HP OpenView Has Critical Vulnerability


According to a researcher at CoreLabs, a vulnerability was found in HP OpenView that could affect a large number of its customers and potentially millions of computers. Researchers at Secunia first found the vulnerability and reported it to HP in early January.


HP patched the vulnerability within weeks. CoreLabs tested the patch and found it had the buffer overflow issue, as well as two additional buffer overflow vulnerabilities in late January. HP subsequently patched the three vulnerabilities in March. The vulnerability affects OpenView NNM version 7.51, 7.53, and 7.51 with the HP security patch.


HP OpenView is an application that lets organizations monitor their infrastructure. It's also know generically as Enterprise Systems Monitoring (ESM) software. I can tell you that ESM software provides a total view into your infrastructure. Typically, agents are loaded onto your hardware and report back to a central console. You can, for example, monitor disk space, services up/down, available memory and a whole lot more. When the node reaches the value (or limit) you are monitoring for, it sends an alert to the central console.


This vulnerability involves sending malformed HTTP requests to take over the HP OpenView Web server. Although no detail was given to what exactly an attacker could do once the Web server is compromised, an attacker could distort the views on your console giving you a false impression that everything is working properly. Nodes could be dropped from being monitored leading you to believe that you are monitoring your entire infrastructure when in reality you are only monitoring part of it.


Although this is not a "sky is falling" alert, it should be patched as soon as possible. I get nervous when applications such as OpenView have vulnerabilities. These applications are used to monitor an entire enterprise. Could you imagine the damage an attacker could do if they managed to compromise the software that monitors your entire organization?