HP-UX PHSS_36623 : s700_800 11.X OV DP6.00 IA-64 patch - CORE packet

critical Nessus Plugin ID 43137

Synopsis

The remote HP-UX host is missing a security-related patch.

Description

s700_800 11.X OV DP6.00 IA-64 patch - CORE packet :

The remote HP-UX host is affected by multiple vulnerabilities :

 - A potential security vulnerability has been identified with OpenView Data Protector Application Recovery Manager version 5.5 and 6.0. The vulnerability could be exploited remotely to create a denial of service (DoS).
 (HPSBMA02481 SSRT090113)

 - Potential security vulnerabilities have been identified with HP OpenView Storage Data Protector running on HP-UX, Windows, Linux and Solaris. These vulnerabilities could be exploited remotely to execute arbitrary code.
 (HPSBMA02252 SSRT061258, SSRT061259)

Solution

Install patch PHSS_36623 or subsequent.

See Also

https://www.tenable.com/security/research/tra-2009-04

http://www.nessus.org/u?5bd45cd2

http://www.nessus.org/u?0a593fc9

Plugin Details

Severity: Critical

ID: 43137

File Name: hpux_PHSS_36623.nasl

Version: 1.21

Type: local

Published: 12/14/2009

Updated: 1/11/2021

Risk Information

VPR

Risk Factor: High

Score: 7.4

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 8.3

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: E:F/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/o:hp:hp-ux

Required KB Items: Host/local_checks_enabled, Host/HP-UX/version, Host/HP-UX/swlist

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 12/8/2009

Exploitable With

CANVAS (White_Phosphorus)

Core Impact

Metasploit (HP OmniInet.exe MSG_PROTOCOL Buffer Overflow)

Reference Information

CVE: CVE-2007-2280, CVE-2007-2281, CVE-2009-3844

TRA: TRA-2009-04

HP: emr_na-c01124817, emr_na-c01943909, SSRT061258, SSRT061259, SSRT090113

CWE: 119, 189