Search...

HP-UX PHKL_34193 : HPSBUX02127 SSRT051056 - rev.1 HP-UX Kernel Local Denial of Service (DoS)

2006-06-27T00:00:00

ID HPUX_PHKL_34193.NASL
Type nessus
Reporter This script is Copyright (C) 2006-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
Modified 2020-10-02T00:00:00

Description

s700_800 11.11 POSIX IPC calls audit, Message Queue update :

A potential security vulnerability has been identified with HP-UX. The vulnerability could be exploited by a local user to create a Denial of Service (DoS).

                                        
                                            #
# (C) Tenable Network Security, Inc.
#
# The descriptive text and patch checks in this plugin were 
# extracted from HP patch PHKL_34193. The text itself is
# copyright (C) Hewlett-Packard Development Company, L.P.
#

include("compat.inc");

if (description)
{
  script_id(21761);
  script_version("1.14");
  script_cvs_date("Date: 2018/11/19 11:02:42");

  script_cve_id("CVE-2006-3201");
  script_xref(name:"HP", value:"emr_na-c00705283");
  script_xref(name:"HP", value:"HPSBUX02127");
  script_xref(name:"HP", value:"SSRT051056");

  script_name(english:"HP-UX PHKL_34193 : HPSBUX02127 SSRT051056 - rev.1 HP-UX Kernel Local Denial of Service (DoS)");
  script_summary(english:"Checks for the patch in the swlist output");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote HP-UX host is missing a security-related patch."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"s700_800 11.11 POSIX IPC calls audit, Message Queue update : 

A potential security vulnerability has been identified with HP-UX. The
vulnerability could be exploited by a local user to create a Denial of
Service (DoS)."
  );
  # http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00705283
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?219154e0"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Install patch PHKL_34193 or subsequent."
  );
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:C");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:hp:hp-ux");

  script_set_attribute(attribute:"patch_publication_date", value:"2006/06/21");
  script_set_attribute(attribute:"plugin_publication_date", value:"2006/06/27");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2006-2018 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"HP-UX Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/HP-UX/version", "Host/HP-UX/swlist");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("hpux.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/HP-UX/version")) audit(AUDIT_OS_NOT, "HP-UX");
if (!get_kb_item("Host/HP-UX/swlist")) audit(AUDIT_PACKAGE_LIST_MISSING);

if (!hpux_check_ctx(ctx:"11.11"))
{
  exit(0, "The host is not affected since PHKL_34193 applies to a different OS release.");
}

patches = make_list("PHKL_34193");
foreach patch (patches)
{
  if (hpux_installed(app:patch))
  {
    exit(0, "The host is not affected because patch "+patch+" is installed.");
  }
}


flag = 0;
if (hpux_check_patch(app:"OS-Core.CORE2-KRN", version:"B.11.11")) flag++;


if (flag)
{
  if (report_verbosity &gt; 0) security_warning(port:0, extra:hpux_report_get());
  else security_warning(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");

JSON Vulners Source

Initial Source

{"lastseen": "2020-10-01T00:05:26", "references": ["http://www.nessus.org/u?219154e0"], "scheme": null, "pluginID": "21761", "description": "s700_800 11.11 POSIX IPC calls audit, Message Queue update : \n\nA potential security vulnerability has been identified with HP-UX. The\nvulnerability could be exploited by a local user to create a Denial of\nService (DoS).", "edition": 21, "reporter": "This script is Copyright (C) 2006-2018 and is owned by Tenable, Inc. or an Affiliate thereof.", "published": "2006-06-27T00:00:00", "title": "HP-UX PHKL_34193 : HPSBUX02127 SSRT051056 - rev.1 HP-UX Kernel Local Denial of Service (DoS)", "type": "nessus", "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2006-3201"]}, {"type": "osvdb", "idList": ["OSVDB:26873"]}, {"type": "nessus", "idList": ["HPUX_PHKL_34194.NASL", "HPUX_PHKL_34192.NASL"]}], "modified": "2020-10-01T00:05:26", "rev": 2}, "score": {"value": 5.3, "vector": "NONE", "modified": "2020-10-01T00:05:26", "rev": 2}, "vulnersScore": 5.3}, "naslFamily": "HP-UX Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-3201"], "modified": "2020-10-02T00:00:00", "cpe": ["cpe:/o:hp:hp-ux"], "id": "HPUX_PHKL_34193.NASL", "href": "https://www.tenable.com/plugins/nessus/21761", "viewCount": 1, "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and patch checks in this plugin were \n# extracted from HP patch PHKL_34193. The text itself is\n# copyright (C) Hewlett-Packard Development Company, L.P.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(21761);\n script_version(\"1.14\");\n script_cvs_date(\"Date: 2018/11/19 11:02:42\");\n\n script_cve_id(\"CVE-2006-3201\");\n script_xref(name:\"HP\", value:\"emr_na-c00705283\");\n script_xref(name:\"HP\", value:\"HPSBUX02127\");\n script_xref(name:\"HP\", value:\"SSRT051056\");\n\n script_name(english:\"HP-UX PHKL_34193 : HPSBUX02127 SSRT051056 - rev.1 HP-UX Kernel Local Denial of Service (DoS)\");\n script_summary(english:\"Checks for the patch in the swlist output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote HP-UX host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"s700_800 11.11 POSIX IPC calls audit, Message Queue update : \n\nA potential security vulnerability has been identified with HP-UX. The\nvulnerability could be exploited by a local user to create a Denial of\nService (DoS).\"\n );\n # http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00705283\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?219154e0\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Install patch PHKL_34193 or subsequent.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:hp:hp-ux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/06/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/06/27\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2006-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"HP-UX Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/HP-UX/version\", \"Host/HP-UX/swlist\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"hpux.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/HP-UX/version\")) audit(AUDIT_OS_NOT, \"HP-UX\");\nif (!get_kb_item(\"Host/HP-UX/swlist\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nif (!hpux_check_ctx(ctx:\"11.11\"))\n{\n exit(0, \"The host is not affected since PHKL_34193 applies to a different OS release.\");\n}\n\npatches = make_list(\"PHKL_34193\");\nforeach patch (patches)\n{\n if (hpux_installed(app:patch))\n {\n exit(0, \"The host is not affected because patch \"+patch+\" is installed.\");\n }\n}\n\n\nflag = 0;\nif (hpux_check_patch(app:\"OS-Core.CORE2-KRN\", version:\"B.11.11\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:hpux_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}

