HP-UX PHSS_41607 : s700_800 11.X OV NNM7.53 IA-64 Intermediate Patch 28

critical Nessus Plugin ID 56844

Synopsis

The remote HP-UX host is missing a security-related patch.

Description

s700_800 11.X OV NNM7.53 IA-64 Intermediate Patch 28 :

The remote HP-UX host is affected by multiple vulnerabilities :

- Potential security vulnerabilities have been identified with HP OpenView Network Node Manager (OV NNM). The vulnerabilities could be exploited remotely to execute arbitrary code under the context of the user running the web server. References: CVE-2011-0261 (ZDI-CAN-753) CVE-2011-0262 (ZDI-CAN-757) CVE-2011-0263 (ZDI-CAN-774) CVE-2011-0264 (ZDI-CAN-810) CVE-2011-0265 (ZDI-CAN-931) CVE-2011-0266 (ZDI-CAN-932) CVE-2011-0267 (ZDI-CAN-933) CVE-2011-0268 (ZDI-CAN-934) CVE-2011-0269 (ZDI-CAN-935) CVE-2011-0270 (ZDI-CAN-936) CVE-2011-0271 (iDefense).
(HPSBMA02621 SSRT100352)

- A potential vulnerability has been identified with HP OpenView Network Node Manager (OV NNM) running on Windows. The vulnerability could be exploited remotely to execute arbitrary code. References: CVE-2010-2703, ZDI-CAN-682. (HPSBMA02557 SSRT100025)

Solution

Install patch PHSS_41607 or subsequent.

See Also

http://www.nessus.org/u?dae68cca

http://www.nessus.org/u?5e3effcb

Plugin Details

Severity: Critical

ID: 56844

File Name: hpux_PHSS_41607.nasl

Version: 1.11

Type: local

Published: 3/6/2012

Updated: 1/11/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.4

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 8.3

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/o:hp:hp-ux

Required KB Items: Host/local_checks_enabled, Host/HP-UX/version, Host/HP-UX/swlist

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 12/20/2010

Exploitable With

Core Impact

Metasploit (HP OpenView NNM nnmRptConfig.exe schdParams Buffer Overflow)

Reference Information

CVE: CVE-2010-2703, CVE-2011-0261, CVE-2011-0262, CVE-2011-0263, CVE-2011-0264, CVE-2011-0265, CVE-2011-0266, CVE-2011-0267, CVE-2011-0268, CVE-2011-0269, CVE-2011-0270, CVE-2011-0271

BID: 41829

HP: SSRT100025, SSRT100352, emr_na-c02286088, emr_na-c02670501