cvelistv5 - CVE-2008-0067

CVE-2008-0067 (GCVE-0-2008-0067)

Vulnerability from cvelistv5 – Published: 2009-01-08 19:00 – Updated: 2024-08-07 07:32

Summary

Multiple stack-based buffer overflows in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allow remote attackers to execute arbitrary code via (1) long string parameters to the OpenView5.exe CGI program; (2) a long string parameter to the OpenView5.exe CGI program, related to ov.dll; or a long string parameter to the (3) getcvdata.exe, (4) ovlaunch.exe, or (5) Toolbar.exe CGI program.

Severity ?

No CVSS data available.

CWE

Assigner

flexera

References

URL

Tags

	http://secunia.com/secunia_research/2008-13/	x_refsource_MISC
	http://marc.info/?l=bugtraq&m=123247393715913&w=2	vendor-advisoryx_refsource_HP
	http://securitytracker.com/id?1021521	vdb-entryx_refsource_SECTRACK
	http://www.securityfocus.com/bid/33147	vdb-entryx_refsource_BID
	http://securityreason.com/securityalert/4885	third-party-advisoryx_refsource_SREASON
	http://www.securityfocus.com/archive/1/499826/100…	mailing-listx_refsource_BUGTRAQ
	http://marc.info/?l=bugtraq&m=123247393715913&w=2	vendor-advisoryx_refsource_HP
	http://securityreason.com/securityalert/8307	third-party-advisoryx_refsource_SREASON
	http://secunia.com/advisories/28074	third-party-advisoryx_refsource_SECUNIA