{"cve": [{"lastseen": "2020-10-03T11:48:16", "description": "Unspecified vulnerability in the kernel in HP-UX B.11.00, B.11.11, and B.11.23 allows local users to cause an unspecified denial of service via unknown vectors.", "edition": 3, "cvss3": {}, "published": "2006-06-23T20:06:00", "title": "CVE-2006-3201", "type": "cve", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 4.9, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2006-3201"], "modified": "2018-10-18T16:46:00", "cpe": ["cpe:/o:hp:hp-ux:11.11", "cpe:/o:hp:hp-ux:11.23", "cpe:/o:hp:hp-ux:11.00"], "id": "CVE-2006-3201", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-3201", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}, "cpe23": ["cpe:2.3:o:hp:hp-ux:11.23:*:ia64_64-bit:*:*:*:*:*", "cpe:2.3:o:hp:hp-ux:11.00:*:*:*:*:*:*:*", "cpe:2.3:o:hp:hp-ux:11.11:*:*:*:*:*:*:*"]}], "osvdb": [{"lastseen": "2017-04-28T13:20:23", "bulletinFamily": "software", "cvelist": ["CVE-2006-3201"], "edition": 1, "description": "## Vulnerability Description\nHP-UX Kernel contains a flaw that may allow a local denial of service. The issue is triggered when handling certain malformed requests, and will result in loss of availability for the system. No further details have been provided.\n## Solution Description\nCurrently, there are no known workarounds or upgrades to correct this issue. However, Hewlett-Packard has released a patch to address this vulnerability.\n## Short Description\nHP-UX Kernel contains a flaw that may allow a local denial of service. The issue is triggered when handling certain malformed requests, and will result in loss of availability for the system. No further details have been provided.\n## References:\n[Vendor Specific Advisory URL](http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00705283)\nSecurity Tracker: 1016363\n[Secunia Advisory ID:20809](https://secuniaresearch.flexerasoftware.com/advisories/20809/)\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-06/0483.html\nKeyword: HPSBUX02127,SSRT051056\nISS X-Force ID: 27358\nFrSIRT Advisory: ADV-2006-2525\n[CVE-2006-3201](https://vulners.com/cve/CVE-2006-3201)\nBugtraq ID: 18603\n", "modified": "2006-06-27T04:33:56", "published": "2006-06-27T04:33:56", "href": "https://vulners.com/osvdb/OSVDB:26873", "id": "OSVDB:26873", "type": "osvdb", "title": "HP-UX Kernel Unspecified Local DoS", "cvss": {"score": 4.9, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}], "nessus": [{"lastseen": "2020-10-01T00:05:26", "description": "s700_800 11.23 POSIX real-time message queue update : \n\nA potential security vulnerability has been identified with HP-UX. The\nvulnerability could be exploited by a local user to create a Denial of\nService (DoS).", "edition": 21, "published": "2006-06-27T00:00:00", "title": "HP-UX PHKL_34194 : HPSBUX02127 SSRT051056 - rev.1 HP-UX Kernel Local Denial of Service (DoS)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-3201"], "modified": "2020-10-02T00:00:00", "cpe": ["cpe:/o:hp:hp-ux"], "id": "HPUX_PHKL_34194.NASL", "href": "https://www.tenable.com/plugins/nessus/21762", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and patch checks in this plugin were \n# extracted from HP patch PHKL_34194. The text itself is\n# copyright (C) Hewlett-Packard Development Company, L.P.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(21762);\n script_version(\"1.14\");\n script_cvs_date(\"Date: 2018/11/19 11:02:42\");\n\n script_cve_id(\"CVE-2006-3201\");\n script_xref(name:\"HP\", value:\"emr_na-c00705283\");\n script_xref(name:\"HP\", value:\"HPSBUX02127\");\n script_xref(name:\"HP\", value:\"SSRT051056\");\n\n script_name(english:\"HP-UX PHKL_34194 : HPSBUX02127 SSRT051056 - rev.1 HP-UX Kernel Local Denial of Service (DoS)\");\n script_summary(english:\"Checks for the patch in the swlist output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote HP-UX host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"s700_800 11.23 POSIX real-time message queue update : \n\nA potential security vulnerability has been identified with HP-UX. The\nvulnerability could be exploited by a local user to create a Denial of\nService (DoS).\"\n );\n # http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00705283\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?219154e0\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Install patch PHKL_34194 or subsequent.