HP Storage Essentials SRM Vulnerability

An undisclosed flaw has been discovered in HP’s Storage Essentials SRM. Exploitation can allow some unauthorized remote access and may lead to the execution of arbitrary code. All versions prior to 6.0.0 are vulnerable. HP’s original advisory is here: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01316132

Buffer Overflow Ouchies for Skype and HP OpenView

Two traditional buffer overflow vulnerabilities have emerged today. The first is in the Skype product. It suffers from a heap overflow in the skype4com module. Attackers can exploit this by getting users to visit a malicious page, triggering the overflow. Obviously, Skype users should beware of any links, files or other items sent to them through the Skype network. User awareness of issues with trusting Skype content is the best solution, if your organization allows Skype at all.

Skype users should ensure that they are running the most current version, which is protected from this attack.

The second buffer overflow, this one in HP OpenView’s Network Node Manager, only impacts the following versions:

HP OpenView Network Node Manager (OV NNM) 6.41, 7.01, 7.51 running on HP-UX B.11.00, B.11.11, and B.11.23, Solaris, Windows NT, Windows 2000, Windows XP, and Linux

Attackers can leverage this issue to execute arbitrary code on the vulnerable system. Patches are available through the OpenView support site. Patches should be applied as soon as possible!