Re: Portcullis Security Advisory 05-014 HP Openview Remote Command Execution Vulnerability
From: David Litchfield (davidl_at_ngssoftware.com)
Date: 08/25/05
- Previous message: Boren, Rich (HP SSRT): "[security bulletin] SSRT4702 rev.0 - HP-UX running Veritas 3.3/3.5 unauthorized data access"
- In reply to: Paul J Docherty: "Portcullis Security Advisory 05-014 HP Openview Remote Command Execution Vulnerability"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: "bugs" <bugs@securitytracker.com>, "Bugtraq" <bugtraq@securityfocus.com>, "secunia" <vuln@secunia.com> Date: Thu, 25 Aug 2005 19:50:04 +0100
>Affected systems:
>It has been confirmed that versions 6.41 and 7.5 are vulnerable on Sun
>Solaris 8 (Sparc), however it is highly likely that all versions of the
>software on all supported operating systems are likely to be vulnerable,
>however this has not been confirmed.
Windows is vulnerable too. I reported these flaws to HP in Februrary.
>Details:
>It was identified that connectedNodes.ovpl script will take input from a
cdpView.ovpl, freeIPaddrs.ovpl and ecscmg.ovpl are vulnerable, too.
Typhon (http://www.ngssoftware.com/typhon.htm) has been checking for these
flaws since February.
Cheers,
David Litchfield
- Previous message: Boren, Rich (HP SSRT): "[security bulletin] SSRT4702 rev.0 - HP-UX running Veritas 3.3/3.5 unauthorized data access"
- In reply to: Paul J Docherty: "Portcullis Security Advisory 05-014 HP Openview Remote Command Execution Vulnerability"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
