HP OpenView Configuration Management divulges data
HP warns in a security advisory that several components of its HP OpenView network management software allow attackers remote unauthorized access to data. The components in question are Configuration Management (CM) and Client Configuration Manager (CCM). Reportedly, the httpd.tkd module needs to be running: it is used by the OS Manager, Policy Server, Portal, Patch Manager, Proxy Server, Distributed Configuration Server and Multicast Server components among others.
Hewlett Packard has not published any further details regarding this security breach. The affected versions include HP OpenView Configuration Management Infrastructure v4.0, v4.1, v4.2 and v4.2i for Windows, HP-UX, AIX, Solaris and Linux, as well as HP OpenView Client Configuration Manager v2.0 for Windows. In its security advisory, the vendor provides links to updates for registered users and urges administrators to apply the updates as soon as possible. Since there can be multiple instances of the httpd.tkd file on a system, all relevant files should be replaced with the corrected version.
- HP OpenView Configuration Management (CM) Infrastructure (Radia) and Client Configuration Manager (CCM) Running httpd.tkd, Remote Unauthorized Access to Data, HP's security advisory on the Bugtraq mailing list