Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
openvasCopyright (C) 2011 Greenbone AGOPENVAS:1361412562310835251
HistoryMay 05, 2011 - 12:00 a.m.

HP-UX Update for OpenSSL HPSBUX02638

2011-05-0500:00:00
Copyright (C) 2011 Greenbone AG
plugins.openvas.org
13

7.9 High

AI Score

Confidence

High

7.6 High

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:H/Au:N/C:C/I:C/A:C

0.335 Low

EPSS

Percentile

97.0%

JSON

The remote host is missing an update for the OpenSSL package(s) announced via the referenced advisory.

# SPDX-FileCopyrightText: 2011 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only

if(description)
{
  script_xref(name:"URL", value:"http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02737002");
  script_oid("1.3.6.1.4.1.25623.1.0.835251");
  script_version("2023-07-14T16:09:26+0000");
  script_tag(name:"last_modification", value:"2023-07-14 16:09:26 +0000 (Fri, 14 Jul 2023)");
  script_tag(name:"creation_date", value:"2011-05-05 07:14:22 +0200 (Thu, 05 May 2011)");
  script_tag(name:"cvss_base", value:"7.6");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:H/Au:N/C:C/I:C/A:C");
  script_xref(name:"HPSBUX", value:"02638");
  script_cve_id("CVE-2010-3864", "CVE-2010-4180", "CVE-2010-4252");
  script_name("HP-UX Update for OpenSSL HPSBUX02638");
  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (C) 2011 Greenbone AG");
  script_family("HP-UX Local Security Checks");
  script_dependencies("gather-package-list.nasl");
  script_mandatory_keys("ssh/login/hp_hp-ux", "ssh/login/hp_pkgrev", re:"ssh/login/release=HPUX(11\.31|11\.23|11\.11)");

  script_tag(name:"summary", value:"The remote host is missing an update for the OpenSSL package(s) announced via the referenced advisory.");

  script_tag(name:"impact", value:"Remote execution of arbitrary code Denial of Service (DoS) authentication bypass");

  script_tag(name:"affected", value:"OpenSSL on HP-UX B.11.11, B.11.23, B.11.31 running OpenSSL before vA.00.09.08q.");

  script_tag(name:"insight", value:"A potential security vulnerability has been identified with HP-UX OpenSSL.
  This vulnerability could be exploited remotely to execute arbitrary code or create a Denial of Service (DoS) or an authentication bypass.");

  script_tag(name:"solution", value:"Please install the updated package(s).");

  script_tag(name:"vuldetect", value:"Checks if a vulnerable package version is present on the target host.");

  script_tag(name:"solution_type", value:"VendorFix");
  script_tag(name:"qod_type", value:"package");

  exit(0);
}

include("revisions-lib.inc");
include("pkg-lib-hpux.inc");

release = hpux_get_ssh_release();
if(!release) exit(0);

res = "";

if(release == "HPUX11.31")
{

  if ((res = ishpuxpkgvuln(pkg:"openssl.OPENSSL-CER", revision:"A.00.09.08q.003", rls:"HPUX11.31")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = ishpuxpkgvuln(pkg:"openssl.OPENSSL-CONF", revision:"A.00.09.08q.003", rls:"HPUX11.31")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = ishpuxpkgvuln(pkg:"openssl.OPENSSL-DOC", revision:"A.00.09.08q.003", rls:"HPUX11.31")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = ishpuxpkgvuln(pkg:"openssl.OPENSSL-INC", revision:"A.00.09.08q.003", rls:"HPUX11.31")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = ishpuxpkgvuln(pkg:"openssl.OPENSSL-LIB", revision:"A.00.09.08q.003", rls:"HPUX11.31")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = ishpuxpkgvuln(pkg:"openssl.OPENSSL-MAN", revision:"A.00.09.08q.003", rls:"HPUX11.31")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = ishpuxpkgvuln(pkg:"openssl.OPENSSL-MIS", revision:"A.00.09.08q.003", rls:"HPUX11.31")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = ishpuxpkgvuln(pkg:"openssl.OPENSSL-PRNG", revision:"A.00.09.08q.003", rls:"HPUX11.31")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = ishpuxpkgvuln(pkg:"openssl.OPENSSL-PVT", revision:"A.00.09.08q.003", rls:"HPUX11.31")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = ishpuxpkgvuln(pkg:"openssl.OPENSSL-RUN", revision:"A.00.09.08q.003", rls:"HPUX11.31")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = ishpuxpkgvuln(pkg:"openssl.OPENSSL-SRC", revision:"A.00.09.08q.003", rls:"HPUX11.31")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if (__pkg_match) exit(99);
  exit(0);
}


