The Zero Day Initiative (ZDI) released five security holes that Hewlett-Packard has had, and known about, for more than six months.

All the zero-day holes affect products in HP’s enterprise and networking divisions:
• HP LeftHand Virtual SAN
• HP Operations Agent for NonStop
• HP Intelligent Management Center
• HP iNode Management Center
• HP Diagnostics Server

New Java Zero Day in Play
SpecView Hole in SCADA/HMI line
Siemens Default Password Hole
Hot Fix for ICONICS Zero Day

In all five products, remote attackers can exploit programming flaws to inject and execute arbitrary code via specially crafted requests – sometimes even at systsem user level.

These are all at the highest threat level. In all five cases, the ZDI informed the company of the problems at the end of 2011. HP failed to release patches for any of these critical security holes.

Schneider Bold

Because companies would often make no move to fix the security holes reported to them, two years ago, ZDI said it would in future disclose such holes after 180 days if companies failed to respond. ZDI has invoked its rule more than once.

The odd part about the release of the Zero Day news is HP owns TrippingPoint, which runs ZDI. HP took over TippingPoint when it acquired 3Com.

Do NOT follow this link or you will be banned from the site!

Pin It on Pinterest

Share This