SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   HPE OpenView Network Node Manager Vendors:   HPE
HP OpenView Reporter, Network Node Manager, and Performance Agent Trace Service Memory Error Lets Remote Users Deny Service
SecurityTracker Alert ID:  1021092
SecurityTracker URL:  http://securitytracker.com/id/1021092
CVE Reference:   CVE-2007-4349   (Links to External Site)
Updated:  Jan 12 2009
Original Entry Date:  Oct 23 2008
Impact:   Denial of service via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): HP OpenView Reporter 3.70; HP Performance Agent C.04.60, C.04.61, and C.04.70; HP Openview Network Node Manager 7.01, 7.51, 7.53
Description:   A vulnerability was reported in HP OpenView Reporter, HP OpenView Performance Agent, and HP OpenView Network Node Manager. A remote user can cause denial of service conditions.

A remote user can send a series of specially crafted RPC requests to the trace service to trigger a memory error and cause the target service to crash.

The vendor was notified on October 15, 2007.

Dyon Balding of Secunia Research reported this vulnerability.

The original advisory is available at:

http://secunia.com/secunia_research/2007-83/

Impact:   A remote user can cause denial of service conditions.
Solution:   For HP OpenView Reporter and HP OpenView Network Node Manager, the vendor has issued a fix.

For HP OpenView Reporter v3.7, contact the normal HP Services support channel and request the LCore - XPL Hotfix: "Trace Service crashes due to improper handling of Trace Event Message."

For HP Reporter v3.8, contact the normal HP Services support channel and request the LCore - XPL Hotfix: "Hotfix XPL 6.0."

For HP OpenView Performance Agent, following patches are available at:

http://support.openview.hp.com/selfsolve/patches

AIX: PACPTAIX_00001 or subsequent

HP-UX: PACPTHP_00001 or subsequent

Linux: PACPTLX_00001 or subsequent

Solaris: PACPTSOL_00001 or subsequent

Windows: PACPTNT_00001 or subsequent

Patches for OpenView Network Node Manager are available at:

http://support.openview.hp.com/selfsolve/patches

For OV NNM v7.53:

HP-UX (IA) PHSS_38148 or subsequent
HP-UX (PA) PHSS_38147 or subsequent
Linux RedHatAS2.1 LXOV_00085 or subsequent
Linux RedHat4AS-x86_64 LXOV_00086 or subsequent
Solaris PSOV_03514 or subsequent
Windows NNM_01192 or subsequent

For OV NNM v7.51, upgrade to NNM v7.53 and install the patches listed above.

For OV NNM v7.01:

HP-UX (PA) PHSS_38761 or subsequent
Solaris PSOV_03516 or subsequent
Windows NNM_01194 or subsequent

The vendor's advisories are available at:

http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01612418
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01621724
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01607558

Vendor URL:  h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01612418 (Links to External Site)
Cause:   Access control error
Underlying OS:  Linux (Any), UNIX (AIX), UNIX (HP/UX), UNIX (Solaris - SunOS), Windows (Any)

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC