{"id": "HPUX_PHCO_42176.NASL", "bulletinFamily": "scanner", "title": "HP-UX PHCO_42176 : HP-UX running VEA, Remote Denial of Service (DoS), Execution of Arbitrary Code (HPSBUX02700 SSRT100506 rev.2)", "description": "s700_800 11.31 VRTS 5.0 VRTSob Command Patch : \n\nPotential security vulnerabilities have been identified in HP-UX\nrunning the Veritas Enterprise Administrator (VEA), which comes\nbundled with VxVM. The vulnerabilities could be exploited remotely to\ncreate a Denial of Service (DoS) or execute arbitrary code.\nReferences: CVE-2011-0547, ZDI-CAN-1110, ZDI-CAN-1111.", "published": "2012-03-06T00:00:00", "modified": "2012-03-06T00:00:00", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "href": "https://www.tenable.com/plugins/nessus/56827", "reporter": "This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["http://www.nessus.org/u?a55dd2ee"], "cvelist": ["CVE-2011-0546", "CVE-2011-0547"], "type": "nessus", "lastseen": "2021-01-12T11:32:03", "edition": 24, "viewCount": 7, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2011-0546", "CVE-2011-0547"]}, {"type": "nessus", "idList": ["HPUX_PHCO_42317.NASL", "HPUX_PHCO_42175.NASL", "HPUX_PHCO_42182.NASL", "HPUX_PHCO_42179.NASL", "HPUX_PHCO_42177.NASL", "HPUX_PHCO_42173.NASL", "HPUX_PHCO_42316.NASL", "HPUX_PHCO_42180.NASL", "HPUX_PHCO_42181.NASL", "HPUX_PHCO_42178.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310801798", "OPENVAS:801798"]}, {"type": "exploitdb", "idList": ["EDB-ID:17517"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:26878", "SECURITYVULNS:VULN:11893", "SECURITYVULNS:DOC:26879", "SECURITYVULNS:DOC:26972", "SECURITYVULNS:VULN:11870", "SECURITYVULNS:DOC:26877"]}, {"type": "seebug", "idList": ["SSV:20713"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:5E77B3444A6809D0E26BA749D23E30DE"]}, {"type": "zdi", "idList": ["ZDI-11-264", "ZDI-11-263", "ZDI-11-262"]}], "modified": "2021-01-12T11:32:03", "rev": 2}, "score": {"value": 9.5, "vector": "NONE", "modified": "2021-01-12T11:32:03", "rev": 2}, "vulnersScore": 9.5}, "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and patch checks in this plugin were \n# extracted from HP patch PHCO_42176. The text itself is\n# copyright (C) Hewlett-Packard Development Company, L.P.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(56827);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2011-0546\", \"CVE-2011-0547\");\n script_bugtraq_id(47824, 49014);\n script_xref(name:\"HP\", value:\"emr_na-c02962262\");\n script_xref(name:\"HP\", value:\"HPSBUX02700\");\n script_xref(name:\"HP\", value:\"SSRT100506\");\n script_xref(name:\"IAVB\", value:\"2011-B-0108\");\n\n script_name(english:\"HP-UX PHCO_42176 : HP-UX running VEA, Remote Denial of Service (DoS), Execution of Arbitrary Code (HPSBUX02700 SSRT100506 rev.2)\");\n script_summary(english:\"Checks for the patch in the swlist output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote HP-UX host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"s700_800 11.31 VRTS 5.0 VRTSob Command Patch : \n\nPotential security vulnerabilities have been identified in HP-UX\nrunning the Veritas Enterprise Administrator (VEA), which comes\nbundled with VxVM. The vulnerabilities could be exploited remotely to\ncreate a Denial of Service (DoS) or execute arbitrary code.\nReferences: CVE-2011-0547, ZDI-CAN-1110, ZDI-CAN-1111.\"\n );\n # http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02962262\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?a55dd2ee\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Install patch PHCO_42176 or subsequent.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:hp:hp-ux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/05/31\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/08/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/03/06\");\n script_set_attribute(attribute:\"patch_modification_date\", value:\"2011/10/24\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"HP-UX Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/HP-UX/version\", \"Host/HP-UX/swlist\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"hpux.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/HP-UX/version\")) audit(AUDIT_OS_NOT, \"HP-UX\");\nif (!get_kb_item(\"Host/HP-UX/swlist\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nif (!hpux_check_ctx(ctx:\"11.31\"))\n{\n exit(0, \"The host is not affected since PHCO_42176 applies to a different OS release.\");\n}\n\npatches = make_list(\"PHCO_42176\");\nforeach patch (patches)\n{\n if (hpux_installed(app:patch))\n {\n exit(0, \"The host is not affected because patch \"+patch+\" is installed.\");\n }\n}\n\n\nflag = 0;\nif (hpux_check_patch(app:\"VRTSob.VEAS-FILESET\", version:\"3.3.837.0\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:hpux_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "naslFamily": "HP-UX Local Security Checks", "pluginID": "56827", "cpe": ["cpe:/o:hp:hp-ux"], "scheme": null}

{"cve": [{"lastseen": "2021-02-02T05:50:58", "description": "Symantec Backup Exec 11.0, 12.0, 12.5, 13.0, and 13.0 R2 does not validate identity information sent between the media server and the remote agent, which allows man-in-the-middle attackers to execute NDMP commands via unspecified vectors.", "edition": 4, "cvss3": {}, "published": "2011-05-31T20:55:00", "title": "CVE-2011-0546", "type": "cve", "cwe": ["CWE-20"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 2.5, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 6.5, "vectorString": "AV:A/AC:H/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-0546"], "modified": "2016-08-23T02:03:00", "cpe": ["cpe:/a:symantec:backup_exec:13.0", "cpe:/a:symantec:backup_exec:12.5", "cpe:/a:symantec:backup_exec:11.0", "cpe:/a:symantec:backup_exec:12.0"], "id": "CVE-2011-0546", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-0546", "cvss": {"score": 6.5, "vector": "AV:A/AC:H/Au:S/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:symantec:backup_exec:12.5:*:*:*:*:*:*:*", "cpe:2.3:a:symantec:backup_exec:12.0:*:*:*:*:*:*:*", "cpe:2.3:a:symantec:backup_exec:11.0:*:*:*:*:*:*:*", "cpe:2.3:a:symantec:backup_exec:13.0:r2:*:*:*:*:*:*", "cpe:2.3:a:symantec:backup_exec:13.0:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T05:50:58", "description": "Multiple integer overflows in vxsvc.exe in the Veritas Enterprise Administrator service in Symantec Veritas Storage Foundation 5.1 and earlier, Veritas Storage Foundation Cluster File System (SFCFS) 5.1 and earlier, Veritas Storage Foundation Cluster File System Enterprise for Oracle RAC (SFCFSORAC) 5.1 and earlier, Veritas Dynamic Multi-Pathing (DMP) 5.1, and NetBackup PureDisk 6.5.x through 6.6.1.x allow remote attackers to execute arbitrary code via (1) a crafted Unicode string, related to the vxveautil.value_binary_unpack function; (2) a crafted ASCII string, related to the vxveautil.value_binary_unpack function; or (3) a crafted value, related to the vxveautil.kv_binary_unpack function, leading to a buffer overflow.", "edition": 6, "cvss3": {}, "published": "2011-08-19T21:55:00", "title": "CVE-2011-0547", "type": "cve", "cwe": ["CWE-189"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-0547"], "modified": "2017-09-19T01:32:00", "cpe": ["cpe:/a:symantec:veritas_storage_foundation:5.0", "cpe:/a:symantec:netbackup_puredisk:6.5.1.2", "cpe:/a:symantec:veritas_storage_foundation:5.1", "cpe:/a:symantec:veritas_dynamic_multi-pathing:5.1", "cpe:/a:symantec:netbackup_puredisk:6.5.1.1", "cpe:/a:symantec:netbackup_puredisk:6.5.0.1", "cpe:/a:symantec:netbackup_puredisk:6.6.1.1", "cpe:/a:symantec:netbackup_puredisk:6.5.1", "cpe:/a:symantec:veritas_storage_foundation_cluster_file_system_for_oracle_rac:5.1", "cpe:/a:symantec:netbackup_puredisk:6.6.1", "cpe:/a:symantec:netbackup_puredisk:6.6.1.2", "cpe:/a:symantec:veritas_storage_foundation_cluster_file_system_for_oracle_rac:5.0"], "id": "CVE-2011-0547", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-0547", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:symantec:veritas_storage_foundation:5.1:*:*:*:*:*:*:*", "cpe:2.3:a:symantec:netbackup_puredisk:6.6.1:*:*:*:*:*:*:*", "cpe:2.3:a:symantec:netbackup_puredisk:6.6.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:symantec:veritas_storage_foundation_cluster_file_system_for_oracle_rac:5.1:*:*:*:*:*:*:*", "cpe:2.3:a:symantec:netbackup_puredisk:6.5.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:symantec:veritas_storage_foundation:5.0:*:*:*:*:*:*:*", "cpe:2.3:a:symantec:veritas_dynamic_multi-pathing:5.1:*:*:*:*:*:*:*", "cpe:2.3:a:symantec:netbackup_puredisk:6.5.1:*:*:*:*:*:*:*", "cpe:2.3:a:symantec:netbackup_puredisk:6.6.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:symantec:netbackup_puredisk:6.5.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:symantec:netbackup_puredisk:6.5.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:symantec:veritas_storage_foundation_cluster_file_system_for_oracle_rac:5.0:*:*:*:*:*:*:*"]}], "nessus": [{"lastseen": "2021-01-12T11:32:03", "description": "s700_800 11.31 VRTS 5.1SP1 VRTSob Command Patch : \n\nPotential security vulnerabilities have been identified in HP-UX\nrunning the Veritas Enterprise Administrator (VEA), which comes\nbundled with VxVM. The vulnerabilities could be exploited remotely to\ncreate a Denial of Service (DoS) or execute arbitrary code.\nReferences: CVE-2011-0547, ZDI-CAN-1110, ZDI-CAN-1111.", "edition": 16, "published": "2012-03-06T00:00:00", "title": "HP-UX PHCO_42182 : HP-UX running VEA, Remote Denial of Service (DoS), Execution of Arbitrary Code (HPSBUX02700 SSRT100506 rev.2)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-0546", "CVE-2011-0547"], "modified": "2012-03-06T00:00:00", "cpe": ["cpe:/o:hp:hp-ux"], "id": "HPUX_PHCO_42182.NASL", "href": "https://www.tenable.com/plugins/nessus/56833", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and patch checks in this plugin were \n# extracted from HP patch PHCO_42182. The text itself is\n# copyright (C) Hewlett-Packard Development Company, L.P.