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T07:32:23.897Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://secunia.com/secunia_research/2008-13/"
          },
          {
            "name": "HPSBMA02400",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=123247393715913\u0026w=2"
          },
          {
            "name": "1021521",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1021521"
          },
          {
            "name": "33147",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/33147"
          },
          {
            "name": "4885",
            "tags": [
              "third-party-advisory",
              "x_refsource_SREASON",
              "x_transferred"
            ],
            "url": "http://securityreason.com/securityalert/4885"
          },
          {
            "name": "20090107 Secunia Research: HP OpenView Network Node Manager Multiple Vulnerabilities",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/499826/100/0/threaded"
          },
          {
            "name": "SSRT080144",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=123247393715913\u0026w=2"
          },
          {
            "name": "8307",
            "tags": [
              "third-party-advisory",
              "x_refsource_SREASON",
              "x_transferred"
            ],
            "url": "http://securityreason.com/securityalert/8307"
          },
          {
            "name": "28074",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/28074"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2009-01-07T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple stack-based buffer overflows in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allow remote attackers to execute arbitrary code via (1) long string parameters to the OpenView5.exe CGI program; (2) a long string parameter to the OpenView5.exe CGI program, related to ov.dll; or a long string parameter to the (3) getcvdata.exe, (4) ovlaunch.exe, or (5) Toolbar.exe CGI program."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-15T20:57:01",
        "orgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
        "shortName": "flexera"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://secunia.com/secunia_research/2008-13/"
        },
        {
          "name": "HPSBMA02400",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=123247393715913\u0026w=2"
        },
        {
          "name": "1021521",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1021521"
        },
        {
          "name": "33147",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/33147"
        },
        {
          "name": "4885",
          "tags": [
            "third-party-advisory",
            "x_refsource_SREASON"
          ],
          "url": "http://securityreason.com/securityalert/4885"
        },
        {
          "name": "20090107 Secunia Research: HP OpenView Network Node Manager Multiple Vulnerabilities",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/499826/100/0/threaded"
        },
        {
          "name": "SSRT080144",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=123247393715913\u0026w=2"
        },
        {
          "name": "8307",
          "tags": [
            "third-party-advisory",
            "x_refsource_SREASON"
          ],
          "url": "http://securityreason.com/securityalert/8307"
        },
        {
          "name": "28074",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/28074"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
          "ID": "CVE-2008-0067",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple stack-based buffer overflows in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allow remote attackers to execute arbitrary code via (1) long string parameters to the OpenView5.exe CGI program; (2) a long string parameter to the OpenView5.exe CGI program, related to ov.dll; or a long string parameter to the (3) getcvdata.exe, (4) ovlaunch.exe, or (5) Toolbar.exe CGI program."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://secunia.com/secunia_research/2008-13/",
              "refsource": "MISC",
              "url": "http://secunia.com/secunia_research/2008-13/"
            },
            {
              "name": "HPSBMA02400",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=123247393715913\u0026w=2"
            },
            {
              "name": "1021521",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1021521"
            },
            {
              "name": "33147",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/33147"
            },
            {
              "name": "4885",
              "refsource": "SREASON",
              "url": "http://securityreason.com/securityalert/4885"
            },
            {
              "name": "20090107 Secunia Research: HP OpenView Network Node Manager Multiple Vulnerabilities",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/499826/100/0/threaded"
            },
            {
              "name": "SSRT080144",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=123247393715913\u0026w=2"
            },
            {
              "name": "8307",
              "refsource": "SREASON",
              "url": "http://securityreason.com/securityalert/8307"
            },
            {
              "name": "28074",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/28074"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
    "assignerShortName": "flexera",
    "cveId": "CVE-2008-0067",
    "datePublished": "2009-01-08T19:00:00",
    "dateReserved": "2008-01-03T00:00:00",
