Critical Holes in HP Software

Wednesday, July 11, 2012 @ 03:07 PM gHale


Hewlett-Packard (HP) is sending out a warning about two security vulnerabilities in its Operations Agent server monitoring software.

Unspecified errors in the enterprise software for AIX, HP-UX, Linux, Solaris and Windows can suffer exploitation by a remote attacker to compromise a vulnerable system and execute arbitrary code, company officials said. Both of these errors have a CVSS 2.0 (Common Vulnerability Scoring System) base score of 10.0, the highest possible severity rating.

RELATED STORIES
Patch Tuesday Closes Zero Day
Microsoft FixIt For XML Hole
Attack: IE Zero Day
RTFs Fall Victim to APTs
Microsoft Adjusts as Duqu Lingers

Versions prior to 11.03.12 on all supported platforms suffer from the issue; upgrading to 11.03.12 corrects the problems.

Independent Security Researcher, Luigi Auriemma, reported these vulnerabilities to HP via TippingPoint’s Zero Day Initiative (ZDI).

A full list of affected versions, and patch download information are in the company’s security advisory.

HP advises all administrators to install the patches as soon as possible.



Leave a Reply

You must be logged in to post a comment.