In association with heise online

30 June 2009, 11:49

Once again HP has to close a hole in OpenView Network Node Manager

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Hewlett-Packard has released updates for the OpenView Network Node Manager (NNM) to close a remotely exploitable vulnerability in the Linux version of the software. According to an iDefense report, the rping tool conceals a buffer overflow which attackers can use to inject and execute malicious code in a system without authentication. The patch also helps to force authentication in web interfaces. The forced authentication feature can be activated by switching the UserLogin option in sessions.conf to ON.

Only three weeks ago, HP had to close a different hole in OpenView Network Node Manager. That hole was due to an error related to the SNMP and MIB processing, however, HP did not provide any additional details.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit