OpenView Open To Hacking
French tech security firm FrSIRT has reported on a high-risk flaw in HP’s network management tool.
Other scripts that are part of the OpenView product exhibit the same vulnerability. FrSIRT lists four products affected by the issue; they include versions running on HP-UX, Solaris, Windows NT, Windows 2000, Windows XP, and Linux:
HP OpenView Network Node Manager version 6.2
HP OpenView Network Node Manager version 6.4
HP OpenView Network Node Manager version 7.01
HP OpenView Network Node Manager version 7.50
An exploit that hits the vulnerable script, connectedNodes.ovpl, would be able to execute commands at the same permission level. Three other scripts, freeIPaddrs.ovpl, cdpView.ovpl, and ecscmg.ovpl, have the same vulnerability.
David Utter is a staff writer for WebProNews covering technology and business. Email him here.