A number of remote code execution vulnerabilities in HP Operations Agent have been identified. As a result, the company has made available a series of patches for the impacted products.
HP Operations Agent
is a server monitoring software that collects detailed information on a machine’s performance and fault metrics. It can not only automatically adjust values in case they breach a certain threshold, but it can also send out alerts and events to a central server.
The security hole exists
in the 11.03.12 and prior variants designed to run on AIX, HP-UX, Windows, Linux and Solaris.
The company has credited Luigi Auriemma for finding the vulnerability and reporting it to HP’s TippingPoint Zero Day Initiative.
Customers of the aforementioned products are advised to download the patches and apply them as soon as possible.
The patches are available for download here