ISS X-Force Database: hp-openview-ovtrace-bo(35928): Multiple HP OpenView OVTrace buffer overflow

Multiple HP OpenView OVTrace buffer overflow

hp-openview-ovtrace-bo (35928)

High Risk

Description:

Multiple HP OpenView applications are vulnerable to a stack-based buffer overflow, caused by improper bounds checking by the OVTrace service. By sending a specially-crafted request, a remote attacker could overflow a buffer and execute arbitrary code on the system with root or SYSTEM privileges.

Platforms Affected:

HP, OpenView Operations A.07.50
HP, Shared Trace Service A.07.50

Remedy:

For HP OpenView Internet Service:
Refer to HPSBMA02235 SSRT061260 rev.1 for patch, upgrade, or suggested workaround information. See References.

For HP OpenView Performance Manager:
Refer to HPSBMA02236 SSRT061260 rev.1 for patch, upgrade, or suggested workaround information. See References.

For HP OpenView Performance Agent:
Refer to HPSBMA02237 SSRT061260 rev.1 for patch, upgrade, or suggested workaround information. See References.

For HP OpenView Reporter:
Refer to HPSBMA02238 SSRT061260 rev.1 for patch, upgrade, or suggested workaround information. See References.

For HP OpenView Operations Agent:
Refer to HPSBMA02239 SSRT061260 rev.1 for patch, upgrade, or suggested workaround information. See References.

For HP OpenView Operations Manager:
Refer to HPSBMA02240 SSRT061260 rev.1 for patch, upgrade, or suggested workaround information. See References.

For HP OpenView Service Quality Manager:
Refer to HPSBMA02241 SSRT061260 rev.1 for patch, upgrade, or suggested workaround information. See References.

For HP OpenView Network Node Manager:
Refer to HPSBMA02242 SSRT061260 rev.1 for patch, upgrade, or suggested workaround information. See References.

For HP OpenView Business Process Insight, HP Business Process Insight, HP OpenView Service Desk Process Insight, and HP Service Desk Process Insight:
Refer to HPSBMA02244 SSRT061260 rev.1 for patch, upgrade, or suggested workaround information. See References.

For HP OpenView Dashboard:
Refer to HPSBMA02245 SSRT061260 rev.1 for patch, upgrade, or suggested workaround information. See References.

For HP OpenView Performance Insight:
Refer to HPSBMA02246 SSRT061260 rev.1 for patch, upgrade, or suggested workaround information. See References.

For HP OpenView Operations (OVO):
Refer to HPSBMA02239 SSRT061260 rev.2 for patch, upgrade, or suggested workaround information. See References.

Consequences:

Gain Access

References:

HPSBMA02235 SSRT061260 rev.1, HP OpenView Internet Service (OVIS) Running Shared Trace Service, Remote Arbitrary Code Execution - c01106515 - HP Business SuppCenter at http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01106515.
HPSBMA02236 SSRT061260 rev.1, HP OpenView Performance Manager (OVPM) Running Shared Trace Service on HP-UX, Solaris, and Windows, Remote Arbitrary Code Execution at http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01109171.
HPSBMA02237 SSRT061260 rev.1, HP OpenView Performance Agent (OVPA) Running Shared Trace Service, Remote Arbitrary Code Execution at http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01109584.
HPSBMA02238 SSRT061260 rev.1, HP OpenView Reporter Running Shared Trace Service, Remote Arbitrary Code Execution at http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01109617.
HPSBMA02239 SSRT061260 rev.1, HP OpenView Operations (OVO) Agents Running Shared Trace Service, Remote Arbitrary Code Execution at http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01110576.
HPSBMA02239 SSRT061260 rev.2, HP OpenView Operations (OVO) Agents Running Shared Trace Service, Remote Arbitrary Code Execution at http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01110576&jumpid=reg_R1002_USEN.
HPSBMA02239 SSRT061260 rev.3, HP OpenView Operations (OVO) Agents Running Shared Trace Service, Remote Arbitrary Code Execution at http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01110576&jumpid=reg_R1002_USEN.
HPSBMA02240 SSRT061260 rev.1, HP OpenView Operations Manager for Windows (OVOW) with the OpenView Operations Add On Module for OpenView Operations-Business Availability Center Integration Running Shared Trace Service, Remote Arbitrary Code Execution at http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01110627.
HPSBMA02241 SSRT061260 rev.1, HP OpenView Service Quality Manager (OV SQM) Running Shared Trace Service, Remote Arbitrary Code Execution at http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01111851.
HPSBMA02242 SSRT061260 rev.1, HP OpenView Network Node Manager (OV NNM) Running Shared Trace Service, Remote Arbitrary Code Execution at http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01112038.
HPSBMA02244 SSRT061260 rev.1, HP OpenView Business Process Insight and Related Products Running Shared Trace Service, Remote Arbitrary Code Execution at http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01114023.
HPSBMA02245 SSRT061260 rev.1, HP OpenView Dashboard Running Shared Trace Service, Remote Arbitrary Code Execution at http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01114156.
HPSBMA02246 SSRT061260 rev.1, HP OpenView Performance Insight (OVPI) Running Shared Trace Service, Remote Arbitrary Code Execution at http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01115068.
iDefense Public Advisory: 08.09.07, Hewlett-Packard OpenView Operations OVTrace Buffer Overflow Vulnerabilities at http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=574.
TPTI-07-14, HP OpenView Multiple Product Shared Trace Service Stack Overflow Vulnerabilities at http://dvlabs.tippingpoint.com/advisory/TPTI-07-14.
BID-25255: Hewlett-Packard OpenView OVTrace Multiple Remote Buffer Overflow Vulnerabilities
CVE-2007-3872: Multiple stack-based buffer overflows in the Shared Trace Service (OVTrace) service for HP OpenView Operations A.07.50 for Windows, and possibly earlier versions, allow remote attackers to execute arbitrary code via certain crafted requests.
SA26394: HP OpenView Products Shared Trace Service Buffer Overflows
SECTRACK ID: 1018548: HP OpenView Stack Overflows in Shared Trace Service Lets Remote Users Execute Arbitrary Code
VUPEN/ADV-2007-2841: HP OpenView Products Shared Trace Service Buffer Overflow Vulnerabilities

Reported:

Aug 07, 2007

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email xforce@iss.net

Return to the main page