    "dateUpdated": "2024-08-07T07:32:23.897Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:hp:openview_network_node_manager:7.51:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F5CC1E39-5607-41A9-8BBE-A51F1AC9D5CB\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Multiple stack-based buffer overflows in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allow remote attackers to execute arbitrary code via (1) long string parameters to the OpenView5.exe CGI program; (2) a long string parameter to the OpenView5.exe CGI program, related to ov.dll; or a long string parameter to the (3) getcvdata.exe, (4) ovlaunch.exe, or (5) Toolbar.exe CGI program.\"}, {\"lang\": \"es\", \"value\": \"M\\u00faltiples desbordamientos de b\\u00fafer basados en pila en HP OpenView Network Node Manager (OV NNM) v7.51 permite a atacantes remotos ejecutar c\\u00f3digo de su elecci\\u00f3n a trav\\u00e9s de (1) par\\u00e1metros de cadenas largas del programa CGI OpenView5.exe; (2) un par\\u00e1metro de cadena larga del programa CGI OpenView5.exe, relacionado con ov.dll; o un par\\u00e1metro de cadena larga de los programas CGI (3) getcvdata.exe, (4) ovlaunch.exe, o (5) Toolbar.exe.\"}]",
      "id": "CVE-2008-0067",
      "lastModified": "2024-11-21T00:41:05.740",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:C/I:C/A:C\", \"baseScore\": 10.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 10.0, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": true, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2009-01-08T19:30:00.407",
      "references": "[{\"url\": \"http://marc.info/?l=bugtraq\u0026m=123247393715913\u0026w=2\", \"source\": \"PSIRT-CNA@flexerasoftware.com\"}, {\"url\": \"http://marc.info/?l=bugtraq\u0026m=123247393715913\u0026w=2\", \"source\": \"PSIRT-CNA@flexerasoftware.com\"}, {\"url\": \"http://secunia.com/advisories/28074\", \"source\": \"PSIRT-CNA@flexerasoftware.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/secunia_research/2008-13/\", \"source\": \"PSIRT-CNA@flexerasoftware.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://securityreason.com/securityalert/4885\", \"source\": \"PSIRT-CNA@flexerasoftware.com\"}, {\"url\": \"http://securityreason.com/securityalert/8307\", \"source\": \"PSIRT-CNA@flexerasoftware.com\"}, {\"url\": \"http://securitytracker.com/id?1021521\", \"source\": \"PSIRT-CNA@flexerasoftware.com\"}, {\"url\": \"http://www.securityfocus.com/archive/1/499826/100/0/threaded\", \"source\": \"PSIRT-CNA@flexerasoftware.com\"}, {\"url\": \"http://www.securityfocus.com/bid/33147\", \"source\": \"PSIRT-CNA@flexerasoftware.com\"}, {\"url\": \"http://marc.info/?l=bugtraq\u0026m=123247393715913\u0026w=2\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://marc.info/?l=bugtraq\u0026m=123247393715913\u0026w=2\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/28074\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/secunia_research/2008-13/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://securityreason.com/securityalert/4885\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://securityreason.com/securityalert/8307\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://securitytracker.com/id?1021521\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/archive/1/499826/100/0/threaded\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/33147\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "PSIRT-CNA@flexerasoftware.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-119\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2008-0067\",\"sourceIdentifier\":\"PSIRT-CNA@flexerasoftware.com\",\"published\":\"2009-01-08T19:30:00.407\",\"lastModified\":\"2025-04-09T00:30:58.490\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Multiple stack-based buffer overflows in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allow remote attackers to execute arbitrary code via (1) long string parameters to the OpenView5.exe CGI program; (2) a long string parameter to the OpenView5.exe CGI program, related to ov.dll; or a long string parameter to the (3) getcvdata.exe, (4) ovlaunch.exe, or (5) Toolbar.exe CGI program.\"},{\"lang\":\"es\",\"value\":\"M\u00faltiples desbordamientos de b\u00fafer basados en pila en HP OpenView Network Node Manager (OV NNM) v7.51 permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de (1) par\u00e1metros de cadenas largas del programa CGI OpenView5.exe; (2) un par\u00e1metro de cadena larga del programa CGI OpenView5.exe, relacionado con ov.dll; o un par\u00e1metro de cadena larga de los programas CGI (3) getcvdata.exe, (4) ovlaunch.exe, o (5) Toolbar.exe.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:C/I:C/A:C\",\"baseScore\":10.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":true,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-119\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hp:openview_network_node_manager:7.51:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F5CC1E39-5607-41A9-8BBE-A51F1AC9D5CB\"}]}]}],\"references\":[{\"url\":\"http://marc.info/?l=bugtraq\u0026m=123247393715913\u0026w=2\",\"source\":\"PSIRT-CNA@flexerasoftware.com\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=123247393715913\u0026w=2\",\"source\":\"PSIRT-CNA@flexerasoftware.com\"},{\"url\":\"http://secunia.com/advisories/28074\",\"source\":\"PSIRT-CNA@flexerasoftware.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/secunia_research/2008-13/\",\"source\":\"PSIRT-CNA@flexerasoftware.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://securityreason.com/securityalert/4885\",\"source\":\"PSIRT-CNA@flexerasoftware.com\"},{\"url\":\"http://securityreason.com/securityalert/8307\",\"source\":\"PSIRT-CNA@flexerasoftware.com\"},{\"url\":\"http://securitytracker.com/id?1021521\",\"source\":\"PSIRT-CNA@flexerasoftware.com\"},{\"url\":\"http://www.securityfocus.com/archive/1/499826/100/0/threaded\",\"source\":\"PSIRT-CNA@flexerasoftware.com\"},{\"url\":\"http://www.securityfocus.com/bid/33147\",\"source\":\"PSIRT-CNA@flexerasoftware.com\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=123247393715913\u0026w=2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=123247393715913\u0026w=2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/28074\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/secunia_research/2008-13/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://securityreason.com/securityalert/4885\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://securityreason.com/securityalert/8307\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://securitytracker.com/id?1021521\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/499826/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/33147\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

