Article

HP patches critical OpenView flaws

SearchSecurity.com Staff

Hewlett Packard Co. issued an advisory Monday warning customers of several new flaws in its OpenView Network Node Manager, used to map a company's physical network infrastructure remotely to adjust availability

    Requires Free Membership to View

and performance.

HP said the vulnerabilities could open the network to attackers, allowing them to remotely execute arbitrary code and gain access to sensitive information. The flaws affect OpenView Network Node Manager v7.01, v7.51, v7.53 running on HP-UX, Linux, Solaris and Windows. To exploit the errors attackers can send malicious HTTP requests to HP OpenView's Web server component, HP said in its advisory.

The flaws were discovered by Oren Isacson of Core Security Technologies Inc. It's the second time in two months that HP has issued an update to correct errors in the software. Core's Isacson reviewed flaws addressed by HP in February and discovered two new holes as well as a third flaw that was exploitable despite HP's patch. Core said the flaw could affect millions of organizations using HP's OpenView systems and network management software.

The software contains an error discovered by Danish vulnerability clearinghouse Secunia that could be exploited to cause a buffer overflow condition. In addition, Core said it discovered two heap-based buffer overflows.

HP released archive files to repair the vulnerabilities.


There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: