Security leak in HP's OpenView component
Hewlett-Packard has issued a warning about a security hole in its OpenView Network Node Manager (inventory and administration software for networks) that attackers could use to inject arbitrary malicious code onto the systems affected and execute it there with the rights of the OpenView component. To perform this attack, no registration on the system is required.
HP does not provide any further details on this vulnerability. The hole concerns the Network Node Manager 6.20, 6.4, 7.01 and 7.50 on HP-UX B.11.00, B.11.00, and B.11.23, as well as on Solaris, Windows, and Linux. The company is providing registered customers with updates to close the hole. HP recommends that affected administrators update as quickly as possible.
- HP OpenView Network Node Manager (OV NNM) Remote Unauthorized Execution of Arbitrary Code, HP's security advisory
- Download of the patches (registration required)