CVE-2008-1842 Information
Share on:Description
Integer signedness error in ovspmd.exe in HP OpenView Network Node Manager (OV NNM) 8.01 and 7.53 and earlier allows remote attackers to cause a denial of service (daemon crash) or execute arbitrary code via a long request to TCP port 8886 that begins with a certain negative integer which passes a signed comparison and triggers a heap-based buffer overflow.
Reference
http://aluigi.altervista.org/adv/closedview-adv.txt http://aluigi.org/poc/closedview.zip http://marc.info/?l=bugtraq&m=121321155405849&w=2 http://secunia.com/advisories/29713 http://securitytracker.com/id?1019821 http://www.securityfocus.com/archive/1/493781/100/0/threaded http://www.securityfocus.com/bid/28689 http://www.vupen.com/english/advisories/2008/1159 https://exchange.xforce.ibmcloud.com/vulnerabilities/41737