Free Newsletter
Register for our Free Newsletters
Access Control
Deutsche Zone (German Zone)
Education, Training and Professional Services
Government Programmes
Guarding, Equipment and Enforcement
Industrial Computing Security
IT Security
Physical Security
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor

HP OpenView vulnerability revealed

Core Security Technologies : 25 March, 2009  (Technical Article)
Core Security Technologies collaborate to close critical flaws discovered in HP OpenView
Core Security Technologies, provider of Core Impact solutions for comprehensive enterprise security testing, has issued an advisory disclosing multiple vulnerabilities that could affect millions of organizations using HP's OpenView systems and network management software.

An engineer from CoreLabs, the research arm of Core Security, determined that a trio of vulnerabilities in HP OpenView Network Node Manager (NNM) can be exploited remotely via buffer overflow to compromise mission-critical servers within an organization using the software. Upon making the discovery, CoreLabs immediately alerted HP's Software Security Response Team to the vulnerabilities and the two companies have since coordinated efforts to ensure that a patch could be created and made available to protect users of the program.

CoreLabs experts uncovered the trio of reported vulnerabilities in HP OpenView NNM, which offers remote network system event and performance monitoring, while investigating other previously reported flaws in the software, and an HP-issued security patch meant to address those issues.

HP OpenView NNM is one of the most widely-deployed remote network management technologies used throughout enterprise organizations today, allowing network managers to monitor their physical networks, virtual network services and the relationships between those assets. The software aims to help administrators identify, diagnose and predict potential problems before they affect network performance and availability.

"While remote network management technologies offer substantial value in terms of allowing organizations to maintain constant vigilance and control over their networks, the flipside is that attackers can potentially use available vulnerabilities in these systems to wreak havoc on internal infrastructure," said Ivan Arce, chief technology officer at Core Security. "It is vitally important for remote systems management solution providers to minimize these easily exploitable security flaws that can allow for remote system compromise."

Successful exploitation of the vulnerabilities requires that attackers send specially crafted HTTP requests to HP OpenView's web server component to execute arbitrary code on the target system.

HP has issued a security update that addresses the vulnerable OpenView NNM 7.51 and 7.53 versions of the solution.

Vulnerability Details

While investigating the feasibility of exploiting a set of vulnerabilities previously disclosed in HP OpenView NNM by researchers at Secunia (CVE-2008-4559 , CVE-2008-4560 , CVE-2008-4561 , CVE-2008-4562 , CVE-2009-0205) and addressed by HP in a subsequent security advisory (c01661610), CoreLabs researchers discovered two additional, unreported buffer overflow vulnerabilities in the product.

Researchers also found during their reviews that one of the previously reported buffer overflow issues in OpenView NNM could still be exploited, even when the vendor-provided security patch designed to fix the problem was applied.

CoreLabs specifically found that OpenView NNM versions 7.51 and 7.53, and version 7.53 with the aforementioned HP security patch (NNM_01195) applied, all harboured the three reported vulnerabilities. CoreLabs concluded that the two heap-based buffer overflows reported were newly discovered vulnerabilities because the issues were not fixed with the latest security patch and were not mentioned in any existing advisories published by HP.

In the case of the third OpenView NNM vulnerability, which was first reported by Secunia and was addressed by HP in its advisory, CoreLabs researchers found that they were still able to successfully exploit the issue and create proof of concept code for doing so, even with the latest patch in place.

When first researching all the reported OpenView NNM buffer overflow vulnerabilities, CoreLabs experts found it difficult to differentiate whether the flaws they were investigating were indeed the same issues that HP had recently addressed in its security advisories.

After researching the issue further and examining the technical underpinnings of the HP advisory, it became evident to CoreLabs that two of the problems were new, while one of the vulnerabilities may have been previously identified.

The complexity of this process highlights a challenge that faces the entire vulnerability research and IT security industry in terms of working with technology vendors in reporting and responding to vulnerability data.

"A general lack of sufficient technical information made available by both software and vulnerability research vendors about the specifics of vulnerabilities in their security advisories makes it such that many bulletins and publications only generate additional confusion among researchers who are attempting to dig deeper into the reported problems in order to assess risk more precisely; in this case it was difficult to discern which vulnerabilities had already been reported and remained unfixed, versus which were new," said Arce. "This has become a consistent, systematic problem that makes it very hard for subsequent researchers to differentiate one bug from another using data from publicly available security advisories."

The newly reported vulnerabilities, along with the ability to exploit the previously disclosed flaw, were first uncovered by Oren Isacson, a CoreLabs researcher and software engineer with the CORE IMPACT Exploit Writers Team.
Bookmark and Share
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
   © 2012
Netgains Logo