HP-UX PHNE_31726 : HP-UX Running BIND v920, Remote Denial of Service (DoS) (HPSBUX00290 SSRT3622 rev.5)

Critical Nessus Plugin ID 16912


The remote HP-UX host is missing a security-related patch.


s700_800 11.23 Bind 9.2.0 components :

1. Certain ASN.1 encodings that are rejected as invalid by the parser can trigger a bug in the deallocation of the corresponding data structure, corrupting the stack. This can be used as a denial of service attack. It is currently unknown whether this can be exploited to run malicious code. This issue does not affect OpenSSL 0.9.6. More details are available at: CVE-2003-0545 2. Unusual ASN.1 tag values can cause an out of bounds read under certain circumstances, resulting in a denial of service vulnerability. More details are available at:
CVE-2003-0543 CVE-2003-0544 3. A malformed public key in a certificate will crash the verify code if it is set to ignore public key decoding errors. Exploitation of an affected application would result in a denial of service vulnerability. 4. Due to an error in the SSL/TLS protocol handling, a server will parse a client certificate when one is not specifically requested.


Install patch PHNE_31726 or subsequent.

See Also


Plugin Details

Severity: Critical

ID: 16912

File Name: hpux_PHNE_31726.nasl

Version: $Revision: 1.26 $

Type: local

Published: 2005/02/16

Modified: 2013/04/20

Dependencies: 12634

Risk Information

Risk Factor: Critical


Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/o:hp:hp-ux

Required KB Items: Host/local_checks_enabled, Host/HP-UX/version, Host/HP-UX/swlist

Patch Publication Date: 2004/09/22

Reference Information

CVE: CVE-2003-0543, CVE-2003-0544, CVE-2003-0545

HP: emr_na-c00901847, HPSBUX00290, SSRT3622

CWE: 119