| VID |
12041 |
| Severity |
40 |
| Port |
2345 |
| Protocol |
TCP |
| Class |
OpenView |
| Detailed Description |
The HP OpenView Alarm Service is vulnerable to a buffer overflow attack. HP OpenView Network Node Manager 6.1 allows remote attackers to execute arbitrary commands by exploiting a buffer overflow condition in the OpenView Alarm service (OVALARMSRV) on port 2345. By connecting to port 2345 and sending a string of 4068 bytes, an attacker can overflow the buffer.
* Note: The HP OpenView Alarm Service may be crashed by a buffer overflow test. Therefore restarting the service is required in order to regain normal functionality.
* References:
http://www.delphisplc.com/thinking/whitepapers/security/DST2K0012.txt
http://archives.neohapsis.com/archives/bugtraq/2000-06/0032.html
http://www.securityfocus.com/advisories/2311
* Platforms Affected:
HP OpenView Network Node Manager 6.1
HP-UX Any version
Solaris Any version
Windows Any version |
| Recommendation |
Apply the appropriate patch for your system, as listed in Hewlett-Packard Security Bulletin HPSBUX0009-122, http://online.securityfocus.com/advisories/2675 |
| Related URL |
CVE-2000-0558 (CVE) |
| Related URL |
1317 (SecurityFocus) |
| Related URL |
4619 (ISS) |
|
