Vulnerabilities > CVE-2004-0368 - Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

CVSS 10.0 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

network

low complexity

critical

nessus

NVD

Published: 2004-05-04

Updated: 2017-10-11

Summary

Double free vulnerability in dtlogin in CDE on Solaris, HP-UX, and other operating systems allows remote attackers to execute arbitrary code via a crafted XDMCP packet.

Vulnerable Configurations

Part	Description	Count
Application	Open_Group Open Group CDE Common Desktop Environment 1.0.1 Open Group CDE Common Desktop Environment 1.0.2 Open Group CDE Common Desktop Environment 1.1 Open Group CDE Common Desktop Environment 1.2 Open Group CDE Common Desktop Environment 2.0 Open Group CDE Common Desktop Environment 2.1 Open Group CDE Common Desktop Environment 2.1.20	7
Application	Xi_Graphics XI Graphics Dextop 2.1 XI Graphics Dextop 3.0	2
OS	Ibm IBM AIX 4.3.3 IBM AIX 5.1 IBM AIX 5.2	3

Common Weakness Enumeration (CWE)

CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Common Attack Pattern Enumeration and Classification (CAPEC)

Buffer Overflow via Environment Variables
This attack pattern involves causing a buffer overflow through manipulation of environment variables. Once the attacker finds that they can modify an environment variable, they may try to overflow associated buffers. This attack leverages implicit trust often placed in environment variables.
Overflow Buffers
Buffer Overflow attacks target improper or missing bounds checking on buffer operations, typically triggered by input injected by an attacker. As a consequence, an attacker is able to write past the boundaries of allocated buffer regions in memory, causing a program crash or potentially redirection of execution as per the attackers' choice.
Client-side Injection-induced Buffer Overflow
This type of attack exploits a buffer overflow vulnerability in targeted client software through injection of malicious content from a custom-built hostile service.
Filter Failure through Buffer Overflow
In this attack, the idea is to cause an active filter to fail by causing an oversized transaction. An attacker may try to feed overly long input strings to the program in an attempt to overwhelm the filter (by causing a buffer overflow) and hoping that the filter does not fail securely (i.e. the user input is let into the system unfiltered).
MIME Conversion
An attacker exploits a weakness in the MIME conversion routine to cause a buffer overflow and gain control over the mail server machine. The MIME system is designed to allow various different information formats to be interpreted and sent via e-mail. Attack points exist when data are converted to MIME compatible format and back.

