s700_800 11.31 Serviceguard A.11.19.00 :
A potential security vulnerability has been identified in HP Serviceguard. This vulnerability could be remotely exploited to create a Denial of Service (DoS).
{"id": "HPUX_PHSS_42988.NASL", "type": "nessus", "bulletinFamily": "scanner", "title": "HP-UX PHSS_42988 : s700_800 11.31 Serviceguard A.11.19.00", "description": "s700_800 11.31 Serviceguard A.11.19.00 : \n\nA potential security vulnerability has been identified in HP Serviceguard. This vulnerability could be remotely exploited to create a Denial of Service (DoS).", "published": "2012-08-20T00:00:00", "modified": "2021-01-11T00:00:00", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}, "cvss2": {}, "cvss3": {"score": null, "vector": null}, "href": "https://www.tenable.com/plugins/nessus/61591", "reporter": "This script is Copyright (C) 2012-2021 Tenable Network Security, Inc.", "references": ["http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3252", "http://www.nessus.org/u?16631c24"], "cvelist": ["CVE-2012-3252"], "immutableFields": [], "lastseen": "2021-08-19T12:57:34", "viewCount": 21, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2012-3252"]}, {"type": "nessus", "idList": ["HPUX_PHSS_42987.NASL", "HPUX_PHSS_43094.NASL"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:28422", "SECURITYVULNS:DOC:28955", "SECURITYVULNS:VULN:12537", "SECURITYVULNS:VULN:12830"]}]}, "score": {"value": 0.3, "vector": "NONE"}, "backreferences": {"references": [{"type": "cve", "idList": ["CVE-2012-3252"]}, {"type": "nessus", "idList": ["HPUX_PHSS_42987.NASL", "HPUX_PHSS_43094.NASL"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:12830"]}]}, "exploitation": null, "vulnersScore": 0.3}, "pluginID": "61591", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and patch checks in this plugin were \n# extracted from HP patch PHSS_42988. The text itself is\n# copyright (C) Hewlett-Packard Development Company, L.P.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(61591);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2012-3252\");\n script_bugtraq_id(55076);\n script_xref(name:\"HP\", value:\"emr_na-c03457976\");\n\n script_name(english:\"HP-UX PHSS_42988 : s700_800 11.31 Serviceguard A.11.19.00\");\n script_summary(english:\"Checks for the patch in the swlist output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote HP-UX host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"s700_800 11.31 Serviceguard A.11.19.00 : \n\nA potential security vulnerability has been identified in HP\nServiceguard. This vulnerability could be remotely exploited to create\na Denial of Service (DoS).\"\n );\n # http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03457976\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?16631c24\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Install patch PHSS_42988 or subsequent.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:hp:hp-ux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/07/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/20\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 Tenable Network Security, Inc.\");\n script_family(english:\"HP-UX Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/HP-UX/version\", \"Host/HP-UX/swlist\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"hpux.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/HP-UX/version\")) audit(AUDIT_OS_NOT, \"HP-UX\");\nif (!get_kb_item(\"Host/HP-UX/swlist\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nif (!hpux_check_ctx(ctx:\"11.31\"))\n{\n exit(0, \"The host is not affected since PHSS_42988 applies to a different OS release.\");\n}\n\npatches = make_list(\"PHSS_42988\");\nforeach patch (patches)\n{\n if (hpux_installed(app:patch))\n {\n exit(0, \"The host is not affected because patch \"+patch+\" is installed.