CVE-2008-2438
HP OpenView Network Node Manager 7.01, 7.51, 7.53 - Remote Code Execution via Crafted Command to TCP Port 2954
Title source: llmDescription
Integer overflow in ovalarmsrv.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via a crafted command to TCP port 2954, which triggers a heap-based buffer overflow.
References (6)
Core 6
Core References
Vendor Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2009/1187
Third Party Advisory, VDB Entry vendor-advisory
x_refsource_hp
http://www.securityfocus.com/archive/1/503024
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/54107
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/503039/100/0/threaded
Patch vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/34738
Vendor Advisory x_refsource_misc
http://secunia.com/secunia_research/2008-38/
Scores
EPSS
0.1698
EPSS Percentile
95.1%
Details
CWE
CWE-189
Status
published
Products (3)
hp/openview_network_node_manager
7.01
hp/openview_network_node_manager
7.51
hp/openview_network_node_manager
7.53
Published
Apr 28, 2009
Tracked Since
Feb 18, 2026