COMMAND

    HP OpenView

SYSTEMS AFFECTED

    HP OpenView 5.02 and earlier (?) on HP 9000 series 700/800. and Solaris

PROBLEM

    Following is based  on ISS Security  Advisory.  Internet  Security
    Systems  (ISS)  X-Force  has  researched  a  hidden SNMP community
    string  that  exists  in  HP  OpenView.   This community may allow
    unauthorized access to certain SNMP variables.  Attackers may  use
    this hidden community to learn  about network topology as well  as
    modify MIB variables.  All hosts in a managed network rely on  the
    proper delivery and collection  of SNMP data.   This vulnerability
    allows remote attackers  access to portions  of the MIB  tree used
    for configuration and  maintenance of the  SNMP agent.   Attackers
    may  use  this  hidden  community  from remote to gain information
    otherwise reserved for authorized  users.  Attackers can  also use
    this community to disrupt collection of data over SNMP as well  as
    sever  communication  between  Collection  Agents  and  Management
    stations.

    ISS X-Force has  confirmed that this  vulnerability is present  in
    HP OpenView  Version 5.02.   Earlier versions  are believed  to be
    vulnerable.  HP-UX 9.X and  HP-UX 10.X SNMP agents are  vulnerable
    if  OpenView  is  installed.   OpenView  for  Solaris  2.X is also
    vulnerable.  OpenView for Windows NT is not vulnerable.

SOLUTION

    This HP OpenView  Emanate SNMP Agent  has two revisions  currently
    supported, release 2.X and 14.X.   HP recommends upgrading to  the
    14.X  release   and  applying   the  patch   to  circumvent   this
    vulnerability.  The defect is now fixed such that an  unauthorized
    user can not  use this mechanism.   Please install the  applicable
    patch:

        Emanate 14.2 version on HP-UX revision 11.00:        PHSS_16846
        Emanate 14.2 version on HP-UX revision 10.20:        PHSS_16845
        Emanate 14.2 version on VVOS revision 10.24:         PHSS_17083
        Emanate 14.0 version on HP-UX revision 10.0X, 10.10: PHSS_16800
        Emanate 14.0 version on HP-UX revision  9.X:         PHSS_16799

        Solaris 2.3 and 2.4    OpenView Emanate14.0 agent:    PSOV_02190
        Solaris 2.5.1 and 2.6  OpenView Emanate14.2 agent:    PSOV_02191

    Due to the security features on the VirtualVault system using VVOS
    10.24, the system is not vulnerable to the stated access from  the
    OUTSIDE or Internet.  The vulnerability only exists on the  INSIDE
    or  internal  network.   The  Solaris,  HP-UX  9.X, and HP-UX 10.X
    patches  are  _NOT_cumulative  The  HP-UX  11.X patch is, however,
    cumulative.