HP-UX PHSS_42328 : s700_800 11.X OV NNM9.00 NNM 9.0x Patch 5

This script is Copyright (C) 2012-2014 Tenable Network Security, Inc.


Synopsis :

The remote HP-UX host is missing a security-related patch.

Description :

s700_800 11.X OV NNM9.00 NNM 9.0x Patch 5 :

The remote HP-UX host is affected by multiple vulnerabilities :

- Apotential security vulnerability has been identified
with HP Network Node Manager I (NNMi) on HP-UX, Linux,
Solaris, and Windows. The vulnerability could be
remotely exploited resulting in unauthorized access.
References: CVE-2013-2351 (SSRT101012, ZDI-CAN-1566).

- A potential security vulnerability has been identified
with HP Network Node Manager i (NNMi) for HP-UX, Linux,
Solaris, and Windows. The vulnerability could be
remotely exploited resulting in unauthorized disclosure
of information. (HPSBMU02714 SSRT100244)

- Potential security vulnerabilities have been identified
with HP Network Node Manager i (NNMi) for HP-UX, Linux,
Solaris, and Windows. The vulnerabilities could be
remotely exploited resulting in cross site scripting
(XSS). (HPSBMU02708 SSRT100633)

- A potential vulnerability has been identified with HP
Network Node Manager i (NNMi) for HP-UX, Linux, Solaris,
and Windows. The vulnerability could be remotely
exploited resulting in unauthorized access to NNMi
processes. (HPSBMA02659 SSRT100440)

See also :

http://www.nessus.org/u?7dec283b
http://www.nessus.org/u?8792dae1
http://www.nessus.org/u?85d28e00
http://www.nessus.org/u?54da22c0

Solution :

Install patch PHSS_42328 or subsequent.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 5.9
(CVSS2#E:POC/RL:OF/RC:C)
Public Exploit Available : true

Family: HP-UX Local Security Checks

Nessus Plugin ID: 56849 ()

Bugtraq ID: 47420
50635
61132

CVE ID: CVE-2010-0738
CVE-2011-1534
CVE-2011-4155
CVE-2011-4156
CVE-2013-2351