Two New HP-UX vulnerabilities

The first is a potential remote execution of code on HP-UX systems that are running Apache. HP-UX B.11.11, B.11.23, B.11.31 running Apache v2. or earlier are known to be vulnerable. While the HP security bulletin is a vague, it does cite CVE-2007-5135 which details an off-by-one error in the SSL_get_shared_ciphers function of OpenSSL 0.9.7 – 0.9.7l, and 0.9.8 – 0.9.8f. HP’s original security bulletin is HPSBUX02292 SSRT071499 rev.1. Updates are available.

The second is an XSS issue in HP OpenView Network Node Manager. It appears to be remotely exploitable. Affected versions are HP OpenView Network Node Manager (OV NNM) 6.41, 7.01, 7.51 running on HP-UX B.11.00, B.11.11, and B.11.23, Solaris, Windows NT, Windows 2000, Windows XP, and Linux. The original HP security bulletin is HPSBMA02283 SSRT071319 rev.1. Updates are available for this as well.

Leave a Reply