[NV-L] FW: US-CERT Current Activity - HP Releases Security Bulletin for HP OpenView Network Node Manager

[James Shanks <jshanks@us.ibm.com>]

Well, you have to register with HP to actually obtain the patch and they provide no details on either URL about what areas of the code are affected.

But CERT also knows about NetView and if they knew of a vulnerability in it, they would contact us directly, just as they did in 2002 when we fixed a similar issue with trapd. If my management knew of a current vulnerability it would be on my desk in hours if not minutes, and I know nothing about any such thing.

James Shanks
Tivoli Network Availability Management Level Three
Network Availability Management
Tivoli Software, IBM Corp
1-919-224-1642 | T/L 687-1642 | ITN 26871642
"Davis, Donald" <donald.davis@firstcitizens.com>

"Davis, Donald" <donald.davis@firstcitizens.com>
Sent by: nv-l-bounces@lists.ca.ibm.com

02/09/2009 09:51 AM

Please respond to
Tivoli NetView Discussions <nv-l@lists.ca.ibm.com>

To	nv-l@lists.ca.ibm.com
cc
Subject	[NV-L] FW: US-CERT Current Activity - HP Releases Security Bulletin for HP OpenView Network Node Manager

My Info-Security department is asking me if this is also an issue with
NetView.
There is not enough detail on the HP support DOCs to determine what
daemon/process might be affected.
My initial reaction is to just say No, it is not an issue ..... But you
know about assumptions.

Thanks,
Don Davis

========================
US-CERT Current Activity

HP Releases Security Bulletin for HP OpenView Network Node Manager

Original release date: February 6, 2009 at 10:03 am
Last revised: February 6, 2009 at 10:03 am


HP has released a security bulletin to address a vulnerability in HP
OpenView Network Node Manager. This vulnerability may allow a remote
attacker to execute arbitrary code.

US-CERT recommends that users and administrators review the HP Support
document and apply any necessary updates to help mitigate the risks.

Relevant Url(s):
<http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=
c01661610>

====
This entry is available at
http://www.us-cert.gov/current/index.html#hp_releases_security_bulletin_
for

------------------------------------------------------------------------------
Call 1.888.FC DIRECT (1.888.323.4732) or visit us on the web at firstcitizens.com 
today to take advantage of our great products and services. 

This electronic mail and any files transmitted with it are confidential and are intended solely for the use 
of individual or entity to whom they are addressed. If you are not the intended recipient or the person 
responsible for delivering the electronic mail to the intended recipient, be advised that if you have received 
this electronic mail in error and that any use, dissemination, forwarding, printing, or copying of this electronic 
mail is strictly prohibited. If you have received this electronic mail in error, please immediately notify the 
sender by return mail.
--------------------
First Citizens Bank - Helping our customers achieve a lifetime of success. 
Visit us on the web at firstcitizens.com - Member FDIC
==============================================================================
02/09/09, 09:51:04

_______________________________________________
NV-L mailing list
NV-L@lists.ca.ibm.com
Unsubscribe:NV-L-leave@lists.ca.ibm.com
http://lists.ca.ibm.com/mailman/listinfo/nv-l (Browser access limited to internal IBM'ers only)

_______________________________________________
NV-L mailing list
NV-L@lists.ca.ibm.com
Unsubscribe:NV-L-leave@lists.ca.ibm.com
http://lists.ca.ibm.com/mailman/listinfo/nv-l (Browser access limited to 
internal IBM'ers only)