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:hp:hp-ux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/06/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/06/27\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2006-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"HP-UX Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/HP-UX/version\", \"Host/HP-UX/swlist\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"hpux.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/HP-UX/version\")) audit(AUDIT_OS_NOT, \"HP-UX\");\nif (!get_kb_item(\"Host/HP-UX/swlist\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nif (!hpux_check_ctx(ctx:\"11.23\"))\n{\n exit(0, \"The host is not affected since PHKL_34194 applies to a different OS release.\");\n}\n\npatches = make_list(\"PHKL_34194\");\nforeach patch (patches)\n{\n if (hpux_installed(app:patch))\n {\n exit(0, \"The host is not affected because patch \"+patch+\" is installed.\");\n }\n}\n\n\nflag = 0;\nif (hpux_check_patch(app:\"OS-Core.CORE2-KRN\", version:\"B.11.23\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:hpux_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-10-01T00:05:26", "description": "s700_800 11.00 POSIX real-time message queue update : \n\nA potential security vulnerability has been identified with HP-UX. The\nvulnerability could be exploited by a local user to create a Denial of\nService (DoS).", "edition": 21, "published": "2006-06-27T00:00:00", "title": "HP-UX PHKL_34192 : HPSBUX02127 SSRT051056 - rev.1 HP-UX Kernel Local Denial of Service (DoS)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-3201"], "modified": "2020-10-02T00:00:00", "cpe": ["cpe:/o:hp:hp-ux"], "id": "HPUX_PHKL_34192.NASL", "href": "https://www.tenable.com/plugins/nessus/21760", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and patch checks in this plugin were \n# extracted from HP patch PHKL_34192. The text itself is\n# copyright (C) Hewlett-Packard Development Company, L.P.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(21760);\n script_version(\"1.14\");\n script_cvs_date(\"Date: 2018/11/19 11:02:42\");\n\n script_cve_id(\"CVE-2006-3201\");\n script_xref(name:\"HP\", value:\"emr_na-c00705283\");\n script_xref(name:\"HP\", value:\"HPSBUX02127\");\n script_xref(name:\"HP\", value:\"SSRT051056\");\n\n script_name(english:\"HP-UX PHKL_34192 : HPSBUX02127 SSRT051056 - rev.1 HP-UX Kernel Local Denial of Service (DoS)\");\n script_summary(english:\"Checks for the patch in the swlist output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote HP-UX host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"s700_800 11.00 POSIX real-time message queue update : \n\nA potential security vulnerability has been identified with HP-UX. The\nvulnerability could be exploited by a local user to create a Denial of\nService (DoS).\"\n );\n # http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00705283\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?219154e0\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Install patch PHKL_34192 or subsequent.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:hp:hp-ux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/06/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/06/27\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2006-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"HP-UX Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/HP-UX/version\", \"Host/HP-UX/swlist\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"hpux.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/HP-UX/version\")) audit(AUDIT_OS_NOT, \"HP-UX\");\nif (!get_kb_item(\"Host/HP-UX/swlist\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nif (!hpux_check_ctx(ctx:\"11.00\"))\n{\n exit(0, \"The host is not affected since PHKL_34192 applies to a different OS release.\");\n}\n\npatches = make_list(\"PHKL_34192\");\nforeach patch (patches)\n{\n if (hpux_installed(app:patch))\n {\n exit(0, \"The host is not affected because patch \"+patch+\" is installed.\");\n }\n}\n\n\nflag = 0;\nif (hpux_check_patch(app:\"OS-Core.CORE2-KRN\", version:\"B.11.00\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:hpux_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}]}

HP-UX PHKL_34193 : HPSBUX02127 SSRT051056 - rev.1 HP-UX Kernel Local Denial of Service (DoS)

Description

s700_800 11.11 POSIX IPC calls audit, Message Queue update : A potential security vulnerability has been identified with HP-UX. The vulnerability could be exploited by a local user to create a Denial of Service (DoS).

s700_800 11.11 POSIX IPC calls audit, Message Queue update :

A potential security vulnerability has been identified with HP-UX. The vulnerability could be exploited by a local user to create a Denial of Service (DoS).