CERTA-2007-AVI-351

Vulnerability from certfr_avis - Published: - Updated:

Plusieurs applications de HP OpenView sont vulnérables à un débordement de mémoire.

Description

Un service partagé par plusieurs applications est vulnérable à un débordement de mémoire, ce qui rend les logiciels l'utilisant vulnérables. Un utilisateur malintentionné pourrait exploiter ces failles pour exécuter du code arbitraire à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None
Impacted products
Vendor Product Description
Symfony process HP OpenView Service Desk Process Insight (SDPI) 2.x ;
N/A N/A HP OpenView Network Node Manager (NNM) 6.x ;
Symfony process HP Service Desk Process Insight (HPSDPI) 2.x.
Symfony process HP OpenView Business Process Insight (OVBPI) 2.x ;
N/A N/A HP OpenView Network Node Manager (NNM) 7.x ;
Microsoft Windows HP OpenView Operations Manager for Windows (OVOW) 7.x ;
Symfony process HP Business Process Insight (HPBPI) 2.x ;
Symfony process HP OpenView Service Desk Process Insight (SDPI) 1.x ;
Symfony process HP Service Desk Process Insight (HPSDPI) 1.x ;
N/A N/A HP OpenView Performance Manager (OVPM) 6.x ;
Broadcom Reporter HP OpenView Reporter 3.x ;
Symfony process HP OpenView Business Process Insight (OVBPI) 1.x ;
N/A N/A HP OpenView Performance Manager (OVPM) 5.x ;
Symfony process HP Business Process Insight (HPBPI) 1.x ;
N/A N/A HP OpenView Performance Insight (OVPI) 5.x ;
Symfony N/A HP OpenView Operations HTTPS Agent 8.x ;
Symfony N/A HP OpenView Internet Service (OVIS) 6.x ;
Symfony N/A HP OpenView Dashboard 2.x ;
N/A N/A HP OpenView Service Quality Manager (OV SQM) 1.x ;
N/A N/A HP OpenView Performance Agent ;
References

