SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   HPE OpenView Network Node Manager Vendors:   HPE
HP OpenView Network Node Manager Lets Remote Users Execute Arbitrary Code
SecurityTracker Alert ID:  1017504
SecurityTracker URL:  http://securitytracker.com/id/1017504
CVE Reference:   CVE-2007-0441   (Links to External Site)
Updated:  May 19 2008
Original Entry Date:  Jan 11 2007
Impact:   Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 6.20, 6.4x, 7.01, 7.50
Description:   A vulnerability was reported in OpenView Network Node Manager. A remote user can execute arbitrary code on the target system.

A remote user can execute arbitrary code on the target system. The code will run with the privileges of the target Network Node Manager service.

HP credits Tenable Network Security with reporting this vulnerability.

Impact:   A remote user can execute arbitrary code on the target system.
Solution:   HP has issued the following fixes.

OpenView Network Node Manager 7.50:

HP-UX B.11.23 (IA): PHSS_34099 or subsequent
HP-UX B.11.23 (PA): PHSS_34098 or subsequent
HP-UX B.11.11: PHSS_34098 or subsequent
HP-UX B.11.00: PHSS_34098 or subsequent
Linux RedHatAS2.1: LXOV_00026 or subsequent
Solaris: PSOV_03436 or subsequent
Windows: NNM_01115 or subsequent

OpenView Network Node Manager 7.01:

HP-UX B.11.11: PHSS_35579 or subsequent
HP-UX B.11.00: PHSS_35579 or subsequent
Solaris: PSOV_03468 or subsequent
Windows: NNM_01147 or subsequent

OpenView Network Node Manager 6.4x:

HP-UX B.11.11: PHSS_34202 or subsequent

HP-UX B.11.00: PHSS_34202 or subsequent
Solaris: PSOV_03437 or subsequent
Windows: NNM_01116 or subsequent

OpenView Network Node Manager 6.20:

HP-UX B.11.11: PHSS_35113 or subsequent
HP-UX B.11.00: PHSS_35113 or subsequent
Solaris: PSOV_03461 or subsequent
Windows: NNM_01139 or subsequent

The HP advisory is available at:

http://www2.itrc.hp.com/service/cki/docDisplay.do?docId=c00809525

Vendor URL:  www2.itrc.hp.com/service/cki/docDisplay.do?docId=c00809525 (Links to External Site)
Cause:   Not specified
Underlying OS:  Linux (Any), UNIX (HP/UX), UNIX (Solaris - SunOS), Windows (NT), Windows (2000), Windows (XP)

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC