This is a summary of the AI-generated 10-question deep analysis. The full version (longer answers, follow-up Q&A, related CVEs) requires login. Read the full analysis β
Q1What is this vulnerability? (Essence + Consequences)
π¨ **Essence**: A stack-based buffer overflow in `getnnmdata.exe`. π **Consequences**: Remote attackers can execute arbitrary code by sending an invalid Hostname parameter. π₯ Total system compromise is possible.
Q2Root Cause? (CWE/Flaw)
π‘οΈ **Root Cause**: Stack-based buffer overflow. π **Flaw**: The `getnnmdata.exe` component fails to properly validate input length, allowing overflow. π« No specific CWE ID provided in data.
Q3Who is affected? (Versions/Components)
π’ **Affected**: HP OpenView Network Node Manager (OV NNM). π¦ **Component**: Specifically the `getnnmdata.exe` program. π **Published**: May 13, 2010.
Q4What can hackers do? (Privileges/Data)
π **Privileges**: Arbitrary code execution. π΅οΈ **Impact**: Attackers gain full control over the affected system. π **Data**: Potential access to all system data depending on service account rights.
Q5Is exploitation threshold high? (Auth/Config)
β‘ **Threshold**: LOW. π **Auth**: Remote exploitation is possible. π‘ **Config**: Triggered via invalid Hostname parameter in CGI requests. No authentication mentioned.
Q6Is there a public Exp? (PoC/Wild Exploitation)
π **Public Exp?**: Yes. π **References**: ZDI-10-086 and Bugtraq archives confirm exploitation details. πΈοΈ Wild exploitation risk exists due to remote nature.
Q7How to self-check? (Features/Scanning)
π **Check**: Scan for HP OpenView NNM services. π‘ **Feature**: Look for `getnnmdata.exe` handling CGI requests. π οΈ **Tool**: Use vulnerability scanners targeting NNM versions.