Show details on source website
To clipboard 

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "HP OpenView Service Desk Process Insight (SDPI) 2.x ;",
      "product": {
        "name": "process",
        "vendor": {
          "name": "Symfony",
          "scada": false
        }
      }
    },
    {
      "description": "HP OpenView Network Node Manager (NNM) 6.x ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "HP Service Desk Process Insight (HPSDPI) 2.x.",
      "product": {
        "name": "process",
        "vendor": {
          "name": "Symfony",
          "scada": false
        }
      }
    },
    {
      "description": "HP OpenView Business Process Insight (OVBPI) 2.x ;",
      "product": {
        "name": "process",
        "vendor": {
          "name": "Symfony",
          "scada": false
        }
      }
    },
    {
      "description": "HP OpenView Network Node Manager (NNM) 7.x ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "HP OpenView Operations Manager for Windows (OVOW) 7.x ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "HP Business Process Insight (HPBPI) 2.x ;",
      "product": {
        "name": "process",
        "vendor": {
          "name": "Symfony",
          "scada": false
        }
      }
    },
    {
      "description": "HP OpenView Service Desk Process Insight (SDPI) 1.x ;",
      "product": {
        "name": "process",
        "vendor": {
          "name": "Symfony",
          "scada": false
        }
      }
    },
    {
      "description": "HP Service Desk Process Insight (HPSDPI) 1.x ;",
      "product": {
        "name": "process",
        "vendor": {
          "name": "Symfony",
          "scada": false
        }
      }
    },
    {
      "description": "HP OpenView Performance Manager (OVPM) 6.x ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "HP OpenView Reporter 3.x ;",
      "product": {
        "name": "Reporter",
        "vendor": {
          "name": "Broadcom",
          "scada": false
        }
      }
    },
    {
      "description": "HP OpenView Business Process Insight (OVBPI) 1.x ;",
      "product": {
        "name": "process",
        "vendor": {
          "name": "Symfony",
          "scada": false
        }
      }
    },
    {
      "description": "HP OpenView Performance Manager (OVPM) 5.x ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "HP Business Process Insight (HPBPI) 1.x ;",
      "product": {
        "name": "process",
        "vendor": {
          "name": "Symfony",
          "scada": false
        }
      }
    },
    {
      "description": "HP OpenView Performance Insight (OVPI) 5.x ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "HP OpenView Operations HTTPS Agent 8.x ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Symfony",
          "scada": false
        }
      }
    },
    {
      "description": "HP OpenView Internet Service (OVIS) 6.x ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Symfony",
          "scada": false
        }
      }
    },
    {
      "description": "HP OpenView Dashboard 2.x ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Symfony",
          "scada": false
        }
      }
    },
    {
      "description": "HP OpenView Service Quality Manager (OV SQM) 1.x ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "HP OpenView Performance Agent ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nUn service partag\u00e9 par plusieurs applications est vuln\u00e9rable \u00e0 un\nd\u00e9bordement de m\u00e9moire, ce qui rend les logiciels l\u0027utilisant\nvuln\u00e9rables. Un utilisateur malintentionn\u00e9 pourrait exploiter ces\nfailles pour ex\u00e9cuter du code arbitraire \u00e0 distance.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2007-3872",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-3872"
    }
  ],
  "links": [
    {
      "title": "Bulletins de s\u00e9curit\u00e9 HPSBMA02235 \u00e0 HPSBMA002246 du 07 ao\u00fbt    2007 :",
      "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01110627"
    },
    {
      "title": "Bulletins de s\u00e9curit\u00e9 HPSBMA02235 \u00e0 HPSBMA002246 du 07 ao\u00fbt    2007 :",
      "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01114023"
    },
    {
      "title": "Bulletins de s\u00e9curit\u00e9 HPSBMA02235 \u00e0 HPSBMA002246 du 07 ao\u00fbt    2007 :",
      "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01109171"
    },
    {
      "title": "Bulletins de s\u00e9curit\u00e9 HPSBMA02235 \u00e0 HPSBMA002246 du 07 ao\u00fbt    2007 :",
      "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01115068"
    },
    {
      "title": "Bulletins de s\u00e9curit\u00e9 HPSBMA02235 \u00e0 HPSBMA002246 du 07 ao\u00fbt    2007 :",
      "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01112038"
    },
    {
      "title": "Bulletins de s\u00e9curit\u00e9 HPSBMA02235 \u00e0 HPSBMA002246 du 07 ao\u00fbt    2007 :",
      "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01106515"
    },
    {
      "title": "Bulletins de s\u00e9curit\u00e9 HPSBMA02235 \u00e0 HPSBMA002246 du 07 ao\u00fbt    2007 :",
      "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01111851"
    },
    {
      "title": "R\u00e9f\u00e9rence CVE CVE2007-3872:",
      "url": "http://cve.mitre.org/cgi-bin/cvename.cgi.name=CVE-2007-3872"
    },
    {
      "title": "Bulletins de s\u00e9curit\u00e9 HPSBMA02235 \u00e0 HPSBMA002246 du 07 ao\u00fbt    2007 :",
      "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01109617"
    },
    {
      "title": "Bulletins de s\u00e9curit\u00e9 HPSBMA02235 \u00e0 HPSBMA002246 du 07 ao\u00fbt    2007 :",
      "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01114156"
    },
    {
      "title": "Bulletins de s\u00e9curit\u00e9 HPSBMA02235 \u00e0 HPSBMA002246 du 07 ao\u00fbt    2007 :",
      "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01109584"
    },
    {
      "title": "Bulletins de s\u00e9curit\u00e9 HPSBMA02235 \u00e0 HPSBMA002246 du 07 ao\u00fbt    2007 :",
      "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01110576"
    }
  ],
  "reference": "CERTA-2007-AVI-351",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2007-08-10T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "Plusieurs applications de HP OpenView sont vuln\u00e9rables \u00e0 un d\u00e9bordement\nde m\u00e9moire.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans HP OpenView",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletins de s\u00e9curit\u00e9 HP HPSBMA02235 \u00e0 HPSBMA002246 du 07 ao\u00fbt 2007",
      "url": null
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.