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(56833);\n script_version(\"1.18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2011-0546\", \"CVE-2011-0547\");\n script_bugtraq_id(47824, 49014);\n script_xref(name:\"HP\", value:\"emr_na-c02962262\");\n script_xref(name:\"HP\", value:\"HPSBUX02700\");\n script_xref(name:\"HP\", value:\"SSRT100506\");\n script_xref(name:\"IAVB\", value:\"2011-B-0108\");\n\n script_name(english:\"HP-UX PHCO_42182 : HP-UX running VEA, Remote Denial of Service (DoS), Execution of Arbitrary Code (HPSBUX02700 SSRT100506 rev.2)\");\n script_summary(english:\"Checks for the patch in the swlist output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote HP-UX host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"s700_800 11.31 VRTS 5.1SP1 VRTSob Command Patch : \n\nPotential security vulnerabilities have been identified in HP-UX\nrunning the Veritas Enterprise Administrator (VEA), which comes\nbundled with VxVM. The vulnerabilities could be exploited remotely to\ncreate a Denial of Service (DoS) or execute arbitrary code.\nReferences: CVE-2011-0547, ZDI-CAN-1110, ZDI-CAN-1111.\"\n );\n # http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02962262\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?a55dd2ee\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Install patch PHCO_42182 or subsequent.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:hp:hp-ux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/05/31\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/08/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/03/06\");\n script_set_attribute(attribute:\"patch_modification_date\", value:\"2011/10/24\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"HP-UX Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/HP-UX/version\", \"Host/HP-UX/swlist\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"hpux.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/HP-UX/version\")) audit(AUDIT_OS_NOT, \"HP-UX\");\nif (!get_kb_item(\"Host/HP-UX/swlist\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nif (!hpux_check_ctx(ctx:\"11.31\"))\n{\n exit(0, \"The host is not affected since PHCO_42182 applies to a different OS release.\");\n}\n\npatches = make_list(\"PHCO_42182\", \"PHCO_42319\", \"PHCO_42320\", \"PHCO_44755\");\nforeach patch (patches)\n{\n if (hpux_installed(app:patch))\n {\n exit(0, \"The host is not affected because patch \"+patch+\" is installed.\");\n }\n}\n\n\nflag = 0;\nif (hpux_check_patch(app:\"VRTSob.VEAS-FILESET\", version:\"3.4.296.0\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:hpux_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-12T11:32:03", "description": "s700_800 11.23 VRTS 5.0 VRTSob Command Patch : \n\nPotential security vulnerabilities have been identified in HP-UX\nrunning the Veritas Enterprise Administrator (VEA), which comes\nbundled with VxVM. The vulnerabilities could be exploited remotely to\ncreate a Denial of Service (DoS) or execute arbitrary code.\nReferences: CVE-2011-0547, ZDI-CAN-1110, ZDI-CAN-1111.", "edition": 24, "published": "2012-03-06T00:00:00", "title": "HP-UX PHCO_42180 : HP-UX running VEA, Remote Denial of Service (DoS), Execution of Arbitrary Code (HPSBUX02700 SSRT100506 rev.2)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-0546", "CVE-2011-0547"], "modified": "2012-03-06T00:00:00", "cpe": ["cpe:/o:hp:hp-ux"], "id": "HPUX_PHCO_42180.NASL", "href": "https://www.tenable.com/plugins/nessus/56831", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and patch checks in this plugin were \n# extracted from HP patch PHCO_42180. The text itself is\n# copyright (C) Hewlett-Packard Development Company, L.P.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(56831);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2011-0546\", \"CVE-2011-0547\");\n script_bugtraq_id(47824, 49014);\n script_xref(name:\"HP\", value:\"emr_na-c02962262\");\n script_xref(name:\"HP\", value:\"HPSBUX02700\");\n script_xref(name:\"HP\", value:\"SSRT100506\");\n script_xref(name:\"IAVB\", value:\"2011-B-0108\");\n\n script_name(english:\"HP-UX PHCO_42180 : HP-UX running VEA, Remote Denial of Service (DoS), Execution of Arbitrary Code (HPSBUX02700 SSRT100506 rev.2)\");\n script_summary(english:\"Checks for the patch in the swlist output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote HP-UX host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"s700_800 11.23 VRTS 5.0 VRTSob Command Patch : \n\nPotential security vulnerabilities have been identified in HP-UX\nrunning the Veritas Enterprise Administrator (VEA), which comes\nbundled with VxVM. The vulnerabilities could be exploited remotely to\ncreate a Denial of Service (DoS) or execute arbitrary code.\nReferences: CVE-2011-0547, ZDI-CAN-1110, ZDI-CAN-1111.\"\n );\n # http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02962262\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?a55dd2ee\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Install patch PHCO_42180 or subsequent.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:hp:hp-ux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/05/31\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/08/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/03/06\");\n script_set_attribute(attribute:\"patch_modification_date\", value:\"2011/10/24\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"HP-UX Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/HP-UX/version\", \"Host/HP-UX/swlist\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"hpux.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/HP-UX/version\")) audit(AUDIT_OS_NOT, \"HP-UX\");\nif (!get_kb_item(\"Host/HP-UX/swlist\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nif (!hpux_check_ctx(ctx:\"11.23\"))\n{\n exit(0, \"The host is not affected since PHCO_42180 applies to a different OS release.\");\n}\n\npatches = make_list(\"PHCO_42180\");\nforeach patch (patches)\n{\n if (hpux_installed(app:patch))\n {\n exit(0, \"The host is not affected because patch \"+patch+\" is installed.\");\n }\n}\n\n\nflag = 0;\nif (hpux_check_patch(app:\"VRTSob.VEAS-FILESET\", version:\"3.3.721.0\")) flag++;\nif (hpux_check_patch(app:\"VRTSob.VEAS-FILESET\", version:\"3.3.722.0\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:hpux_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-12T11:32:03", "description": "s700_800 11.23 VRTS 5.0 VRTSobc33 Command Patch : \n\nPotential security vulnerabilities have been identified in HP-UX\nrunning the Veritas Enterprise Administrator (VEA), which comes\nbundled with VxVM. The vulnerabilities could be exploited remotely to\ncreate a Denial of Service (DoS) or execute arbitrary code.\nReferences: CVE-2011-0547, ZDI-CAN-1110, ZDI-CAN-1111.", "edition": 24, "published": "2012-03-06T00:00:00", "title": "HP-UX PHCO_42181 : HP-UX running VEA, Remote Denial of Service (DoS), Execution of Arbitrary Code (HPSBUX02700 SSRT100506 rev.2)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-0546", "CVE-2011-0547"], "modified": "2012-03-06T00:00:00", "cpe": ["cpe:/o:hp:hp-ux"], "id": "HPUX_PHCO_42181.NASL", "href": "https://www.tenable.com/plugins/nessus/56832", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and patch checks in this plugin were \n# extracted from HP patch PHCO_42181. The text itself is\n# copyright (C) Hewlett-Packard Development Company, L.P.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(56832);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2011-0546\", \"CVE-2011-0547\");\n script_bugtraq_id(47824, 49014);\n script_xref(name:\"HP\", value:\"emr_na-c02962262\");\n script_xref(name:\"HP\", value:\"HPSBUX02700\");\n script_xref(name:\"HP\", value:\"SSRT100506\");\n script_xref(name:\"IAVB\", value:\"2011-B-0108\");\n\n script_name(english:\"HP-UX PHCO_42181 : HP-UX running VEA, Remote Denial of Service (DoS), Execution of Arbitrary Code (HPSBUX02700 SSRT100506 rev.2)\");\n script_summary(english:\"Checks for the patch in the swlist output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote HP-UX host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"s700_800 11.23 VRTS 5.0 VRTSobc33 Command Patch : \n\nPotential security vulnerabilities have been identified in HP-UX\nrunning the Veritas Enterprise Administrator (VEA), which comes\nbundled with VxVM. The vulnerabilities could be exploited remotely to\ncreate a Denial of Service (DoS) or execute arbitrary code.\nReferences: CVE-2011-0547, ZDI-CAN-1110, ZDI-CAN-1111.\"\n );\n # http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02962262\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?a55dd2ee\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Install patch PHCO_42181 or subsequent.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:hp:hp-ux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/05/31\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/08/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/03/06\");\n script_set_attribute(attribute:\"patch_modification_date\", value:\"2011/10/24\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"HP-UX Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/HP-UX/version\", \"Host/HP-UX/swlist\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"hpux.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/HP-UX/version\")) audit(AUDIT_OS_NOT, \"HP-UX\");\nif (!get_kb_item(\"Host/HP-UX/swlist\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nif (!hpux_check_ctx(ctx:\"11.23\"))\n{\n exit(0, \"The host is not affected since PHCO_42181 applies to a different OS release.