Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2007-4349

The Shared Trace Service (aka OVTrace) in HP Performance Agent C.04.70 (aka 4.70), HP OpenView Performance Agent C.04.60 and C.04.61, HP Reporter 3.8, and HP OpenView Reporter 3.7 (aka Report 3.70) allows remote attackers to cause a denial of service via an unspecified series of RPC requests (aka Trace Event Messages) that triggers an out-of-bounds memory access, related to an erroneous object reference.

Published

2008-10-23T22:00:01.027

Last Modified

2025-04-09T00:30:58.490

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 4.3 (MEDIUM)

CVSSv2 Vector

AV:N/AC:M/Au:N/C:N/I:N/A:P

Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality Impact: NONE
Integrity Impact: NONE
Availability Impact: PARTIAL

Exploitability Score

8.6

Impact Score

2.9

Weaknesses

Type: Primary
NVD-CWE-Other

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	hp	openview_performance_agent	c.04.60	Yes
Application	hp	openview_performance_agent	c.04.61	Yes
Application	hp	openview_reporter	3.70	Yes
Application	hp	performance_agent	4.70	Yes
Application	hp	reporter	3.8	Yes

References

http://marc.info/?l=bugtraq&m=122876677518654&w=2 ([email protected])
http://marc.info/?l=bugtraq&m=122876827120961&w=2 ([email protected])
http://marc.info/?l=bugtraq&m=122876827120961&w=2 ([email protected])
http://secunia.com/advisories/27054 Vendor Advisory ([email protected])
http://secunia.com/secunia_research/2007-83/ Vendor Advisory ([email protected])
http://securityreason.com/securityalert/4501 ([email protected])
http://www.securityfocus.com/archive/1/497648/100/0/threaded ([email protected])
http://www.securityfocus.com/bid/31860 Patch ([email protected])
http://www.securitytracker.com/id?1021092 ([email protected])
http://www.vupen.com/english/advisories/2008/2888 Vendor Advisory ([email protected])
https://exchange.xforce.ibmcloud.com/vulnerabilities/46028 ([email protected])
http://marc.info/?l=bugtraq&m=122876677518654&w=2 (af854a3a-2127-422b-91ae-364da2661108)
http://marc.info/?l=bugtraq&m=122876827120961&w=2 (af854a3a-2127-422b-91ae-364da2661108)
http://marc.info/?l=bugtraq&m=122876827120961&w=2 (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/27054 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/secunia_research/2007-83/ Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://securityreason.com/securityalert/4501 (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/archive/1/497648/100/0/threaded (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/31860 Patch (af854a3a-2127-422b-91ae-364da2661108)
http://www.securitytracker.com/id?1021092 (af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2008/2888 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://exchange.xforce.ibmcloud.com/vulnerabilities/46028 (af854a3a-2127-422b-91ae-364da2661108)