HP-UX PHNE_31726 : HP-UX Running BIND v920, Remote Denial of Service (DoS) (HPSBUX00290 SSRT3622 rev.5)

This script is Copyright (C) 2005-2013 Tenable Network Security, Inc.

Synopsis :

The remote HP-UX host is missing a security-related patch.

Description :

s700_800 11.23 Bind 9.2.0 components :

1. Certain ASN.1 encodings that are rejected as invalid by the parser
can trigger a bug in the deallocation of the corresponding data
structure, corrupting the stack. This can be used as a denial of
service attack. It is currently unknown whether this can be exploited
to run malicious code. This issue does not affect OpenSSL 0.9.6. More
details are available at: CVE-2003-0545 2. Unusual ASN.1 tag values
can cause an out of bounds read under certain circumstances, resulting
in a denial of service vulnerability. More details are available at:
CVE-2003-0543 CVE-2003-0544 3. A malformed public key in a certificate
will crash the verify code if it is set to ignore public key decoding
errors. Exploitation of an affected application would result in a
denial of service vulnerability. 4. Due to an error in the SSL/TLS
protocol handling, a server will parse a client certificate when one
is not specifically requested.

See also :


Solution :

Install patch PHNE_31726 or subsequent.

Risk factor :

Critical / CVSS Base Score : 10.0

Family: HP-UX Local Security Checks

Nessus Plugin ID: 16912 (hpux_PHNE_31726.nasl)

Bugtraq ID:

CVE ID: CVE-2003-0543

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now