\");\n }\n}\n\n\nflag = 0;\nif (hpux_check_patch(app:\"CM-Provider-MOF.CM-MOF\", version:\"B.06.00.00\")) flag++;\nif (hpux_check_patch(app:\"CM-Provider-MOF.CM-PROVIDER\", version:\"B.06.00.00\")) flag++;\nif (hpux_check_patch(app:\"Cluster-Monitor.CM-CORE\", version:\"A.11.19.00\")) flag++;\nif (hpux_check_patch(app:\"Cluster-Monitor.CM-CORE-COM\", version:\"A.11.19.00\")) flag++;\nif (hpux_check_patch(app:\"Cluster-Monitor.CM-CORE-MAN\", version:\"A.11.19.00\")) flag++;\nif (hpux_check_patch(app:\"Cluster-OM.CM-DEN-MOF\", version:\"B.06.00.00\")) flag++;\nif (hpux_check_patch(app:\"Cluster-OM.CM-DEN-PROV\", version:\"B.06.00.00\")) flag++;\nif (hpux_check_patch(app:\"Cluster-OM.CM-OM\", version:\"B.06.00.00\")) flag++;\nif (hpux_check_patch(app:\"Cluster-OM.CM-OM-AUTH\", version:\"B.06.00.00\")) flag++;\nif (hpux_check_patch(app:\"Cluster-OM.CM-OM-AUTH-COM\", version:\"B.06.00.00\")) flag++;\nif (hpux_check_patch(app:\"Cluster-OM.CM-OM-COM\", version:\"B.06.00.00\")) flag++;\nif (hpux_check_patch(app:\"Cluster-OM.CM-OM-TOOLS\", version:\"B.06.00.00\")) flag++;\nif (hpux_check_patch(app:\"Package-CVM-CFS.CM-CVM-CFS\", version:\"A.11.19.00\")) flag++;\nif (hpux_check_patch(app:\"Package-CVM-CFS.CM-CVM-CFS-COM\", version:\"A.11.19.00\")) flag++;\nif (hpux_check_patch(app:\"Package-Manager.CM-PKG\", version:\"A.11.19.00\")) flag++;\nif (hpux_check_patch(app:\"Package-Manager.CM-PKG-COM\", version:\"A.11.19.00\")) flag++;\nif (hpux_check_patch(app:\"Package-Manager.CM-PKG-MAN\", version:\"A.11.19.00\")) flag++;\nif (hpux_check_patch(app:\"SGManagerPI.SGMGRPI\", version:\"B.02.00\")) flag++;\nif (hpux_check_patch(app:\"SGWBEMProviders.SGPROV-CORE\", version:\"A.03.00.00\")) flag++;\nif (hpux_check_patch(app:\"SGWBEMProviders.SGPROV-MOF\", version:\"A.03.00.00\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:hpux_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "naslFamily": "HP-UX Local Security Checks", "cpe": ["cpe:/o:hp:hp-ux"], "solution": "Install patch PHSS_42988 or subsequent.", "nessusSeverity": "High", "cvssScoreSource": "", "vpr": {"risk factor": "Low", "score": "3.4"}, "exploitAvailable": false, "exploitEase": "No known exploits are available", "patchPublicationDate": "2012-07-02T00:00:00", "vulnerabilityPublicationDate": null, "exploitableWith": [], "_state": {"dependencies": 1647589307, "score": 1659697171}}
{"securityvulns": [{"lastseen": "2018-08-31T11:09:48", "bulletinFamily": "software", "cvelist": ["CVE-2012-3252"], "description": "No description provided", "edition": 1, "modified": "2012-08-27T00:00:00", "published": "2012-08-27T00:00:00", "id": "SECURITYVULNS:VULN:12537", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:12537", "title": "HP Serviceguard DoS", "type": "securityvulns", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2021-06-08T19:12:12", "bulletinFamily": "software", "cvelist": ["CVE-2012-3252"], "description": "No description provided", "edition": 2, "modified": "2013-01-14T00:00:00", "published": "2013-01-14T00:00:00", "id": "SECURITYVULNS:VULN:12830", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:12830", "title": "HP ServiceGuard DoS", "type": "securityvulns", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:45", "bulletinFamily": "software", "cvelist": ["CVE-2012-3252"], "description": "\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\nNote: the current version of the following document is available here:\r\nhttps://h20566.www2.hp.com/portal/site/hpsc/public/kb/\r\ndocDisplay?docId=emr_na-c03457976\r\n\r\nSUPPORT COMMUNICATION - SECURITY BULLETIN\r\n\r\nDocument ID: c03457976\r\nVersion: 2\r\n\r\nHPSBUX02806 SSRT100789 rev.2 - HP Serviceguard, Remote Denial of Service\r\n(DoS)\r\n\r\nNOTICE: The information in this Security Bulletin should be acted upon as\r\nsoon as possible.\r\n\r\nRelease Date: 2012-08-15\r\nLast Updated: 2012-08-23\r\n\r\nPotential Security Impact: Remote Denial of Service (DoS)\r\n\r\nSource: Hewlett-Packard Company, HP Software Security Response Team\r\n\r\nVULNERABILITY SUMMARY\r\nA potential security vulnerability has been identified in HP Serviceguard.