CVE-2009-4181 (GCVE-0-2009-4181)
Vulnerability from cvelistv5
Published
2009-12-10 22:00
Modified
2024-08-07 06:54
Severity ?
CWE
  • n/a
Summary
Stack-based buffer overflow in ovwebsnmpsrv.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via vectors involving the sel and arg parameters to jovgraph.exe.
References
hp-security-alert@hp.com http://dvlabs.tippingpoint.com/advisory/TPTI-09-14
hp-security-alert@hp.com http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01950877 Patch, Vendor Advisory
hp-security-alert@hp.com http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01950877 Patch, Vendor Advisory
hp-security-alert@hp.com http://marc.info/?l=bugtraq&m=126046355120442&w=2
hp-security-alert@hp.com http://www.securityfocus.com/archive/1/508357/100/0/threaded
hp-security-alert@hp.com http://www.securityfocus.com/bid/37261 Patch
hp-security-alert@hp.com http://www.securityfocus.com/bid/37343
hp-security-alert@hp.com https://exchange.xforce.ibmcloud.com/vulnerabilities/54655
af854a3a-2127-422b-91ae-364da2661108 http://dvlabs.tippingpoint.com/advisory/TPTI-09-14
af854a3a-2127-422b-91ae-364da2661108 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01950877 Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01950877 Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108 http://marc.info/?l=bugtraq&m=126046355120442&w=2
af854a3a-2127-422b-91ae-364da2661108 http://www.securityfocus.com/archive/1/508357/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108 http://www.securityfocus.com/bid/37261 Patch
af854a3a-2127-422b-91ae-364da2661108 http://www.securityfocus.com/bid/37343
af854a3a-2127-422b-91ae-364da2661108 https://exchange.xforce.ibmcloud.com/vulnerabilities/54655
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T06:54:09.867Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://dvlabs.tippingpoint.com/advisory/TPTI-09-14"
          },
          {
            "name": "20091209 TPTI-09-14: HP OpenView NNM ovwebsnmpsrv.exe OVwSelection Stack Overflow Vulnerability",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/508357/100/0/threaded"
          },
          {
            "name": "37261",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/37261"
          },
          {
            "name": "SSRT090257",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=126046355120442\u0026w=2"
          },
          {
            "name": "hp-ovnnm-ovwebsnmpsrv-bo(54655)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54655"
          },
          {
            "name": "HPSBMA02483",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01950877"
          },
          {
            "name": "SSRT090164",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01950877"
          },
          {
            "name": "37343",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/37343"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2009-12-09T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Stack-based buffer overflow in ovwebsnmpsrv.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via vectors involving the sel and arg parameters to jovgraph.exe."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-10T18:57:01",
        "orgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
        "shortName": "hp"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://dvlabs.tippingpoint.com/advisory/TPTI-09-14"
        },
        {
          "name": "20091209 TPTI-09-14: HP OpenView NNM ovwebsnmpsrv.exe OVwSelection Stack Overflow Vulnerability",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/508357/100/0/threaded"
        },
        {
          "name": "37261",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/37261"
        },
        {
          "name": "SSRT090257",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=126046355120442\u0026w=2"
        },
        {
          "name": "hp-ovnnm-ovwebsnmpsrv-bo(54655)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54655"
        },
        {
          "name": "HPSBMA02483",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01950877"
        },
        {
          "name": "SSRT090164",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01950877"
        },
        {
          "name": "37343",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/37343"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "hp-security-alert@hp.com",
          "ID": "CVE-2009-4181",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Stack-based buffer overflow in ovwebsnmpsrv.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via vectors involving the sel and arg parameters to jovgraph.exe."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://dvlabs.tippingpoint.com/advisory/TPTI-09-14",
              "refsource": "MISC",
              "url": "http://dvlabs.tippingpoint.com/advisory/TPTI-09-14"
            },
            {
              "name": "20091209 TPTI-09-14: HP OpenView NNM ovwebsnmpsrv.exe OVwSelection Stack Overflow Vulnerability",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/508357/100/0/threaded"
            },
            {
              "name": "37261",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/37261"
            },
            {
              "name": "SSRT090257",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=126046355120442\u0026w=2"
