Re: Portcullis Security Advisory 05-014 HP Openview Remote Command Execution Vulnerability

["David Litchfield" <davidl () ngssoftware com>]

> Affected systems:
> It has been confirmed that versions 6.41 and 7.5 are vulnerable on Sun
> Solaris 8 (Sparc), however it is highly likely that all versions of the
> software on all supported operating systems are likely to be vulnerable,
> however this has not been confirmed.

Windows is vulnerable too. I reported these flaws to HP in Februrary.

> Details:
> It was identified that connectedNodes.ovpl script will take input from a

cdpView.ovpl, freeIPaddrs.ovpl and ecscmg.ovpl are vulnerable, too.

Typhon (http://www.ngssoftware.com/typhon.htm) has been checking for these 
flaws since February.

Cheers,
David Litchfield