TUCoPS :: HP/UX :: ciacl102.txt

CIAC L-102 HP OpenView Network Node Manager Security Vulnerability


                       The U.S. Department of Energy
                     Computer Incident Advisory Center
                           ___  __ __    _     ___
                          /       |     /_\   /
                          \___  __|__  /   \  \___

                             INFORMATION BULLETIN

            HP OpenView Network Node Manager Security Vulnerability

June 27, 2001 23:00 GMT                                           Number L-102
PROBLEM:       Vulnerability exists in HP Openview Network Node Manager which 
               allows a user to gain unauthorized privileges. 
PLATFORM:      HP 9000 Servers running HP-UX releases 10.20 and 11.00 (only), 
               Solaris releases 2.X, Windows NT4.X/Windows 2000 running NNM 
DAMAGE:        A malicious user may obtain unauthorized privileges under 
               certain conditions. 
SOLUTION:      Apply the appropriate HP patches for your system. 
VULNERABILITY  The risk is MEDIUM. The vulnerability allows users to obtain 
ASSESSMENT:    unauthorized privileges. 

[******  Start HP Advisory ******]

Document ID: HPSBUX0106-154 
Date Loaded: 20010620 
Title: Sec. Vulnerability in OpenView Network Node Manager
The information in the following Security Bulletin should be acted upon 
as soon as possible. Hewlett-Packard Company will not be liable for any 
consequences to any customer resulting from customer's failure to fully 
implement instructions in this Security Bulletin as soon as possible.
PROBLEM: It is possible to gain unauthorized privileges 
in OpenView Network Node Manager.

PLATFORM: HP9000 Servers running HP-UX releases 10.20 and 11.00 (only) 
Sun Microsystems SOLARIS releases 2.X Microsoft Windows NT4.X / Windows 2000 
running NNM 6.1

DAMAGE: A malicious user may obtain unauthorized privileges under 
certain conditions.

SOLUTION: Apply one of these patches: 
HP-UX 11.00 HP-UX 10.20 SOLARIS 2.X WinNT4.X/2000 PHSS_23780 PHSS_23779 
PSOV_02905 NNM_00698

AVAILABILITY: These four patches are Special Release patches are available 
only from http://ovweb.external.hp.com/cpe/patches/ 
They are not available from the ITRC.
A. Background 
Hewlett-Packard Company has been notified of a vulnerability in its OpenView 
Network Node Manager. It is possible to gain unauthorized privileges.

B. Fixing the problem 
Apply one of these patches:
HP-UX 11.00 HP-UX 10.20 SOLARIS 2.X WinNT4.X/2000 PHSS_23780 PHSS_23779 
PSOV_02905 NNM_00698 or a superseding patch.
Searching http://ovweb.external.hp.com/cpe/patches/ for one of the patch 
above will direct you to the latest superseding patch.

C. To subscribe to automatically receive future NEW HP Security Bulletins from 
the HP IT Resource Center via electronic mail, do the following: Use your 
browser to get to the HP IT Resource Center page at: http://itrc.hp.com
Under the Maintenance and Support Menu (Electronic Support Center): click on 
the "more..." link. Then - Use the 'Login' tab at the left side of the screen 
to login using your ID and password. Check with your system administrator to 
see if you have an existing login or use the "Register" button at the left to 
create a login. You will need to login in order to gain access to many areas of 
the ITRC. Remember to save the User ID assigned to you, and your password.

Under the "Notifications" section (near the bottom of the page), select 
"Support Information Digests".

To -subscribe- to future HP Security Bulletins or other Technical Digests, 
click the check box (in the left column) for the appropriate digest and then 
click the "Update Subscriptions" button at the bottom of the page.Or To -
review- bulletins already released, select the link (in the middle column) for 
the appropriate digest.

To -gain access- to the Security Patch Matrix, select the link for "The 
Security Bulletins Archive". (near the bottom of the page) Once in the archive 
the third link is to the current Security Patch Matrix. Updated daily, this 
matrix categorizes security patches by platform/OS release, and by bulletin 
topic. Security Patch Check completely automates the process of reviewing the 
patch matrix for 11.XX systems.