            },
            {
              "name": "hp-ovnnm-ovwebsnmpsrv-bo(54655)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54655"
            },
            {
              "name": "HPSBMA02483",
              "refsource": "HP",
              "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01950877"
            },
            {
              "name": "SSRT090164",
              "refsource": "HP",
              "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01950877"
            },
            {
              "name": "37343",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/37343"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
    "assignerShortName": "hp",
    "cveId": "CVE-2009-4181",
    "datePublished": "2009-12-10T22:00:00",
    "dateReserved": "2009-12-03T00:00:00",
    "dateUpdated": "2024-08-07T06:54:09.867Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2009-4181\",\"sourceIdentifier\":\"hp-security-alert@hp.com\",\"published\":\"2009-12-10T22:30:00.657\",\"lastModified\":\"2025-04-09T00:30:58.490\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Stack-based buffer overflow in ovwebsnmpsrv.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via vectors involving the sel and arg parameters to jovgraph.exe.\"},{\"lang\":\"es\",\"value\":\"Desbordamiento del b\u00fafer de la pila en ovwebsnmpsrv.exe en HP OpenView Network Node Manager (OV NNM) v7.01, v7.51, y v7.53 permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de vectores que incluyen el uso de los par\u00e1metros \\\"sel\\\" y \\\"arg\\\" a jovgraph.exe.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:C/I:C/A:C\",\"baseScore\":10.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-119\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hp:openview_network_node_manager:7.0.1:*:hp_ux:*:*:*:*:*\",\"matchCriteriaId\":\"A54C04BC-7EA3-412B-B509-414BBC942E92\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hp:openview_network_node_manager:7.0.1:*:linux:*:*:*:*:*\",\"matchCriteriaId\":\"8EFF07E8-239D-413D-90DB-E3153232D73C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hp:openview_network_node_manager:7.0.1:*:solaris:*:*:*:*:*\",\"matchCriteriaId\":\"D506AC90-5383-4221-BBC8-7AF34D62C929\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hp:openview_network_node_manager:7.0.1:*:windows:*:*:*:*:*\",\"matchCriteriaId\":\"16BAE549-664A-47D1-8355-EA63B1BCFD4A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hp:openview_network_node_manager:7.51:-:hp-ux:*:*:*:*:*\",\"matchCriteriaId\":\"6692E05F-4864-449F-8A52-9001028D8C44\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hp:openview_network_node_manager:7.51:-:linux:*:*:*:*:*\",\"matchCriteriaId\":\"2A40F2C6-AFF9-4D63-ACD0-A9D37160BA3D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hp:openview_network_node_manager:7.51:-:solaris:*:*:*:*:*\",\"matchCriteriaId\":\"FC1DA299-A180-4078-9172-67D116840D29\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hp:openview_network_node_manager:7.51:-:windows:*:*:*:*:*\",\"matchCriteriaId\":\"FED610E9-7639-48FE-8B4F-B394A7EEC7C9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hp:openview_network_node_manager:7.53:-:hp-ux:*:*:*:*:*\",\"matchCriteriaId\":\"C1935DA4-A1AF-4867-BCB1-F5BB75360702\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hp:openview_network_node_manager:7.53:-:linux:*:*:*:*:*\",\"matchCriteriaId\":\"769ED1A5-C3C5-404E-8040-655D69C2AA88\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hp:openview_network_node_manager:7.53:-:solaris:*:*:*:*:*\",\"matchCriteriaId\":\"186EFE05-AC1C-48FF-91B7-0CCD49FEABCC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hp:openview_network_node_manager:7.53:-:windows:*:*:*:*:*\",\"matchCriteriaId\":\"D5CE1F56-FA80-416D-8F42-C1C291F0965C\"}]}]}],\"references\":[{\"url\":\"http://dvlabs.tippingpoint.com/advisory/TPTI-09-14\",\"source\":\"hp-security-alert@hp.com\"},{\"url\":\"http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01950877\",\"source\":\"hp-security-alert@hp.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01950877\",\"source\":\"hp-security-alert@hp.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=126046355120442\u0026w=2\",\"source\":\"hp-security-alert@hp.com\"},{\"url\":\"http://www.securityfocus.com/archive/1/508357/100/0/threaded\",\"source\":\"hp-security-alert@hp.com\"},{\"url\":\"http://www.securityfocus.com/bid/37261\",\"source\":\"hp-security-alert@hp.com\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.securityfocus.com/bid/37343\",\"source\":\"hp-security-alert@hp.com\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/54655\",\"source\":\"hp-security-alert@hp.com\"},{\"url\":\"http://dvlabs.tippingpoint.com/advisory/TPTI-09-14\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01950877\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01950877\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=126046355120442\u0026w=2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/508357/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/37261\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.securityfocus.com/bid/37343\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/54655\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.