HighProventia Network IPS, Proventia Desktop, RealSecure Network, RealSecure Server Sensor, Proventia-G 1.1 and earlier, Proventia Network IDS, Proventia Network MFS, IBM Security Server Protection for Windows, Proventia Server IPS for Linux technology, Virtual Server Protection for Vmware:
This signature detects an HTTP overflow condition a network management system that could result in remote code execution.
High
Proventia Network IPS: XPU 29.060, Proventia Desktop: 2400, RealSecure Network: XPU 29.060, RealSecure Server Sensor: XPU 29.060, Proventia-G 1.1 and earlier: XPU 29.060, Proventia Network IDS: XPU 29.060, Proventia Network MFS: XPU 29.060, IBM Security Server Protection for Windows: 2.0.300.2400, IBM Security Server Protection for Windows: 1.0.914.2400, IBM Security Server Protection for Windows: 2.1.14.2400, Proventia Server IPS for Linux technology: 29.060, Virtual Server Protection for Vmware: 1.0
Network Management System
Unauthorized Access Attempt
By sending a specially-crafted HTTP request, a remote attacker could exploit a vulnerability in the HP OpenView Network Node Manager to execute arbitrary code on the system.
No remedy available as of May 2009.
IBM Internet Security Systems Protection Advisory
HP OpenView Network Node Manager Remote Code Execution
http://www.iss.net/threats/357.html
HPSBMA02483 SSRT090257 rev.1
HP OpenView Network Node Manager (OV NNM), Remote Execution of Arbitrary Code
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01950877
ISS X-Force
Network Management Buffer Overflow
http://www.iss.net/security_center/static/50671.php
CVE
CVE-2009-0898
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0898