9 lines
No EOL
602 B
Text
Executable file
9 lines
No EOL
602 B
Text
Executable file
source: http://www.securityfocus.com/bid/1713/info
|
|
|
|
The OverView5 CGI interface by default is shipped with HP Openview Node Manager.
|
|
|
|
HP Openview Node Manager can be compromised due to an unchecked buffer. By sending a specially crafted GET request comprised of 136 bytes to the web services (default port 80) through the Overview5 CGI interface, the SNMP service will crash.
|
|
|
|
Successful exploitation, depending on the data entered, will allow the execution of arbitrary code.
|
|
|
|
http://target/OvCgi/OpenView5.exe?Context=Snmp&Action=Snmp&Host=&Oid=<string of characters consisting of 136 bytes> |