CERTA-2009-AVI-027

Vulnerability from certfr_avis - Published: - Updated:

De nombreuses vulnérabilités présentes dans HP OpenView Network Node Manager permettent à un utilisateur d'exécuter du code arbitraire à distance.

Description

Plusieurs vulnérabilités de type débordement de mémoire permettent à une personne malveillante d'exécuter du code arbitraire à distance. Ces vulnérabilités affectent la bibliothèque de liens dynamiques ov.dll et les applications OpenView5.exe, getcvdata.exe, ovlaunch.exe et Toolbar.exe.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	N/A	N/A	HP OpenView Network Node Manager (NNM) 7.x.

References

Title

Publication Time

Tags

Bulletin de sécurité HP #c01646081 du 20 janvier 2009	None	vendor-advisory
Bulletin de sécurité HP emr_na-c01646081 du 21 janvier 2009 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "HP OpenView Network Node Manager (NNM) 7.x.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nPlusieurs vuln\u00e9rabilit\u00e9s de type d\u00e9bordement de m\u00e9moire permettent \u00e0 une\npersonne malveillante d\u0027ex\u00e9cuter du code arbitraire \u00e0 distance. Ces\nvuln\u00e9rabilit\u00e9s affectent la biblioth\u00e8que de liens dynamiques ov.dll et\nles applications OpenView5.exe, getcvdata.exe, ovlaunch.exe et\nToolbar.exe.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2008-0067",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0067"
    }
  ],
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 HP emr_na-c01646081 du 21 janvier 2009    :",
      "url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c01646081"
    }
  ],
  "reference": "CERTA-2009-AVI-027",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2009-01-21T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "De nombreuses vuln\u00e9rabilit\u00e9s pr\u00e9sentes dans HP OpenView Network Node\nManager permettent \u00e0 un utilisateur d\u0027ex\u00e9cuter du code arbitraire \u00e0\ndistance.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans HP OpenView",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 HP #c01646081 du 20 janvier 2009",
      "url": null
    }
  ]
}

CERTA-2009-AVI-027

Vulnerability from certfr_avis - Published: - Updated:

De nombreuses vulnérabilités présentes dans HP OpenView Network Node Manager permettent à un utilisateur d'exécuter du code arbitraire à distance.

Description

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	N/A	N/A	HP OpenView Network Node Manager (NNM) 7.x.

References

Title

Publication Time

Tags

Bulletin de sécurité HP #c01646081 du 20 janvier 2009	None	vendor-advisory
Bulletin de sécurité HP emr_na-c01646081 du 21 janvier 2009 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "HP OpenView Network Node Manager (NNM) 7.x.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nPlusieurs vuln\u00e9rabilit\u00e9s de type d\u00e9bordement de m\u00e9moire permettent \u00e0 une\npersonne malveillante d\u0027ex\u00e9cuter du code arbitraire \u00e0 distance. Ces\nvuln\u00e9rabilit\u00e9s affectent la biblioth\u00e8que de liens dynamiques ov.dll et\nles applications OpenView5.exe, getcvdata.exe, ovlaunch.exe et\nToolbar.exe.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2008-0067",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0067"
    }
  ],
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 HP emr_na-c01646081 du 21 janvier 2009    :",
      "url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c01646081"
    }
  ],
  "reference": "CERTA-2009-AVI-027",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2009-01-21T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "De nombreuses vuln\u00e9rabilit\u00e9s pr\u00e9sentes dans HP OpenView Network Node\nManager permettent \u00e0 un utilisateur d\u0027ex\u00e9cuter du code arbitraire \u00e0\ndistance.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans HP OpenView",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 HP #c01646081 du 20 janvier 2009",
      "url": null
    }
  ]
}

GHSA-5G96-4FVW-4F29

Vulnerability from github – Published: 2022-05-01 23:27 – Updated: 2025-04-09 04:02

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2008-0067"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-119"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2009-01-08T19:30:00Z",
    "severity": "HIGH"
  },
  "details": "Multiple stack-based buffer overflows in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allow remote attackers to execute arbitrary code via (1) long string parameters to the OpenView5.exe CGI program; (2) a long string parameter to the OpenView5.exe CGI program, related to ov.dll; or a long string parameter to the (3) getcvdata.exe, (4) ovlaunch.exe, or (5) Toolbar.exe CGI program.",
  "id": "GHSA-5g96-4fvw-4f29",
  "modified": "2025-04-09T04:02:44Z",
  "published": "2022-05-01T23:27:25Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-0067"
    },
    {
      "type": "WEB",
      "url": "http://marc.info/?l=bugtraq\u0026m=123247393715913\u0026w=2"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/28074"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/secunia_research/2008-13"
    },
    {
      "type": "WEB",
      "url": "http://securityreason.com/securityalert/4885"
    },
    {
      "type": "WEB",
      "url": "http://securityreason.com/securityalert/8307"
    },
    {
      "type": "WEB",
      "url": "http://securitytracker.com/id?1021521"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/499826/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/33147"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GSD-2008-0067