Nessus

NASL family	HP-UX Local Security Checks
NASL id	HPUX_PHSS_30668.NASL
description	s700_800 11.00 CDE Runtime Patch : A potential security vulnerability has been identified with HP-UX running CDE dtlogin software, where the potential vulnerability may be exploited locally or remotely to allow unauthorized privileged access or a Denial of Service (DoS).
last seen	2020-06-01
modified	2020-06-02
plugin id	17069
published	2005-02-16
reporter	This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/17069
title	HP-UX PHSS_30668 : HP-UX running CDE dtlogin, Remote Unauthorized Privileged Access, Denial of Service (DoS) (HPSBUX01038 SSRT4721 rev.2)
code	# # (C) Tenable Network Security, Inc. # # The descriptive text and patch checks in this plugin were # extracted from HP patch PHSS_30668. The text itself is # copyright (C) Hewlett-Packard Development Company, L.P. # include("compat.inc"); if (description) { script_id(17069); script_version("1.13"); script_cvs_date("Date: 2019/07/10 16:04:14"); script_cve_id("CVE-2004-0368"); script_xref(name:"HP", value:"emr_na-c00957752"); script_xref(name:"HP", value:"HPSBUX01038"); script_xref(name:"HP", value:"SSRT4721"); script_name(english:"HP-UX PHSS_30668 : HP-UX running CDE dtlogin, Remote Unauthorized Privileged Access, Denial of Service (DoS) (HPSBUX01038 SSRT4721 rev.2)"); script_summary(english:"Checks for the patch in the swlist output"); script_set_attribute( attribute:"synopsis", value:"The remote HP-UX host is missing a security-related patch." ); script_set_attribute( attribute:"description", value: "s700_800 11.00 CDE Runtime Patch : A potential security vulnerability has been identified with HP-UX running CDE dtlogin software, where the potential vulnerability may be exploited locally or remotely to allow unauthorized privileged access or a Denial of Service (DoS)." ); # http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00957752 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?20f68107" ); script_set_attribute( attribute:"solution", value:"Install patch PHSS_30668 or subsequent." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_cwe_id(119); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:hp:hp-ux"); script_set_attribute(attribute:"vuln_publication_date", value:"2004/05/04"); script_set_attribute(attribute:"patch_publication_date", value:"2007/04/12"); script_set_attribute(attribute:"plugin_publication_date", value:"2005/02/16"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"HP-UX Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/HP-UX/version", "Host/HP-UX/swlist"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("hpux.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/HP-UX/version")) audit(AUDIT_OS_NOT, "HP-UX"); if (!get_kb_item("Host/HP-UX/swlist")) audit(AUDIT_PACKAGE_LIST_MISSING); if (!hpux_check_ctx(ctx:"11.00")) { exit(0, "The host is not affected since PHSS_30668 applies to a different OS release."); } patches = make_list("PHSS_30668", "PHSS_32107", "PHSS_32539", "PHSS_35433"); foreach patch (patches) { if (hpux_installed(app:patch)) { exit(0, "The host is not affected because patch "+patch+" is installed."); } } flag = 0; if (hpux_check_patch(app:"CDE.CDE-DTTERM", version:"B.11.00")) flag++; if (hpux_check_patch(app:"CDE.CDE-ENG-A-HELP", version:"B.11.00")) flag++; if (hpux_check_patch(app:"CDE.CDE-ENG-A-MAN", version:"B.11.00")) flag++; if (hpux_check_patch(app:"CDE.CDE-ENG-A-MSG", version:"B.11.00")) flag++; if (hpux_check_patch(app:"CDE.CDE-FONTS", version:"B.11.00")) flag++; if (hpux_check_patch(app:"CDE.CDE-HELP-RUN", version:"B.11.00")) flag++; if (hpux_check_patch(app:"CDE.CDE-MIN", version:"B.11.00")) flag++; if (hpux_check_patch(app:"CDE.CDE-RUN", version:"B.11.00")) flag++; if (hpux_check_patch(app:"CDE.CDE-SHLIBS", version:"B.11.00")) flag++; if (hpux_check_patch(app:"CDE.CDE-TT", version:"B.11.00")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:hpux_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");

NASL family	Solaris Local Security Checks
NASL id	SOLARIS8_X86_108920.NASL
description	CDE 1.4_x86: dtlogin patch. Date this patch was last updated by Sun : May/26/06
last seen	2020-06-01
modified	2020-06-02
plugin id	13412
published	2004-07-12
reporter	This script is Copyright (C) 2004-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/13412
title	Solaris 8 (x86) : 108920-30
code	#%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text in this plugin was # extracted from the Oracle SunOS Patch Updates. # include("compat.inc"); if (description) { script_id(13412); script_version("1.30"); script_cvs_date("Date: 2019/10/25 13:36:23"); script_cve_id("CVE-2004-0368"); script_name(english:"Solaris 8 (x86) : 108920-30"); script_summary(english:"Check for patch 108920-30"); script_set_attribute( attribute:"synopsis", value:"The remote host is missing Sun Security Patch number 108920-30" ); script_set_attribute( attribute:"description", value: "CDE 1.4_x86: dtlogin patch. Date this patch was last updated by Sun : May/26/06" ); script_set_attribute( attribute:"see_also", value:"https://getupdates.oracle.com/readme/108920-30" ); script_set_attribute( attribute:"solution", value:"You should install this patch for your system to be up-to-date." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_cwe_id(119); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:sun:solaris"); script_set_attribute(attribute:"patch_publication_date", value:"2006/05/26"); script_set_attribute(attribute:"plugin_publication_date", value:"2004/07/12"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2004-2019 Tenable Network Security, Inc."); script_family(english:"Solaris Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Solaris/showrev"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("solaris.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (solaris_check_patch(release:"5.8_x86", arch:"i386", patch:"108920-30", obsoleted_by:"", package:"SUNWdtdte", version:"1.4,REV=10.1999.12.07") < 0) flag++; if (solaris_check_patch(release:"5.8_x86", arch:"i386", patch:"108920-30", obsoleted_by:"", package:"SUNWdtbas", version:"1.4,REV=10.1999.12.02") < 0) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:solaris_get_report()); else security_hole(0); exit(0); } audit(AUDIT_HOST_NOT, "affected");

NASL family	HP-UX Local Security Checks
NASL id	HPUX_PHSS_30807.NASL
description	s700_800 11.04 (VVOS) CDE Runtime Patch : A potential security vulnerability has been identified with HP-UX running CDE dtlogin software, where the potential vulnerability may be exploited locally or remotely to allow unauthorized privileged access or a Denial of Service (DoS).
last seen	2020-06-01
modified	2020-06-02
plugin id	17021
published	2005-02-16
reporter	This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/17021
title	HP-UX PHSS_30807 : HP-UX running CDE dtlogin, Remote Unauthorized Privileged Access, Denial of Service (DoS) (HPSBUX01038 SSRT4721 rev.2)
code	# # (C) Tenable Network Security, Inc. # # The descriptive text and patch checks in this plugin were # extracted from HP patch PHSS_30807. The text itself is # copyright (C) Hewlett-Packard Development Company, L.P. # include("compat.inc"); if (description) { script_id(17021); script_version("1.12"); script_cvs_date("Date: 2019/07/10 16:04:14"); script_cve_id("CVE-2004-0368"); script_xref(name:"HP", value:"emr_na-c00957752"); script_xref(name:"HP", value:"HPSBUX01038"); script_xref(name:"HP", value:"SSRT4721"); script_name(english:"HP-UX PHSS_30807 : HP-UX running CDE dtlogin, Remote Unauthorized Privileged Access, Denial of Service (DoS) (HPSBUX01038 SSRT4721 rev.2)"); script_summary(english:"Checks for the patch in the swlist output"); script_set_attribute( attribute:"synopsis", value:"The remote HP-UX host is missing a security-related patch." ); script_set_attribute( attribute:"description", value: "s700_800 11.04 (VVOS) CDE Runtime Patch : A potential security vulnerability has been identified with HP-UX running CDE dtlogin software, where the potential vulnerability may be exploited locally or remotely to allow unauthorized privileged access or a Denial of Service (DoS)." ); # http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00957752 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?20f68107" ); script_set_attribute( attribute:"solution", value:"Install patch PHSS_30807 or subsequent." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_cwe_id(119); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:hp:hp-ux"); script_set_attribute(attribute:"vuln_publication_date", value:"2004/05/04"); script_set_attribute(attribute:"patch_publication_date", value:"2007/04/12"); script_set_attribute(attribute:"plugin_publication_date", value:"2005/02/16"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"HP-UX Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/HP-UX/version", "Host/HP-UX/swlist"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("hpux.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/HP-UX/version")) audit(AUDIT_OS_NOT, "HP-UX"); if (!get_kb_item("Host/HP-UX/swlist")) audit(AUDIT_PACKAGE_LIST_MISSING); if (!hpux_check_ctx(ctx:"11.04")) { exit(0, "The host is not affected since PHSS_30807 applies to a different OS release."); } patches = make_list("PHSS_30807"); foreach patch (patches) { if (hpux_installed(app:patch)) { exit(0, "The host is not affected because patch "+patch+" is installed."); } } flag = 0; if (hpux_check_patch(app:"CDE.CDE-DTTERM", version:"B.11.04")) flag++; if (hpux_check_patch(app:"CDE.CDE-ENG-A-HELP", version:"B.11.04")) flag++; if (hpux_check_patch(app:"CDE.CDE-ENG-A-MAN", version:"B.11.04")) flag++; if (hpux_check_patch(app:"CDE.CDE-ENG-A-MSG", version:"B.11.04")) flag++; if (hpux_check_patch(app:"CDE.CDE-FONTS", version:"B.11.04")) flag++; if (hpux_check_patch(app:"CDE.CDE-HELP-RUN", version:"B.11.04")) flag++; if (hpux_check_patch(app:"CDE.CDE-MIN", version:"B.11.04")) flag++; if (hpux_check_patch(app:"CDE.CDE-RUN", version:"B.11.04")) flag++; if (hpux_check_patch(app:"CDE.CDE-SHLIBS", version:"B.11.04")) flag++; if (hpux_check_patch(app:"CDE.CDE-TT", version:"B.11.04")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:hpux_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");

