HP-UX PHNE_28409 : s700_800 11.22 sendmail(1m) 8.11.1 patch

critical Nessus Plugin ID 16634

Synopsis

The remote HP-UX host is missing a security-related patch.

Description

s700_800 11.22 sendmail(1m) 8.11.1 patch :

The remote HP-UX host is affected by multiple vulnerabilities :

- Sendmail Restricted Shell (smrsh) may let local users bypass restrictions to execute code.

- A potential security vulnerability has been identified with HP-UX sendmail, where the vulnerability may be exploited remotely to gain unauthorized access or create a denial of service (DoS). References: CERT CA-2003-12.
(HPSBUX00253 SSRT3531)

- A potential security vulnerability has been identified with HP-UX running sendmail, where the vulnerability may be exploited remotely to gain unauthorized access and create a Denial of Service (DoS). References: CERT CA-2003-07, CAN-2002-1337. (HPSBUX00246 SSRT3469)

Solution

Install patch PHNE_28409 or subsequent.

See Also

http://www.nessus.org/u?7e44f628

http://www.nessus.org/u?b715e4f4

Plugin Details

Severity: Critical

ID: 16634

File Name: hpux_PHNE_28409.nasl

Version: 1.17

Type: local

Published: 2/16/2005

Updated: 1/11/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Critical

Score: 9.2

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/o:hp:hp-ux

Required KB Items: Host/local_checks_enabled, Host/HP-UX/version, Host/HP-UX/swlist

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 7/11/2003

Reference Information

CVE: CVE-2002-1337, CVE-2003-0161

BID: 6991

CERT-CC: 2003-07, 2003-12

HP: HPSBUX00246, HPSBUX00253, HPSBUX0212, SSRT2432, SSRT3469, SSRT3531, emr_na-c00958338, emr_na-c00958571