Vulnerability from gsd - Updated: 2023-12-13 01:22

Details

Aliases

CVE-2008-0067

Aliases

CVE-2008-0067

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2008-0067",
    "description": "Multiple stack-based buffer overflows in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allow remote attackers to execute arbitrary code via (1) long string parameters to the OpenView5.exe CGI program; (2) a long string parameter to the OpenView5.exe CGI program, related to ov.dll; or a long string parameter to the (3) getcvdata.exe, (4) ovlaunch.exe, or (5) Toolbar.exe CGI program.",
    "id": "GSD-2008-0067",
    "references": [
      "https://packetstormsecurity.com/files/cve/CVE-2008-0067"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2008-0067"
      ],
      "details": "Multiple stack-based buffer overflows in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allow remote attackers to execute arbitrary code via (1) long string parameters to the OpenView5.exe CGI program; (2) a long string parameter to the OpenView5.exe CGI program, related to ov.dll; or a long string parameter to the (3) getcvdata.exe, (4) ovlaunch.exe, or (5) Toolbar.exe CGI program.",
      "id": "GSD-2008-0067",
      "modified": "2023-12-13T01:22:59.084899Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
        "ID": "CVE-2008-0067",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Multiple stack-based buffer overflows in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allow remote attackers to execute arbitrary code via (1) long string parameters to the OpenView5.exe CGI program; (2) a long string parameter to the OpenView5.exe CGI program, related to ov.dll; or a long string parameter to the (3) getcvdata.exe, (4) ovlaunch.exe, or (5) Toolbar.exe CGI program."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://secunia.com/secunia_research/2008-13/",
            "refsource": "MISC",
            "url": "http://secunia.com/secunia_research/2008-13/"
          },
          {
            "name": "HPSBMA02400",
            "refsource": "HP",
            "url": "http://marc.info/?l=bugtraq\u0026m=123247393715913\u0026w=2"
          },
          {
            "name": "1021521",
            "refsource": "SECTRACK",
            "url": "http://securitytracker.com/id?1021521"
          },
          {
            "name": "33147",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/33147"
          },
          {
            "name": "4885",
            "refsource": "SREASON",
            "url": "http://securityreason.com/securityalert/4885"
          },
          {
            "name": "20090107 Secunia Research: HP OpenView Network Node Manager Multiple Vulnerabilities",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/499826/100/0/threaded"
          },
          {
            "name": "SSRT080144",
            "refsource": "HP",
            "url": "http://marc.info/?l=bugtraq\u0026m=123247393715913\u0026w=2"
          },
          {
            "name": "8307",
            "refsource": "SREASON",
            "url": "http://securityreason.com/securityalert/8307"
          },
          {
            "name": "28074",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/28074"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:hp:openview_network_node_manager:7.51:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
          "ID": "CVE-2008-0067"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Multiple stack-based buffer overflows in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allow remote attackers to execute arbitrary code via (1) long string parameters to the OpenView5.exe CGI program; (2) a long string parameter to the OpenView5.exe CGI program, related to ov.dll; or a long string parameter to the (3) getcvdata.exe, (4) ovlaunch.exe, or (5) Toolbar.exe CGI program."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-119"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "33147",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/33147"
            },
            {
              "name": "http://secunia.com/secunia_research/2008-13/",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/secunia_research/2008-13/"
            },
            {
              "name": "1021521",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://securitytracker.com/id?1021521"
            },
            {
              "name": "28074",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/28074"
            },
            {
              "name": "4885",
              "refsource": "SREASON",
              "tags": [],
              "url": "http://securityreason.com/securityalert/4885"
            },
            {
              "name": "HPSBMA02400",
              "refsource": "HP",
              "tags": [],
              "url": "http://marc.info/?l=bugtraq\u0026m=123247393715913\u0026w=2"
            },
            {
              "name": "8307",
              "refsource": "SREASON",
              "tags": [],
              "url": "http://securityreason.com/securityalert/8307"
            },
            {
              "name": "20090107 Secunia Research: HP OpenView Network Node Manager Multiple Vulnerabilities",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/499826/100/0/threaded"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 10.0,
          "obtainAllPrivilege": true,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2018-10-15T21:57Z",
      "publishedDate": "2009-01-08T19:30Z"
    }
  }
}

FKIE_CVE-2008-0067

Vulnerability from fkie_nvd - Published: 2009-01-08 19:30 - Updated: 2025-04-09 00:30

Severity ?