NASL family	Solaris Local Security Checks
NASL id	SOLARIS8_108919.NASL
description	CDE 1.4: dtlogin patch. Date this patch was last updated by Sun : May/04/06
last seen	2020-06-01
modified	2020-06-02
plugin id	13301
published	2004-07-12
reporter	This script is Copyright (C) 2004-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/13301
title	Solaris 8 (sparc) : 108919-30
code	#%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text in this plugin was # extracted from the Oracle SunOS Patch Updates. # include("compat.inc"); if (description) { script_id(13301); script_version("1.32"); script_cvs_date("Date: 2019/10/25 13:36:23"); script_cve_id("CVE-2004-0368"); script_name(english:"Solaris 8 (sparc) : 108919-30"); script_summary(english:"Check for patch 108919-30"); script_set_attribute( attribute:"synopsis", value:"The remote host is missing Sun Security Patch number 108919-30" ); script_set_attribute( attribute:"description", value: "CDE 1.4: dtlogin patch. Date this patch was last updated by Sun : May/04/06" ); script_set_attribute( attribute:"see_also", value:"https://getupdates.oracle.com/readme/108919-30" ); script_set_attribute( attribute:"solution", value:"You should install this patch for your system to be up-to-date." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_cwe_id(119); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:sun:solaris"); script_set_attribute(attribute:"patch_publication_date", value:"2006/05/04"); script_set_attribute(attribute:"plugin_publication_date", value:"2004/07/12"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2004-2019 Tenable Network Security, Inc."); script_family(english:"Solaris Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Solaris/showrev"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("solaris.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (solaris_check_patch(release:"5.8", arch:"sparc", patch:"108919-30", obsoleted_by:"", package:"SUNWdtdte", version:"1.4,REV=10.1999.12.07") < 0) flag++; if (solaris_check_patch(release:"5.8", arch:"sparc", patch:"108919-30", obsoleted_by:"", package:"SUNWdtbas", version:"1.4,REV=10.1999.12.02") < 0) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:solaris_get_report()); else security_hole(0); exit(0); } audit(AUDIT_HOST_NOT, "affected");

