Vulnerabilities found in HP Internet Express

News

Vulnerabilities found in HP Internet Express

Nick Huber
Hewlett-Packard has warned users of security holes in two of its products.

The security vulnerabilities - in the Internet Express software used on Tru64 servers and HP's Openview authentication systems - were discovered by a US university.

The most serious of the vulnerabilities affects version 2.6.2 of the software, which is offered by HP as part of Internet Express 6.2. Hackers can exploit this vulnerability by entering over-long user details to create a buffer overflow, which then allows a malicious program to be run on the computer. HP has produced a patch for the security hole.

HP has also confirmed the existence of a "moderately critical" vulnerability in Openview Operations. The hole is in Openview's authentication facility and affects versions 7.x of Openview for HP-UX and Solaris and also version 6.x of Openview Vantagepoint for the same two operating systems.

The vulnerability could allow the user authentication process to be bypassed, due to a missing authentication check.

HP is not alone among leading hardware suppliers in having to issue security alerts. Networking company Cisco earlier this month warned users of 11 serious vulnerabilities affecting its products. This latest Cisco security hole could enable hackers to gain control of wireless networks.

HP was unavailable for comment.

Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
 

COMMENTS powered by Disqus  //  Commenting policy