CVE-2011-0270

Format string vulnerability in nnmRptConfig.exe in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to execute arbitrary code via format string specifiers in input data that involves an invalid template name.

Weakness

The product uses a function that accepts a format string as an argument, but the format string originates from an external source.

Affected Software

Name	Vendor	Start Version	End Version
Openview_network_node_manager	Hp	7.51 (including)	7.51 (including)
Openview_network_node_manager	Hp	7.53 (including)	7.53 (including)

Potential Mitigations

https://cwe.mitre.org/data/definitions/135.html
https://cwe.mitre.org/data/definitions/67.html

References

http://osvdb.org/70474
http://www.securityfocus.com/archive/1/515628
http://www.securityfocus.com/archive/1/515628
http://www.securityfocus.com/bid/45762
http://www.securitytracker.com/id?1024951
http://www.vupen.com/english/advisories/2011/0085
http://www.zerodayinitiative.com/advisories/ZDI-11-012/
https://exchange.xforce.ibmcloud.com/vulnerabilities/64646
http://osvdb.org/70474
http://www.securityfocus.com/archive/1/515628
http://www.securityfocus.com/archive/1/515628
http://www.securityfocus.com/bid/45762
http://www.securitytracker.com/id?1024951
http://www.vupen.com/english/advisories/2011/0085
http://www.zerodayinitiative.com/advisories/ZDI-11-012/
https://exchange.xforce.ibmcloud.com/vulnerabilities/64646

NVD	https://nvd.nist.gov/vuln/detail/CVE-2011-0270
CWE	https://cwe.mitre.org/data/definitions/134.html

Use of Externally-Controlled Format String

Weakness

Affected Software

Potential Mitigations

Related Attack Patterns

References