HP-UX PHNE_25644 : s700_800 11.11 cumulative ARPA Transport patch

medium Nessus Plugin ID 16508

Synopsis

The remote HP-UX host is missing a security-related patch.

Description

s700_800 11.11 cumulative ARPA Transport patch :

The remote HP-UX host is affected by multiple vulnerabilities :

- A potential security vulnerability has been identified with HP-UX running TCP/IP. This vulnerability could be remotely exploited by an unauthorized user to cause a Denial of Service(DoS). References: NISCC VU#532967, CAN-2004-0790, CAN-2004-0791, CAN-2004-1060.
(HPSBUX01164 SSRT4884)

- An HP-UX 11.11 machine with TRANSPORT patches PHNE_24211, PHNE_24506, PHNE_25134, or PHNE_25642 may be exposed to a denial of service through the malicious use of the 'ndd' command. (HPSBUX00192 SSRT071390)

- TCP Initial Sequence Number (ISN) randomization specified in RFC 1948 is available for HP-UX.
References: CVE-2001-0328, CERT CA-2001-09. (HPSBUX00205 SSRT080009)

Solution

Install patch PHNE_25644 or subsequent.

See Also

http://www.nessus.org/u?b75e5227

http://www.nessus.org/u?47614ae6

http://www.nessus.org/u?3a3e8ad7

Plugin Details

Severity: Medium

ID: 16508

File Name: hpux_PHNE_25644.nasl

Version: 1.26

Type: local

Published: 2/16/2005

Updated: 1/11/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.5

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.9

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

Vulnerability Information

CPE: cpe:/o:hp:hp-ux

Required KB Items: Host/local_checks_enabled, Host/HP-UX/version, Host/HP-UX/swlist

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 4/26/2002

Vulnerability Publication Date: 4/12/2005

Reference Information

CVE: CVE-2001-0328, CVE-2004-0790, CVE-2004-0791, CVE-2004-1060

BID: 13124

CERT: 532967

CERT-CC: 2001-09

HP: HPSBUX00192, HPSBUX00205, HPSBUX01164, SSRT071390, SSRT080009, SSRT4884, emr_na-c00576017, emr_na-c00994439, emr_na-c01336000