CVE-2009-3849

Name of the Vulnerable Software and Affected Versions HP OpenView Network Node Manager versions 7.01 through 7.53

Description The issue is related to multiple stack-based buffer overflows that allow remote attackers to execute arbitrary code. This can be achieved via a long Template parameter to the nnmRptConfig.exe endpoint, related to the strcat function, or a long Oid parameter to the snmp.exe endpoint.

Recommendations For HP OpenView Network Node Manager versions 7.01 through 7.53, consider disabling the nnmRptConfig.exe and snmp.exe endpoints until a patch is available to prevent exploitation. Restrict access to the Template and Oid parameters in the affected endpoints to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.