This script is Copyright (C) 2005-2014 Tenable Network Security, Inc.
The remote HP-UX host is missing a security-related patch.
s700_800 11.04 Virtualvault 4.7 OpenSSH update :
Two potential security vulnerabilities have been identified in OpenSSL
by NISCC (224012/1 and 224012/2). The Common Vulnerabilities and
Exposures project has referenced them as the following CAN-2004-0079,
and CAN-2004-0112. The CERT summary is TA04-078A. 1. The
do_change_cipher_spec function in OpenSSL allows remote attackers to
cause a denial of service via a crafted SSL/TLS handshake that
triggers a null dereference. CVE-2004-0079 2. The SSL/TLS handshaking,
when using Kerberos ciphersuites, does not properly check the length
of Kerberos tickets during a handshake, which allows remote attackers
to cause a denial of service via a crafted SSL/TLS handshake that
causes an out-of-bounds read. CVE-2004-0112.
See also :
Install patch PHSS_30640 or subsequent.
Risk factor :
Medium / CVSS Base Score : 5.0
Family: HP-UX Local Security Checks
Nessus Plugin ID: 17525 (hpux_PHSS_30640.nasl)
CVE ID: CVE-2003-0020CVE-2004-0079CVE-2004-0112CVE-2004-0113CVE-2004-0174
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.