NASL family	HP-UX Local Security Checks
NASL id	HPUX_PHSS_30669.NASL
description	s700_800 11.11 CDE Applications Patch : A potential security vulnerability has been identified with HP-UX running CDE dtlogin software, where the potential vulnerability may be exploited locally or remotely to allow unauthorized privileged access or a Denial of Service (DoS).
last seen	2020-06-01
modified	2020-06-02
plugin id	17068
published	2005-02-16
reporter	This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/17068
title	HP-UX PHSS_30669 : HP-UX running CDE dtlogin, Remote Unauthorized Privileged Access, Denial of Service (DoS) (HPSBUX01038 SSRT4721 rev.2)
code	# # (C) Tenable Network Security, Inc. # # The descriptive text and patch checks in this plugin were # extracted from HP patch PHSS_30669. The text itself is # copyright (C) Hewlett-Packard Development Company, L.P. # include("compat.inc"); if (description) { script_id(17068); script_version("1.13"); script_cvs_date("Date: 2019/07/10 16:04:14"); script_cve_id("CVE-2004-0368"); script_xref(name:"HP", value:"emr_na-c00957752"); script_xref(name:"HP", value:"HPSBUX01038"); script_xref(name:"HP", value:"SSRT4721"); script_name(english:"HP-UX PHSS_30669 : HP-UX running CDE dtlogin, Remote Unauthorized Privileged Access, Denial of Service (DoS) (HPSBUX01038 SSRT4721 rev.2)"); script_summary(english:"Checks for the patch in the swlist output"); script_set_attribute( attribute:"synopsis", value:"The remote HP-UX host is missing a security-related patch." ); script_set_attribute( attribute:"description", value: "s700_800 11.11 CDE Applications Patch : A potential security vulnerability has been identified with HP-UX running CDE dtlogin software, where the potential vulnerability may be exploited locally or remotely to allow unauthorized privileged access or a Denial of Service (DoS)." ); # http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00957752 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?20f68107" ); script_set_attribute( attribute:"solution", value:"Install patch PHSS_30669 or subsequent." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_cwe_id(119); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:hp:hp-ux"); script_set_attribute(attribute:"vuln_publication_date", value:"2004/05/04"); script_set_attribute(attribute:"patch_publication_date", value:"2007/04/12"); script_set_attribute(attribute:"plugin_publication_date", value:"2005/02/16"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"HP-UX Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/HP-UX/version", "Host/HP-UX/swlist"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("hpux.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/HP-UX/version")) audit(AUDIT_OS_NOT, "HP-UX"); if (!get_kb_item("Host/HP-UX/swlist")) audit(AUDIT_PACKAGE_LIST_MISSING); if (!hpux_check_ctx(ctx:"11.11")) { exit(0, "The host is not affected since PHSS_30669 applies to a different OS release."); } patches = make_list("PHSS_30669", "PHSS_30789", "PHSS_32111", "PHSS_32540", "PHSS_33326", "PHSS_34101", "PHSS_35434", "PHSS_36407"); foreach patch (patches) { if (hpux_installed(app:patch)) { exit(0, "The host is not affected because patch "+patch+" is installed."); } } flag = 0; if (hpux_check_patch(app:"CDE.CDE-ENG-A-HELP", version:"B.11.11")) flag++; if (hpux_check_patch(app:"CDE.CDE-ENG-A-MAN", version:"B.11.11")) flag++; if (hpux_check_patch(app:"CDE.CDE-FONTS", version:"B.11.11")) flag++; if (hpux_check_patch(app:"CDE.CDE-FRE-I-HELP", version:"B.11.11")) flag++; if (hpux_check_patch(app:"CDE.CDE-GER-I-HELP", version:"B.11.11")) flag++; if (hpux_check_patch(app:"CDE.CDE-HELP-RUN", version:"B.11.11")) flag++; if (hpux_check_patch(app:"CDE.CDE-ITA-I-HELP", version:"B.11.11")) flag++; if (hpux_check_patch(app:"CDE.CDE-JPN-E-HELP", version:"B.11.11")) flag++; if (hpux_check_patch(app:"CDE.CDE-JPN-S-HELP", version:"B.11.11")) flag++; if (hpux_check_patch(app:"CDE.CDE-KOR-E-HELP", version:"B.11.11")) flag++; if (hpux_check_patch(app:"CDE.CDE-LANGS", version:"B.11.11")) flag++; if (hpux_check_patch(app:"CDE.CDE-RUN", version:"B.11.11")) flag++; if (hpux_check_patch(app:"CDE.CDE-SCH-H-HELP", version:"B.11.11")) flag++; if (hpux_check_patch(app:"CDE.CDE-SPA-I-HELP", version:"B.11.11")) flag++; if (hpux_check_patch(app:"CDE.CDE-SWE-I-HELP", version:"B.11.11")) flag++; if (hpux_check_patch(app:"CDE.CDE-TCH-B-HELP", version:"B.11.11")) flag++; if (hpux_check_patch(app:"CDE.CDE-TCH-E-HELP", version:"B.11.11")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:hpux_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");

