pioneer
超级版主
积分 4563
发帖 4545
注册 2007-7-16 来自 BJ
|
#1 HP OpenView Network Node Manager缓冲溢出
来源
secunia.com
软件名
HP OpenView Network Node Manager (NNM) 7.x
描述
1)一个越界访问错误可通过包含发送超长"OvAcceptLang"参数的HTTP请求到Toolbar.exe来导致堆缓冲溢出
2)一个越界访问错误可通过包含发送超长"OvOSLocale"参数的HTTP请求到Toolbar.exe来导致堆栈缓冲溢出
3)一个越界访问错误在处理发送到"Toolbar.exe"CGI应用程序的http请求来导致通过超长的"Accept-Language"头文件来导致堆缓冲溢出
溢出成功后可执行任意代码
HP-UX, Linux, Solaris,和Windows下,据报告该漏洞在V7.01, 7.51,和7.53中已经受到影响
解决方案
安装补丁或应用hotfix
http://support.openview.hp.com/selfsolve/patches
ftp://ss090008:ss090008@hprc.external.hp.com/
-- OV NNM v7.53 --
HP-UX (IA):
Install PHSS_38783 or subsequent and apply
SSRT090008.QCCR1B26779.hotfix.tar.
HP-UX (PA):
Install PHSS_38782 or subsequent and apply
SSRT090008.QCCR1B26779.hotfix.tar.
Linux RedHatAS2.1:
Install LXOV_00089 or subsequent and apply
SSRT090008.QCCR1B26779.hotfix.tar.
Linux RedHat4AS-x86_64:
Install LXOV_00090 or subsequent and apply
SSRT090008.QCCR1B26779.hotfix.tar.
Solaris:
Install PSOV_03517 or subsequent and apply
SSRT090008.QCCR1B26779.hotfix.tar.
Windows:
Install NNM_01195 or subsequent and apply
SSRT090008.QCCR1B26779.hotfix.tar.
-- OV NNM v7.51 --
Upgrade to NNM v7.53 and install the patches listed above.
Patch bundles for upgrading from NNM v7.51 to NNM v5.53 are available
here:
ftp://nnm_753:update@hprc.external.hp.com/
-- OV NNM v7.01 --
HP-UX (PA):
Install PHSS_38761 or subsequent and apply
SSRT090008.QCCR1B26779.hotfix.tar.
Solaris:
Install PSOV_03516 or subsequent and apply
SSRT090008.QCCR1B26779.hotfix.tar.
Windows:
Install NNM_01194 or subsequent and apply
SSRT090008.QCCR1B26779.hotfix.tar.
|
※文章所有权归【pioneer】与【东方微点论坛】共同所有,转载请注明出处!※
|
|
|