Zero-Day Advisory

Fortinet Discovers HP OpenView Network Node Manager ovspmd.exe Buffer Overflow Vulnerability

Summary

Fortinet's FortiGuard Labs has discovered buffer overflow vulnerability in OpenView Network Node Manager ovspmd.exe .

Solutions

FortiGuard Labs released the following FortiGate IPS signature which covers this specific vulnerability:

HP.OpenView.Network.Node.Manager.ovspmd.Buffer.Overflow
Released May 20, 2008

Users should apply the solution provided by HP.

Additional Information

The HP OpenView Process Manager service is available through the "ovspmd" process, which by default listens on TCP port 8886 or 8887. By sending a specially crafted request to this process, an attacker can cause the service to crash. This can then be used to cause denial of service, or may allow the attacker to gain control of the vulnerable system.

Acknowledgement

Liu Zhen Hua of Fortinet's FortiGuard Global Security Research Team

IPS Subscription

Fortinet customers who subscribe to Fortinet's intrusion prevention (IPS) service should be protected against this vulnerability with the appropriate configuration parameters in place. Fortinet's IPS service is one component of FortiGuard Subscription Services, which also offer comprehensive solutions such as antivirus, Web content filtering and antispam capabilities. These services enable protection against threats on both application and network layers. FortiGuard Services are continuously updated by FortiGuard Labs, which enables Fortinet to deliver a combination of multi-layered security intelligence and true zero-day protection from new and emerging threats. These updates are delivered to all FortiGate, FortiMail and FortiClient products. Fortinet strictly follows responsible disclosure guidelines to ensure optimum protection during a threat's lifecycle.