TippingPoint Digital Vaccine Laboratories
DID YOU KNOW... Frost and Sullivan announced in their Feb. 2007 report, "Analysis of Vulnerability Discovery and Disclosure", that TippingPoint was the fastest growing discoverer of new vulnerabilities and the leader in the discovery of both high-severity and Microsoft vulnerabilities.

HP OpenView Multiple Product Shared Trace Service Stack Overflow Vulnerabilities

TPTI-07-14: August 14th, 2007

CVE ID

Affected Vendors

Affected Products

    HP OpenView Internet Service
    HP OpenView Performance Manager
    HP OpenView Performance Agent
    HP OpenView Reporter
    HP OpenView Operations
    HP OpenView Operations Manager for Windows
    HP OpenView Service Quality Manager
    HP OpenView Network Node Manager
    HP OpenView Business Process Insight and Related Products
    HP OpenView Dashboard
    HP OpenView Performance Insight

TippingPoint™ IPS Customer Protection

TippingPoint IPS customers are protected against this vulnerability by Digital Vaccine protection filter ID 4787. For further product information on the TippingPoint IPS:

Vulnerability Details



These vulnerabilities allow remote attackers to execute arbitrary code on vulnerable installations of multiple Hewlett-Packard (HP) OpenView products, including: Performance Manager, Performance Agent, Reporter, Operations, Operations Manager, Service Quality Manager, Network Node Manager, Business Process Insight, Dashboard and Performance Insight. Authentication is not required to exploit these vulnerabilities.



The specific flaws exists within the OpenView Shared Trace Service. A service that is distributed with multiple products as ovtrcsvc.exe and OVTrace.exe. The vulnerable service may be found bound to TCP port 5053 (ovtrcsvc.exe) or TCP port 5051 (OVTrace.exe). Specially crafted data through opcode handlers 0x1a and 0x0f can result in arbitrary code execution under the context of the SYSTEM user.

Vendor Response


Hewlett-Packard states:

Hewlett-Packard has issued updates to correct this vulnerability. More details can be found at:



Disclosure Timeline

    2006-10-10 - Vulnerability reported to vendor
    2007-08-14 - Coordinated public release of advisory

Credit

This vulnerability was discovered by: