HP-UX PHCO_42175 : HP-UX running VEA, Remote Denial of Service (DoS), Execution of Arbitrary Code (HPSBUX02700 SSRT100506 rev.2)

critical Nessus Plugin ID 56826

Synopsis

The remote HP-UX host is missing a security-related patch.

Description

s700_800 11.11 VERITAS Enterprise Administrator Srvc Patch :

Potential security vulnerabilities have been identified in HP-UX running the Veritas Enterprise Administrator (VEA), which comes bundled with VxVM. The vulnerabilities could be exploited remotely to create a Denial of Service (DoS) or execute arbitrary code.
References: CVE-2011-0547, ZDI-CAN-1110, ZDI-CAN-1111.

Solution

Install patch PHCO_42175 or subsequent.

See Also

http://www.nessus.org/u?a55dd2ee

Plugin Details

Severity: Critical

ID: 56826

File Name: hpux_PHCO_42175.nasl

Version: 1.15

Type: local

Published: 3/6/2012

Updated: 1/11/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/o:hp:hp-ux

Required KB Items: Host/local_checks_enabled, Host/HP-UX/version, Host/HP-UX/swlist

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 8/9/2011

Vulnerability Publication Date: 5/31/2011

Reference Information

CVE: CVE-2011-0546, CVE-2011-0547

BID: 47824, 49014

HP: HPSBUX02700, SSRT100506, emr_na-c02962262

IAVB: 2011-B-0108