HP Servers Hit By Two Security Flaws
Two security flaws have been uncovered in HP servers, one in its Internet Express, used with Tru64 servers, and a second in its authentication system OpenView.
The most serious of these vulnerabilities affects versions up to 2.6.2 of the software, delivered as part of Internet Express 6.2. It is caused by a boundary error in the S/KEY challenge handling procedure. It can be exploited by putting in over-long user details to create a buffer overflow after which a malicious program could be executed.
For this flaw, HP has released a patch available:
The company also admitted a “moderately critical” vulnerability in OpenView Operations, specifically in its authentication facility, affecting versions 7.x of OpenView for HP-UX and Solaris, as well as version 6.x of OpenView VantagePoint for the same two OSes.
For the second flaw, the patch is available:
A number of serious vulnerabilities have been found in the Washington University FTP daemon (WU-FTPD) - the replacement FTP daemon for Unix systems, which forms part of HP’s Internet Express, its collection of internet and administration software provided with Tru64 AlphaServer systems.
- Endpoint, Servers, Cloud Are All WinMagic's Forte: COO
- Malware Targeting Linux On The Rise, Shows Study
- IoT and Big Data Can Be A Match Made In Heaven
- Tech Giants Betting On A Green Future
- Go4Hosting launches 28 state-of-art dedicated Servers
- IBM Unveils Linux Servers To Empower AI And Deep Learning
- xDedic: The Black Market Of Hacked Servers Decoded
- HPE Delivers Converged System For IoT
- Kaspersky Lab Exposes Black Market Selling Hacked Servers
- Facebook Is Listening To Your Conversations 24x7