Detections
Analytics

HP-UX PHSS_40705 : s700_800 11.11 OV NNM7.01 Intermediate Patch 13

critical Nessus Plugin ID 46261

Language:

Synopsis

The remote HP-UX host is missing a security-related patch.

Description

s700_800 11.11 OV NNM7.01 Intermediate Patch 13 :

The remote HP-UX host is affected by multiple vulnerabilities :

 - A potential vulnerability has been identified with HP OpenView Network Node Manager (OV NNM). The vulnerability could be exploited remotely to execute arbitrary code. (HPSBMA02424 SSRT080125)

 - Potential security vulnerabilities have been identified with HP OpenView Network Node Manager (OV NNM). These vulnerabilities could be exploited remotely to execute arbitrary code. References: CVE-2009-0898 (SSRT090101) CVE-2009-3845 (SSRT090037, ZDI-CAN-453) CVE-2009-3846 (SSRT090122, ZDI-CAN-526) CVE-2009-3847 (SSRT090128, ZDI-CAN-532) CVE-2009-3848 (SSRT090129, ZDI-CAN-522) CVE-2009-3849 (SSRT090130, ZDI-CAN-523) CVE-2009-4176 (SSRT090131, ZDI-CAN-532) CVE-2009-4177 (SSRT090132, ZDI-CAN-538) CVE-2009-4178 (SSRT090133, ZDI-CAN-539) CVE-2009-4179 (SSRT090134, ZDI-CAN-540) CVE-2009-4180 (SSRT090135, ZDI-CAN-542) CVE-2009-4181 (SSRT090164, ZDI-CAN-549). (HPSBMA02483 SSRT090257)

 - Potential security vulnerabilities have been identified with HP OpenView Network Node Manager (OV NNM). These vulnerabilities could be exploited remotely to allow execution of arbitrary code. (HPSBMA02400 SSRT080144)

 - Potential vulnerabilities have been identified with HP OpenView Network Node Manager (OV NNM). The vulnerabilities could be exploited remotely to execute arbitrary code. (HPSBMA02416 SSRT090008)

 - Potential security vulnerabilities have been identified with HP OpenView Network Node Manager (OV NNM). These vulnerabilities could be exploited remotely to execute arbitrary code. References: CVE-2010-1550 (SSRT090225, ZDI-CAN-563) CVE-2010-1551 (SSRT090226, ZDI-CAN-564) CVE-2010-1552 (SSRT090227, ZDI-CAN-566) CVE-2010-1553 (SSRT090228, ZDI-CAN-573) CVE-2010-1554 (SSRT090229, ZDI-CAN-574) CVE-2010-1555 (SSRT090230, ZDI-CAN-575).
 (HPSBMA02527 SSRT010098)

 - A potential vulnerability has been identified with HP OpenView Network Node Manager (OV NNM). The vulnerability could be exploited remotely to execute arbitrary code. (HPSBMA02425 SSRT080091)

Solution

Install patch PHSS_40705 or subsequent.

See Also

http://www.nessus.org/u?cdefacfb

http://www.nessus.org/u?ed695dee

http://www.nessus.org/u?45827469

http://www.nessus.org/u?0bbcab1d

http://www.nessus.org/u?422f4693

http://www.nessus.org/u?d5f413ca

Plugin Details

Severity: Critical

ID: 46261

File Name: hpux_PHSS_40705.nasl

Version: 1.24

Type: local

Published: 5/10/2010

Updated: 1/11/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.4

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 8.3

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/o:hp:hp-ux

Required KB Items: Host/local_checks_enabled, Host/HP-UX/version, Host/HP-UX/swlist

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2/26/2010

Exploitable With

CANVAS (White_Phosphorus)

Core Impact

Metasploit (HP OpenView Network Node Manager getnnmdata.exe (Hostname) CGI Buffer Overflow)

Reference Information

CVE: CVE-2008-0067, CVE-2008-2438, CVE-2009-0720, CVE-2009-0898, CVE-2009-0920, CVE-2009-0921, CVE-2009-3845, CVE-2009-3846, CVE-2009-3847, CVE-2009-3848, CVE-2009-3849, CVE-2009-4176, CVE-2009-4177, CVE-2009-4178, CVE-2009-4179, CVE-2009-4180, CVE-2009-4181, CVE-2010-1550, CVE-2010-1551, CVE-2010-1552, CVE-2010-1553, CVE-2010-1554, CVE-2010-1555

BID: 34738, 34812

CWE: 119, 189, 94

HP: SSRT010098, SSRT080091, SSRT080125, SSRT080144, SSRT090008, SSRT090257, emr_na-c01646081, emr_na-c01696729, emr_na-c01723303, emr_na-c01728300, emr_na-c01950877, emr_na-c02153379