Security watchdog the Computer Emergency Response Team (Cert) has released an advisory warning of a glitch in Hewlett Packard's OpenView and Tivoli's NetView system management software.
The vulnerability has been labelled "serious" because it allows intruders to execute arbitrary commands with administrator privileges. The flaw is found in a component of both products called 'ovactiond', a Simple Network Management Protocol event handler.
A malicious user could send a malformed request to the management server that would run at the privilege level of the ovactiond process which varies according to the operating system.
On Unix systems this would typically run at user level, but on NT it runs at administrator level, instantly giving administrative access to the system.
Cert also warned that systems running these products often have trusted relationships with other network devices. "An intruder who compromises these systems may be able to leverage this trust to compromise other devices on the network or to make changes to the network configuration," the organisation said.
Both HP and Tivoli have acknowledged this security exposure and released relevant information and patches.
The full advisory and patches can be found here.
Created via a thin, flexible, and transparent hierarchical nanocomposite film
Rolls Royce will use AI powered by Intel's Xeon Gold processors and SSDs for memory
The most extreme range of orbits yet observed in such a young star system, claim University of Cambridge astronomers
HP and Centrica are the first industry partners to sign up to the government's new Code