NASL family	Solaris Local Security Checks
NASL id	SOLARIS7_107180.NASL
description	CDE 1.3: dtlogin patch. Date this patch was last updated by Sun : Jul/28/04
last seen	2016-09-26
modified	2011-10-24
plugin id	13103
published	2004-07-12
reporter	Tenable
source	https://www.tenable.com/plugins/index.php?view=single&id=13103
title	Solaris 7 (sparc) : 107180-31
code	#%NASL_MIN_LEVEL 999999 # @DEPRECATED@ # # This script has been deprecated as the associated patch is not # currently a recommended security fix. # # Disabled on 2011/10/24. # # # (C) Tenable Network Security, Inc. # # if ( ! defined_func("bn_random") ) exit(0); include("compat.inc"); if(description) { script_id(13103); script_version("1.21"); script_name(english: "Solaris 7 (sparc) : 107180-31"); script_cve_id("CVE-2004-0368"); script_set_attribute(attribute: "synopsis", value: "The remote host is missing Sun Security Patch number 107180-31"); script_set_attribute(attribute: "description", value: 'CDE 1.3: dtlogin patch. Date this patch was last updated by Sun : Jul/28/04'); script_set_attribute(attribute: "solution", value: "You should install this patch for your system to be up-to-date."); script_set_attribute(attribute: "see_also", value: "http://download.oracle.com/sunalerts/1000295.1.html"); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_cwe_id(119); script_set_attribute(attribute:"plugin_publication_date", value: "2004/07/12"); script_cvs_date("Date: 2018/07/20 0:18:53"); script_end_attributes(); script_summary(english: "Check for patch 107180-31"); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2004-2018 Tenable Network Security, Inc."); family["english"] = "Solaris Local Security Checks"; script_family(english:family["english"]); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/Solaris/showrev"); exit(0); } # Deprecated. exit(0, "The associated patch is not currently a recommended security fix."); include("solaris.inc"); e += solaris_check_patch(release:"5.7", arch:"sparc", patch:"107180-31", obsoleted_by:"", package:"SUNWdtdte", version:"1.3,REV=10.98.09.12"); if ( e < 0 ) { if ( NASL_LEVEL < 3000 ) security_hole(0); else security_hole(port:0, extra:solaris_get_report()); exit(0); } exit(0, "Host is not affected");