\r\nThis vulnerability could be remotely exploited to create a Denial of Service\r\n(DoS).\r\n\r\nReferences: CVE-2012-3252\r\n\r\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.\r\nHP Serviceguard A.11.19 and A.11.20 running on HP-UX B.11.23 and B.11.31\r\n\r\nBACKGROUND\r\n\r\nCVSS 2.0 Base Metrics\r\n===========================================================\r\n Reference Base Vector Base Score\r\nCVE-2012-3252 (AV:N/AC:L/Au:N/C:N/I:N/A:C) 7.8\r\n===========================================================\r\n Information on CVSS is documented\r\n in HP Customer Notice: HPSN-2008-002\r\n\r\nRESOLUTION\r\n\r\nHP has provided the following patches to resolve these vulnerabilities.\r\nThe patches are available by contacting HP Support.\r\n\r\nOperating System Release\r\n Serviceguard Version\r\n Patch ID\r\n\r\nHP-UX B.11.23 (11i v2)\r\n HP Serviceguard A.11.19\r\n PHSS_42987 or subsequent\r\n\r\nHP-UX B.11.31 (11i v3)\r\n HP Serviceguard A.11.19\r\n PHSS_42988 or subsequent\r\n\r\nHP-UX B.11.31 (11i v3)\r\n HP Serviceguard A.11.20\r\n PHSS_43094 or subsequent\r\n\r\nMANUAL ACTIONS: No\r\nFor HP Serviceguard A.11.19 (on 11i v2) install patch PHSS_42987 or\r\nsubsequent\r\nFor HP Serviceguard A.11.19 (on 11i v3) install patch PHSS_42988 or\r\nsubsequent\r\nFor HP Serviceguard A.11.20 (on 11i v3) install patch PHSS_43094 or\r\nsubsequent\r\n\r\nPRODUCT SPECIFIC INFORMATION\r\n\r\nHP-UX Software Assistant: HP-UX Software Assistant is an enhanced application\r\nthat replaces HP-UX Security Patch Check. It analyzes all Security Bulletins\r\nissued by HP and lists recommended actions that may apply to a specific HP-UX\r\nsystem. It can also download patches and create a depot automatically. For\r\nmore information see https://www.hp.com/go/swa\r\n\r\nThe following text is for use by the HP-UX Software Assistant.\r\n\r\nAFFECTED VERSIONS\r\n\r\nFor SG A.11.19\r\nHP-UX B.11.23\r\n===========\r\nCluster-Monitor.CM-CORE\r\nPackage-CVM-CFS.CM-CVM-CFS\r\nPackage-Manager.CM-PKG\r\nPackage-Manager.CM-PKG-COM\r\nPackage-CVM-CFS.CM-CVM-CFS\r\nPackage-Manager.CM-PKG\r\nCluster-Monitor.CM-CORE-COM\r\nPackage-CVM-CFS.CM-CVM-CFS-COM\r\nCluster-OM.CM-OM\r\nCluster-OM.CM-OM-AUTH\r\nCluster-OM.CM-OM-TOOLS\r\nCM-Provider-MOF.CM-PROVIDER\r\nCluster-OM.CM-DEN-PROV\r\nCluster-OM.CM-OM-AUTH-COM\r\nCM-Provider-MOF.CM-MOF\r\nCluster-OM.CM-DEN-MOF\r\nCluster-OM.CM-OM-COM\r\nSGWBEMProviders.SGPROV-CORE\r\nSGWBEMProviders.SGPROV-MOF\r\nSGManagerPI.SGMGRPI\r\naction: install patch PHSS_42987 or subsequent\r\n\r\nHP-UX B.11.31\r\n===========\r\nCluster-Monitor.CM-CORE\r\nPackage-CVM-CFS.CM-CVM-CFS\r\nPackage-Manager.CM-PKG\r\nPackage-Manager.CM-PKG-COM\r\nCluster-Monitor.CM-CORE-COM\r\nPackage-CVM-CFS.CM-CVM-CFS-COM\r\nCluster-OM.CM-OM\r\nCluster-OM.CM-OM-AUTH\r\nCluster-OM.CM-OM-TOOLS\r\nCM-Provider-MOF.CM-PROVIDER\r\nCluster-OM.CM-DEN-PROV\r\nCluster-OM.CM-OM-AUTH-COM\r\nCM-Provider-MOF.CM-MOF\r\nCluster-OM.CM-DEN-MOF\r\nCluster-OM.CM-OM-COM\r\nSGWBEMProviders.SGPROV-CORE\r\nSGWBEMProviders.SGPROV-MOF\r\nSGManagerPI.SGMGRPI\r\naction: install patch PHSS_42988 or subsequent\r\n\r\nFor SG A.11.20\r\nHP-UX B.11.31\r\n===========\r\nCluster-Monitor.CM-CORE\r\nCluster-Monitor.CM-CORE-COM\r\nPackage-Manager.CM-PKG\r\nPackage-Manager.CM-PKG-COM\r\nPackage-CVM-CFS.CM-CVM-CFS\r\nPackage-CVM-CFS.CM-CVM-CFS-COM\r\nSGWBEMProviders.SGPROV-CORE\r\nSGWBEMProviders.SGPROV-MOF\r\nSGWBEMProviders.SGPROV-DOC\r\nSGWBEMProviders.SGPROV-CORE-COM\r\nCM-Provider-MOF.CM-PROVIDER\r\nCM-Provider-MOF.CM-MOF\r\nCluster-OM.CM-OM\r\nCluster-OM.CM-OM-COM\r\nCluster-OM.CM-OM-AUTH\r\nCluster-OM.CM-OM-AUTH-COM\r\nCluster-OM.CM-OM-TOOLS\r\nCluster-OM.CM-DEN-PROV\r\nCluster-OM.CM-DEN-MOF\r\nSGManagerPI.SGMGRPI\r\naction: install patch PHSS_43094 or subsequent\r\n\r\nEND AFFECTED VERSIONS\r\n\r\nHISTORY\r\nVersion:1 (rev.1) - 16 August 2012 Initial release\r\nVersion:2 (rev.2) - 23 August 2012 Corrected Resolution table versions\r\n\r\nThird Party Security Patches: Third party security patches that are to be\r\ninstalled on systems running HP software products should be applied in\r\naccordance with the customer's patch management policy.