HP warns of critical holes in its server monitoring software
HP is warning its customers about two security vulnerabilities in its Operations Agent server monitoring software. According to the company, unspecified errors in the enterprise software for AIX, HP-UX, Linux, Solaris and Windows can be exploited by a remote attacker to compromise a vulnerable system and execute arbitrary code. Both of these errors have a CVSS 2.0 (Common Vulnerability Scoring System) base score of 10.0, the highest possible severity rating.
Versions prior to 11.03.12 on all supported platforms are affected; upgrading to 11.03.12 corrects the problems. The vulnerabilities were reported to HP by Luigi Auriemma via TippingPoint's Zero Day Initiative (ZDI).
A full list of affected versions, and patch download information can be found in the company's security advisory. HP advises all administrators to install the patches as soon as possible.
See also:
- HP Operations Agent for AIX, HP-UX, Linux, Solaris and Windows, Remote Execution of Arbitrary Code, security advisory from HP.
(crve)