HP Plugs Critical Security Holes in OpenView Network Management Technology
Core Security Technologies identifies three vulnerabilities in HP's OpenView Network Node Manager that could be exploited remotely by hackers. One of the bugs was thought to have been patched previously, but was still exploitable.Core Security Technologies has issued an advisory for multiple vulnerabilities affecting HP's popular OpenView systems and network management software. An engineer from CoreLabs, the company's research arm, uncovered three vulnerabilities in HP OpenView NNM (Network Node Manager) that can be exploited remotely via buffer overflows to compromise mission-critical servers. Though two of the vulnerabilities are brand new, the third is a stack-based bug found on CGI parameter OvOSLocale that HP had previously issued a patch for but was still exploitable.
According to CoreLabs, attackers can leverage the vulnerabilities by sending specially crafted HTTP requests to HP OpenView's Web server component, allowing them to execute arbitrary code on the target system. HP has issued fixes for all three vulnerabilities in response to CoreLabs' findings.