Summary

References

URL	Tags
PSIRT-CNA@flexerasoftware.com	http://marc.info/?l=bugtraq&m=123247393715913&w=2
PSIRT-CNA@flexerasoftware.com	http://secunia.com/advisories/28074	Vendor Advisory
PSIRT-CNA@flexerasoftware.com	http://secunia.com/secunia_research/2008-13/	Vendor Advisory
PSIRT-CNA@flexerasoftware.com	http://securityreason.com/securityalert/4885
PSIRT-CNA@flexerasoftware.com	http://securityreason.com/securityalert/8307
PSIRT-CNA@flexerasoftware.com	http://securitytracker.com/id?1021521
PSIRT-CNA@flexerasoftware.com	http://www.securityfocus.com/archive/1/499826/100/0/threaded
PSIRT-CNA@flexerasoftware.com	http://www.securityfocus.com/bid/33147
af854a3a-2127-422b-91ae-364da2661108	http://marc.info/?l=bugtraq&m=123247393715913&w=2
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/28074	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/secunia_research/2008-13/	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://securityreason.com/securityalert/4885
af854a3a-2127-422b-91ae-364da2661108	http://securityreason.com/securityalert/8307
af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1021521
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/499826/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/33147

Impacted products

	Vendor	Product	Version
	hp	openview_network_node_manager	7.51

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:hp:openview_network_node_manager:7.51:*:*:*:*:*:*:*",
              "matchCriteriaId": "F5CC1E39-5607-41A9-8BBE-A51F1AC9D5CB",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple stack-based buffer overflows in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allow remote attackers to execute arbitrary code via (1) long string parameters to the OpenView5.exe CGI program; (2) a long string parameter to the OpenView5.exe CGI program, related to ov.dll; or a long string parameter to the (3) getcvdata.exe, (4) ovlaunch.exe, or (5) Toolbar.exe CGI program."
    },
    {
      "lang": "es",
      "value": "M\u00faltiples desbordamientos de b\u00fafer basados en pila en HP OpenView Network Node Manager (OV NNM) v7.51 permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de (1) par\u00e1metros de cadenas largas del programa CGI OpenView5.exe; (2) un par\u00e1metro de cadena larga del programa CGI OpenView5.exe, relacionado con ov.dll; o un par\u00e1metro de cadena larga de los programas CGI (3) getcvdata.exe, (4) ovlaunch.exe, o (5) Toolbar.exe."
    }
  ],
  "id": "CVE-2008-0067",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 10.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": true,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2009-01-08T19:30:00.407",
  "references": [
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "url": "http://marc.info/?l=bugtraq\u0026m=123247393715913\u0026w=2"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/28074"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/secunia_research/2008-13/"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "url": "http://securityreason.com/securityalert/4885"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "url": "http://securityreason.com/securityalert/8307"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "url": "http://securitytracker.com/id?1021521"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "url": "http://www.securityfocus.com/archive/1/499826/100/0/threaded"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "url": "http://www.securityfocus.com/bid/33147"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=123247393715913\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/28074"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/secunia_research/2008-13/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securityreason.com/securityalert/4885"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securityreason.com/securityalert/8307"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securitytracker.com/id?1021521"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/499826/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/33147"
    }
  ],
  "sourceIdentifier": "PSIRT-CNA@flexerasoftware.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2008-0067 (GCVE-0-2008-0067)

CERTA-2009-AVI-027

Description

Solution

CERTA-2009-AVI-027

Description

Solution

GHSA-5G96-4FVW-4F29

GSD-2008-0067

FKIE_CVE-2008-0067

Tags

Sightings

Nomenclature