Re: Portcullis Security Advisory 05-014 HP Openview Remote Command Execution Vulnerability

From: David Litchfield (davidl_at_ngssoftware.com)
Date: 08/25/05

  • Next message: Martin Mkrtchian: "Tool for Identifying Rogue Linksys Routers"
    To: "bugs" <bugs@securitytracker.com>, "Bugtraq" <bugtraq@securityfocus.com>, "secunia" <vuln@secunia.com>
    Date: Thu, 25 Aug 2005 19:50:04 +0100
    
    

    >Affected systems:
    >It has been confirmed that versions 6.41 and 7.5 are vulnerable on Sun
    >Solaris 8 (Sparc), however it is highly likely that all versions of the
    >software on all supported operating systems are likely to be vulnerable,
    >however this has not been confirmed.

    Windows is vulnerable too. I reported these flaws to HP in Februrary.

    >Details:
    >It was identified that connectedNodes.ovpl script will take input from a

    cdpView.ovpl, freeIPaddrs.ovpl and ecscmg.ovpl are vulnerable, too.

    Typhon (http://www.ngssoftware.com/typhon.htm) has been checking for these
    flaws since February.

    Cheers,
    David Litchfield


  • Next message: Martin Mkrtchian: "Tool for Identifying Rogue Linksys Routers"

    Relevant Pages

    • Re: which PC
      ... flaws) that cause the problems that Windows has. ... flaws do not exist in unix systems. ... I disagree that Windows, when appropriately configured, cannot be as ... Backwards compatibility with MS-DOS initially, ...
      (rec.photo.digital)
    • latest Microsoft Windows Security Flaws
      ... Microsoft Warns on Windows Security Flaws ... Viejo, Calif., which discovered the new Windows flaws. ...
      (microsoft.public.exchange.admin)
    • latest Microsoft Windows Security Flaws
      ... Microsoft Warns on Windows Security Flaws ... Viejo, Calif., which discovered the new Windows flaws. ...
      (microsoft.public.security.virus)
    • Re: Websites that dont work with Linux
      ... compliance and why they shouldn't write for one OS/browser? ... Point out that this is a 'silent' migration to competitors as people will simply give up with them if a competitor has a better site. ... If using windows, you could clarify your position of not using IE because of it's inherent security flaws. ...
      (uk.comp.os.linux)
    • Re: All patches, but still exploited
      ... >> removing added security protection from IE and using the Administrator ... I NEVER had this problem with Windows ... Avoiding the flaws and blaming a Web surfer is ...
      (microsoft.public.windows.server.security)