\r\n\r\nSupport: For issues about implementing the recommendations of this Security\r\nBulletin, contact normal HP Services support channel. For other issues about\r\nthe content of this Security Bulletin, send e-mail to security-alert@hp.com.\r\n\r\nReport: To report a potential security vulnerability with any HP supported\r\nproduct, send Email to: security-alert@hp.com\r\n\r\nSubscribe: To initiate a subscription to receive future HP Security Bulletin\r\nalerts via Email:\r\nhttp://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins\r\n\r\nSecurity Bulletin List: A list of HP Security Bulletins, updated\r\nperiodically, is contained in HP Security Notice HPSN-2011-001:\r\nhttps://h20566.www2.hp.com/portal/site/hpsc/public/kb/\r\ndocDisplay?docId=emr_na-c02964430\r\n\r\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\r\navailable here:\r\nhttp://h20566.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/\r\n\r\nSoftware Product Category: The Software Product Category is represented in\r\nthe title by the two characters following HPSB.\r\n\r\n3C = 3COM\r\n3P = 3rd Party Software\r\nGN = HP General Software\r\nHF = HP Hardware and Firmware\r\nMP = MPE/iX\r\nMU = Multi-Platform Software\r\nNS = NonStop Servers\r\nOV = OpenVMS\r\nPI = Printing and Imaging\r\nPV = ProCurve\r\nST = Storage Software\r\nTU = Tru64 UNIX\r\nUX = HP-UX\r\n\r\nCopyright 2012 Hewlett-Packard Development Company, L.P.\r\nHewlett-Packard Company shall not be liable for technical or editorial errors\r\nor omissions contained herein. The information provided is provided "as is"\r\nwithout warranty of any kind. To the extent permitted by law, neither HP or\r\nits affiliates, subcontractors or suppliers will be liable for\r\nincidental,special or consequential damages including downtime cost; lost\r\nprofits;damages relating to the procurement of substitute products or\r\nservices; or damages for loss of data, or software restoration. The\r\ninformation in this document is subject to change without notice.\r\nHewlett-Packard Company and the names of Hewlett-Packard products referenced\r\nherein are trademarks of Hewlett-Packard Company in the United States and\r\nother countries. Other product and company names mentioned herein may be\r\ntrademarks of their respective owners.\r\n\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.10 (GNU/Linux)\r\n\r\niEYEARECAAYFAlA2fTgACgkQ4B86/C0qfVldsACg4Oz0bmfNqzzuSiN77Gt0vgWr\r\nJLcAnjOffxp+b6dbDHuMxAENlyZ6sGWA\r\n=BFE1\r\n-----END PGP SIGNATURE-----\r\n", "edition": 1, "modified": "2012-08-27T00:00:00", "published": "2012-08-27T00:00:00", "id": "SECURITYVULNS:DOC:28422", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:28422", "title": "[security bulletin] HPSBUX02806 SSRT100789 rev.2 - HP Serviceguard, Remote Denial of Service (DoS)", "type": "securityvulns", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:46", "bulletinFamily": "software", "cvelist": ["CVE-2012-3252"], "description": "\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\nNote: the current version of the following document is available here:\r\nhttps://h20566.www2.hp.com/portal/site/hpsc/public/kb/\r\ndocDisplay?docId=emr_na-c03621178\r\n\r\nSUPPORT COMMUNICATION - SECURITY BULLETIN\r\n\r\nDocument ID: c03621178\r\nVersion: 1\r\n\r\nHPSBMU02838 SSRT100789 rev.1 - HP Serviceguard on Linux, Remote Denial of\r\nService (DoS)\r\n\r\nNOTICE: The information in this Security Bulletin should be acted upon as\r\nsoon as possible.