---------------------------------------------------------------------- Secunia is pleased to announce the release of the annual Secunia report for 2008. Highlights from the 2008 report: * Vulnerability Research * Software Inspection Results * Secunia Research Highlights * Secunia Advisory Statistics Request the full 2008 Report here: http://secunia.com/advisories/try_vi/request_2008_report/ Stay Secure, Secunia ---------------------------------------------------------------------- TITLE: HP OpenView Network Node Manager "ovalarmsrv" Integer Overflow SECUNIA ADVISORY ID: SA31672 VERIFY ADVISORY: http://secunia.com/advisories/31672/ DESCRIPTION: Secunia Research has discovered a vulnerability in HP OpenView Network Node Manager, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to an integer overflow error in "ovalarmsrv.exe" and can be exploited to cause a heap-based buffer overflow via a specially crafted command sent to port 2954/TCP. Successful exploitation may allow execution of arbitrary code. The vulnerability is confirmed in version 7.53 for Windows and reportedly also affects versions 7.01, 7.51, and 7.53 running on HP-UX, Linux, Solaris, and Windows. SOLUTION: Apply patches. -- OV NNM v7.53 -- HP-UX (IA): PHSS_39246 or subsequent HP-UX (PA): PHSS_39245 or subsequent Linux RedHatAS2.1: LXOV_00093 or subsequent Linux RedHat4AS-x86_64: LXOV_00094 or subsequent Solaris: PSOV_03519 or subsequent Windows: NNM_01197 or subsequent -- OV NNM v7.51 -- Upgrade to NNM v7.53 and apply the NNM 7.53 resolution listed above. ftp://nnm_753:update@hprc.external.hp.com/ -- OV NNM v7.01 with Intermediate Patch 12 -- HP-UX (PA): Apply PHSS_38761. Archive File: SSRT080125.701_IP12.hotfix.tar MD5sum: dbe7aec4e4a800c13eee0a46cd93f516 Solaris: Apply PSOV_03516. Archive File: SSRT080125.701_IP12.hotfix.tar MD5sum: dbe7aec4e4a800c13eee0a46cd93f516 Windows: Apply NNM_01194. Archive File: SSRT080125.701_IP12.hotfix.tar MD5sum: dbe7aec4e4a800c13eee0a46cd93f516 PROVIDED AND/OR DISCOVERED BY: Dyon Balding, Secunia Research. ORIGINAL ADVISORY: Secunia Research: http://secunia.com/secunia_research/2008-38/ HPSBMA02424 SSRT080125: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01723303 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------