Integer signedness error in ovspmd.exe in HP OpenView Network Node Manager (OV NNM) 8.01, and 7.53 and earlier, allows remote attackers to cause a denial of service (daemon crash) or execute arbitrary code via a long request to TCP port 8886 that begins with a certain negative integer, which passes a signed comparison and triggers a heap-based buffer overflow.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Openview_network_node_manager | Hp | 7.51 | 7.51 |
Openview_network_node_manager | Hp | 4.11 | 4.11 |
Openview_network_node_manager | Hp | 6.41 | 6.41 |
Openview_network_node_manager | Hp | 5.0.1 | 5.0.1 |
Openview_network_node_manager | Hp | 6.20 | 6.20 |
Openview_network_node_manager | Hp | 6.2 | 6.2 |
Openview_network_node_manager | Hp | 7.01 | 7.01 |
Openview_network_node_manager | Hp | 7.0.1 | 7.0.1 |
Openview_network_node_manager | Hp | 8.01 | 8.01 |
Openview_network_node_manager | Hp | 5.01 | 5.01 |
Openview_network_node_manager | Hp | 6.0.1 | 6.0.1 |
Openview_network_node_manager | Hp | 6.1 | 6.1 |
Openview_network_node_manager | Hp | 6.31 | 6.31 |
Openview_network_node_manager | Hp | * | 7.53 |
Openview_network_node_manager | Hp | 6.10 | 6.10 |
Openview_network_node_manager | Hp | 7.50 | 7.50 |
Openview_network_node_manager | Hp | 6.4 | 6.4 |