Detections
Analytics

HP-UX PHNE_31726 : HP-UX Running BIND v920, Remote Denial of Service (DoS) (HPSBUX00290 SSRT3622 rev.5)

critical Nessus Plugin ID 16912

Synopsis

The remote HP-UX host is missing a security-related patch.

Description

s700_800 11.23 Bind 9.2.0 components :

1. Certain ASN.1 encodings that are rejected as invalid by the parser can trigger a bug in the deallocation of the corresponding data structure, corrupting the stack. This can be used as a denial of service attack. It is currently unknown whether this can be exploited to run malicious code. This issue does not affect OpenSSL 0.9.6. More details are available at: CVE-2003-0545 2. Unusual ASN.1 tag values can cause an out of bounds read under certain circumstances, resulting in a denial of service vulnerability. More details are available at:
CVE-2003-0543 CVE-2003-0544 3. A malformed public key in a certificate will crash the verify code if it is set to ignore public key decoding errors. Exploitation of an affected application would result in a denial of service vulnerability. 4. Due to an error in the SSL/TLS protocol handling, a server will parse a client certificate when one is not specifically requested.

Solution

Install patch PHNE_31726 or subsequent.

See Also

http://www.nessus.org/u?4e1604c4

Plugin Details

Severity: Critical

ID: 16912

File Name: hpux_PHNE_31726.nasl

Version: 1.27

Type: local

Published: 2/16/2005

Updated: 1/11/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Critical

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/o:hp:hp-ux

Required KB Items: Host/local_checks_enabled, Host/HP-UX/version, Host/HP-UX/swlist

Patch Publication Date: 9/22/2004

Reference Information

CVE: CVE-2003-0543, CVE-2003-0544, CVE-2003-0545

CWE: 119

HP: HPSBUX00290, SSRT3622, emr_na-c00901847