\");\n}\n\npatches = make_list(\"PHCO_42181\");\nforeach patch (patches)\n{\n if (hpux_installed(app:patch))\n {\n exit(0, \"The host is not affected because patch \"+patch+\" is installed.\");\n }\n}\n\n\nflag = 0;\nif (hpux_check_patch(app:\"VRTSobc33.VRTSOBC33\", version:\"3.3.721.0\")) flag++;\nif (hpux_check_patch(app:\"VRTSobc33.VRTSOBC33\", version:\"3.3.722.0\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:hpux_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-12T11:32:03", "description": "s700_800 11.31 VRTS 5.0 VRTSobc33 Command Patch : \n\nPotential security vulnerabilities have been identified in HP-UX\nrunning the Veritas Enterprise Administrator (VEA), which comes\nbundled with VxVM. The vulnerabilities could be exploited remotely to\ncreate a Denial of Service (DoS) or execute arbitrary code.\nReferences: CVE-2011-0547, ZDI-CAN-1110, ZDI-CAN-1111.", "edition": 24, "published": "2012-03-06T00:00:00", "title": "HP-UX PHCO_42177 : HP-UX running VEA, Remote Denial of Service (DoS), Execution of Arbitrary Code (HPSBUX02700 SSRT100506 rev.2)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-0546", "CVE-2011-0547"], "modified": "2012-03-06T00:00:00", "cpe": ["cpe:/o:hp:hp-ux"], "id": "HPUX_PHCO_42177.NASL", "href": "https://www.tenable.com/plugins/nessus/56828", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and patch checks in this plugin were \n# extracted from HP patch PHCO_42177. The text itself is\n# copyright (C) Hewlett-Packard Development Company, L.P.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(56828);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2011-0546\", \"CVE-2011-0547\");\n script_bugtraq_id(47824, 49014);\n script_xref(name:\"HP\", value:\"emr_na-c02962262\");\n script_xref(name:\"HP\", value:\"HPSBUX02700\");\n script_xref(name:\"HP\", value:\"SSRT100506\");\n script_xref(name:\"IAVB\", value:\"2011-B-0108\");\n\n script_name(english:\"HP-UX PHCO_42177 : HP-UX running VEA, Remote Denial of Service (DoS), Execution of Arbitrary Code (HPSBUX02700 SSRT100506 rev.2)\");\n script_summary(english:\"Checks for the patch in the swlist output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote HP-UX host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"s700_800 11.31 VRTS 5.0 VRTSobc33 Command Patch : \n\nPotential security vulnerabilities have been identified in HP-UX\nrunning the Veritas Enterprise Administrator (VEA), which comes\nbundled with VxVM. The vulnerabilities could be exploited remotely to\ncreate a Denial of Service (DoS) or execute arbitrary code.\nReferences: CVE-2011-0547, ZDI-CAN-1110, ZDI-CAN-1111.\"\n );\n # http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02962262\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?a55dd2ee\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Install patch PHCO_42177 or subsequent.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:hp:hp-ux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/05/31\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/08/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/03/06\");\n script_set_attribute(attribute:\"patch_modification_date\", value:\"2011/10/24\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"HP-UX Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/HP-UX/version\", \"Host/HP-UX/swlist\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"hpux.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/HP-UX/version\")) audit(AUDIT_OS_NOT, \"HP-UX\");\nif (!get_kb_item(\"Host/HP-UX/swlist\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nif (!hpux_check_ctx(ctx:\"11.31\"))\n{\n exit(0, \"The host is not affected since PHCO_42177 applies to a different OS release.\");\n}\n\npatches = make_list(\"PHCO_42177\");\nforeach patch (patches)\n{\n if (hpux_installed(app:patch))\n {\n exit(0, \"The host is not affected because patch \"+patch+\" is installed.\");\n }\n}\n\n\nflag = 0;\nif (hpux_check_patch(app:\"VRTSobc33.VRTSOBC33\", version:\"3.3.837.0\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:hpux_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-12T11:32:03", "description": "s700_800 11.31 VERITAS Enterprise Administrator Srvc Patch : \n\nPotential security vulnerabilities have been identified in HP-UX\nrunning the Veritas Enterprise Administrator (VEA), which comes\nbundled with VxVM. The vulnerabilities could be exploited remotely to\ncreate a Denial of Service (DoS) or execute arbitrary code.\nReferences: CVE-2011-0547, ZDI-CAN-1110, ZDI-CAN-1111.", "edition": 24, "published": "2012-03-06T00:00:00", "title": "HP-UX PHCO_42316 : HP-UX running VEA, Remote Denial of Service (DoS), Execution of Arbitrary Code (HPSBUX02700 SSRT100506 rev.2)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-0546", "CVE-2011-0547"], "modified": "2012-03-06T00:00:00", "cpe": ["cpe:/o:hp:hp-ux"], "id": "HPUX_PHCO_42316.NASL", "href": "https://www.tenable.com/plugins/nessus/56834", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and patch checks in this plugin were \n# extracted from HP patch PHCO_42316. The text itself is\n# copyright (C) Hewlett-Packard Development Company, L.P.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(56834);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2011-0546\", \"CVE-2011-0547\");\n script_bugtraq_id(47824, 49014);\n script_xref(name:\"HP\", value:\"emr_na-c02962262\");\n script_xref(name:\"HP\", value:\"HPSBUX02700\");\n script_xref(name:\"HP\", value:\"SSRT100506\");\n script_xref(name:\"IAVB\", value:\"2011-B-0108\");\n\n script_name(english:\"HP-UX PHCO_42316 : HP-UX running VEA, Remote Denial of Service (DoS), Execution of Arbitrary Code (HPSBUX02700 SSRT100506 rev.2)\");\n script_summary(english:\"Checks for the patch in the swlist output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote HP-UX host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"s700_800 11.31 VERITAS Enterprise Administrator Srvc Patch : \n\nPotential security vulnerabilities have been identified in HP-UX\nrunning the Veritas Enterprise Administrator (VEA), which comes\nbundled with VxVM. The vulnerabilities could be exploited remotely to\ncreate a Denial of Service (DoS) or execute arbitrary code.\nReferences: CVE-2011-0547, ZDI-CAN-1110, ZDI-CAN-1111.\"\n );\n # http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02962262\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?a55dd2ee\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Install patch PHCO_42316 or subsequent.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:hp:hp-ux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/05/31\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/08/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/03/06\");\n script_set_attribute(attribute:\"patch_modification_date\", value:\"2011/10/24\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"HP-UX Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/HP-UX/version\", \"Host/HP-UX/swlist\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"hpux.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/HP-UX/version\")) audit(AUDIT_OS_NOT, \"HP-UX\");\nif (!get_kb_item(\"Host/HP-UX/swlist\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nif (!hpux_check_ctx(ctx:\"11.31\"))\n{\n exit(0, \"The host is not affected since PHCO_42316 applies to a different OS release.\");\n}\n\npatches = make_list(\"PHCO_42316\");\nforeach patch (patches)\n{\n if (hpux_installed(app:patch))\n {\n exit(0, \"The host is not affected because patch \"+patch+\" is installed.\");\n }\n}\n\n\nflag = 0;\nif (hpux_check_patch(app:\"VRTSob.VEAS-FILESET\", version:\"3.2.555.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:hpux_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-12T11:32:03", "description": "s700_800 11.31 VRTS 5.0.1 VRTSob Command Patch : \n\nPotential security vulnerabilities have been identified in HP-UX\nrunning the Veritas Enterprise Administrator (VEA), which comes\nbundled with VxVM. The vulnerabilities could be exploited remotely to\ncreate a Denial of Service (DoS) or execute arbitrary code.\nReferences: CVE-2011-0547, ZDI-CAN-1110, ZDI-CAN-1111.", "edition": 24, "published": "2012-03-06T00:00:00", "title": "HP-UX PHCO_42178 : HP-UX running VEA, Remote Denial of Service (DoS), Execution of Arbitrary Code (HPSBUX02700 SSRT100506 rev.2)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-0546", "CVE-2011-0547"], "modified": "2012-03-06T00:00:00", "cpe": ["cpe:/o:hp:hp-ux"], "id": "HPUX_PHCO_42178.NASL", "href": "https://www.tenable.com/plugins/nessus/56829", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and patch checks in this plugin were \n# extracted from HP patch PHCO_42178. The text itself is\n# copyright (C) Hewlett-Packard Development Company, L.P.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(56829);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2011-0546\", \"CVE-2011-0547\");\n script_bugtraq_id(47824, 49014);\n script_xref(name:\"HP\", value:\"emr_na-c02962262\");\n script_xref(name:\"HP\", value:\"HPSBUX02700\");\n script_xref(name:\"HP\", value:\"SSRT100506\");\n script_xref(name:\"IAVB\", value:\"2011-B-0108\");\n\n script_name(english:\"HP-UX PHCO_42178 : HP-UX running VEA, Remote Denial of Service (DoS), Execution of Arbitrary Code (HPSBUX02700 SSRT100506 rev.2)\");\n script_summary(english:\"Checks for the patch in the swlist output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote HP-UX host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"s700_800 11.31 VRTS 5.0.1 VRTSob Command Patch : \n\nPotential security vulnerabilities have been identified in HP-UX\nrunning the Veritas Enterprise Administrator (VEA), which comes\nbundled with VxVM. The vulnerabilities could be exploited remotely to\ncreate a Denial of Service (DoS) or execute arbitrary code.