNM) CGI program nnmRptConfig.exe. The Network Node Manager (NNM) is an HP OpenView product which manages networks. It determines and displays physical and logical connectivity in networks, as well as information referring to protocols running over the network. A remote attacker may exploit this issue to execute arbitrary code on an affected system. |
||
|
Update/Patch Available The vendor, HP, has released an advisory addressing this vulnerability. |
|
|
Vulnerability Details The vulnerability is due to a boundary error in the HP OpenView Network Node Manager (NNM) CGI program nnmRptconfig.exe when processing HTTP requests which contain a maliciously crafted schd_select1 parameter. A remote attacker can exploit this issue by sending a crafted HTTP request to a target server. Successful exploitation may allow the attacker to inject and execute arbitrary code on a target system. |
Protection Overview
This protection will detect and block malformed HTTP requests sent to the vulnerable service.
In order for the protection to be activated, update your Security Gateway product to the latest IPS update. For information on how to update IPS, go to SBP-2006-05, Protection taband select the version of your choice.
To configure the defense, select your product from the list below and follow the related protection steps.