30 June 2009, 12:49

Once again HP has to close a hole in OpenView Network Node Manager

Hewlett-Packard has released updates for the OpenView Network Node Manager (NNM) to close a remotely exploitable vulnerability in the Linux version of the software. According to an iDefense report, the rping tool conceals a buffer overflow which attackers can use to inject and execute malicious code in a system without authentication. The patch also helps to force authentication in web interfaces. The forced authentication feature can be activated by switching the UserLogin option in sessions.conf to ON.

Only three weeks ago, HP had to close a different hole in OpenView Network Node Manager. That hole was due to an error related to the SNMP and MIB processing, however, HP did not provide any additional details.

See also:

HP Network Node Manager rping Stack Buffer Overflow Vulnerability, security advisory from iDefense Labs.

Once again HP has to close a hole in OpenView Network Node Manager

Internet Toolkit

SSL for free - step by step

Testing email with encryption

Shortened-breaks

The H Security Conficker information site

Tracking down malware

Health Check: Mandriva

Kernel Log: Linux 2.6.34 goes into testing

The H Update Check

Happenings: FOSS at CeBIT 2010

Of Android and the Fear of Fragmentation

Kernel Log: Stable kernels analysed, Linux without firmware, new graphics drivers

What's new in Linux 2.6.33

Health Check: FreeBSD - "The unknown giant"

New life for dead software

Price Insight Top 10

The H

The H open source

The H Security

The H Internet Toolkit