\r\n\r\nRelease Date: 2013-01-10\r\nLast Updated: 2013-01-10\r\n\r\nPotential Security Impact: Remote Denial of Service (DoS)\r\n\r\nSource: Hewlett-Packard Company, HP Software Security Response Team\r\n\r\nVULNERABILITY SUMMARY\r\nA potential security vulnerability has been identified in HP Serviceguard.\r\nThis vulnerability could be remotely exploited to create a Denial of Service\r\n(DoS).\r\n\r\nReferences: CVE-2012-3252\r\n\r\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.\r\nHP Serviceguard A.11.19 and A.11.20 running on RedHat 5.0, 6.0 and SLES10 and\r\nSLES11\r\n\r\nBACKGROUND\r\n\r\nCVSS 2.0 Base Metrics\r\n===========================================================\r\n Reference Base Vector Base Score\r\nCVE-2012-3252 (AV:N/AC:L/Au:N/C:N/I:N/A:C) 7.8\r\n===========================================================\r\n Information on CVSS is documented\r\n in HP Customer Notice: HPSN-2008-002\r\n\r\nRESOLUTION\r\n\r\nHP has provided the following patches to resolve these vulnerabilities.\r\nThe patches are available by contacting HP Support.\r\nOperating System Release\r\n Serviceguard Version\r\n Patch ID\r\n\r\nRedHat 5.0 32\r\n HP SG/LX A.11.19.05\r\n SGLX_00330 or subsequent\r\n\r\nRedHat 5.0 64\r\n HP SG/LX A.11.19.05\r\n SGLX_00331 or subsequent\r\n\r\nRedHat 5.0 -x86-64\r\n HP SG/LX A.11.19.05\r\n SGLX_00332 or subsequent\r\n\r\nSLES10 32\r\n HP SG/LX A.11.19.05\r\n SGLX_00333 or subsequent\r\n\r\nSLES10 64\r\n HP SG/LX A.11.19.05\r\n SGLX_00334 or subsequent\r\n\r\nSLES10 -x86-64\r\n HP SG/LX A.11.19.05\r\n SGLX_00335 or subsequent\r\n\r\nSLES11 32\r\n HP SG/LX A.11.19.05\r\n SGLX_00336 or subsequent\r\n\r\nSLES11 64\r\n HP SG/LX A.11.19.05\r\n SGLX_00337 or subsequent\r\n\r\nSLES11 -x86-64\r\n HP SG/LX A.11.19.05\r\n SGLX_00338 or subsequent\r\n\r\nRedHat 5.0 -x86-64\r\n HP SG/LX A.11.20.10\r\n SGLX_00339 or subsequent\r\n\r\nRedHat 6.0 -x86-64\r\n HP SG/LX A.11.20.10\r\n SGLX_00340 or subsequent\r\n\r\nMANUAL ACTIONS: No\r\n\r\nPRODUCT SPECIFIC INFORMATION\r\nNone\r\n\r\nHISTORY\r\nVersion:1 (rev.1) - 10 January 2013 Initial release\r\n\r\nThird Party Security Patches: Third party security patches that are to be\r\ninstalled on systems running HP software products should be applied in\r\naccordance with the customer's patch management policy.\r\n\r\nSupport: For issues about implementing the recommendations of this Security\r\nBulletin, contact normal HP Services support channel. For other issues about\r\nthe content of this Security Bulletin, send e-mail to security-alert@hp.com.\r\n\r\nReport: To report a potential security vulnerability with any HP supported\r\nproduct, send Email to: security-alert@hp.com\r\n\r\nSubscribe: To initiate a subscription to receive future HP Security Bulletin\r\nalerts via Email:\r\nhttp://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins\r\n\r\nSecurity Bulletin List: A list of HP Security Bulletins, updated\r\nperiodically, is contained in HP Security Notice HPSN-2011-001:\r\nhttps://h20566.www2.hp.com/portal/site/hpsc/public/kb/\r\ndocDisplay?docId=emr_na-c02964430\r\n\r\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\r\navailable here:\r\nhttp://h20566.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/\r\n\r\nSoftware Product Category: The Software Product Category is represented in\r\nthe title by the two characters following HPSB.\r\n\r\n3C = 3COM\r\n3P = 3rd Party Software\r\nGN = HP General Software\r\nHF = HP Hardware and Firmware\r\nMP = MPE/iX\r\nMU = Multi-Platform Software\r\nNS = NonStop Servers\r\nOV = OpenVMS\r\nPI = Printing and Imaging\r\nPV = ProCurve\r\nST = Storage Software\r\nTU = Tru64 UNIX\r\nUX = HP-UX\r\n\r\nCopyright 2013 Hewlett-Packard Development Company, L.P.