if(release == "HPUX11.23")
{

  if ((res = ishpuxpkgvuln(pkg:"openssl.OPENSSL-CER", revision:"A.00.09.08q.002", rls:"HPUX11.23")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = ishpuxpkgvuln(pkg:"openssl.OPENSSL-CONF", revision:"A.00.09.08q.002", rls:"HPUX11.23")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = ishpuxpkgvuln(pkg:"openssl.OPENSSL-DOC", revision:"A.00.09.08q.002", rls:"HPUX11.23")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = ishpuxpkgvuln(pkg:"openssl.OPENSSL-INC", revision:"A.00.09.08q.002", rls:"HPUX11.23")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = ishpuxpkgvuln(pkg:"openssl.OPENSSL-LIB", revision:"A.00.09.08q.002", rls:"HPUX11.23")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = ishpuxpkgvuln(pkg:"openssl.OPENSSL-MAN", revision:"A.00.09.08q.002", rls:"HPUX11.23")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = ishpuxpkgvuln(pkg:"openssl.OPENSSL-MIS", revision:"A.00.09.08q.002", rls:"HPUX11.23")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = ishpuxpkgvuln(pkg:"openssl.OPENSSL-PRNG", revision:"A.00.09.08q.002", rls:"HPUX11.23")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = ishpuxpkgvuln(pkg:"openssl.OPENSSL-PVT", revision:"A.00.09.08q.002", rls:"HPUX11.23")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = ishpuxpkgvuln(pkg:"openssl.OPENSSL-RUN", revision:"A.00.09.08q.002", rls:"HPUX11.23")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = ishpuxpkgvuln(pkg:"openssl.OPENSSL-SRC", revision:"A.00.09.08q.002", rls:"HPUX11.23")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if (__pkg_match) exit(99);
  exit(0);
}


if(release == "HPUX11.11")
{

  if ((res = ishpuxpkgvuln(pkg:"openssl.OPENSSL-CER", revision:"A.00.09.08q.001", rls:"HPUX11.11")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = ishpuxpkgvuln(pkg:"openssl.OPENSSL-CONF", revision:"A.00.09.08q.001", rls:"HPUX11.11")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = ishpuxpkgvuln(pkg:"openssl.OPENSSL-DOC", revision:"A.00.09.08q.001", rls:"HPUX11.11")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = ishpuxpkgvuln(pkg:"openssl.OPENSSL-INC", revision:"A.00.09.08q.001", rls:"HPUX11.11")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = ishpuxpkgvuln(pkg:"openssl.OPENSSL-LIB", revision:"A.00.09.08q.001", rls:"HPUX11.11")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = ishpuxpkgvuln(pkg:"openssl.OPENSSL-MAN", revision:"A.00.09.08q.001", rls:"HPUX11.11")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = ishpuxpkgvuln(pkg:"openssl.OPENSSL-MIS", revision:"A.00.09.08q.001", rls:"HPUX11.11")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = ishpuxpkgvuln(pkg:"openssl.OPENSSL-PRNG", revision:"A.00.09.08q.001", rls:"HPUX11.11")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = ishpuxpkgvuln(pkg:"openssl.OPENSSL-PVT", revision:"A.00.09.08q.001", rls:"HPUX11.11")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = ishpuxpkgvuln(pkg:"openssl.OPENSSL-RUN", revision:"A.00.09.08q.001", rls:"HPUX11.11")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = ishpuxpkgvuln(pkg:"openssl.OPENSSL-SRC", revision:"A.00.09.08q.001", rls:"HPUX11.11")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if (__pkg_match) exit(99);
  exit(0);
}

