This script is Copyright (C) 2005-2014 Tenable Network Security, Inc.
The remote HP-UX host is missing a security-related patch.
s700_800 11.04 Virtualvault 4.7 OpenSSH update :
Two potential security vulnerabilities have been identified in OpenSSL
by NISCC (224012/1 and 224012/2). The Common Vulnerabilities and
Exposures project has referenced them as the following CAN-2004-0079,
and CAN-2004-0112. The CERT summary is TA04-078A. 1. The
do_change_cipher_spec function in OpenSSL allows remote attackers to
cause a denial of service via a crafted SSL/TLS handshake that
triggers a null dereference. CVE-2004-0079 2. The SSL/TLS handshaking,
when using Kerberos ciphersuites, does not properly check the length
of Kerberos tickets during a handshake, which allows remote attackers
to cause a denial of service via a crafted SSL/TLS handshake that
causes an out-of-bounds read. CVE-2004-0112.
See also :
Install patch PHSS_30640 or subsequent.
Risk factor :
Medium / CVSS Base Score : 5.0