SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |    Help    |   

SecurityTracker
Archives


Your Ad Here
 
Click to Sign Up
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com
Sign Up!





Category:  Application (Generic)  >  OpenView Vendors:  HP (Compaq)
HP OpenView Network Node Manager Lets Remote Users Execute Arbitrary Code
SecurityTracker Alert ID:  1017504
SecurityTracker URL:  http://securitytracker.com/id?1017504
CVE Reference:  CVE-2007-0441   (Links to External Site)
Updated:  May 19 2008
Original Entry Date:  Jan 11 2007
Impact:  Execution of arbitrary code via network, User access via network
Fix Available:  Yes   Vendor Confirmed:  Yes  
Advisory:  HP Security Bulletin
Version(s): 6.20, 6.4x, 7.01, 7.50
Description:  A vulnerability was reported in OpenView Network Node Manager. A remote user can execute arbitrary code on the target system.

A remote user can execute arbitrary code on the target system. The code will run with the privileges of the target Network Node Manager service.

HP credits Tenable Network Security with reporting this vulnerability.
Impact:  A remote user can execute arbitrary code on the target system.
Solution:  HP has issued the following fixes.

OpenView Network Node Manager 7.50:

HP-UX B.11.23 (IA): PHSS_34099 or subsequent
HP-UX B.11.23 (PA): PHSS_34098 or subsequent
HP-UX B.11.11: PHSS_34098 or subsequent
HP-UX B.11.00: PHSS_34098 or subsequent
Linux RedHatAS2.1: LXOV_00026 or subsequent
Solaris: PSOV_03436 or subsequent
Windows: NNM_01115 or subsequent

OpenView Network Node Manager 7.01:

HP-UX B.11.11: PHSS_35579 or subsequent
HP-UX B.11.00: PHSS_35579 or subsequent
Solaris: PSOV_03468 or subsequent
Windows: NNM_01147 or subsequent

OpenView Network Node Manager 6.4x:

HP-UX B.11.11: PHSS_34202 or subsequent

HP-UX B.11.00: PHSS_34202 or subsequent
Solaris: PSOV_03437 or subsequent
Windows: NNM_01116 or subsequent

OpenView Network Node Manager 6.20:

HP-UX B.11.11: PHSS_35113 or subsequent
HP-UX B.11.00: PHSS_35113 or subsequent
Solaris: PSOV_03461 or subsequent
Windows: NNM_01139 or subsequent

The HP advisory is available at:

http://www2.itrc.hp.com/service/cki/docDisplay.do?docId=c00809525
Vendor URL:  www2.itrc.hp.com/service/cki/docDisplay.do?docId=c00809525 (Links to External Site)
Cause:  Not specified
Underlying OS:  Linux (Any), UNIX (HP/UX), UNIX (Solaris - SunOS), Windows (NT), Windows (2000), Windows (XP)

Message History:   None.

 Source Message Contents
Date:  Thu, 11 Jan 2007 16:00:30 -0500
Subject:  HPSBMA02176 SSRT051035 rev.1 - HP OpenView Network Node Manager (OV NNM) Remote Unauthorized Execution of Arbitrary Code

 
 
http://www2.itrc.hp.com/service/cki/docDisplay.do?docId=c00809525


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us   |    Help

Copyright 2007, SecurityGlobal.net LLC