HP-UX PHSS_41606 : s700_800 11.X OV NNM7.53 PA-RISC Intermediate Patch 28

Critical Nessus Plugin ID 56843

Synopsis

The remote HP-UX host is missing a security-related patch.

Description

s700_800 11.X OV NNM7.53 PA-RISC Intermediate Patch 28 :

The remote HP-UX host is affected by multiple vulnerabilities :

- A potential vulnerability has been identified with HP OpenView Network Node Manager (OV NNM) running on Windows. The vulnerability could be exploited remotely to execute arbitrary code. References: CVE-2010-2703, ZDI-CAN-682. (HPSBMA02557 SSRT100025)

- Potential security vulnerabilities have been identified with HP OpenView Network Node Manager (OV NNM). The vulnerabilities could be exploited remotely to execute arbitrary code under the context of the user running the web server. References: CVE-2011-0261 (ZDI-CAN-753) CVE-2011-0262 (ZDI-CAN-757) CVE-2011-0263 (ZDI-CAN-774) CVE-2011-0264 (ZDI-CAN-810) CVE-2011-0265 (ZDI-CAN-931) CVE-2011-0266 (ZDI-CAN-932) CVE-2011-0267 (ZDI-CAN-933) CVE-2011-0268 (ZDI-CAN-934) CVE-2011-0269 (ZDI-CAN-935) CVE-2011-0270 (ZDI-CAN-936) CVE-2011-0271 (iDefense).
(HPSBMA02621 SSRT100352)

Solution

Install patch PHSS_41606 or subsequent.

See Also

http://www.nessus.org/u?dae68cca

http://www.nessus.org/u?5e3effcb

Plugin Details

Severity: Critical

ID: 56843

File Name: hpux_PHSS_41606.nasl

Version: $Revision: 1.9 $

Type: local

Published: 2012/03/06

Modified: 2014/03/12

Dependencies: 12634

Risk Information

Risk Factor: Critical

CVSSv2

Base Score: 10

Temporal Score: 8.3

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:F/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/o:hp:hp-ux

Required KB Items: Host/local_checks_enabled, Host/HP-UX/version, Host/HP-UX/swlist

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2010/12/20

Exploitable With

Core Impact

Metasploit (HP OpenView NNM nnmRptConfig.exe schdParams Buffer Overflow)

Reference Information

CVE: CVE-2010-2703, CVE-2011-0261, CVE-2011-0262, CVE-2011-0263, CVE-2011-0264, CVE-2011-0265, CVE-2011-0266, CVE-2011-0267, CVE-2011-0268, CVE-2011-0269, CVE-2011-0270, CVE-2011-0271

BID: 41829

HP: emr_na-c02286088, emr_na-c02670501, SSRT100025, SSRT100352