HP-UX PHNE_28409 : s700_800 11.22 sendmail(1m) 8.11.1 patch

Critical Nessus Plugin ID 16634

Synopsis

The remote HP-UX host is missing a security-related patch.

Description

s700_800 11.22 sendmail(1m) 8.11.1 patch :

The remote HP-UX host is affected by multiple vulnerabilities :

- Sendmail Restricted Shell (smrsh) may let local users bypass restrictions to execute code.

- A potential security vulnerability has been identified with HP-UX sendmail, where the vulnerability may be exploited remotely to gain unauthorized access or create a denial of service (DoS). References: CERT CA-2003-12.
(HPSBUX00253 SSRT3531)

- A potential security vulnerability has been identified with HP-UX running sendmail, where the vulnerability may be exploited remotely to gain unauthorized access and create a Denial of Service (DoS). References: CERT CA-2003-07, CAN-2002-1337. (HPSBUX00246 SSRT3469)

Solution

Install patch PHNE_28409 or subsequent.

See Also

http://www.nessus.org/u?7e44f628

http://www.nessus.org/u?b715e4f4

Plugin Details

Severity: Critical

ID: 16634

File Name: hpux_PHNE_28409.nasl

Version: Revision: 1.16

Type: local

Published: 2005/02/16

Updated: 2017/04/27

Dependencies: 12634

Risk Information

Risk Factor: Critical

CVSS v2.0

Base Score: 10

Temporal Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:POC/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/o:hp:hp-ux

Required KB Items: Host/local_checks_enabled, Host/HP-UX/version, Host/HP-UX/swlist

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2003/07/11

Reference Information

CVE: CVE-2002-1337, CVE-2003-0161

BID: 6991

CERT-CC: 2003-07, 2003-12

HP: emr_na-c00958338, emr_na-c00958571, HPSBUX00246, HPSBUX00253, HPSBUX0212, SSRT2432, SSRT3469, SSRT3531