HP-UX PHSS_38489 : s700_800 11.X OV NNM7.53 IA-64 Intermediate Patch 20

critical Nessus Plugin ID 39380

Synopsis

The remote HP-UX host is missing a security-related patch.

Description

s700_800 11.X OV NNM7.53 IA-64 Intermediate Patch 20 :

The remote HP-UX host is affected by multiple vulnerabilities :

- Potential vulnerabilities have been identified with HP OpenView Network Node Manager (OV NNM). The vulnerabilities could be exploited remotely to create a Denial of Service (DoS) or to execute arbitrary code.
References: CVE-2008-3536, CVE-2008-3537, CVE-2008-3544 (Bugtraq ID 28668). (HPSBMA02362 SSRT080044, SSRT080045, SSRT080042)

- A potential vulnerability has been identified with HP OpenView Network Node Manager (OV NNM). The vulnerability could be exploited remotely execute arbitrary code or to create a Denial of Service (DoS).
(HPSBMA02338 SSRT080024, SSRT080041)

- A potential security vulnerability has been identified with HP OpenView Network Node Manager (OV NNM). The vulnerability could be exploited remotely to create a Denial of Service (DoS). (HPSBMA02374 SSRT080046)

- Potential vulnerabilities have been identified with HP OpenView Network Node Manager (OV NNM). The vulnerabilities could be exploited remotely to execute arbitrary code with administrator priviliges or to create a Denial of Service (DoS). (HPSBMA02477 SSRT090177)

- A potential vulnerability has been identified with HP OpenView Network Node Manager (OV NNM). The vulnerability could be exploited remotely to execute arbitrary code or to create a Denial of Service (DoS).
(HPSBMA02348 SSRT080033)

Solution

Install patch PHSS_38489 or subsequent.

See Also

http://www.nessus.org/u?202438e1

http://www.nessus.org/u?6c4897f2

http://www.nessus.org/u?cd8ebfb4

http://www.nessus.org/u?39f46ac2

http://www.nessus.org/u?499137a6

Plugin Details

Severity: Critical

ID: 39380

File Name: hpux_PHSS_38489.nasl

Version: 1.23

Type: local

Published: 6/15/2009

Updated: 1/11/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.4

CVSS v2

Risk Factor: Critical

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/o:hp:hp-ux

Required KB Items: Host/local_checks_enabled, Host/HP-UX/version, Host/HP-UX/swlist

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 9/24/2008

Exploitable With

CANVAS (D2ExploitPack)

Metasploit (HP OpenView NNM 7.53, 7.51 OVAS.EXE Pre-Authentication Stack Buffer Overflow)

Reference Information

CVE: CVE-2008-1697, CVE-2008-1842, CVE-2008-3536, CVE-2008-3537, CVE-2008-3544, CVE-2008-3545, CVE-2009-3840, CVE-2010-2710

CWE: 119, 189

HP: SSRT080024, SSRT080033, SSRT080041, SSRT080042, SSRT080044, SSRT080045, SSRT080046, SSRT090177, emr_na-c01466051, emr_na-c01495949, emr_na-c01537275, emr_na-c01567813, emr_na-c01926980