Vulnerabilities found in HP Internet Express

Hewlett-Packard has warned users of security holes in two of its products.

Hewlett-Packard has warned users of security holes in two of its products.

The security vulnerabilities - in the Internet Express software used on Tru64 servers and HP's Openview authentication systems - were discovered by a US university.

The most serious of the vulnerabilities affects version 2.6.2 of the software, which is offered by HP as part of Internet Express 6.2. Hackers can exploit this vulnerability by entering over-long user details to create a buffer overflow, which then allows a malicious program to be run on the computer. HP has produced a patch for the security hole.

HP has also confirmed the existence of a "moderately critical" vulnerability in Openview Operations. The hole is in Openview's authentication facility and affects versions 7.x of Openview for HP-UX and Solaris and also version 6.x of Openview Vantagepoint for the same two operating systems.

The vulnerability could allow the user authentication process to be bypassed, due to a missing authentication check.

HP is not alone among leading hardware suppliers in having to issue security alerts. Networking company Cisco earlier this month warned users of 11 serious vulnerabilities affecting its products. This latest Cisco security hole could enable hackers to gain control of wireless networks.

HP was unavailable for comment.

Read more on Hackers and cybercrime prevention