Three critical flaws found in HP OpenView

By on
Three critical flaws found in HP OpenView

A trio of flaws have been found in HP's OpenView software and users are being urged to patch their systems as soon as possible.

The flaws, found by researchers at Core Security, affect OpenView Network Node Manager versions 7.51, 7.53 and 7.53 with the NNM_01195 patch.

HP is urging customers to visit its web site and download the new patches.

Network Node Manager allows administrators to monitor network system events remotely and carry out performance monitoring.

The first flaw is a stack-based bug which was found to be vulnerable despite an earlier patch. The other two are heap-based buffer overflows in two sections of the code.

The bugs would allow remote code execution on infected systems and, given the broad capabilities of Network Node Manager, would allow a hacker full access to compromised systems.

"While remote network management technologies offer substantial value in terms of allowing organisations to maintain constant vigilance and control over their networks, the flipside is that attackers can potentially use available vulnerabilities in these systems to wreak havoc on internal infrastructure," said Ivan Arce, chief technology officer at Core Security.

"It is vitally important for remote systems management solution providers to minimise these easily exploitable security flaws that can allow for remote system compromise."

A researcher at Core discovered the flaws in January and has worked with HP to develop the patches before releasing the news.

Tags:

Most Read Articles

You must be a registered member of iTnews to post a comment.
| Register

Poll

New Windows 10 users, are you upgrading from...
Windows 8
Windows 7
Windows XP
Another operating system
Windows Vista
How should the costs of Australia's piracy scheme be split?
Rights holders should foot the whole bill
50/50
ISPs should foot the whole bill
Government should chip in a bit
Other
View poll archive

Whitepapers from our sponsors

What will the stadium of the future look like?
What will the stadium of the future look like?
New technology adoption is pushing enterprise networks to breaking point
New technology adoption is pushing enterprise networks to breaking point
Gartner names IBM a 'Leader' for Disaster Recovery as a Service
Gartner names IBM a 'Leader' for Disaster Recovery as a Service
The next era of business continuity: Are you ready for an always-on world?
The next era of business continuity: Are you ready for an always-on world?

Log In

Username:
Password:
|  Forgot your password?