Nortel Response to HP Openview Network Node Manager Potential Vulnerabilities
| Description: |
HP Support has recently provided a fix for an OpenView Network Node Manager Directory Traversal issue and Multiple Denial Of Service Vulnerabilities. Some Nortel products contain this software as a component and thus are potentially affected by the vulnerabilities addressed. This bulletin provides a multi-product consolidated response for the Nortel products which are potentially affected. Without the fix, HP OpenView Network Node Manager is prone to multiple vulnerabilities affecting the 'ovalarmsrv.exe' and 'ovtopmd.exe' processes. These issues include a directory-traversal issue and multiple denial-of-service issues. Attackers can exploit these issues to access potentially sensitive data on the affected computer or to deny service to legitimate users. HP OpenView Network Node Manager 7.53 is vulnerable; other versions may also be affected. This bulletin addresses the following CVE: 1) CVE-2008-0068 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0068) Directory traversal vulnerability in OpenView5.exe in HP OpenView Network Node Manager (OV NNM) 7.51, 7.53, and earlier allows remote attackers to read arbitrary files via directory traversal sequences in the Action parameter. Before taking any action please ensure that you are viewing the latest official version of this security advisory by referencing http://www.nortel.com/securityadvisories |
| Type: |
Security Advisories |
| Number: |
2008009189, Rev 1 |
| Status: |
Retired |
| Date: |
2009-04-29 |