\r\nHewlett-Packard Company shall not be liable for technical or editorial errors\r\nor omissions contained herein. The information provided is provided "as is"\r\nwithout warranty of any kind. To the extent permitted by law, neither HP or\r\nits affiliates, subcontractors or suppliers will be liable for\r\nincidental,special or consequential damages including downtime cost; lost\r\nprofits;damages relating to the procurement of substitute products or\r\nservices; or damages for loss of data, or software restoration. The\r\ninformation in this document is subject to change without notice.\r\nHewlett-Packard Company and the names of Hewlett-Packard products referenced\r\nherein are trademarks of Hewlett-Packard Company in the United States and\r\nother countries. Other product and company names mentioned herein may be\r\ntrademarks of their respective owners.\r\n\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.13 (GNU/Linux)\r\n\r\niEYEARECAAYFAlDveAoACgkQ4B86/C0qfVkUYQCg64Ula3AM5pRcnwe1wz35lHb1\r\n3LYAnj3gC0Z02girbw1PI6AocfBEkpsl\r\n=rrBB\r\n-----END PGP SIGNATURE-----\r\n", "edition": 1, "modified": "2013-01-14T00:00:00", "published": "2013-01-14T00:00:00", "id": "SECURITYVULNS:DOC:28955", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:28955", "title": "[security bulletin] HPSBMU02838 SSRT100789 rev.1 - HP Serviceguard on Linux, Remote Denial of Service (DoS)", "type": "securityvulns", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}], "nessus": [{"lastseen": "2021-08-19T12:57:34", "description": "s700_800 11.31 Serviceguard A.11.20.00 : \n\nA potential security vulnerability has been identified in HP Serviceguard. This vulnerability could be remotely exploited to create a Denial of Service (DoS).", "cvss3": {"score": null, "vector": null}, "published": "2012-08-20T00:00:00", "type": "nessus", "title": "HP-UX PHSS_43094 : s700_800 11.31 Serviceguard A.11.20.00", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-3252"], "modified": "2021-01-11T00:00:00", "cpe": ["cpe:/o:hp:hp-ux"], "id": "HPUX_PHSS_43094.NASL", "href": "https://www.tenable.com/plugins/nessus/61592", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and patch checks in this plugin were \n# extracted from HP patch PHSS_43094. The text itself is\n# copyright (C) Hewlett-Packard Development Company, L.P.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(61592);\n script_version(\"1.21\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2012-3252\");\n script_bugtraq_id(55076);\n script_xref(name:\"HP\", value:\"emr_na-c03457976\");\n\n script_name(english:\"HP-UX PHSS_43094 : s700_800 11.31 Serviceguard A.11.20.00\");\n script_summary(english:\"Checks for the patch in the swlist output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote HP-UX host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"s700_800 11.31 Serviceguard A.11.20.00 : \n\nA potential security vulnerability has been identified in HP\nServiceguard. This vulnerability could be remotely exploited to create\na Denial of Service (DoS).\"\n );\n # http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03457976\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?16631c24\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Install patch PHSS_43094 or subsequent.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:hp:hp-ux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/08/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/07/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/20\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"HP-UX Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/HP-UX/version\", \"Host/HP-UX/swlist\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"hpux.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/HP-UX/version\")) audit(AUDIT_OS_NOT, \"HP-UX\");\nif (!get_kb_item(\"Host/HP-UX/swlist\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nif (!hpux_check_ctx(ctx:\"11.31\"))\n{\n exit(0, \"The host is not affected since PHSS_43094 applies to a different OS release.