- - promotion
The SecuriTeam alerts list - Free, Accurate, Independent.
Get your security news from a reliable source.
http://www.securiteam.com/mailinglist.html
- - - - - - - - -
Hewlett-Packard OpenView Operations OVTrace Buffer Overflow
Vulnerabilities
------------------------------------------------------------------------
SUMMARY
<http://h20229.www2.hp.com/products/ovowin/index.html> OpenView
Operations software is "a suite of network management tools used to
monitor events on, and evaluate the performance of, hosts on the network.
The OVTrace component of this suite is used to log the actions being taken
by the other components of the suite in order to debug any problems that
may be occurring".
Remote exploitation of multiple stack-based buffer overflow
vulnerabilities in Hewlett-Packard Development Co.'s OpenView Operations
for Windows OVTrace service may allow an attacker to execute arbitrary
code with SYSTEM privileges.
DETAILS
Vulnerable Systems:
* HP OpenView version A.07.50 for Windows, with all patches applied as of
Jun 27, 2007.
* (Previous versions may also be affected.)
The vulnerabilities exist within functions responsible for handling
requests. These functions take a string from the request and copy it into
fixed-size stack buffers. Since the length has not been properly
validated, this results in an exploitable stack-based buffer overflow.
Exploitation of these vulnerabilities results in arbitrary code execution
with SYSTEM privileges.
The OVTrace service, while not crucial to normal operations, is started by
default. The OVTrace service is also present on systems that have only the
management console installed as well as systems that have a full
installation of the server and console installed.
Workaround:
Employing firewalls to limit access to the affected service will mitigate
exposure to these vulnerabilities.
Vendor Status:
Hewlett-Packard Co. has addressed these vulnerabilities by releasing
patches for all HP OpenView products that contain the Shared Trace Service
component. For more information consult the following HP Support
Documents; c01106515, c01109171, c01109584, c01109617, c01110576,
c01110627, c01111851, c01112038, c01114023, c01114156, c01115068 at the
URLs shown below.
<http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01106515> http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01106515
<http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01109171> http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01109171
<http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01109584> http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01109584
<http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01109617> http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01109617
<http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01110576> http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01110576
<http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01110627> http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01110627
<http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01111851> http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01111851
<http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01112038> http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01112038
<http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01114023> http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01114023
<http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01114156> http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01114156
<http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01115068> http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01115068
CVE Information:
<http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3872>
CVE-2007-3872
Disclosure Timeline:
* 07/12/2007 - Initial vendor notification
* 07/13/2007 - Initial vendor response
* 08/09/2007 - Coordinated public disclosure
ADDITIONAL INFORMATION
The information has been provided by iDefense.
The original article can be found at:
<http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=574>
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=574
========================================
This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com
====================
====================
DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.
No comments:
Post a Comment