BetaONE will rise again!


Reply
  #1  
Old 1st Sep 05, 03:17 AM
Alpine's Avatar
Alpine Alpine is offline
Retired Crew
 
Join Date: Feb 2002
Location: Run Forest, RUN!!
Posts: 3,601
Alpine is on a distinguished road
Send a message via ICQ to Alpine Send a message via AIM to Alpine
HP warns over OpenView flaw
Enterprise users are been urged to apply workarounds following the discovery of a potentially troublesome vulnerability involving a component of HP's widely used network management suite, HP OpenView. A security bug in Network Node Manager opens the door to possible hacker attack, according to work by security researchers at Portcullis Computer Security and NGS Software.

Network Node Manager (NNM) allows networks managers to monitor and control the operation of network devices. The flaw creates a means for hackers to execute potentially malicious shell commands by exploiting inadequate input checks involving scripts (e.g. cgi-bin/connectedNodes.ovpl) used by various versions of NNM. The vulnerability affects versions 6.2, 6.4, 7.01, and 7.50 of OpenView NNM running on HP-UX, Solaris, Windows NT, Windows 2000, Windows XP and Linux systems.

Exploitation is far from trivial. Nonetheless HP advises users to apply a workaround which involves moving affected scripts - connectedNodes.ovpl, cdpView.ovpl, freeIPaddrs.ovpl and ecscmg.ovpl - to another directory. HP's advisory is available from its customer support web site here (customer registration required). Security clearing house Secunia has a useful summary here.



The REGister
Reply With Quote
Reply


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is On
Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Windows Flaw Reaches Beyond XP NewsBot NeoWin News 0 19th Jul 05 12:00 AM
Flaw Found in Adobe Acrobat NewsBot NeoWin News 0 6th Jul 05 09:00 PM
Flaw found in McAfee suite NewsBot NeoWin News 0 19th Apr 05 09:00 PM
Critical Flaw found in Winamp 5.06 and earlier NewsBot NeoWin News 0 28th Nov 04 07:00 AM
Java flaw could lead to Windows, Linux attacks NewsBot NeoWin News 0 24th Nov 04 12:00 AM


All times are GMT +1. The time now is 08:13 AM.


Design by Vjacheslav Trushkin for phpBBStyles.com.
Powered by vBulletin® Version 3.6.5
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.