OpenView Open To Hacking
By David Utter
French tech security firm FrSIRT has reported on a high-risk flaw in HP's network management tool.
OpenView's Network Node Manager could be open to remote code exploits due to an input validation error flaw in a script. HP has addressed the problem via a workaround posted on its site.
Other scripts that are part of the OpenView product exhibit the same vulnerability. FrSIRT lists four products affected by the issue; they include versions running on HP-UX, Solaris, Windows NT, Windows 2000, Windows XP, and Linux:
HP OpenView Network Node Manager version 6.2
HP OpenView Network Node Manager version 6.4
HP OpenView Network Node Manager version 7.01
HP OpenView Network Node Manager version 7.50
An exploit that hits the vulnerable script, connectedNodes.ovpl, would be able to execute commands at the same permission level. Three other scripts, freeIPaddrs.ovpl, cdpView.ovpl, and ecscmg.ovpl, have the same vulnerability.
About the Author:
David Utter is a staff writer for WebProNews covering technology and business.