Systems running the Hewlett-Packard OpenView Network Node Manager version 6.1, or Tivoli NetView versions 5.x and 6.x have been found to contain a hole that could allow an intruder to gain complete administrative control of a machine. The vulnerability has been reported on the Cert Advisory mailing list, and anti-virus experts are anxious for system administrators to install the patch released by HP on 21 June, in order to pre-empt the creation of any copycat Code Red worms.
"In wake of Code Red, it has never been more important to install the patch," said Graham Cluely, senior technology consultant for anti-virus company Sophos. "Hackers are often on these mailing lists, so system administrators need to be ahead of the game," he added. In the case of Code Red, Microsoft released a patch for the Internet Information Server (IIS) software vulnerability on 18 June, but it was not until a month later that the self-propagating worm was unleashed.
The new HP vulnerability is in ovactiond--the control management standard and event handler for OpenView and NetView--and could allow an intruder to execute arbitrary commands by sending a malicious message to the management server. There is also the additional threat that an intruder may be able to leverage the trust relationship that a compromised system has with other network devices, and attack these or make changes to the network configuration.
"This is a good reminder that it's not just Microsoft that goofs up--any software can contain holes," said Cluley. "HP software isn't in as common use as IIS -- but it's a different community of people who don't want to go down the Microsoft route."