Once again HP has to close a hole in OpenView Network Node Manager
Hewlett-Packard has released updates for the OpenView Network Node Manager (NNM) to close a remotely exploitable vulnerability in the Linux version of the software. According to an iDefense report, the rping tool conceals a buffer overflow which attackers can use to inject and execute malicious code in a system without authentication. The patch also helps to force authentication in web interfaces. The forced authentication feature can be activated by switching the UserLogin option in sessions.conf
to ON.
Only three weeks ago, HP had to close a different hole in OpenView Network Node Manager. That hole was due to an error related to the SNMP and MIB processing, however, HP did not provide any additional details.
See also:
- HP Network Node Manager rping Stack Buffer Overflow Vulnerability, security advisory from iDefense Labs.
(crve)