NASL family	HP-UX Local Security Checks
NASL id	HPUX_PHSS_30670.NASL
description	s700_800 11.22 CDE Applications Patch : A potential security vulnerability has been identified with HP-UX running CDE dtlogin software, where the potential vulnerability may be exploited locally or remotely to allow unauthorized privileged access or a Denial of Service (DoS).
last seen	2020-06-01
modified	2020-06-02
plugin id	17067
published	2005-02-16
reporter	This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/17067
title	HP-UX PHSS_30670 : HP-UX running CDE dtlogin, Remote Unauthorized Privileged Access, Denial of Service (DoS) (HPSBUX01038 SSRT4721 rev.2)
code	# # (C) Tenable Network Security, Inc. # # The descriptive text and patch checks in this plugin were # extracted from HP patch PHSS_30670. The text itself is # copyright (C) Hewlett-Packard Development Company, L.P. # include("compat.inc"); if (description) { script_id(17067); script_version("1.12"); script_cvs_date("Date: 2019/07/10 16:04:14"); script_cve_id("CVE-2004-0368"); script_xref(name:"HP", value:"emr_na-c00957752"); script_xref(name:"HP", value:"HPSBUX01038"); script_xref(name:"HP", value:"SSRT4721"); script_name(english:"HP-UX PHSS_30670 : HP-UX running CDE dtlogin, Remote Unauthorized Privileged Access, Denial of Service (DoS) (HPSBUX01038 SSRT4721 rev.2)"); script_summary(english:"Checks for the patch in the swlist output"); script_set_attribute( attribute:"synopsis", value:"The remote HP-UX host is missing a security-related patch." ); script_set_attribute( attribute:"description", value: "s700_800 11.22 CDE Applications Patch : A potential security vulnerability has been identified with HP-UX running CDE dtlogin software, where the potential vulnerability may be exploited locally or remotely to allow unauthorized privileged access or a Denial of Service (DoS)." ); # http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00957752 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?20f68107" ); script_set_attribute( attribute:"solution", value:"Install patch PHSS_30670 or subsequent." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_cwe_id(119); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:hp:hp-ux"); script_set_attribute(attribute:"vuln_publication_date", value:"2004/05/04"); script_set_attribute(attribute:"patch_publication_date", value:"2007/04/12"); script_set_attribute(attribute:"plugin_publication_date", value:"2005/02/16"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"HP-UX Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/HP-UX/version", "Host/HP-UX/swlist"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("hpux.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/HP-UX/version")) audit(AUDIT_OS_NOT, "HP-UX"); if (!get_kb_item("Host/HP-UX/swlist")) audit(AUDIT_PACKAGE_LIST_MISSING); if (!hpux_check_ctx(ctx:"11.22")) { exit(0, "The host is not affected since PHSS_30670 applies to a different OS release."); } patches = make_list("PHSS_30670"); foreach patch (patches) { if (hpux_installed(app:patch)) { exit(0, "The host is not affected because patch "+patch+" is installed."); } } flag = 0; if (hpux_check_patch(app:"CDE.CDE-ENG-A-MAN", version:"B.11.22")) flag++; if (hpux_check_patch(app:"CDE.CDE-LANGS", version:"B.11.22")) flag++; if (hpux_check_patch(app:"CDE.CDE-RUN", version:"B.11.22")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:hpux_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");

NASL family	HP-UX Local Security Checks
NASL id	HPUX_PHSS_30671.NASL
description	s700_800 11.23 CDE Applications Patch : A potential security vulnerability has been identified with HP-UX running CDE dtlogin software, where the potential vulnerability may be exploited locally or remotely to allow unauthorized privileged access or a Denial of Service (DoS).
last seen	2020-06-01
modified	2020-06-02
plugin id	17066
published	2005-02-16
reporter	This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/17066
title	HP-UX PHSS_30671 : HP-UX running CDE dtlogin, Remote Unauthorized Privileged Access, Denial of Service (DoS) (HPSBUX01038 SSRT4721 rev.2)

Oval

accepted

2007-02-20T13:39:43.377-05:00

class

vulnerability

contributors

name Brian Soby
organization The MITRE Corporation
name Brian Soby
organization The MITRE Corporation
name Jonathan Baker
organization The MITRE Corporation
name Jonathan Baker
organization The MITRE Corporation

description

Double free vulnerability in dtlogin in CDE on Solaris, HP-UX, and other operating systems allows remote attackers to execute arbitrary code via a crafted XDMCP packet.

family

unix

oval:org.mitre.oval:def:1436

status

accepted

submitted

2004-10-12T12:37:00.000-04:00

title

Solaris CDE DTLogin XDMCP Parser Remote Double Free Vulnerability

version

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

Nessus

Oval

References