HP-UX PHSS_39246 : s700_800 11.X OV NNM7.53 IA-64 Intermediate Patch 22

critical Nessus Plugin ID 39384

Synopsis

The remote HP-UX host is missing a security-related patch.

Description

s700_800 11.X OV NNM7.53 IA-64 Intermediate Patch 22 :

The remote HP-UX host is affected by multiple vulnerabilities :

- Potential security vulnerabilities have been identified with HP OpenView Network Node Manager (OV NNM). These vulnerabilities could be exploited remotely to allow execution of arbitrary code. (HPSBMA02400 SSRT080144)

- A potential vulnerability has been identified with HP OpenView Network Node Manager (OV NNM). The vulnerability could be exploited remotely to execute arbitrary code. (HPSBMA02424 SSRT080125)

- A potential vulnerability has been identified with HP OpenView Network Node Manager (OV NNM). The vulnerability could be exploited remotely to execute arbitrary code. (HPSBMA02425 SSRT080091)

Solution

Install patch PHSS_39246 or subsequent.

See Also

http://www.nessus.org/u?cdefacfb

http://www.nessus.org/u?45827469

http://www.nessus.org/u?0bbcab1d

Plugin Details

Severity: Critical

ID: 39384

File Name: hpux_PHSS_39246.nasl

Version: 1.35

Type: local

Published: 6/15/2009

Updated: 1/11/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.4

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 8.3

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/o:hp:hp-ux

Required KB Items: Host/local_checks_enabled, Host/HP-UX/version, Host/HP-UX/swlist

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 3/18/2009

Exploitable With

Core Impact

Metasploit (HP OpenView Network Node Manager Toolbar.exe CGI Buffer Overflow)

Reference Information

CVE: CVE-2008-0067, CVE-2008-2438, CVE-2009-0720

BID: 34738, 34812

CWE: 119, 189, 94

HP: SSRT080091, SSRT080125, SSRT080144, emr_na-c01646081, emr_na-c01723303, emr_na-c01728300