Anti-virus experts issue HP hole alert

Systems administrators are warned to patch the new vulnerability in HP OpenView and NetView in order to prevent a Code Red copycat attack
Written by Wendy McAuliffe, Contributor on

Anti-virus experts are warning IT administrators to be ahead of the game with a new HP OpenView and NetView vulnerability, which was reported on Wednesday, in order to prevent a repeat of the Code Red fiasco.

Systems running the Hewlett-Packard (HP) OpenView Network Node Manager version 6.1, or Tivoli NetView versions 5.x and 6.x have been found to contain a hole that could allow an intruder to gain complete administrative control of a machine. The vulnerability has been reported on the Cert Advisory mailing list, and anti-virus experts are anxious for system administrators to install the patch released by HP on 21 June, in order to pre-empt the creation of any copycat Code Red worms.

"In wake of Code Red, it has never been more important to install the patch," said Graham Cluely, senior technology consultant for anti-virus company Sophos. "Hackers are often on these mailing lists, so system administrators need to be ahead of the game," he added. In the case of Code Red, Microsoft released a patch for the Internet Information Server (IIS) software vulnerability on 18 June, but it was not until a month later that the self-propagating worm was unleashed.

The new HP vulnerability is in ovactiond -- the control management standard and event handler for OpenView and NetView -- and could allow an intruder to execute arbitrary commands by sending a malicious message to the management server. There is also the additional threat that an intruder may be able to leverage the trust relationship that a compromised system has with other network devices, and attack these or make changes to the network configuration.

"This is a good reminder that it's not just Microsoft that goofs up -- any software can contain holes," said Cluley. "HP software isn't in as common use as IIS -- but it's a different community of people who don't want to go down the Microsoft route."

See the Viruses and Hacking News Section for the latest headlines.

Have your say instantly, and see what others have said. Click on the TalkBack button and go to the Security forum.

Let the editors know what you think in the Mailroom. And read other letters.

Editorial standards