HP Plugs Security Holes in OpenView Software Package

Paul Lilly

HP says it has identified and patched a dozen pretty severe security vulnerabilities with the company's OpenView Network Node Manager (OV NNM) software and is recommending that administrators apply the updates right away.

"The technical characteristics of these vulnerabilities (simple overflows with attacker controlled data) make them prime targets for exploitation," said Aaron Portnoy , a researcher at the network security firm TippingPoint, which discovered some of the vulnerabilities.

Left unpatched, the vulnerabilities make it possible for an attacker to execute arbitrary code, and in some cases, take control of the infected system. The security holes are serious enough that each of them have been given a rating of 10 on the Common Vulnerability Scoring System scale, which is the most severe rating possible.

OV NNM versions 7.01, 7.51, and 7.53 running on HP-UX, Linux, Solaris, or windows are vulnerable.

Around the web