HP-UX PHSS_40708 : s700_800 11.X OV NNM7.53 IA-64 Intermediate Patch 26

critical Nessus Plugin ID 46348

Language:

Synopsis

The remote HP-UX host is missing a security-related patch.

Description

s700_800 11.X OV NNM7.53 IA-64 Intermediate Patch 26 :

The remote HP-UX host is affected by multiple vulnerabilities :

- Potential security vulnerabilities have been identified with HP OpenView Network Node Manager (OV NNM). These vulnerabilities could be exploited remotely to execute arbitrary code. References: CVE-2010-1550 (SSRT090225, ZDI-CAN-563) CVE-2010-1551 (SSRT090226, ZDI-CAN-564) CVE-2010-1552 (SSRT090227, ZDI-CAN-566) CVE-2010-1553 (SSRT090228, ZDI-CAN-573) CVE-2010-1554 (SSRT090229, ZDI-CAN-574) CVE-2010-1555 (SSRT090230, ZDI-CAN-575).
(HPSBMA02527 SSRT010098)

- Potential security vulnerabilities have been identified with HP OpenView Network Node Manager (OV NNM). These vulnerabilities could be exploited remotely to execute arbitrary code under the context of the user running the web server. References: CVE-2010-1964 (SSRT100026, ZDI-CAN-683) CVE-2010-1960 (SSRT100027, ZDI-CAN-684) CVE-2010-1961 (SSRT100028, ZDI-CAN-685).

- A potential security vulnerability has been identified with HP OpenView Network Node Manager (OV NNM). The vulnerability could be exploited remotely to execute arbitrary code under the context of the user running the web server.

Solution

Install patch PHSS_40708 or subsequent.

See Also

http://www.nessus.org/u?d5f413ca

http://www.nessus.org/u?f9c68a79

http://www.nessus.org/u?094465cf

Plugin Details

Severity: Critical

ID: 46348

File Name: hpux_PHSS_40708.nasl

Version: 1.34

Type: local

Published: 5/17/2010

Updated: 1/11/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.4

CVSS v2

Risk Factor: Critical

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/o:hp:hp-ux

Required KB Items: Host/local_checks_enabled, Host/HP-UX/version, Host/HP-UX/swlist

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 5/3/2010

Exploitable With

CANVAS (White_Phosphorus)

Core Impact

Metasploit (HP NNM CGI webappmon.exe OvJavaLocale Buffer Overflow)

Reference Information

CVE: CVE-2010-1550, CVE-2010-1551, CVE-2010-1552, CVE-2010-1553, CVE-2010-1554, CVE-2010-1555, CVE-2010-1960, CVE-2010-1961, CVE-2010-1964, CVE-2010-2709

HP: SSRT010098, emr_na-c02153379, emr_na-c02217439, emr_na-c02446520