HP-UX PHSS_40374 : s700_800 11.X OV NNM7.53 PA-RISC Intermediate Patch 25

critical Nessus Plugin ID 43142
New! Vulnerability Priority Rating (VPR)

Tenable calculates a dynamic VPR for every vulnerability. VPR combines vulnerability information with threat intelligence and machine learning algorithms to predict which vulnerabilities are most likely to be exploited in attacks. Read more about what VPR is and how it is different from CVSS.

VPR Score: 9.4


The remote HP-UX host is missing a security-related patch.


s700_800 11.X OV NNM7.53 PA-RISC Intermediate Patch 25 :

The remote HP-UX host is affected by multiple vulnerabilities :

- Potential security vulnerabilities have been identified with HP OpenView Network Node Manager (OV NNM). These vulnerabilities could be exploited remotely to execute arbitrary code. References: CVE-2009-0898 (SSRT090101) CVE-2009-3845 (SSRT090037, ZDI-CAN-453) CVE-2009-3846 (SSRT090122, ZDI-CAN-526) CVE-2009-3847 (SSRT090128, ZDI-CAN-532) CVE-2009-3848 (SSRT090129, ZDI-CAN-522) CVE-2009-3849 (SSRT090130, ZDI-CAN-523) CVE-2009-4176 (SSRT090131, ZDI-CAN-532) CVE-2009-4177 (SSRT090132, ZDI-CAN-538) CVE-2009-4178 (SSRT090133, ZDI-CAN-539) CVE-2009-4179 (SSRT090134, ZDI-CAN-540) CVE-2009-4180 (SSRT090135, ZDI-CAN-542) CVE-2009-4181 (SSRT090164, ZDI-CAN-549). (HPSBMA02483 SSRT090257)

- Potential security vulnerabilities have been identified with the Java Runtime Environment (JRE) and Java Developer Kit (JDK) delivered with HP OpenView Network Node Manager (OV NNM). These vulnerabilities may allow remote unauthorized access, privilege escalation, execution of arbitrary code, and creation of a Denial of Service (DoS) . (HPSBMA02486 SSRT090049)


Install patch PHSS_40374 or subsequent.

See Also



Plugin Details

Severity: Critical

ID: 43142

File Name: hpux_PHSS_40374.nasl

Version: 1.39

Type: local

Published: 12/14/2009

Updated: 1/11/2021

Dependencies: 12634

Risk Information

Risk Factor: Critical

VPR Score: 9.4

CVSS v2.0

Base Score: 10

Temporal Score: 8.7

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: E:H/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/o:hp:hp-ux

Required KB Items: Host/local_checks_enabled, Host/HP-UX/version, Host/HP-UX/swlist

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 11/26/2009

Exploitable With

CANVAS (White_Phosphorus)

Core Impact

Metasploit (HP OpenView Network Node Manager ovalarm.exe CGI Buffer Overflow)

Reference Information

CVE: CVE-2008-2086, CVE-2008-5339, CVE-2008-5340, CVE-2008-5341, CVE-2008-5342, CVE-2008-5343, CVE-2008-5344, CVE-2008-5345, CVE-2008-5347, CVE-2008-5348, CVE-2008-5350, CVE-2008-5351, CVE-2008-5353, CVE-2008-5354, CVE-2008-5356, CVE-2008-5357, CVE-2008-5358, CVE-2008-5359, CVE-2008-5360, CVE-2009-0898, CVE-2009-3845, CVE-2009-3846, CVE-2009-3847, CVE-2009-3848, CVE-2009-3849, CVE-2009-4176, CVE-2009-4177, CVE-2009-4178, CVE-2009-4179, CVE-2009-4180, CVE-2009-4181

HP: emr_na-c01950877, emr_na-c02000725, SSRT090049, SSRT090257

CWE: 94, 119, 189, 200, 264