NEW: web-activex.rules and scada.rules, CVE-2008-1852

November 18th, 2008

The Sourcefire VRT is aware of a vulnerability affecting the HP OpenView Network Node Manager. This release also introduces two new rule groups.

Details:

This releases introduces scada.rules and web-activex.rules as new rule groups.
SCADA Rules:

This group contains rules that pertain to the Supervisory Control and Data Acquisition (SCADA) protocol used for computer controlled system monitoring and process control.

Web-ActiveX Rules:

This group contains rule that were formerly in the web-client.rules group. It has been created to better manage the large number of ActiveX rules now in the VRT certified rule set.

HP OpenView Network Node Manager Buffer Overflow (CVE-2008-1852):

HP OpenView Network Node Manager is prone to a buffer overflow vulnerability which may allow a remote attacker to execute code on an affected system. The application fails to correctly check the number of user-supplied sub-arguments in a request which then triggers a memory allocation failure.

A rule to detect attacks targeting this vulnerability is included in this release and is identified with GID 1, SID 15078.

NEW: web-activex.rules and scada.rules, CVE-2008-1852

November 18th, 2008

Buy Sourcefire Products