HP OpenView Network Node Manager (NNM) versions 6.41, 7.01, and 7.51 contain a buffer overflow vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code on the affected system.
The vulnerability exists due to insufficient boundary checking of user-supplied input passed to certain parameters of web-accessible applications. An unauthenticated, remote attacker could exploit this vulnerability by sending an overly long argument to an affected system. Sending such an argument may trigger a buffer overflow that could allow an attacker to create a denial of service (DoS) condition or execute arbitrary code with the privileges of the NNM service.
Functional exploit code is available.
HP has confirmed this vulnerability in a security bulletin and released patches.