This script is Copyright (C) 2005-2013 Tenable Network Security, Inc.
The remote HP-UX host is missing a security-related patch.
s700_800 11.23 Bind 9.2.0 components :
1. Certain ASN.1 encodings that are rejected as invalid by the parser
can trigger a bug in the deallocation of the corresponding data
structure, corrupting the stack. This can be used as a denial of
service attack. It is currently unknown whether this can be exploited
to run malicious code. This issue does not affect OpenSSL 0.9.6. More
details are available at: CVE-2003-0545 2. Unusual ASN.1 tag values
can cause an out of bounds read under certain circumstances, resulting
in a denial of service vulnerability. More details are available at:
CVE-2003-0543 CVE-2003-0544 3. A malformed public key in a certificate
will crash the verify code if it is set to ignore public key decoding
errors. Exploitation of an affected application would result in a
denial of service vulnerability. 4. Due to an error in the SSL/TLS
protocol handling, a server will parse a client certificate when one
is not specifically requested.
See also :
Install patch PHNE_31726 or subsequent.
Risk factor :
Critical / CVSS Base Score : 10.0