\nReferences: CVE-2011-0547, ZDI-CAN-1110, ZDI-CAN-1111.\"\n );\n # http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02962262\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?a55dd2ee\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Install patch PHCO_42178 or subsequent.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:hp:hp-ux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/05/31\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/08/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/03/06\");\n script_set_attribute(attribute:\"patch_modification_date\", value:\"2011/10/24\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"HP-UX Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/HP-UX/version\", \"Host/HP-UX/swlist\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"hpux.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/HP-UX/version\")) audit(AUDIT_OS_NOT, \"HP-UX\");\nif (!get_kb_item(\"Host/HP-UX/swlist\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nif (!hpux_check_ctx(ctx:\"11.31\"))\n{\n exit(0, \"The host is not affected since PHCO_42178 applies to a different OS release.\");\n}\n\npatches = make_list(\"PHCO_42178\");\nforeach patch (patches)\n{\n if (hpux_installed(app:patch))\n {\n exit(0, \"The host is not affected because patch \"+patch+\" is installed.\");\n }\n}\n\n\nflag = 0;\nif (hpux_check_patch(app:\"VRTSob.VEAS-FILESET\", version:\"3.3.1510.0\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:hpux_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-12T11:32:03", "description": "s700_800 11.23 VERITAS Enterprise Administrator Srvc Patch : \n\nPotential security vulnerabilities have been identified in HP-UX\nrunning the Veritas Enterprise Administrator (VEA), which comes\nbundled with VxVM. The vulnerabilities could be exploited remotely to\ncreate a Denial of Service (DoS) or execute arbitrary code.\nReferences: CVE-2011-0547, ZDI-CAN-1110, ZDI-CAN-1111.", "edition": 24, "published": "2012-03-06T00:00:00", "title": "HP-UX PHCO_42173 : HP-UX running VEA, Remote Denial of Service (DoS), Execution of Arbitrary Code (HPSBUX02700 SSRT100506 rev.2)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-0546", "CVE-2011-0547"], "modified": "2012-03-06T00:00:00", "cpe": ["cpe:/o:hp:hp-ux"], "id": "HPUX_PHCO_42173.NASL", "href": "https://www.tenable.com/plugins/nessus/56825", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and patch checks in this plugin were \n# extracted from HP patch PHCO_42173. The text itself is\n# copyright (C) Hewlett-Packard Development Company, L.P.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(56825);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2011-0546\", \"CVE-2011-0547\");\n script_bugtraq_id(47824, 49014);\n script_xref(name:\"HP\", value:\"emr_na-c02962262\");\n script_xref(name:\"HP\", value:\"HPSBUX02700\");\n script_xref(name:\"HP\", value:\"SSRT100506\");\n script_xref(name:\"IAVB\", value:\"2011-B-0108\");\n\n script_name(english:\"HP-UX PHCO_42173 : HP-UX running VEA, Remote Denial of Service (DoS), Execution of Arbitrary Code (HPSBUX02700 SSRT100506 rev.2)\");\n script_summary(english:\"Checks for the patch in the swlist output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote HP-UX host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"s700_800 11.23 VERITAS Enterprise Administrator Srvc Patch : \n\nPotential security vulnerabilities have been identified in HP-UX\nrunning the Veritas Enterprise Administrator (VEA), which comes\nbundled with VxVM. The vulnerabilities could be exploited remotely to\ncreate a Denial of Service (DoS) or execute arbitrary code.\nReferences: CVE-2011-0547, ZDI-CAN-1110, ZDI-CAN-1111.\"\n );\n # http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02962262\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?a55dd2ee\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Install patch PHCO_42173 or subsequent.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:hp:hp-ux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/05/31\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/08/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/03/06\");\n script_set_attribute(attribute:\"patch_modification_date\", value:\"2011/10/24\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"HP-UX Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/HP-UX/version\", \"Host/HP-UX/swlist\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"hpux.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/HP-UX/version\")) audit(AUDIT_OS_NOT, \"HP-UX\");\nif (!get_kb_item(\"Host/HP-UX/swlist\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nif (!hpux_check_ctx(ctx:\"11.23\"))\n{\n exit(0, \"The host is not affected since PHCO_42173 applies to a different OS release.\");\n}\n\npatches = make_list(\"PHCO_42173\");\nforeach patch (patches)\n{\n if (hpux_installed(app:patch))\n {\n exit(0, \"The host is not affected because patch \"+patch+\" is installed.\");\n }\n}\n\n\nflag = 0;\nif (hpux_check_patch(app:\"VRTSob.VEAS-FILESET\", version:\"3.2.532.0.100\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:hpux_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-12T11:32:03", "description": "s700_800 11.11 VERITAS Enterprise Administrator Srvc Patch : \n\nPotential security vulnerabilities have been identified in HP-UX\nrunning the Veritas Enterprise Administrator (VEA), which comes\nbundled with VxVM. The vulnerabilities could be exploited remotely to\ncreate a Denial of Service (DoS) or execute arbitrary code.\nReferences: CVE-2011-0547, ZDI-CAN-1110, ZDI-CAN-1111.", "edition": 24, "published": "2012-03-06T00:00:00", "title": "HP-UX PHCO_42175 : HP-UX running VEA, Remote Denial of Service (DoS), Execution of Arbitrary Code (HPSBUX02700 SSRT100506 rev.2)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-0546", "CVE-2011-0547"], "modified": "2012-03-06T00:00:00", "cpe": ["cpe:/o:hp:hp-ux"], "id": "HPUX_PHCO_42175.NASL", "href": "https://www.tenable.com/plugins/nessus/56826", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and patch checks in this plugin were \n# extracted from HP patch PHCO_42175. The text itself is\n# copyright (C) Hewlett-Packard Development Company, L.P.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(56826);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2011-0546\", \"CVE-2011-0547\");\n script_bugtraq_id(47824, 49014);\n script_xref(name:\"HP\", value:\"emr_na-c02962262\");\n script_xref(name:\"HP\", value:\"HPSBUX02700\");\n script_xref(name:\"HP\", value:\"SSRT100506\");\n script_xref(name:\"IAVB\", value:\"2011-B-0108\");\n\n script_name(english:\"HP-UX PHCO_42175 : HP-UX running VEA, Remote Denial of Service (DoS), Execution of Arbitrary Code (HPSBUX02700 SSRT100506 rev.2)\");\n script_summary(english:\"Checks for the patch in the swlist output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote HP-UX host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"s700_800 11.11 VERITAS Enterprise Administrator Srvc Patch : \n\nPotential security vulnerabilities have been identified in HP-UX\nrunning the Veritas Enterprise Administrator (VEA), which comes\nbundled with VxVM. The vulnerabilities could be exploited remotely to\ncreate a Denial of Service (DoS) or execute arbitrary code.\nReferences: CVE-2011-0547, ZDI-CAN-1110, ZDI-CAN-1111.\"\n );\n # http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02962262\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?a55dd2ee\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Install patch PHCO_42175 or subsequent.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:hp:hp-ux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/05/31\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/08/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/03/06\");\n script_set_attribute(attribute:\"patch_modification_date\", value:\"2011/10/24\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"HP-UX Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/HP-UX/version\", \"Host/HP-UX/swlist\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"hpux.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/HP-UX/version\")) audit(AUDIT_OS_NOT, \"HP-UX\");\nif (!get_kb_item(\"Host/HP-UX/swlist\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nif (!hpux_check_ctx(ctx:\"11.11\"))\n{\n exit(0, \"The host is not affected since PHCO_42175 applies to a different OS release.\");\n}\n\npatches = make_list(\"PHCO_42175\");\nforeach patch (patches)\n{\n if (hpux_installed(app:patch))\n {\n exit(0, \"The host is not affected because patch \"+patch+\" is installed.\");\n }\n}\n\n\nflag = 0;\nif (hpux_check_patch(app:\"VRTSob.VEAS-FILESET\", version:\"3.0.2.261a\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:hpux_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-12T11:32:03", "description": "s700_800 11.31 VRTS 5.0.1 VRTSobc33 Command Patch : \n\nPotential security vulnerabilities have been identified in HP-UX\nrunning the Veritas Enterprise Administrator (VEA), which comes\nbundled with VxVM. The vulnerabilities could be exploited remotely to\ncreate a Denial of Service (DoS) or execute arbitrary code.\nReferences: CVE-2011-0547, ZDI-CAN-1110, ZDI-CAN-1111.", "edition": 24, "published": "2012-03-06T00:00:00", "title": "HP-UX PHCO_42179 : HP-UX running VEA, Remote Denial of Service (DoS), Execution of Arbitrary Code (HPSBUX02700 SSRT100506 rev.2)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-0546", "CVE-2011-0547"], "modified": "2012-03-06T00:00:00", "cpe": ["cpe:/o:hp:hp-ux"], "id": "HPUX_PHCO_42179.NASL", "href": "https://www.tenable.com/plugins/nessus/56830", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and patch checks in this plugin were \n# extracted from HP patch PHCO_42179. The text itself is\n# copyright (C) Hewlett-Packard Development Company, L.P.