HP OpenView Network Node Manager CGI缓冲区溢出漏洞

HP OpenView Network Node Manager是一款网络节点管理程序 HP OpenView Network Node Manager包含的CGI应用程序存在边界条件错误，远程攻击者可以利用漏洞以WEB进程权限执行任何指令。 问题是由于CGI应用程序在调用sprintf()时缺少边界检查，发送超长参数给各种CGI变量可导致典型的堆栈缓冲区溢出，精心构建参数数据可能以WEB进程权限执行任何指令。 HP OpenView Network Node Manager 7.51 HP OpenView Network Node Manager 7.01 HP OpenView Network Node Manager 6.41 可参考如下补丁程序： HP OpenView Network Node Manager 7.01 HP NNM_01159 Windows <a href=http://support.openview.hp.com/patches/patch_index.jsp target=_blank>http://support.openview.hp.com/patches/patch_index.jsp</a> HP PHSS_36773 HP-UX B.11.11HP-UX B.11.00 <a href=http://support.openview.hp.com/patches/patch_index.jsp target=_blank>http://support.openview.hp.com/patches/patch_index.jsp</a> HP PSOV_03480 Solaris <a href=http://support.openview.hp.com/patches/patch_index.jsp target=_blank>http://support.openview.hp.com/patches/patch_index.jsp</a> HP OpenView Network Node Manager 6.41 HP NNM_01167 Windows <a href=http://support.openview.hp.com/patches/patch_index.jsp target=_blank>http://support.openview.hp.com/patches/patch_index.jsp</a> HP PHSS_37141 HP-UX B.11.11HP-UX B.11.00 <a href=http://support.openview.hp.com/patches/patch_index.jsp target=_blank>http://support.openview.hp.com/patches/patch_index.jsp</a> HP PSOV_03489 Solaris <a href=http://support.openview.hp.com/patches/patch_index.jsp target=_blank>http://support.openview.hp.com/patches/patch_index.jsp</a> HP OpenView Network Node Manager 7.51 HP LXOV_00054 Linux RedHatAS2.1 <a href=http://support.openview.hp.com/patches/patch_index.jsp target=_blank>http://support.openview.hp.com/patches/patch_index.jsp</a> HP NNM_01161 Windows <a href=http://support.openview.hp.com/patches/patch_index.jsp target=_blank>http://support.openview.hp.com/patches/patch_index.jsp</a> HP PHSS_36901 HP-UX B.11.23 (PA)HP-UX B.11.11HP-UX B.11.00 <a href=http://support.openview.hp.com/patches/patch_index.jsp target=_blank>http://support.openview.hp.com/patches/patch_index.jsp</a> HP PHSS_36902 HP-UX B.11.23 (IA) <a href=http://support.openview.hp.com/patches/patch_index.jsp target=_blank>http://support.openview.hp.com/patches/patch_index.jsp</a> HP PSOV_03482 Solaris <a href=http://support.openview.hp.com/patches/patch_index.jsp target=_blank>http://support.openview.hp.com/patches/patch_index.jsp</a>