HP-UX PHSS_36773 : s700_800 11.X OV NNM7.01 Intermediate Patch 11

This script is Copyright (C) 2007-2014 Tenable Network Security, Inc.


Synopsis :

The remote HP-UX host is missing a security-related patch.

Description :

s700_800 11.X OV NNM7.01 Intermediate Patch 11 :

The remote HP-UX host is affected by multiple vulnerabilities :

- A potential vulnerability has been identified with HP
OpenView Network Node Manager (OV NNM). This
vulnerability could by exploited remotely to allow cross
site scripting (XSS). (HPSBMA02283 SSRT071319)

- A potential vulnerability has been identified with HP
OpenView Network Node Manager (OV NNM). This
vulnerability could be exploited remotely by an
unauthorized user to execute arbitrary code with the
permissions of the NNM server. (HPSBMA02281 SSRT061261)

- Potential vulnerabilities have been identified with HP
OpenView Network Node Manager (OV NNM). The
vulnerabilities could be exploited remotely to create a
Denial of Service (DoS) or to execute arbitrary code.
References: CVE-2008-3536, CVE-2008-3537, CVE-2008-3544
(Bugtraq ID 28668). (HPSBMA02362 SSRT080044, SSRT080045,
SSRT080042)

- Potential vulnerabilities have been identified with HP
OpenView Network Node Manager (OV NNM) running Apache.
These vulnerabilities could be exploited remotely
resulting in cross site scripting (XSS), Denial of
Service (DoS), or execution of arbitrary code.
(HPSBMA02328 SSRT071293)

- A potential vulnerability has been identified with HP
OpenView Network Node Manager (OV NNM) running Shared
Trace Service. The vulnerability could be remotely
exploited to execute arbitrary code. (HPSBMA02242
SSRT061260)

- A potential vulnerability has been identified with HP
OpenView Network Node Manager (OV NNM). The
vulnerability could be exploited remotely to execute
arbitrary code or to create a Denial of Service (DoS).
(HPSBMA02348 SSRT080033)

See also :

http://www.nessus.org/u?149b8149
http://www.nessus.org/u?3312cdf1
http://www.nessus.org/u?d908af80
http://www.nessus.org/u?69af359a
http://www.nessus.org/u?6c4897f2
http://www.nessus.org/u?cd8ebfb4

Solution :

Install patch PHSS_36773 or subsequent.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 8.3
(CVSS2#E:F/RL:OF/RC:C)
Public Exploit Available : true

Family: HP-UX Local Security Checks

Nessus Plugin ID: 26896 (hpux_PHSS_36773.nasl)

Bugtraq ID: 15834
16152
19204

CVE ID: CVE-2005-3352
CVE-2005-3357
CVE-2006-3747
CVE-2007-3872
CVE-2007-6204
CVE-2007-6343
CVE-2008-1697
CVE-2008-3536
CVE-2008-3537
CVE-2008-3544