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(56830);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2011-0546\", \"CVE-2011-0547\");\n script_bugtraq_id(47824, 49014);\n script_xref(name:\"HP\", value:\"emr_na-c02962262\");\n script_xref(name:\"HP\", value:\"HPSBUX02700\");\n script_xref(name:\"HP\", value:\"SSRT100506\");\n script_xref(name:\"IAVB\", value:\"2011-B-0108\");\n\n script_name(english:\"HP-UX PHCO_42179 : HP-UX running VEA, Remote Denial of Service (DoS), Execution of Arbitrary Code (HPSBUX02700 SSRT100506 rev.2)\");\n script_summary(english:\"Checks for the patch in the swlist output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote HP-UX host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"s700_800 11.31 VRTS 5.0.1 VRTSobc33 Command Patch : \n\nPotential security vulnerabilities have been identified in HP-UX\nrunning the Veritas Enterprise Administrator (VEA), which comes\nbundled with VxVM. The vulnerabilities could be exploited remotely to\ncreate a Denial of Service (DoS) or execute arbitrary code.\nReferences: CVE-2011-0547, ZDI-CAN-1110, ZDI-CAN-1111.\"\n );\n # http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02962262\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?a55dd2ee\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Install patch PHCO_42179 or subsequent.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:hp:hp-ux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/05/31\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/08/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/03/06\");\n script_set_attribute(attribute:\"patch_modification_date\", value:\"2011/10/24\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"HP-UX Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/HP-UX/version\", \"Host/HP-UX/swlist\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"hpux.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/HP-UX/version\")) audit(AUDIT_OS_NOT, \"HP-UX\");\nif (!get_kb_item(\"Host/HP-UX/swlist\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nif (!hpux_check_ctx(ctx:\"11.31\"))\n{\n exit(0, \"The host is not affected since PHCO_42179 applies to a different OS release.\");\n}\n\npatches = make_list(\"PHCO_42179\");\nforeach patch (patches)\n{\n if (hpux_installed(app:patch))\n {\n exit(0, \"The host is not affected because patch \"+patch+\" is installed.\");\n }\n}\n\n\nflag = 0;\nif (hpux_check_patch(app:\"VRTSobc33.VRTSOBC33\", version:\"3.3.1510.0\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:hpux_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-12T11:32:03", "description": "s700_800 11.23 VRTS 3.5 VRTSob Command Patch : \n\nPotential security vulnerabilities have been identified in HP-UX\nrunning the Veritas Enterprise Administrator (VEA), which comes\nbundled with VxVM. The vulnerabilities could be exploited remotely to\ncreate a Denial of Service (DoS) or execute arbitrary code.\nReferences: CVE-2011-0547, ZDI-CAN-1110, ZDI-CAN-1111.", "edition": 24, "published": "2012-03-06T00:00:00", "title": "HP-UX PHCO_42317 : HP-UX running VEA, Remote Denial of Service (DoS), Execution of Arbitrary Code (HPSBUX02700 SSRT100506 rev.2)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-0546", "CVE-2011-0547"], "modified": "2012-03-06T00:00:00", "cpe": ["cpe:/o:hp:hp-ux"], "id": "HPUX_PHCO_42317.NASL", "href": "https://www.tenable.com/plugins/nessus/56835", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and patch checks in this plugin were \n# extracted from HP patch PHCO_42317. The text itself is\n# copyright (C) Hewlett-Packard Development Company, L.P.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(56835);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2011-0546\", \"CVE-2011-0547\");\n script_bugtraq_id(47824, 49014);\n script_xref(name:\"HP\", value:\"emr_na-c02962262\");\n script_xref(name:\"HP\", value:\"HPSBUX02700\");\n script_xref(name:\"HP\", value:\"SSRT100506\");\n script_xref(name:\"IAVB\", value:\"2011-B-0108\");\n\n script_name(english:\"HP-UX PHCO_42317 : HP-UX running VEA, Remote Denial of Service (DoS), Execution of Arbitrary Code (HPSBUX02700 SSRT100506 rev.2)\");\n script_summary(english:\"Checks for the patch in the swlist output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote HP-UX host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"s700_800 11.23 VRTS 3.5 VRTSob Command Patch : \n\nPotential security vulnerabilities have been identified in HP-UX\nrunning the Veritas Enterprise Administrator (VEA), which comes\nbundled with VxVM. The vulnerabilities could be exploited remotely to\ncreate a Denial of Service (DoS) or execute arbitrary code.\nReferences: CVE-2011-0547, ZDI-CAN-1110, ZDI-CAN-1111.\"\n );\n # http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02962262\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?a55dd2ee\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Install patch PHCO_42317 or subsequent.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:hp:hp-ux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/05/31\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/08/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/03/06\");\n script_set_attribute(attribute:\"patch_modification_date\", value:\"2011/10/24\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"HP-UX Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/HP-UX/version\", \"Host/HP-UX/swlist\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"hpux.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/HP-UX/version\")) audit(AUDIT_OS_NOT, \"HP-UX\");\nif (!get_kb_item(\"Host/HP-UX/swlist\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nif (!hpux_check_ctx(ctx:\"11.23\"))\n{\n exit(0, \"The host is not affected since PHCO_42317 applies to a different OS release.\");\n}\n\npatches = make_list(\"PHCO_42317\");\nforeach patch (patches)\n{\n if (hpux_installed(app:patch))\n {\n exit(0, \"The host is not affected because patch \"+patch+\" is installed.\");\n }\n}\n\n\nflag = 0;\nif (hpux_check_patch(app:\"VRTSob.VEAS-FILESET\", version:\"3.2.532.0.001\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:hpux_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "openvas": [{"lastseen": "2017-12-21T11:43:39", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-0546"], "description": "This host is installed with Symantec Backup Exec Products and is\n prone to arbitrary command execution vulnerability.", "modified": "2017-12-20T00:00:00", "published": "2011-06-17T00:00:00", "id": "OPENVAS:801798", "href": "http://plugins.openvas.org/nasl.php?oid=801798", "type": "openvas", "title": "Symantec Backup Exec Products Arbitrary Command Execution vulnerability", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_symantec_backup_exec_prdts_cmd_exec_vuln_win.nasl 8199 2017-12-20 13:37:22Z cfischer $\n#\n# Symantec Backup Exec Products Arbitrary Command Execution vulnerability\n#\n# Authors:\n# Madhuri D <dmadhuri@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_impact = \"Successful exploitation will allow remote attackers to cause privilege\n escalation by executing post authentication NDMP commands.\n Impact Level: Application.\";\ntag_affected = \"Symantec Backup Exec for Windows Servers versions 11.0, 12.0, 12.5\n Symantec Backup Exec 2010 versions 13.0, 13.0 R2\";\n\ntag_insight = \"The flaw is due to weakness in communication protocol implementation\n and lack of validation of identity information exchanged between media server\n and remote agent.\";\ntag_solution = \"Upgrade to the Symantec Backup Exec 2010 R3\n For updates refer to http://www.symantec.com/business/products/family.jsp?familyid=backupexec\";\ntag_summary = \"This host is installed with Symantec Backup Exec Products and is\n prone to arbitrary command execution vulnerability.\";\n\nif(description)\n{\n script_id(801798);\n script_version(\"$Revision: 8199 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-20 14:37:22 +0100 (Wed, 20 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-06-17 11:16:31 +0200 (Fri, 17 Jun 2011)\");\n script_cve_id(\"CVE-2011-0546\");\n script_bugtraq_id(47824);\n script_tag(name:\"cvss_base\", value:\"6.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:A/AC:H/Au:S/C:C/I:C/A:C\");\n script_name(\"Symantec Backup Exec Products Arbitrary Command Execution vulnerability\");\n script_xref(name : \"URL\" , value : \"http://secunia.com/advisories/44698\");\n script_xref(name : \"URL\" , value : \"http://www.symantec.com/business/security_response/securityupdates/detail.jsp?