Users login

Create an account »


Users login

Home » Hacking News » Group warns of security hole in HP OpenView and Tivoli NetView

Group warns of security hole in HP OpenView and Tivoli NetView

by ivy on August 20th, 2001 A vulnerability in Hewlett-Packard's OpenView and Tivoli Systems' NetView can allow an attacker to gain privileges on servers and, in some circumstances, even take the server over, according to a security bulletin released earlier this week by the government-funded network security group, Computer Emergency Response Team/Coordination Center (CERT/CC). Both HP and Tivoli have issued patches to fix the problem.

OpenView and NetView are network management tools used to administer large networks. The security hole is in the ovactiond component of both programs, a component that handles events for the server, CERT/CC said. By sending a request for service formed in a certain, malicious way to the server, an attacker can gain access to the system, although the level of access is determined by how the server is configured, CERT/CC said.

The attacker is only able to execute commands with the same level of access that is assigned to the ovactiond component, CERT/CC said. This means that an attacker would generally gain user access on Unix systems and control of the local operating system on Windows machines, the group said. Gaining access to a Unix system could lead to root level server access, CERT/CC said, noting that other devices connected to the affected servers could also potentially be compromised.

Although the flaw was originally discovered in June and a patch released then, work has continued on the problem.

"What was not known at the time [of the patch] was the full scope of the problem," said Shawn Hernan, team leader for vulnerability handling at CERT/CC. Because there was no exploit for the vulnerability, the companies and CERT/CC were able to study the flaw, determine its full extent, and release that information, he said.

OpenView Version 6.1 running on HP-UX 10.20 and 11.00, Sun Microsystems' Solaris 2.x, and Microsoft's Windows NT 4.x and Windows 2000 is affected. NetView versions 5.x and 6.x running on IBM's AIX, Solaris, Compaq Compute's Tru64 Unix, and Windows NT 4.x and Windows 2000 are also vulnerable. Mitigating the risk a bit, Tivoli installations are not vulnerable in the default configuration. The HP systems, however, are vulnerable in their default installation.

The Code Red worm that consumed Internet resources and infected more than 300,000 computers in early August was able to spread far and wide due to unpatched vulnerabilties on Microsoft IIS (Internet Information Server) systems.

We have already reported several vulnerabilities of Tivoli Net Wiew. That article can be found here.

Hewlett-Packard's patch is available here. More information about the Tivoli patch can be found at


Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.


Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »