In association with heise online

10 August 2007, 12:17

Buffer overflows in HP OpenView fixed

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Security services provider iDefense has reported multiple buffer overflows in HP's OpenView Operations for Windows OVTrace , which can be exploited by an attacker to execute code on a system with system privileges. According to the advisory, sending crafted requests containing excess length strings to the service is sufficient to exploit this vulnerability. iDefense state that OVTrace is started by default, even if only the Management Console, rather than the complete application, is installed.

The bug was discovered in HP OpenView A.07.50 for Windows, other versions may also be affected. The defective component is included in the following products:

OpenView Internet Service (OVIS) on HP-UX, Linux, Solaris and Windows
OpenView Performance Manager (OVPM) on HP-UX, Solaris and Windows
OpenView Performance Agent (OVPA)
OpenView Reporter
OpenView Operations (OVO) Agent
OpenView Operations Manager for Windows (OVOW) with OpenView
OpenView Service Quality Manager (OV SQM)
OpenView Network Node Manager (OV NNM)
OpenView Dashboard
OpenView Performance Insight (OVPI)

HP has released updates which fix the vulnerabilities.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit