Secunia Logo  


Secunia PSI WorldMap
 
HP OpenView Network Node Manager Multiple Vulnerabilities
Secunia Advisory: SA29796
Release Date: 2008-04-14
Last Update: 2009-05-05
Popularity: 7,170 views

Critical:
Less critical
Impact: Exposure of system information
Exposure of sensitive information
DoS
Where: From local network
Solution Status: Vendor Patch

Software:HP OpenView Network Node Manager (NNM) 7.x

Secunia CVSS-2 Score: Available in Secunia business solutions

Subscribe: Instant alerts on relevant vulnerabilities


Advisory Content (Page 2 of 3)[ 1 ] [ 2 ] [ 3 ]

Solution:
A patch/archive file for the directory traversal issue (vulnerability #4) is available.

http://itrc.hp.com
ftp://ss080043:ss080043@hprc.external.hp.com/

OV NNM v7.53:
Apply patch NNM_01193 or subsequent.

OV NNM v7.51:
Apply patch NNM_01168 or subsequent and OpenView5_hotfix_7.51.tar archive file.

OV NNM v7.01:
Apply patch NNM_01159 or subsequent and OpenView5_hotfix_7.01.tar archive file.

Apply patches to fix vulnerability #1:

-- HP-UX OV NNM 7.53 --
HP-UX B.11.31
HP-UX B.11.23 (IA)
Install PHSS_38489 or subsequent
http://itrc.hp.com

HP-UX B.11.23 (PA)
HP-UX B.11.11
HP-UX B.11.00
Install PHSS_38488 or subsequent.
http://itrc.hp.com

-- HP-UX OV NNM 7.51 --
HP-UX B.11.31
HP-UX B.11.23 (IA)
Install PHSS_37274 or subsequent, then apply 751_HP-UX_IA_ovtopmd
ftp://ss080046:ss080046@hprc.external.hp.com/

-- HP-UX B.11.23 (PA) --
HP-UX B.11.11
HP-UX B.11.00
Install PHSS_37273 or subsequent, then apply 751_HP-UX_PA_ovtopmd
ftp://ss080046:ss080046@hprc.external.hp.com/

-- HP-UX OV NNM 7.01 --

HP-UX (PA):
PHSS_38761 or subsequent

Solaris:
PSOV_03516 or subsequent

Windows:
NNM_01194 or subsequent

NOTE: The vendor has also issued patches that reportedly fix vulnerabilities #2 and #3. For patch information see:
SA31688

Provided and/or discovered by:
1-3) Luigi Auriemma
4) Independently discovered by:
* Luigi Auriemma
* JJ Reyes, Secunia Research

Changelog:
2008-04-21: Added CVE reference.
2008-07-09: Updated "Solution" section and added link to vendor's advisory.
2008-10-10: Updated "Solution" section to include information about fixed vulnerabilities #1 - #3. Added CVE reference. Added link to additional vendor advisory.
2008-10-16: Updated patch information for version 7.53 for the directory traversal issue (vulnerability #4), based on the updated vendor advisory.
2009-05-05: Updated patch information for version 7.01 (vulnerability #1) in "Solution" section, based on the updated vendor advisory. Updated link in "Original Advisory" section.

Original Advisory:
HPSBMA02349 SSRT080043:
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01496048

HPSBMA02374 SSRT080046:
https://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c01567813

Luigi Auriemma:
http://aluigi.altervista.org/adv/closedviewx-adv.txt

Secunia Research:
http://secunia.com/secunia_research/2008-4/

Other References:
SA31688:
http://secunia.com/advisories/31688/

Change Page:
[ 1 ] [ 2 ] [ 3 ]



Track this Secunia Advisory
Customers of the Secunia Vulnerability Intelligence solutions will automatically receive updates when new information regarding this advisory is released.

Read more about our Vulnerability Intelligence solutions and what they can do for you and your company.

About this Secunia Advisory
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.

Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
  
Latest Advisories

27th Nov, 2009
New advisories: 8
New vulnerabilities: 15
Updated advisories: 11

Moderately // 204 views
Ubuntu update for php5

26th Nov, 2009
New advisories: 15
New vulnerabilities: 37
Updated advisories: 48

Moderately // 373 views
SugarCRM Multiple Vulnerabilities

Solutions | More...  


Send Feedback to Secunia
If you have new information regarding this Secunia advisory or a product in our database, please send it to us using either our web form or email us at vuln@secunia.com.

Ideas, suggestions, and other feedback are most welcome.

Most Popular - 3 Hours

1. Internet Explorer Charset Inheritance Cross-Site Scripting Vulnerability // 31 views
2. Progress Information Disclosure and Data Manipulation // 29 views
3. Adobe Flash Player Multiple Vulnerabilities // 23 views
4. Joomla GCalendar Component "gcid" SQL Injection // 22 views
5. Joomla LyftenBloggie Component "author" SQL Injection Vulnerability // 22 views
6. Robo-FTP Response Processing Buffer Overflow Vulnerability // 21 views
7. Ubuntu update for php5 // 19 views
8. XM Easy Personal FTP Server Denial of Service Vulnerability // 19 views
9. DotNetNuke Cross-Site Scripting and Information Disclosure // 18 views
10. Internet Explorer Layout Handling Memory Corruption Vulnerability // 18 views