Vigil@nce: OpenView NNM, denial of service
September 2008 by Vigil@nce
A remote attacker can use two vulnerabilities of OpenView NNM in
order to create a denial of service.
– Gravity: 2/4
– Consequences: denial of service of service
– Provenance: intranet client
– Means of attack: no proof of concept, no attack
– Ability of attacker: expert (4/4)
– Confidence: confirmed by the editor (5/5)
– Diffusion of the vulnerable configuration: high (3/3)
– Creation date: 02/09/2008
– Identifier: VIGILANCE-VUL-8081
IMPACTED PRODUCTS
– Hewlett-Packard OpenView
DESCRIPTION
The Openview NNM (Network Node Manager) product manages a network
of computers.
The OVALARMSRV service, which listens on ports 2953/tcp and
2954/tcp, handles alarms. It has two vulnerabilities. Technical
details are unknown.
They can be used by a remote attacker to create a denial of
service.
CHARACTERISTICS
– Identifiers: c01537275, CVE-2008-3536, CVE-2008-3537, HPSBMA02362,
SSRT080044, SSRT080045, VIGILANCE-VUL-8081
– Url: https://vigilance.aql.fr/tree/1/8081