\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_symantec_backup_exec_detect.nasl\");\n script_mandatory_keys(\"Symantec/BackupExec/Win/Installed\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\n## Check for Symantec Backup Exec for Windows Servers Version\nservInfos = get_app_version_and_location( cpe:\"cpe:/a:symantec:veritas_backup_exec_for_windows_servers\" );\nservVers = servInfos['version'];\nservPath = servInfos['location'];\n\nif( servVers ) {\n if( version_in_range( version:servVers, test_version:\"11.0\", test_version2:\"12.5.2213\" ) ) {\n report = report_fixed_ver( installed_version:servVers, fixed_version:\"See references\", install_path:servPath );\n security_message( port:0, data:report );\n exit( 0 );\n }\n}\n\n## Check for Symantec Backup Exec for 2010 Version\ninfos = get_app_version_and_location( cpe:\"cpe:/a:symantec:backup_exec\", exit_no_version:TRUE );\nvers = infos['version'];\npath = infos['location'];\n\nif( version_in_range( version:vers, test_version:\"13.0\", test_version2:\"13.0.4164\" ) ) {\n report = report_fixed_ver( installed_version:vers, fixed_version:\"13.0 R3\", install_path:path );\n security_message( port:0, data:report );\n exit( 0 );\n}\n\nexit( 99 );", "cvss": {"score": 6.5, "vector": "AV:ADJACENT_NETWORK/AC:HIGH/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2020-05-19T17:44:19", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-0546"], "description": "This host is installed with Symantec Backup Exec Products and is\n prone to arbitrary command execution vulnerability.", "modified": "2020-05-15T00:00:00", "published": "2011-06-17T00:00:00", "id": "OPENVAS:1361412562310801798", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310801798", "type": "openvas", "title": "Symantec Backup Exec Products Arbitrary Command Execution vulnerability", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Symantec Backup Exec Products Arbitrary Command Execution vulnerability\n#\n# Authors:\n# Madhuri D <dmadhuri@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.801798\");\n script_version(\"2020-05-15T08:09:24+0000\");\n script_tag(name:\"last_modification\", value:\"2020-05-15 08:09:24 +0000 (Fri, 15 May 2020)\");\n script_tag(name:\"creation_date\", value:\"2011-06-17 11:16:31 +0200 (Fri, 17 Jun 2011)\");\n script_cve_id(\"CVE-2011-0546\");\n script_bugtraq_id(47824);\n script_tag(name:\"cvss_base\", value:\"6.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:A/AC:H/Au:S/C:C/I:C/A:C\");\n script_name(\"Symantec Backup Exec Products Arbitrary Command Execution vulnerability\");\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/44698\");\n script_xref(name:\"URL\", value:\"http://www.symantec.com/business/security_response/securityupdates/detail.jsp?\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2011 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_symantec_backup_exec_detect.nasl\");\n script_mandatory_keys(\"Symantec/BackupExec/Win/Installed\");\n\n script_tag(name:\"insight\", value:\"The flaw is due to weakness in communication protocol implementation\n and lack of validation of identity information exchanged between media server and remote agent.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to the Symantec Backup Exec 2010 R3\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Symantec Backup Exec Products and is\n prone to arbitrary command execution vulnerability.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote attackers to cause privilege\n escalation by executing post authentication NDMP commands.\");\n\n script_tag(name:\"affected\", value:\"Symantec Backup Exec for Windows Servers versions 11.0, 12.0, 12.5\n Symantec Backup Exec 2010 versions 13.0, 13.0 R2\");\n\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\ncpe_list = make_list( \"cpe:/a:symantec:veritas_backup_exec_for_windows_servers\", \"cpe:/a:symantec:backup_exec\" );\n\nif( ! infos = get_app_version_and_location_from_list( cpe_list:cpe_list, exit_no_version:TRUE ) )\n exit( 0 );\n\nvers = infos[\"version\"];\npath = infos[\"location\"];\ncpe = infos[\"cpe\"];\n\nif( \"cpe:/a:symantec:veritas_backup_exec_for_windows_servers\" >< cpe ) {\n if( version_in_range( version:vers, test_version:\"11.0\", test_version2:\"12.5.2213\" ) ) {\n report = report_fixed_ver( installed_version:vers, fixed_version:\"See references\", install_path:path );\n security_message( port:0, data:report );\n exit( 0 );\n }\n}\n\nelse if( \"cpe:/a:symantec:backup_exec\" >< cpe ) {\n if( version_in_range( version:vers, test_version:\"13.0\", test_version2:\"13.0.4164\" ) ) {\n report = report_fixed_ver( installed_version:vers, fixed_version:\"13.0 R3\", install_path:path );\n security_message( port:0, data:report );\n exit( 0 );\n }\n}\n\nexit( 99 );\n", "cvss": {"score": 6.5, "vector": "AV:A/AC:H/Au:S/C:C/I:C/A:C"}}], "exploitdb": [{"lastseen": "2016-02-02T08:01:27", "description": "Symantec Backup Exec 12.5 - MiTM Attack. CVE-2011-0546. Remote exploit for windows platform", "published": "2011-07-09T00:00:00", "type": "exploitdb", "title": "Symantec Backup Exec 12.5 - MiTM Attack", "bulletinFamily": "exploit", "cvelist": ["CVE-2011-0546"], "modified": "2011-07-09T00:00:00", "id": "EDB-ID:17517", "href": "https://www.exploit-db.com/exploits/17517/", "sourceData": "Exploit Title: Symantec Backup Exec MiTM Attack\r\nDate: 27/05/2011\r\nAuthor: Nibin\r\nSoftware Link: http://www.symantec.com/business/products/family.jsp?familyid=backupexec\r\nVersion:\r\n - Symantec Backup Exec for Windows Servers versions 11.0, 12.0, and 12.5\r\n - Symantec Backup Exec 2010 versions 13.0 and 13.0 R2\r\nTested on: Tested on Symantec Backup Exec 12.5 for Windows Servers\r\nCVE : CVE-2011-0546\r\nBID: 47824\r\n\r\nSymantec Disclosure link:\r\nhttp://www.symantec.com/business/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2011&suid=20110526_00\r\niViZ Disclosure link: goo.gl/1vzdE\r\n\r\nExploit Code: https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/17517.zip (SymantecReplay.zip)", "cvss": {"score": 6.5, "vector": "AV:ADJACENT_NETWORK/AC:HIGH/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "https://www.exploit-db.com/download/17517/"}], "securityvulns": [{"lastseen": "2018-08-31T11:09:43", "bulletinFamily": "software", "cvelist": ["CVE-2011-0546"], "description": "It&#39;s possible to execute privileged command remotely.", "edition": 1, "modified": "2011-09-05T00:00:00", "published": "2011-09-05T00:00:00", "id": "SECURITYVULNS:VULN:11893", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:11893", "title": "Symantec Veritas Backup Exec code execution", "type": "securityvulns", "cvss": {"score": 6.5, "vector": "AV:ADJACENT_NETWORK/AC:HIGH/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:41", "bulletinFamily": "software", "cvelist": ["CVE-2011-0546"], "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\nSUPPORT COMMUNICATION - SECURITY BULLETIN\r\n\r\nDocument ID: c02962262\r\nVersion: 1\r\n\r\nHPSBUX02700 SSRT100506 rev.1 - HP-UX running VEA, Remote Denial of Service &#40;DoS&#41;, Execution of Arbitrary Code\r\n\r\nNOTICE: The information in this Security Bulletin should be acted upon as soon as possible.\r\n\r\nRelease Date: 2011-08-24\r\nLast Updated: 2011-08-24\r\n\r\n -----------------------------------------------------------------------------\r\n\r\nPotential Security Impact: Remote Denial of Service &#40;DoS&#41;, execution of arbitrary code.\r\n\r\nSource: Hewlett-Packard Company, HP Software Security Response Team\r\n\r\nVULNERABILITY SUMMARY\r\nPotential security vulnerabilities have been identified in HP-UX running the Veritas Enterprise Administrator &#40;VEA&#41;, which comes bundled with VxVM. The vulnerabilities could be exploited remotely to create a Denial of Service &#40;DoS&#41; or execute arbitrary code.\r\n\r\nReferences: CVE-2011-0546, ZDI-CAN-1110, ZDI-CAN-1111\r\n\r\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.\r\nHP-UX B.11.11, HP-UX B.11.23, and HP-UX B.11.31\r\n\r\nBACKGROUND\r\n\r\nCVSS 2.0 Base Metrics\r\n==========================================================\r\n Reference Base Vector Base Score\r\nCVE-2011-0546 &#40;AV:N/ACL/Au:N/C:C/I:C/A:C&#41; 10\r\n==========================================================\r\n Information on CVSS is documented\r\n in HP Customer Notice: HPSN-2008-002\r\n\r\nThe Hewlett-Packard Company thanks Luigi Auriemma for working with TippingPoint.s Zero Day Initiative for reporting these vulnerabilities to security-alert@hp.com.\r\n\r\nRESOLUTION\r\n\r\nHP has made the following patches available to resolve this issue.\r\nThe patches are available from http://www.hp.com/go/HPSC\r\n\r\nOS Release\r\n VxFS version / Package\r\n Patch ID\r\n\r\nHP-UX B.11.11 / 3.5 / &#40;VRTSob&#41; / PHCO_42175 or subsequent\r\n\r\nHP-UX B.11.23 / 4.1 / &#40;VRTSob&#41; / PHCO_42173 or subsequent\r\n\r\nHP-UX B.11.23 / 5.0 / &#40;VRTSob&#41; / PHCO_42180 or subsequent\r\n\r\nHP-UX B.11.23 / 5.0 / &#40;VRTSobc&#41; / PHCO_42181 or subsequent\r\n\r\nHP-UX B.11.31 / 5.0 / &#40;VRTSob&#41; / PHCO_42176 or subsequent\r\n\r\nHP-UX B.11.31 / 5.0 / &#40;VRTSobc&#41; / PHCO_42177 or subsequent\r\n\r\nHP-UX B.11.31 / 5.0.1 / &#40;VRTSob&#41; / PHCO_42178 or subsequent\r\n\r\nHP-UX B.11.31 / 5.0.1 / &#40;VRTSobc&#41; / PHCO_42179 or subsequent\r\n\r\nHP-UX B.11.31 / 5.1 SP1 / &#40;VRTSob&#41; / PHCO_42182 or subsequent\r\n\r\nHP-UX B.11.23 / 3.5 / &#40;VRTSob&#41; / PHCO_42317 or subsequent\r\n\r\nHP-UX B.11.31 / 4.1 / &#40;VRTSob&#41; / PHCO_42316 or subsequent\r\n\r\nMANUAL ACTIONS: No\r\n\r\nPRODUCT SPECIFIC INFORMATION\r\n\r\nHP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check.\r\n\r\nIt analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX\r\n\r\nsystem. It can also download patches and create a depot automatically. For more information see:\r\n\r\nhttps://www.hp.com/go/swa\r\n\r\nThe following text is for use by the HP-UX Software Assistant.\r\n\r\nAFFECTED VERSIONS\r\n\r\nHP-UX B.11.11\r\n=============\r\nVRTSob.VEAS-FILESET\r\naction: install patch PHCO_42175 or subsequent\r\n\r\nHP-UX B.11.23\r\n=============\r\nVRTSob.VEAS-FILESET\r\naction: install patch PHCO_42173 or subsequent\r\nVRTSob.VEAS-FILESET\r\naction: install patch PHCO_42180 or subsequent\r\nVRTSobc33.VRTSOBC33\r\naction: install patch PHCO_42181 or subsequent\r\nVRTSob.VEAS-FILESET\r\naction: install patch PHCO_42317 or subsequent\r\n\r\nHP-UX B.11.31\r\n=============\r\nVRTSob.VEAS-FILESET\r\naction: install patch PHCO_42176 or subsequent\r\nVRTSobc33.VRTSOBC33\r\naction: install patch PHCO_42177 or subsequent\r\nVRTSob.VEAS-FILESET\r\naction: install patch PHCO_42178 or subsequent\r\nVRTSobc33.VRTSOBC33\r\naction: install patch PHCO_42179 or subsequent\r\nVRTSob.VEAS-FILESET\r\naction: install patch PHCO_42182 or subsequent\r\nVRTSob.VEAS-FILESET\r\naction: install patch PHCO_42316 or subsequent\r\nEND AFFECTED VERSIONS\r\n\r\nHISTORY\r\nVersion:1 &#40;rev.1&#41; - 24 August 2011 Initial release\r\n\r\nThird Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer&#39;s patch management policy.