Related

openvas 56
nessus 56
slackware 2
oraclelinux 4
fedora 8
securityvulns 6
openssl 3
cve 5
debiancve 5
ubuntucve 5
f5 8
prion 5
veracode 1
ubuntu 2
redhat 4
osv 3
freebsd 1
altlinux 9
debian 4
attackerkb 1
centos 2
freebsd_advisory 1
gentoo 1
cert 1
ibm 4
suse 2
openvas
openvas
HP-UX Update for OpenSSL HPSBUX02638
2011-05-05 00:00:00
Slackware: Security Advisory (SSA:2010-340-01)
2012-09-10 00:00:00
Slackware Advisory SSA:2010-340-01 openssl
2012-09-11 00:00:00
nessus
nessus
OpenSSL < 0.9.8q / 1.0.0c Multiple Vulnerabilities
2010-12-07 00:00:00
Slackware 11.0 / 12.0 / 12.1 / 12.2 / 13.0 / 13.1 / current : openssl (SSA:2010-340-01)
2010-12-08 00:00:00
Oracle Linux 6 : openssl (ELSA-2010-0979)
2013-07-12 00:00:00
slackware
slackware
[slackware-security] openssl
2010-12-07 07:14:58
[slackware-security] openssl
2010-11-22 07:07:48
oraclelinux
oraclelinux
openssl security update
2011-02-10 00:00:00
openssl security, bug fix, and enhancement update
2011-05-28 00:00:00
openssl security update
2010-12-13 00:00:00
fedora
fedora
[SECURITY] Fedora 14 Update: openssl-1.0.0c-1.fc14
2010-12-10 20:26:33
[SECURITY] Fedora 14 Update: openssl-1.0.0d-1.fc14
2011-02-14 20:28:21
[SECURITY] Fedora 14 Update: openssl-1.0.0e-1.fc14
2011-09-10 23:55:13
securityvulns
securityvulns
OpenSSL protection level downgrade
2010-12-09 00:00:00
[security bulletin] HPSBMA02658 SSRT100413 rev.1 - Insight Control for Linux &#40;IC-Linux&#41;, Remote Unauthorized Elevation of Privilege, Execution of Arbitrary Code, Encryption Downgrade, Information Disclosure, Denial of Service &#40;DoS&#41;
2011-04-26 00:00:00
HP Insight Control multiple security vulnerabilities
2011-04-26 00:00:00
openssl
openssl
Vulnerability in OpenSSL CVE-2010-4252
2010-12-02 00:00:00
Vulnerability in OpenSSL CVE-2010-4180
2010-12-02 00:00:00
Vulnerability in OpenSSL CVE-2010-3864
2010-11-16 00:00:00
cve
cve
CVE-2010-4252
2010-12-06 21:05:00
CVE-2010-3864
2010-11-17 16:00:00
CVE-2010-4180
2010-12-06 21:05:00
debiancve
debiancve
CVE-2010-4252
2010-12-06 21:05:00
CVE-2010-4180
2010-12-06 21:05:00
CVE-2010-3864
2010-11-17 16:00:00
ubuntucve
ubuntucve
CVE-2010-4252
2010-12-06 00:00:00
CVE-2010-3864
2010-11-17 00:00:00
CVE-2010-4180
2010-12-06 00:00:00
f5
f5
K17382 : OpenSSL vulnerability CVE-2010-4252
2015-10-09 00:00:00
SOL17382 - OpenSSL vulnerability CVE-2010-4252
2015-10-09 00:00:00
SOL12566 - OpenSSL vulnerability CVE-2010-3864
2011-01-27 00:00:00
prion
prion
Design/Logic Flaw
2010-12-06 21:05:00
Session fixation
2010-12-06 21:05:00
Race condition
2010-11-17 16:00:00
veracode
veracode
Insecure TLS Configuration
2020-04-10 00:56:26
ubuntu
ubuntu
OpenSSL vulnerability
2010-11-18 00:00:00
OpenSSL vulnerabilities
2010-12-08 00:00:00
redhat
redhat
(RHSA-2010:0888) Important: openssl security update
2010-11-16 00:00:00
(RHSA-2010:0979) Moderate: openssl security update
2010-12-13 00:00:00
(RHSA-2010:0978) Moderate: openssl security update
2010-12-13 00:00:00
osv
osv
openssl - buffer overflow
2010-11-22 00:00:00
openssl - protocol design flaw
2011-01-06 00:00:00
nss - protocol design flaw
2011-01-06 00:00:00
freebsd
freebsd
openssl -- TLS extension parsing race condition
2010-10-08 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 9 package openssl10 version 1.0.0c-alt1
2011-02-01 00:00:00
Security fix for the ALT Linux 8 package openssl10 version 1.0.0c-alt1
2011-02-01 00:00:00
Security fix for the ALT Linux 7 package openssl10 version 1.0.0c-alt1
2011-02-01 00:00:00
debian
debian
[SECURITY] [DSA-2125-1] New openssl packages fix buffer overflow
2010-11-22 20:17:04
[SECURITY] [DSA-2125-1] New openssl packages fix buffer overflow
2010-11-22 20:17:04
[SECURITY] [DSA-2141-1] New openssl packages fix protocol design flaw
2011-01-05 23:18:09
attackerkb
attackerkb
CVE-2010-4478
2010-12-06 00:00:00
centos
centos
openssl security update
2010-12-14 01:19:08
openssl security update
2011-01-27 09:11:13
freebsd_advisory
freebsd_advisory
FreeBSD-SA-10:10.openssl
2010-11-29 00:00:00
gentoo
gentoo
OpenSSL: Multiple vulnerabilities
2011-10-09 00:00:00
cert
cert
Fiery Network Controllers for Xerox DocuColor 242/252/260 Printer/Copier use a vulnerable version of OpenSSL
2013-03-18 00:00:00
ibm
ibm
Security Bulletin: IBM Smart Analytics System 7600, 7700, and 7710 are affected by vulnerabilities in OpenSSL
2022-09-25 20:45:36
Security Bulletin: Tivoli Management Framework affected by vulnerabilities in OpenSSL versions prior to 1.0.0
2022-09-25 23:13:40
Security Bulletin: Storage HMC OpenSSL upgrade to address cryptographic vulnerabilities.
2018-06-18 00:07:41
suse
suse
compat-openssl097g (important)
2011-07-27 16:08:25
Security update for compat-openssl097g (important)
2011-07-27 17:08:16

7.9 High

AI Score

Confidence

High

7.6 High

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:H/Au:N/C:C/I:C/A:C

0.335 Low

EPSS

Percentile

97.0%

JSON
Related for OPENVAS:1361412562310835251
openvas56nessus56slackware2oraclelinux4fedora8securityvulns6openssl3cve5debiancve5ubuntucve5f58prion5veracode1ubuntu2redhat4osv3freebsd1altlinux9debian4attackerkb1centos2freebsd_advisory1gentoo1cert1ibm4suse2