|
HP OpenView Network Node Manager Multiple Vulnerabilities
|
|
Secunia Advisory:
|
SA29796
|
|
|
Release Date:
|
2008-04-14
|
|
Last Update:
|
2009-05-05
|
|
Popularity:
|
7,086 views
|
|
|
Critical:
|
Less critical
|
|
Impact:
|
Exposure of system information
Exposure of sensitive information
DoS
|
|
Where:
|
From local network
|
|
Solution Status:
|
Vendor Patch
|
|
| Software: | HP OpenView Network Node Manager (NNM) 7.x
|
|
|
Secunia CVSS-2 Score:
|
Available in Secunia business solutions 
|
|
|
Subscribe:
|
Instant alerts on relevant vulnerabilities
|
|
| Advisory Content (Page 2 of 3) | [ 1 ] [ 2 ] [ 3 ] | |
|
Solution:
A patch/archive file for the directory traversal issue (vulnerability #4) is available.
http://itrc.hp.com
ftp://ss080043:ss080043@hprc.external.hp.com/
OV NNM v7.53:
Apply patch NNM_01193 or subsequent.
OV NNM v7.51:
Apply patch NNM_01168 or subsequent and OpenView5_hotfix_7.51.tar archive file.
OV NNM v7.01:
Apply patch NNM_01159 or subsequent and OpenView5_hotfix_7.01.tar archive file.
Apply patches to fix vulnerability #1:
-- HP-UX OV NNM 7.53 --
HP-UX B.11.31
HP-UX B.11.23 (IA)
Install PHSS_38489 or subsequent
http://itrc.hp.com
HP-UX B.11.23 (PA)
HP-UX B.11.11
HP-UX B.11.00
Install PHSS_38488 or subsequent.
http://itrc.hp.com
-- HP-UX OV NNM 7.51 --
HP-UX B.11.31
HP-UX B.11.23 (IA)
Install PHSS_37274 or subsequent, then apply 751_HP-UX_IA_ovtopmd
ftp://ss080046:ss080046@hprc.external.hp.com/
-- HP-UX B.11.23 (PA) --
HP-UX B.11.11
HP-UX B.11.00
Install PHSS_37273 or subsequent, then apply 751_HP-UX_PA_ovtopmd
ftp://ss080046:ss080046@hprc.external.hp.com/
-- HP-UX OV NNM 7.01 --
HP-UX (PA):
PHSS_38761 or subsequent
Solaris:
PSOV_03516 or subsequent
Windows:
NNM_01194 or subsequent
NOTE: The vendor has also issued patches that reportedly fix vulnerabilities #2 and #3. For patch information see:
SA31688
Provided and/or discovered by:
1-3) Luigi Auriemma
4) Independently discovered by:
* Luigi Auriemma
* JJ Reyes, Secunia Research
Changelog:
2008-04-21: Added CVE reference.
2008-07-09: Updated "Solution" section and added link to vendor's advisory.
2008-10-10: Updated "Solution" section to include information about fixed vulnerabilities #1 - #3. Added CVE reference. Added link to additional vendor advisory.
2008-10-16: Updated patch information for version 7.53 for the directory traversal issue (vulnerability #4), based on the updated vendor advisory.
2009-05-05: Updated patch information for version 7.01 (vulnerability #1) in "Solution" section, based on the updated vendor advisory. Updated link in "Original Advisory" section.
Original Advisory:
HPSBMA02349 SSRT080043:
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01496048
HPSBMA02374 SSRT080046:
https://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c01567813
Luigi Auriemma:
http://aluigi.altervista.org/adv/closedviewx-adv.txt
Secunia Research:
http://secunia.com/secunia_research/2008-4/
Other References:
SA31688:
http://secunia.com/advisories/31688/
Change Page:
[ 1 ] [ 2 ] [ 3 ]
|
|
|
Track this Secunia Advisory
|
Customers of the Secunia Vulnerability Intelligence solutions will automatically receive updates when new information regarding this advisory is released.
Read more about our Vulnerability Intelligence solutions and what they can do for you and your company.
|
|
|
About this Secunia Advisory
|
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.
Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
|