\r\n\r\nSupport: For further information, contact normal HP Services support channel.\r\n\r\nReport: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com\r\n\r\nSubscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins\r\n\r\nSecurity Bulletin List: A list of HP Security Bulletins, updated periodically, is contained in HP Security Notice HPSN-2011-001: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c02964430\r\n\r\n3C = 3COM\r\n3P = 3rd Party Software\r\nGN = HP General Software\r\nHF = HP Hardware and Firmware\r\nMP = MPE/iX\r\nMU = Multi-Platform Software\r\nNS = NonStop Servers\r\nOV = OpenVMS\r\nPI = Printing and Imaging\r\nPV = ProCurve\r\nST = Storage Software\r\nTU = Tru64 UNIX\r\nUX = HP-UX\r\n\r\nCopyright 2011 Hewlett-Packard Development Company, L.P.\r\nHewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided &quot;as is&quot; without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners.\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.10 &#40;GNU/Linux&#41;\r\n\r\niEYEARECAAYFAk5VVpkACgkQ4B86/C0qfVlm0gCg9bqLUJt45nkk6p4m64sWbPxQ\r\nkhUAnjQT9FxbGpxcbu7ClQAvuDW96CMF\r\n=cJDo\r\n-----END PGP SIGNATURE-----\r\n", "edition": 1, "modified": "2011-09-05T00:00:00", "published": "2011-09-05T00:00:00", "id": "SECURITYVULNS:DOC:26972", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:26972", "title": "[security bulletin] HPSBUX02700 SSRT100506 rev.1 - HP-UX running VEA, Remote Denial of Service &#40;DoS&#41;, Execution of Arbitrary Code", "type": "securityvulns", "cvss": {"score": 6.5, "vector": "AV:ADJACENT_NETWORK/AC:HIGH/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:09:43", "bulletinFamily": "software", "cvelist": ["CVE-2011-0547"], "description": "Multiple vulnerabilities on TCP/2148 request parsing.", "edition": 1, "modified": "2011-08-17T00:00:00", "published": "2011-08-17T00:00:00", "id": "SECURITYVULNS:VULN:11870", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:11870", "title": "Symantec Veritas Storage Foundation multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:41", "bulletinFamily": "software", "cvelist": ["CVE-2011-0547"], "description": "ZDI-11-263: Symantec Veritas Storage Foundation vxsvc.exe ASCII String Unpacking Remote Code Execution Vulnerability\r\n\r\nhttp://www.zerodayinitiative.com/advisories/ZDI-11-263\r\n\r\nAugust 16, 2011\r\n\r\n-- CVE ID:\r\nCVE-2011-0547\r\n\r\n-- CVSS:\r\n10, &#40;AV:N/AC:L/Au:N/C:C/I:C/A:C&#41;\r\n\r\n-- Affected Vendors:\r\nSymantec\r\n\r\n-- Affected Products:\r\nSymantec Veritas Storage Foundation\r\n\r\n-- TippingPoint&#40;TM&#41; IPS Customer Protection:\r\nTippingPoint IPS customers have been protected against this\r\nvulnerability by Digital Vaccine protection filter ID 11574. \r\nFor further product information on the TippingPoint IPS, visit:\r\n\r\n http://www.tippingpoint.com\r\n\r\n-- Vulnerability Details:\r\nThis vulnerability allows remote attackers to execute arbitrary code on\r\nvulnerable installations of Symantec Veritas Storage Foundation\r\nAdministrator Service. Authentication is not required to exploit this\r\nvulnerability.\r\n\r\nThe specific flaw exists within vxsvc.exe. The problem affecting the\r\npart of the server running on TCP port 2148 is an integer overflow in\r\nthe function vxveautil.value_binary_unpack during the handling of the\r\nascii strings &#40;opcode 6&#41; where the 32-bit field supplied by the attacker\r\nis used for allocating a destination buffer by adding an additional byte\r\nto its value. This integer overflow can be used to create a small\r\nallocation which will be subsequently overflowed, allowing the attacker\r\nto execute arbitrary code under the context of the SYSTEM.\r\n\r\n-- Vendor Response:\r\nSymantec has issued an update to correct this vulnerability. More\r\ndetails can be found at:\r\nhttp://www.symantec.com/business/security_response/securityupdates/detail.jsp?fid=security_advisory&amp;amp;pvid=security_advisory&amp;amp;year=2011&amp;amp;suid=20110815_00\r\n\r\n-- Disclosure Timeline:\r\n2011-02-17 - Vulnerability reported to vendor\r\n2011-08-16 - Coordinated public release of advisory\r\n\r\n-- Credit:\r\nThis vulnerability was discovered by:\r\n * Luigi Auriemma\r\n\r\n-- About the Zero Day Initiative &#40;ZDI&#41;:\r\nEstablished by TippingPoint, The Zero Day Initiative &#40;ZDI&#41; represents \r\na best-of-breed model for rewarding security researchers for responsibly\r\ndisclosing discovered vulnerabilities.\r\n\r\nResearchers interested in getting paid for their security research\r\nthrough the ZDI can find more information and sign-up at:\r\n\r\n http://www.zerodayinitiative.com\r\n\r\nThe ZDI is unique in how the acquired vulnerability information is\r\nused. TippingPoint does not re-sell the vulnerability details or any\r\nexploit code. Instead, upon notifying the affected product vendor,\r\nTippingPoint provides its customers with zero day protection through\r\nits intrusion prevention technology. Explicit details regarding the\r\nspecifics of the vulnerability are not exposed to any parties until\r\nan official vendor patch is publicly available. Furthermore, with the\r\naltruistic aim of helping to secure a broader user base, TippingPoint\r\nprovides this vulnerability information confidentially to security\r\nvendors &#40;including competitors&#41; who have a vulnerability protection or\r\nmitigation product.\r\n\r\nOur vulnerability disclosure policy is available online at:\r\n http://www.zerodayinitiative.com/advisories/disclosure_policy/\r\n\r\nFollow the ZDI on Twitter:\r\n http://twitter.com/thezdi", "edition": 1, "modified": "2011-08-17T00:00:00", "published": "2011-08-17T00:00:00", "id": "SECURITYVULNS:DOC:26878", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:26878", "title": "ZDI-11-263: Symantec Veritas Storage Foundation vxsvc.exe ASCII String Unpacking Remote Code Execution Vulnerability", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:41", "bulletinFamily": "software", "cvelist": ["CVE-2011-0547"], "description": "ZDI-11-264: Symantec Veritas Storage Foundation vxsvc.exe Value Unpacking Integer Overflow Remote Code Execution Vulnerability\r\n\r\nhttp://www.zerodayinitiative.com/advisories/ZDI-11-264\r\n\r\nAugust 16, 2011\r\n\r\n-- CVE ID:\r\nCVE-2011-0547\r\n\r\n-- CVSS:\r\n10, &#40;AV:N/AC:L/Au:N/C:C/I:C/A:C&#41;\r\n\r\n-- Affected Vendors:\r\nSymantec\r\n\r\n-- Affected Products:\r\nSymantec Veritas Storage Foundation\r\n\r\n-- TippingPoint&#40;TM&#41; IPS Customer Protection:\r\nTippingPoint IPS customers have been protected against this\r\nvulnerability by Digital Vaccine protection filter ID 11572. \r\nFor further product information on the TippingPoint IPS, visit:\r\n\r\n http://www.tippingpoint.com\r\n\r\n-- Vulnerability Details:\r\nThis vulnerability allows remote attackers to execute arbitrary code on\r\nvulnerable installations of Symantec Veritas Storage Foundation\r\nAdministrator Service. Authentication is not required to exploit this\r\nvulnerability.\r\n\r\nThe specific flaw exists within vxsvc.exe process. The problem affecting\r\nthe part of the server running on tcp port 2148 is an integer overflow\r\nin the function vxveautil.kv_binary_unpack where a 32-bit field is used\r\nto allocate an amount of memory equal to its value plus 1. This can be\r\nmade to miscalculate a heap buffer which can be subsequently overflowed\r\nallowing an attacker to execute arbitrary code under the context of\r\nSYSTEM.\r\n\r\n-- Vendor Response:\r\nSymantec has issued an update to correct this vulnerability. More\r\ndetails can be found at:\r\n\r\nhttp://www.symantec.com/business/security_response/securityupdates/detail.jsp?fid=security_advisory&amp;amp;pvid=security_advisory&amp;amp;year=2011&amp;amp;suid=20110815_00\r\n\r\n-- Disclosure Timeline:\r\n2011-02-17 - Vulnerability reported to vendor\r\n2011-08-16 - Coordinated public release of advisory\r\n\r\n-- Credit:\r\nThis vulnerability was discovered by:\r\n * Luigi Auriemma\r\n\r\n-- About the Zero Day Initiative &#40;ZDI&#41;:\r\nEstablished by TippingPoint, The Zero Day Initiative &#40;ZDI&#41; represents \r\na best-of-breed model for rewarding security researchers for responsibly\r\ndisclosing discovered vulnerabilities.\r\n\r\nResearchers interested in getting paid for their security research\r\nthrough the ZDI can find more information and sign-up at:\r\n\r\n http://www.zerodayinitiative.com\r\n\r\nThe ZDI is unique in how the acquired vulnerability information is\r\nused. TippingPoint does not re-sell the vulnerability details or any\r\nexploit code. Instead, upon notifying the affected product vendor,\r\nTippingPoint provides its customers with zero day protection through\r\nits intrusion prevention technology. Explicit details regarding the\r\nspecifics of the vulnerability are not exposed to any parties until\r\nan official vendor patch is publicly available. Furthermore, with the\r\naltruistic aim of helping to secure a broader user base, TippingPoint\r\nprovides this vulnerability information confidentially to security\r\nvendors &#40;including competitors&#41; who have a vulnerability protection or\r\nmitigation product.