CVE-2010-1961

Buffer overflow in ovutil.dll in ovwebsnmpsrv.exe in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to execute arbitrary code via unspecified variables to jovgraph.exe, which are not properly handled in a call to the sprintf function.

CVSS v2.0 10.0 HIGH

10.0^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://marc.info/?l=bugtraq&m=127602909915281&w=2	Patch Vendor Advisory
http://secunia.com/advisories/40101	Vendor Advisory
http://www.securityfocus.com/archive/1/511731/100/0/threaded
http://www.securityfocus.com/bid/40638
http://www.securitytracker.com/id?1024071
http://www.zerodayinitiative.com/advisories/ZDI-10-106/
https://exchange.xforce.ibmcloud.com/vulnerabilities/59250

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:hp:openview_network_node_manager:7.51:::::::*
	cpe:2.3:a:hp:openview_network_node_manager:7.51:-:hp-ux:::::*
	cpe:2.3:a:hp:openview_network_node_manager:7.51:-:linux:::::*
	cpe:2.3:a:hp:openview_network_node_manager:7.51:-:solaris:::::*
	cpe:2.3:a:hp:openview_network_node_manager:7.51:-:windows:::::*
	cpe:2.3:a:hp:openview_network_node_manager:7.53:::::::*
	cpe:2.3:a:hp:openview_network_node_manager:7.53:-:hp-ux:::::*
	cpe:2.3:a:hp:openview_network_node_manager:7.53:-:linux:::::*
	cpe:2.3:a:hp:openview_network_node_manager:7.53:-:solaris:::::*
	cpe:2.3:a:hp:openview_network_node_manager:7.53:-:windows:::::*

History

No history.

Information

Published : 2010-06-10 00:30

Updated : 2024-02-04 17:54

NVD link : CVE-2010-1961

Mitre link : CVE-2010-1961

CVE.ORG link : CVE-2010-1961

JSON object : View

Products Affected

hp

openview_network_node_manager

CWE

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

{"id": "CVE-2010-1961", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 10.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2010-06-10T00:30:07.613", "references": [{"url": "http://marc.info/?l=bugtraq&m=127602909915281&w=2", "tags": ["Patch", "Vendor Advisory"], "source": "hp-security-alert@hp.com"}, {"url": "http://secunia.com/advisories/40101", "tags": ["Vendor Advisory"], "source": "hp-security-alert@hp.com"}, {"url": "http://www.securityfocus.com/archive/1/511731/100/0/threaded", "source": "hp-security-alert@hp.com"}, {"url": "http://www.securityfocus.com/bid/40638", "source": "hp-security-alert@hp.com"}, {"url": "http://www.securitytracker.com/id?1024071", "source": "hp-security-alert@hp.com"}, {"url": "http://www.zerodayinitiative.com/advisories/ZDI-10-106/", "source": "hp-security-alert@hp.com"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59250", "source": "hp-security-alert@hp.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-119"}]}], "descriptions": [{"lang": "en", "value": "Buffer overflow in ovutil.dll in ovwebsnmpsrv.exe in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to execute arbitrary code via unspecified variables to jovgraph.exe, which are not properly handled in a call to the sprintf function."}, {"lang": "es", "value": "Desbordamiento de b\u00faffer en ovutil.dll de ovwebsnmpsrv.exe de HP OpenView Network Node Manager (OV NNM) v7.51 y v7.53 permite a los atacantes remotos ejecutar c\u00f3digo a su elecci\u00f3n a trav\u00e9s de variables no especificadas a jovgraph.exe, que no son manejadas adecuadamente en una llamada a la funci\u00f3n \"sprintf\"."}], "lastModified": "2018-10-10T19:58:04.470", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:hp:openview_network_node_manager:7.51:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F5CC1E39-5607-41A9-8BBE-A51F1AC9D5CB"}, {"criteria": "cpe:2.3:a:hp:openview_network_node_manager:7.51:-:hp-ux:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6692E05F-4864-449F-8A52-9001028D8C44"}, {"criteria": "cpe:2.3:a:hp:openview_network_node_manager:7.51:-:linux:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2A40F2C6-AFF9-4D63-ACD0-A9D37160BA3D"}, {"criteria": "cpe:2.3:a:hp:openview_network_node_manager:7.51:-:solaris:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FC1DA299-A180-4078-9172-67D116840D29"}, {"criteria": "cpe:2.3:a:hp:openview_network_node_manager:7.51:-:windows:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FED610E9-7639-48FE-8B4F-B394A7EEC7C9"}, {"criteria": "cpe:2.3:a:hp:openview_network_node_manager:7.53:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A3A4986C-97B8-4382-AC4B-55E22C6BAE62"}, {"criteria": "cpe:2.3:a:hp:openview_network_node_manager:7.53:-:hp-ux:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C1935DA4-A1AF-4867-BCB1-F5BB75360702"}, {"criteria": "cpe:2.3:a:hp:openview_network_node_manager:7.53:-:linux:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "769ED1A5-C3C5-404E-8040-655D69C2AA88"}, {"criteria": "cpe:2.3:a:hp:openview_network_node_manager:7.53:-:solaris:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "186EFE05-AC1C-48FF-91B7-0CCD49FEABCC"}, {"criteria": "cpe:2.3:a:hp:openview_network_node_manager:7.53:-:windows:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D5CE1F56-FA80-416D-8F42-C1C291F0965C"}], "operator": "OR"}]}], "sourceIdentifier": "hp-security-alert@hp.com"}