‘HP OpenView Network Node Manager nnmRptConfig.exe Vulnerability’
‘The information has been provided by Aniway.
The original article can be found at: http://www.zerodayinitiative.com/advisories/ZDI-11-009/‘
Hewlett-Packard OpenView Network Node Manager
The specific flaw exists within the nnmRptConfig.exe module exposed by the webserver that listens by default on TCP port 80. A remote user can send an oversized schdParams or nameParams parameter via a POST request to one of the CGI functions of NNM to trigger a buffer overflow in this module. Exploitation of this issue leads to remote code execution under the context of the target service.
Hewlett-Packard has issued an update to correct this vulnerability. More details can be found at
2010-09-23 – Vulnerability reported to vendor
2011-01-10 – Coordinated public release of advisory’