CVE-2008-1842

Name of the Vulnerable Software and Affected Versions HP OpenView Network Node Manager (OV NNM) versions 7.53 and earlier HP OpenView Network Node Manager (OV NNM) version 8.01

Description The issue is caused by an integer signedness error in ovspmd.exe, which allows remote attackers to cause a denial of service or execute arbitrary code via a long request to TCP port 8886. The request must begin with a certain negative integer, which passes a signed comparison and triggers a heap-based buffer overflow.

Recommendations For HP OpenView Network Node Manager (OV NNM) versions 7.53 and earlier, update to a version later than 7.53 to resolve the issue. For HP OpenView Network Node Manager (OV NNM) version 8.01, update to a version later than 8.01 to resolve the issue. As a temporary workaround, consider restricting access to TCP port 8886 to minimize the risk of exploitation.