Re: Portcullis Security Advisory 05-014 HP Openview Remote Command Execution Vulnerability

From: David Litchfield (davidl_at_ngssoftware.com)
Date: 08/25/05

  • Next message: Martin Mkrtchian: "Tool for Identifying Rogue Linksys Routers"
    To: "bugs" <bugs@securitytracker.com>, "Bugtraq" <bugtraq@securityfocus.com>, "secunia" <vuln@secunia.com>
    Date: Thu, 25 Aug 2005 19:50:04 +0100
    
    

    >Affected systems:
    >It has been confirmed that versions 6.41 and 7.5 are vulnerable on Sun
    >Solaris 8 (Sparc), however it is highly likely that all versions of the
    >software on all supported operating systems are likely to be vulnerable,
    >however this has not been confirmed.

    Windows is vulnerable too. I reported these flaws to HP in Februrary.

    >Details:
    >It was identified that connectedNodes.ovpl script will take input from a

    cdpView.ovpl, freeIPaddrs.ovpl and ecscmg.ovpl are vulnerable, too.

    Typhon (http://www.ngssoftware.com/typhon.htm) has been checking for these
    flaws since February.

    Cheers,
    David Litchfield


  • Next message: Martin Mkrtchian: "Tool for Identifying Rogue Linksys Routers"