informationCERT Warns of OpenView, Tivoli Vulnerability
HP’s OpenView and Tivoli’s NetView are complete community administration suites that deliver integrated discovery, mapping, monitoring, problem identification and faraway administrative capabilities. both suites contain vast support for the basic community management Protocol (SNMP) and for a number of SNMP extensions.
based on CERT's advisory, attackers can make the most a vulnerability in an SNMP lure and event handler – dubbed ovactiond – supported by means of both OpenView and NetView to execute arbitrary commands on a compromised computer.
CERT says that the privilege stage at which these instructions execute can range in line with the underlying working device. On Unix programs, instructions that execute on account of this vulnerability are confined to the much less serious person bin protection context, although CERT claims that on some systems an attacker may leverage bin entry to profit root privileges.
On home windows NT and windows 2000 programs, CERT cautions, an attacker who exploits this vulnerability could execute instructions within the omnipotent native device safety context. he or she might then wield comprehensive handle over a compromised device.
HP issued a safety bulletin in late June in which it claimed that best OpenView version 6.1 is prone with the aid of default. previous types of OpenView don't seem to be susceptible in their default configurations, HP says. CERT cautions that it’s viable that IT organizations may also have enabled performance which renders the older models susceptible.
Tivoli published the same bulletin, however claimed that NetView types 5.x and 6.x aren't susceptible of their default configurations. once more, CERT warns, it’s feasible that IT organizations may additionally have made adjustments to their NetView configurations which render these methods susceptible to assault.
Most network directors say that the management servers for tools like OpenView or NetView are hardly ever, if ever, uncovered to the information superhighway.
“at the very least, you want to put [OpenView or NetView management servers] in the back of a firewall, so really a person on the interior has to [perpetrate an attack],” confirms a Unix and home windows NT/2000 systems administrator with a big telecommunications company. “however, in case you’ve bought holes in any methods that you’re exposing to the cyber web, a person might are available and make the most this to do lots of hurt.”
Stephen Swoyer is a Nashville, TN-primarily based freelance journalist who writes about expertise.