CVE-2009-4176

Name of the Vulnerable Software and Affected Versions HP OpenView Network Node Manager versions 7.01, 7.51, and 7.53

Description The issue is related to multiple heap-based buffer overflows in ovsessionmgr.exe. This can be exploited by remote attackers to execute arbitrary code. The exploitation can occur via a long userid or passwd parameter to the ovlogin.exe.

Recommendations For HP OpenView Network Node Manager version 7.01, update to a version that fixes the buffer overflow issue in ovsessionmgr.exe. For HP OpenView Network Node Manager version 7.51, update to a version that fixes the buffer overflow issue in ovsessionmgr.exe. For HP OpenView Network Node Manager version 7.53, update to a version that fixes the buffer overflow issue in ovsessionmgr.exe. As a temporary workaround, consider restricting access to the ovlogin.exe to minimize the risk of exploitation. Avoid using long userid or passwd parameters in ovlogin.exe until the issue is resolved.