HP patches critical OpenView flaws

The remote network software contains flaws that could be exploited to gain access to critical files.

Hewlett Packard Co. issued an advisory Monday warning customers of several new flaws in its OpenView Network Node Manager, used to map a company's physical network infrastructure remotely to adjust availability and performance.

HP said the vulnerabilities could open the network to attackers, allowing them to remotely execute arbitrary code and gain access to sensitive information. The flaws affect OpenView Network Node Manager v7.01, v7.51, v7.53 running on HP-UX, Linux, Solaris and Windows. To exploit the errors attackers can send malicious HTTP requests to HP OpenView's Web server component, HP said in its advisory.

The flaws were discovered by Oren Isacson of Core Security Technologies Inc. It's the second time in two months that HP has issued an update to correct errors in the software. Core's Isacson reviewed flaws addressed by HP in February and discovered two new holes as well as a third flaw that was exploitable despite HP's patch. Core said the flaw could affect millions of organizations using HP's OpenView systems and network management software.

The software contains an error discovered by Danish vulnerability clearinghouse Secunia that could be exploited to cause a buffer overflow condition. In addition, Core said it discovered two heap-based buffer overflows.

HP released archive files to repair the vulnerabilities.

Dig deeper on Emerging Information Security Threats

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close