HP Warns on OpenView Net Services Flaw
HP is warning users of its OpenView Internet Services management package to be aware of a flaw in another product bundled with the software that could lead to denial-of-service attacks.
The company issued an advisory Monday informing customers of a potentially serious vulnerability in Probe Builder, a technology made by European Performance Systems and included as part of the OpenView package.
In addition to the HP advisory, SecurityFocus also listed the flaw on its Web site - and warned that the bulletin should be "acted on as soon as possible."
"The vulnerability could be exploited remotely to create a Denial of Service (DoS)," the security researchers said in their summary. "A successful exploit could cause the system running HP OpenView Internet Services to crash."
Affected iterations of the software include HP OpenView Internet Services running Probe Builder versions prior to vA.02.20.901 running on Windows.
HP credited an anonymous researcher working with the iDefense VCP for initially reporting the vulnerability and European Performance Systems Ltd. has provided a patch to resolve the vulnerability.
"HP is broadly distributing this security bulletin in order to bring to the attention of users of the affected products the important security information contained," the company said in a statement. "[We] recommend that all users determine the applicability of this information to their individual situations and take appropriate action."
Matt Hines has been following the IT industry for over a decade as a reporter and blogger, and has been specifically focused on the security space since 2003, including a previous stint writing for eWeek and contributing to the Security Watch blog. Hines is currently employed as marketing communications manager at Core Security Technologies, a Boston-based maker of security testing software. The views expressed herein do not necessarily represent the views of Core Security, and neither the company, nor its products and services will be actively discussed in the blog. Please send news, research or tips to SecurityWatchBlog@gmail.com.