For information on the Security Patch Check tool, see: 

The security patch matrix is also available via anonymous ftp: 
On the "Support Information Digest Main" page: click on the "HP Security 

Bulletin Archive".

E. To report new security vulnerabilities, send email to security-alert@hp.com

Please encrypt any exploit information using the security-alert PGP key, 
available from your local key server, or by sending a message with a -subject- 
(not body) of 'get key' (no quotes) to security-alert@hp.com. Permission is 
granted for copying and circulating this Bulletin to Hewlett-Packard (HP) 
customers (or the Internet community) for the purpose of alerting them to 
problems, if and only if, the Bulletin is not edited or changed in any way, is 
attributed to HP, and provided such reproduction and/or distribution is 
performed for non-commercial purposes.

Any other use of this information is prohibited. HP is not liable for any 
misuse of this information by any third party.

[******  End HP Advisory ******]

CIAC wishes to acknowledge the contributions of Hewlett-Packard for the 
information contained in this bulletin.

CIAC, the Computer Incident Advisory Center, is the computer security incident 
response team for the U.S. Department of Energy (DOE) and the emergency backup 
response team for the National Institutes of Health (NIH). CIAC is located at 
the Lawrence Livermore National Laboratory in Livermore, California. CIAC is 
also a founding member of FIRST, the Forum of Incident Response and Security 
Teams, a global organization established to foster cooperation and coordination
among computer security teams worldwide.

CIAC services are available to DOE, DOE contractors, and the NIH. CIAC can be 
contacted at:
    Voice:    +1 925-422-8193 (7x24)
    FAX:      +1 925-423-8002
    STU-III:  +1 925-423-2604
    E-mail:   ciac@ciac.org

Previous CIAC notices, anti-virus software, and other information are
available from the CIAC Computer Security Archive.

   World Wide Web:      http://www.ciac.org/
   Anonymous FTP:       ftp.ciac.org

PLEASE NOTE: Many users outside of the DOE, ESnet, and NIH computing 
communities receive CIAC bulletins.  If you are not part of these communities, 
please contact your agency's response team to report incidents. Your agency's 
team will coordinate with CIAC. The Forum of Incident Response and Security 
Teams (FIRST) is a world-wide organization. A list of FIRST member 
organizations and their constituencies can be obtained via WWW at 

This document was prepared as an account of work sponsored by an agency of the 
United States Government. Neither the United States Government nor the 
University of California nor any of their employees, makes any warranty, 
express or implied, or assumes any legal liability or responsibility for the 
accuracy, completeness, or usefulness of any information, apparatus, product, 
or process disclosed, or represents that its use would not infringe privately 
owned rights. 

Reference herein to any specific commercial products, process, or service by 
trade name, trademark, manufacturer, or otherwise, does not necessarily 
constitute or imply its endorsement, recommendation or favoring by the United 
States Government or the University of California. The views and opinions of 
authors expressed herein do not necessarily state or reflect those of the 
United States Government or the University of California, and shall not be used 
for advertising or product endorsement purposes.

LAST 10 CIAC BULLETINS ISSUED (Previous bulletins available from CIAC)

L-092: Microsoft Predictable Name Pipes In Telnet
L-093: HP-UX kmmodreg Vulnerability
L-094: BIND Inadvertent Local Exposure of HMAC-MD5 (TSIG) Keys
L-095: Microsoft SQL Query Method Vulnerability
L-096: Red Hat LPRng Vulnerability
L-097: Cisco 6400 NRP2 telnet Vulnerability
L-098: Microsoft Index Server ISAPI Extension Buffer Overflow
L-099: SGI PCP Pmpost Symlink Vulnerability
L-100: FrontPage Sub-Component Vulnerability
L-101: Microsoft LDAP over SSL Password Vulnerability

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH