HP-UX PHSS_43890 : s700_800 11.X OV DP7.00 HP-UX IA/PA - Core patch

critical Nessus Plugin ID 73719

Synopsis

The remote HP-UX host is missing a security-related patch.

Description

s700_800 11.X OV DP7.00 HP-UX IA/PA - Core patch :

Potential security vulnerabilities have been identified with HP Data Protector. These vulnerabilities could be remotely exploited to allow an increase of privilege, create a Denial of Service (DoS), or execute arbitrary code. References: CVE-2013-2344 (ZDI-CAN-1866, SSRT101217) CVE-2013-2345 (ZDI-CAN-1869, SSRT101218) CVE-2013-2346 (ZDI-CAN-1870, SSRT101219) CVE-2013-2347 (ZDI-CAN-1885, SSRT101220) CVE-2013-2348 (ZDI-CAN-1892, SSRT101221) CVE-2013-2349 (ZDI-CAN-1896, SSRT101222) CVE-2013-2350 (ZDI-CAN-1897, SSRT101223) CVE-2013-6194 (ZDI-CAN-1905, SSRT101233) CVE-2013-6195 (ZDI-CAN-2008, SSRT101348).

Solution

Install patch PHSS_43890 or subsequent.

See Also

http://www.nessus.org/u?fe03aaf8

Plugin Details

Severity: Critical

ID: 73719

File Name: hpux_PHSS_43890.nasl

Version: 1.6

Type: local

Published: 4/27/2014

Updated: 1/11/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.4

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 8.3

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/o:hp:hp-ux

Required KB Items: Host/local_checks_enabled, Host/HP-UX/version, Host/HP-UX/swlist

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 4/11/2014

Exploitable With

Core Impact

Metasploit (HP Data Protector Backup Client Service Directory Traversal)

Reference Information

CVE: CVE-2013-2344, CVE-2013-2345, CVE-2013-2346, CVE-2013-2347, CVE-2013-2348, CVE-2013-2349, CVE-2013-2350, CVE-2013-6194, CVE-2013-6195

BID: 64647

HP: emr_na-c03822422