\r\n\r\nOur vulnerability disclosure policy is available online at:\r\n http://www.zerodayinitiative.com/advisories/disclosure_policy/\r\n\r\nFollow the ZDI on Twitter:\r\n http://twitter.com/thezdi", "edition": 1, "modified": "2011-08-17T00:00:00", "published": "2011-08-17T00:00:00", "id": "SECURITYVULNS:DOC:26879", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:26879", "title": "ZDI-11-264: Symantec Veritas Storage Foundation vxsvc.exe Value Unpacking Integer Overflow Remote Code Execution Vulnerability", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:41", "bulletinFamily": "software", "cvelist": ["CVE-2011-0547"], "description": "ZDI-11-262: Symantec Veritas Storage Foundation vxsvc.exe Unicode String Parsing Remote Code Execution Vulnerability\r\n\r\nhttp://www.zerodayinitiative.com/advisories/ZDI-11-262\r\n\r\nAugust 16, 2011\r\n\r\n-- CVE ID:\r\nCVE-2011-0547\r\n\r\n-- CVSS:\r\n10, &#40;AV:N/AC:L/Au:N/C:C/I:C/A:C&#41;\r\n\r\n-- Affected Vendors:\r\nSymantec\r\n\r\n-- Affected Products:\r\nSymantec Veritas Storage Foundation\r\n\r\n-- TippingPoint&#40;TM&#41; IPS Customer Protection:\r\nTippingPoint IPS customers have been protected against this\r\nvulnerability by Digital Vaccine protection filter ID 11573. \r\nFor further product information on the TippingPoint IPS, visit:\r\n\r\n http://www.tippingpoint.com\r\n\r\n-- Vulnerability Details:\r\nThis vulnerability allows remote attackers to execute arbitrary code on\r\nvulnerable installations of Symantec Veritas Storage Foundation.\r\nAuthentication is not required to exploit this vulnerability.\r\n\r\nThe specific flaw exists within the vxsvc.exe process. The problem\r\naffecting the part of the server running on TCP port 2148 is an integer\r\noverflow in the function vxveautil.value_binary_unpack where a 32-bit\r\nfield holds a value that, through some calculation, can be used to\r\ncreate a smaller heap buffer than required to hold user-supplied data.\r\nThis can be leveraged to cause an overflow of the heap buffer, allowing\r\nthe attacker to execute arbitrary code under the context of SYSTEM.\r\n\r\n-- Vendor Response:\r\nSymantec has issued an update to correct this vulnerability. More\r\ndetails can be found at:\r\n\r\nhttp://www.symantec.com/business/security_response/securityupdates/detail.jsp?fid=security_advisory&amp;amp;pvid=security_advisory&amp;amp;year=2011&amp;amp;suid=20110815_00\r\n\r\n-- Disclosure Timeline:\r\n2011-02-17 - Vulnerability reported to vendor\r\n2011-08-16 - Coordinated public release of advisory\r\n\r\n-- Credit:\r\nThis vulnerability was discovered by:\r\n * Luigi Auriemma\r\n\r\n-- About the Zero Day Initiative &#40;ZDI&#41;:\r\nEstablished by TippingPoint, The Zero Day Initiative &#40;ZDI&#41; represents \r\na best-of-breed model for rewarding security researchers for responsibly\r\ndisclosing discovered vulnerabilities.\r\n\r\nResearchers interested in getting paid for their security research\r\nthrough the ZDI can find more information and sign-up at:\r\n\r\n http://www.zerodayinitiative.com\r\n\r\nThe ZDI is unique in how the acquired vulnerability information is\r\nused. TippingPoint does not re-sell the vulnerability details or any\r\nexploit code. Instead, upon notifying the affected product vendor,\r\nTippingPoint provides its customers with zero day protection through\r\nits intrusion prevention technology. Explicit details regarding the\r\nspecifics of the vulnerability are not exposed to any parties until\r\nan official vendor patch is publicly available. Furthermore, with the\r\naltruistic aim of helping to secure a broader user base, TippingPoint\r\nprovides this vulnerability information confidentially to security\r\nvendors &#40;including competitors&#41; who have a vulnerability protection or\r\nmitigation product.\r\n\r\nOur vulnerability disclosure policy is available online at:\r\n http://www.zerodayinitiative.com/advisories/disclosure_policy/\r\n\r\nFollow the ZDI on Twitter:\r\n http://twitter.com/thezdi", "edition": 1, "modified": "2011-08-17T00:00:00", "published": "2011-08-17T00:00:00", "id": "SECURITYVULNS:DOC:26877", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:26877", "title": "ZDI-11-262: Symantec Veritas Storage Foundation vxsvc.exe Unicode String Parsing Remote Code Execution Vulnerability", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "seebug": [{"lastseen": "2017-11-19T18:03:11", "description": "No description provided by source.", "published": "2011-07-10T00:00:00", "title": "Symantec Backup Exec 12.5 MiTM Attack", "type": "seebug", "bulletinFamily": "exploit", "cvelist": ["CVE-2011-0546"], "modified": "2011-07-10T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-20713", "id": "SSV:20713", "sourceData": "\n Exploit Title: Symantec Backup Exec MiTM Attack\r\nDate: 27/05/2011\r\nAuthor: Nibin\r\nSoftware Link: http://www.symantec.com/business/products/family.jsp?familyid=backupexec\r\nVersion:\r\n - Symantec Backup Exec for Windows Servers versions 11.0, 12.0, and 12.5\r\n - Symantec Backup Exec 2010 versions 13.0 and 13.0 R2\r\nTested on: Tested on Symantec Backup Exec 12.5 for Windows Servers\r\nCVE : CVE-2011-0546\r\nBID: 47824\r\n \r\nSymantec Disclosure link:\r\nhttp://www.symantec.com/business/security_response/securityupdates/detail.jsp?fid=security_advisory&amp;pvid=security_advisory&amp;year=2011&amp;suid=20110526_00\r\niViZ Disclosure link: goo.gl/1vzdE\r\n \r\nExploit Code: http://www.exploit-db.com/sploits/SymantecReplay.zip\n ", "cvss": {"score": 6.5, "vector": "AV:ADJACENT_NETWORK/AC:HIGH/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "https://www.seebug.org/vuldb/ssvid-20713"}], "exploitpack": [{"lastseen": "2020-04-01T19:04:50", "description": "\nSymantec Backup Exec 12.5 - Man In The Middle", "edition": 1, "published": "2011-07-09T00:00:00", "title": "Symantec Backup Exec 12.5 - Man In The Middle", "type": "exploitpack", "bulletinFamily": "exploit", "cvelist": ["CVE-2011-0546"], "modified": "2011-07-09T00:00:00", "id": "EXPLOITPACK:5E77B3444A6809D0E26BA749D23E30DE", "href": "", "sourceData": "Exploit Title: Symantec Backup Exec MiTM Attack\nDate: 27/05/2011\nAuthor: Nibin\nSoftware Link: http://www.symantec.com/business/products/family.jsp?familyid=backupexec\nVersion:\n - Symantec Backup Exec for Windows Servers versions 11.0, 12.0, and 12.5\n - Symantec Backup Exec 2010 versions 13.0 and 13.0 R2\nTested on: Tested on Symantec Backup Exec 12.5 for Windows Servers\nCVE : CVE-2011-0546\nBID: 47824\n\nSymantec Disclosure link:\nhttp://www.symantec.com/business/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2011&suid=20110526_00\niViZ Disclosure link: goo.gl/1vzdE\n\nExploit Code: https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/17517.zip (SymantecReplay.zip)", "cvss": {"score": 6.5, "vector": "AV:A/AC:H/Au:S/C:C/I:C/A:C"}}], "zdi": [{"lastseen": "2020-06-22T11:40:39", "bulletinFamily": "info", "cvelist": ["CVE-2011-0547"], "edition": 3, "description": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Symantec Veritas Storage Foundation Administrator Service. Authentication is not required to exploit this vulnerability. The specific flaw exists within vxsvc.exe. The problem affecting the part of the server running on TCP port 2148 is an integer overflow in the function vxveautil.value_binary_unpack during the handling of the ascii strings (opcode 6) where the 32-bit field supplied by the attacker is used for allocating a destination buffer by adding an additional byte to its value. This integer overflow can be used to create a small allocation which will be subsequently overflowed, allowing the attacker to execute arbitrary code under the context of the SYSTEM.", "modified": "2011-06-22T00:00:00", "published": "2011-08-16T00:00:00", "href": "https://www.zerodayinitiative.com/advisories/ZDI-11-263/", "id": "ZDI-11-263", "title": "Symantec Veritas Storage Foundation vxsvc.exe ASCII String Unpacking Remote Code Execution Vulnerability", "type": "zdi", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-06-22T11:40:13", "bulletinFamily": "info", "cvelist": ["CVE-2011-0547"], "edition": 3, "description": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Symantec Veritas Storage Foundation. Authentication is not required to exploit this vulnerability. The specific flaw exists within the vxsvc.exe process. The problem affecting the part of the server running on TCP port 2148 is an integer overflow in the function vxveautil.value_binary_unpack where a 32-bit field holds a value that, through some calculation, can be used to create a smaller heap buffer than required to hold user-supplied data. This can be leveraged to cause an overflow of the heap buffer, allowing the attacker to execute arbitrary code under the context of SYSTEM.", "modified": "2011-06-22T00:00:00", "published": "2011-08-16T00:00:00", "href": "https://www.zerodayinitiative.com/advisories/ZDI-11-262/", "id": "ZDI-11-262", "title": "Symantec Veritas Storage Foundation vxsvc.exe Unicode String Parsing Remote Code Execution Vulnerability", "type": "zdi", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-06-22T11:40:09", "bulletinFamily": "info", "cvelist": ["CVE-2011-0547"], "edition": 3, "description": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Symantec Veritas Storage Foundation Administrator Service. Authentication is not required to exploit this vulnerability. The specific flaw exists within vxsvc.exe process. The problem affecting the part of the server running on tcp port 2148 is an integer overflow in the function vxveautil.kv_binary_unpack where a 32-bit field is used to allocate an amount of memory equal to its value plus 1. This can be made to miscalculate a heap buffer which can be subsequently overflowed allowing an attacker to execute arbitrary code under the context of SYSTEM.", "modified": "2011-06-22T00:00:00", "published": "2011-08-16T00:00:00", "href": "https://www.zerodayinitiative.com/advisories/ZDI-11-264/", "id": "ZDI-11-264", "title": "Symantec Veritas Storage Foundation vxsvc.exe Value Unpacking Integer Overflow Remote Code Execution Vulnerability", "type": "zdi", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}]}