----------------------------------------------------------------------

Did you know that a change in our assessment rating, exploit code
availability, or if an updated patch is released by the vendor, is
not part of this mailing-list?

Click here to learn more:
http://secunia.com/advisories/business_solutions/

----------------------------------------------------------------------

TITLE:
HP OpenView Network Node Manager Arbitrary Code Execution

SECUNIA ADVISORY ID:
SA33857

VERIFY ADVISORY:
http://secunia.com/advisories/33857/

CRITICAL:
Moderately critical

IMPACT:
System access

WHERE:
>From local network

SOFTWARE:
HP OpenView Network Node Manager (NNM) 7.x
http://secunia.com/advisories/product/3608/

DESCRIPTION:
A vulnerability has been reported in HP OpenView Network Node
Manager, which can be exploited by malicious people to compromise a
vulnerable system.

The vulnerability is caused due to an unspecified error and can be
exploited to execute arbitrary code.

The vulnerability is reported in versions 7.01, 7.51, and 7.53
running on HP-UX, Linux, Solaris, and Windows.

SOLUTION:
Apply patches.
http://support.openview.hp.com/selfsolve/patches

-- OV NNM v7.53 --

HP-UX (IA):
Apply PHSS_38783 or subsequent.

HP-UX (PA):
Apply PHSS_38782 or subsequent.

Linux RedHatAS2.1:
Apply LXOV_00089 or subsequent.

Linux RedHat4AS-x86_64:
Apply LXOV_00090 or subsequent.

Solaris:	
Apply PSOV_03517 or subsequent.

Windows:
Apply NNM_01195 or subsequent.

-- OV NNM v7.51 --

Upgrade to NNM v7.53 and install the patches listed above.
Patch bundles for upgrading from NNM v7.51 to NNM v5.53 are available
here:
ftp://nnm_753:update@hprc.external.hp.com/

-- OV NNM v7.01 --

HP-UX (PA):
Apply PHSS_38761 or subsequent.

Solaris:
Apply PSOV_03516 or subsequent.

Windows:
Apply NNM_01194 or subsequent.

PROVIDED AND/OR DISCOVERED BY:
Reported by the vendor.

ORIGINAL ADVISORY:
HPSBMA02406 SSRT080100:
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01661610

----------------------------------------------------------------------

About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.

Subscribe:
http://secunia.com/advisories/secunia_security_advisories/

Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/


Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.

----------------------------------------------------------------------

Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

----------------------------------------------------------------------