\");\n}\n\npatches = make_list(\"PHSS_43094\", \"PHSS_43153\", \"PHSS_43495\", \"PHSS_43620\", \"PHSS_43842\", \"PHSS_44086\", \"PHSS_44223\", \"PHSS_44357\", \"PHSS_44469\", \"PHSS_44549\", \"PHSS_44778\", \"PHSS_44821\");\nforeach patch (patches)\n{\n if (hpux_installed(app:patch))\n {\n exit(0, \"The host is not affected because patch \"+patch+\" is installed.\");\n }\n}\n\n\nflag = 0;\nif (hpux_check_patch(app:\"CM-Provider-MOF.CM-MOF\", version:\"B.07.00.00\")) flag++;\nif (hpux_check_patch(app:\"CM-Provider-MOF.CM-PROVIDER\", version:\"B.07.00.00\")) flag++;\nif (hpux_check_patch(app:\"Cluster-Monitor.CM-CORE\", version:\"A.11.20.00\")) flag++;\nif (hpux_check_patch(app:\"Cluster-Monitor.CM-CORE-COM\", version:\"A.11.20.00\")) flag++;\nif (hpux_check_patch(app:\"Cluster-Monitor.CM-CORE-MAN\", version:\"A.11.20.00\")) flag++;\nif (hpux_check_patch(app:\"Cluster-OM.CM-DEN-MOF\", version:\"B.07.00.00\")) flag++;\nif (hpux_check_patch(app:\"Cluster-OM.CM-DEN-PROV\", version:\"B.07.00.00\")) flag++;\nif (hpux_check_patch(app:\"Cluster-OM.CM-OM\", version:\"B.07.00.00\")) flag++;\nif (hpux_check_patch(app:\"Cluster-OM.CM-OM-AUTH\", version:\"B.07.00.00\")) flag++;\nif (hpux_check_patch(app:\"Cluster-OM.CM-OM-AUTH-COM\", version:\"B.07.00.00\")) flag++;\nif (hpux_check_patch(app:\"Cluster-OM.CM-OM-COM\", version:\"B.07.00.00\")) flag++;\nif (hpux_check_patch(app:\"Cluster-OM.CM-OM-MAN\", version:\"B.07.00.00\")) flag++;\nif (hpux_check_patch(app:\"Cluster-OM.CM-OM-TOOLS\", version:\"B.07.00.00\")) flag++;\nif (hpux_check_patch(app:\"Package-CVM-CFS.CM-CVM-CFS\", version:\"A.11.20.00\")) flag++;\nif (hpux_check_patch(app:\"Package-CVM-CFS.CM-CVM-CFS-COM\", version:\"A.11.20.00\")) flag++;\nif (hpux_check_patch(app:\"Package-Manager.CM-PKG\", version:\"A.11.20.00\")) flag++;\nif (hpux_check_patch(app:\"Package-Manager.CM-PKG-COM\", version:\"A.11.20.00\")) flag++;\nif (hpux_check_patch(app:\"Package-Manager.CM-PKG-MAN\", version:\"A.11.20.00\")) flag++;\nif (hpux_check_patch(app:\"SGManagerPI.SGMGRPI\", version:\"B.03.00\")) flag++;\nif (hpux_check_patch(app:\"SGWBEMProviders.SGPROV-CORE\", version:\"A.03.10.00\")) flag++;\nif (hpux_check_patch(app:\"SGWBEMProviders.SGPROV-CORE-COM\", version:\"A.03.10.00\")) flag++;\nif (hpux_check_patch(app:\"SGWBEMProviders.SGPROV-DOC\", version:\"A.03.10.00\")) flag++;\nif (hpux_check_patch(app:\"SGWBEMProviders.SGPROV-MOF\", version:\"A.03.10.00\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:hpux_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-08-19T12:57:44", "description": "s700_800 11.23 Serviceguard A.11.19.00 : \n\nA potential security vulnerability has been identified in HP Serviceguard. This vulnerability could be remotely exploited to create a Denial of Service (DoS).", "cvss3": {"score": null, "vector": null}, "published": "2012-08-20T00:00:00", "type": "nessus", "title": "HP-UX PHSS_42987 : s700_800 11.23 Serviceguard A.11.19.00", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-3252"], "modified": "2021-01-11T00:00:00", "cpe": ["cpe:/o:hp:hp-ux"], "id": "HPUX_PHSS_42987.NASL", "href": "https://www.tenable.com/plugins/nessus/61590", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and patch checks in this plugin were \n# extracted from HP patch PHSS_42987. The text itself is\n# copyright (C) Hewlett-Packard Development Company, L.P.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(61590);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2012-3252\");\n script_bugtraq_id(55076);\n script_xref(name:\"HP\", value:\"emr_na-c03457976\");\n\n script_name(english:\"HP-UX PHSS_42987 : s700_800 11.23 Serviceguard A.11.19.00\");\n script_summary(english:\"Checks for the patch in the swlist output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote HP-UX host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"s700_800 11.23 Serviceguard A.11.19.00 : \n\nA potential security vulnerability has been identified in HP\nServiceguard. This vulnerability could be remotely exploited to create\na Denial of Service (DoS).