In association with heise online

09 February 2009, 11:48

HP Network Node Manager patched

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Hewlett Packard has released patches for its Network Node Manager (NNM) which aim to close several vulnerabilities, including some which allow for remote execution of code. The problems are caused by buffer overflows and received parameters being passed to other processes unchecked. It is the latter hole that allows for the injection of commands by an attacker. The rights with which the server executes those injected commands is dependent on the operating system that NNM is running on.

HP has released patches for HP-UX, Red Hat Linux, Solaris and Windows. iDefense, the security services provider that discovered the vulnerabilities, found both problems on some platforms, but HP is the patching all supported platforms. The affected versions of NNM are 7.01, 7.51 and 7.53. NNM 7.51 users will need to upgrade to 7.53 before applying the patches.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit