HP-UX PHSS_37141 : s700_800 11.X OV NNM6.4x/ET2.0x Intermediate Patch 17

This script is Copyright (C) 2007-2014 Tenable Network Security, Inc.


Synopsis :

The remote HP-UX host is missing a security-related patch.

Description :

s700_800 11.X OV NNM6.4x/ET2.0x Intermediate Patch 17 :

The remote HP-UX host is affected by multiple vulnerabilities :

- Potential vulnerabilities have been identified with HP
OpenView Network Node Manager (OV NNM) running Apache.
These vulnerabilities could be exploited remotely
resulting in cross site scripting (XSS), Denial of
Service (DoS), or execution of arbitrary code.
(HPSBMA02328 SSRT071293)

- A potential vulnerability has been identified with HP
OpenView Network Node Manager (OV NNM). This
vulnerability could be exploited remotely by an
unauthorized user to execute arbitrary code with the
permissions of the NNM server. (HPSBMA02281 SSRT061261)

- A potential vulnerability has been identified with HP
OpenView Network Node Manager (OV NNM) running Shared
Trace Service. The vulnerability could be remotely
exploited to execute arbitrary code. (HPSBMA02242
SSRT061260)

- A potential security vulnerability has been identified
with HP OpenView Network Node Manager (OV NNM). The
vulnerability could be exploited remotely to create a
Denial of Service (DoS). (HPSBMA02307 SSRT071420)

- A potential vulnerability has been identified with HP
OpenView Network Node Manager (OV NNM). This
vulnerability could by exploited remotely to allow cross
site scripting (XSS). (HPSBMA02283 SSRT071319)

See also :

http://www.nessus.org/u?149b8149
http://www.nessus.org/u?3312cdf1
http://www.nessus.org/u?d908af80
http://www.nessus.org/u?71f7c351
http://www.nessus.org/u?69af359a

Solution :

Install patch PHSS_37141 or subsequent.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 8.3
(CVSS2#E:F/RL:OF/RC:C)
Public Exploit Available : true

Family: HP-UX Local Security Checks

Nessus Plugin ID: 29200 (hpux_PHSS_37141.nasl)

Bugtraq ID: 15834
16152
19204

CVE ID: CVE-2005-3352
CVE-2005-3357
CVE-2006-3747
CVE-2007-3872
CVE-2007-6204
CVE-2007-6343
CVE-2008-0212