\"\n );\n # http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03457976\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?16631c24\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Install patch PHSS_42987 or subsequent.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:hp:hp-ux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/07/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/20\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 Tenable Network Security, Inc.\");\n script_family(english:\"HP-UX Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/HP-UX/version\", \"Host/HP-UX/swlist\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"hpux.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/HP-UX/version\")) audit(AUDIT_OS_NOT, \"HP-UX\");\nif (!get_kb_item(\"Host/HP-UX/swlist\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nif (!hpux_check_ctx(ctx:\"11.23\"))\n{\n exit(0, \"The host is not affected since PHSS_42987 applies to a different OS release.\");\n}\n\npatches = make_list(\"PHSS_42987\");\nforeach patch (patches)\n{\n if (hpux_installed(app:patch))\n {\n exit(0, \"The host is not affected because patch \"+patch+\" is installed.\");\n }\n}\n\n\nflag = 0;\nif (hpux_check_patch(app:\"CM-Provider-MOF.CM-MOF\", version:\"B.06.00.00\")) flag++;\nif (hpux_check_patch(app:\"CM-Provider-MOF.CM-PROVIDER\", version:\"B.06.00.00\")) flag++;\nif (hpux_check_patch(app:\"Cluster-Monitor.CM-CORE\", version:\"A.11.19.00\")) flag++;\nif (hpux_check_patch(app:\"Cluster-Monitor.CM-CORE-COM\", version:\"A.11.19.00\")) flag++;\nif (hpux_check_patch(app:\"Cluster-Monitor.CM-CORE-MAN\", version:\"A.11.19.00\")) flag++;\nif (hpux_check_patch(app:\"Cluster-OM.CM-DEN-MOF\", version:\"B.06.00.00\")) flag++;\nif (hpux_check_patch(app:\"Cluster-OM.CM-DEN-PROV\", version:\"B.06.00.00\")) flag++;\nif (hpux_check_patch(app:\"Cluster-OM.CM-OM\", version:\"B.06.00.00\")) flag++;\nif (hpux_check_patch(app:\"Cluster-OM.CM-OM-AUTH\", version:\"B.06.00.00\")) flag++;\nif (hpux_check_patch(app:\"Cluster-OM.CM-OM-AUTH-COM\", version:\"B.06.00.00\")) flag++;\nif (hpux_check_patch(app:\"Cluster-OM.CM-OM-COM\", version:\"B.06.00.00\")) flag++;\nif (hpux_check_patch(app:\"Cluster-OM.CM-OM-TOOLS\", version:\"B.06.00.00\")) flag++;\nif (hpux_check_patch(app:\"Package-CVM-CFS.CM-CVM-CFS\", version:\"A.11.19.00\")) flag++;\nif (hpux_check_patch(app:\"Package-CVM-CFS.CM-CVM-CFS-COM\", version:\"A.11.19.00\")) flag++;\nif (hpux_check_patch(app:\"Package-Manager.CM-PKG\", version:\"A.11.19.00\")) flag++;\nif (hpux_check_patch(app:\"Package-Manager.CM-PKG-COM\", version:\"A.11.19.00\")) flag++;\nif (hpux_check_patch(app:\"Package-Manager.CM-PKG-MAN\", version:\"A.11.19.00\")) flag++;\nif (hpux_check_patch(app:\"SGManagerPI.SGMGRPI\", version:\"B.02.00\")) flag++;\nif (hpux_check_patch(app:\"SGWBEMProviders.SGPROV-CORE\", version:\"A.03.00.00\")) flag++;\nif (hpux_check_patch(app:\"SGWBEMProviders.SGPROV-MOF\", version:\"A.03.00.00\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:hpux_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "cve": [{"lastseen": "2022-03-23T12:33:31", "description": "Unspecified vulnerability in HP Serviceguard A.11.19 and A.11.20 allows remote attackers to cause a denial of service via unknown vectors.", "cvss3": {}, "published": "2012-08-20T22:55:00", "type": "cve", "title": "CVE-2012-3252", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-3252"], "modified": "2013-02-02T05:05:00", "cpe": ["cpe:/a:hp:serviceguard:a.11.20", "cpe:/a:hp:serviceguard:a.11.19"], "id": "CVE-2012-3252", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-3252", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}, "cpe23": ["cpe:2.3:a:hp:serviceguard:a.11.20:*:*:*:*:*:*:*", "cpe:2.3:a:hp:serviceguard:a.11.19:*:*:*:*:*:*:*"]}]}
HP-UX PHSS_42988 : s700_800 11.31 Serviceguard A.11.19.00
