Vulnerabilities > CVE-2004-1332 - Buffer Overflow vulnerability in HP HP-UX FTP Server Debug Logging Mode
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Stack-based buffer overflow in the FTP daemon in HP-UX 11.11i, with the -v (debug) option enabled, allows remote attackers to execute arbitrary code via a long command request.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| OS | 15 |
Nessus
NASL family HP-UX Local Security Checks NASL id HPUX_PHNE_29462.NASL description s700_800 11.22 ftpd(1M) and ftp(1) patch : The remote HP-UX host is affected by multiple vulnerabilities : - A potential vulnerability has been identified with HP-UX running ftpd where the vulnerability could be exploited to allow a remote authorized user unauthorized access to files. (HPSBUX01119 SSRT4694) - A potential security vulnerability has been identified with HP-UX running ftp where the vulnerability could be exploited remotely to allow unauthorized access. (HPSBUX01050 SSRT3456) - The wu-ftpd program is potentially vulnerable to a buffer overflow. (HPSBUX00277 SSRT3606) - A potential security vulnerability has been identified with HP-UX running ftpd, where a buffer overflow in ftpd could be remotely exploited to allow an unauthorized user to gain privileged access. (HPSBUX01118 SSRT4883) - A potential vulnerability has been identified with HP-UX running wu-ftpd with the restricted gid option enabled where the vulnerability could be exploited by a local user to gain unauthorized access to files. (HPSBUX01059 SSRT4704) last seen 2020-06-01 modified 2020-06-02 plugin id 16907 published 2005-02-16 reporter This script is Copyright (C) 2005-2016 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/16907 title HP-UX PHNE_29462 : s700_800 11.22 ftpd(1M) and ftp(1) patch code # # (C) Tenable Network Security, Inc. # # The descriptive text and patch checks in this plugin were # extracted from HP patch PHNE_29462. The text itself is # copyright (C) Hewlett-Packard Development Company, L.P. # include("compat.inc"); if (description) { script_id(16907); script_version("$Revision: 1.12 $"); script_cvs_date("$Date: 2016/01/14 15:20:32 $"); script_cve_id("CVE-2003-0466", "CVE-2004-0148", "CVE-2004-1332", "CVE-2005-0547"); script_xref(name:"HP", value:"emr_na-c00572225"); script_xref(name:"HP", value:"emr_na-c00951272"); script_xref(name:"HP", value:"emr_na-c00951289"); script_xref(name:"HP", value:"emr_na-c01035676"); script_xref(name:"HP", value:"emr_na-c01035678"); script_xref(name:"HP", value:"HPSBUX00277"); script_xref(name:"HP", value:"HPSBUX01050"); script_xref(name:"HP", value:"HPSBUX01059"); script_xref(name:"HP", value:"HPSBUX01118"); script_xref(name:"HP", value:"HPSBUX01119"); script_xref(name:"HP", value:"SSRT3456"); script_xref(name:"HP", value:"SSRT3606"); script_xref(name:"HP", value:"SSRT4694"); script_xref(name:"HP", value:"SSRT4704"); script_xref(name:"HP", value:"SSRT4883"); script_name(english:"HP-UX PHNE_29462 : s700_800 11.22 ftpd(1M) and ftp(1) patch"); script_summary(english:"Checks for the patch in the swlist output"); script_set_attribute( attribute:"synopsis", value:"The remote HP-UX host is missing a security-related patch." ); script_set_attribute( attribute:"description", value: "s700_800 11.22 ftpd(1M) and ftp(1) patch : The remote HP-UX host is affected by multiple vulnerabilities : - A potential vulnerability has been identified with HP-UX running ftpd where the vulnerability could be exploited to allow a remote authorized user unauthorized access to files. (HPSBUX01119 SSRT4694) - A potential security vulnerability has been identified with HP-UX running ftp where the vulnerability could be exploited remotely to allow unauthorized access. (HPSBUX01050 SSRT3456) - The wu-ftpd program is potentially vulnerable to a buffer overflow. (HPSBUX00277 SSRT3606) - A potential security vulnerability has been identified with HP-UX running ftpd, where a buffer overflow in ftpd could be remotely exploited to allow an unauthorized user to gain privileged access. (HPSBUX01118 SSRT4883) - A potential vulnerability has been identified with HP-UX running wu-ftpd with the restricted gid option enabled where the vulnerability could be exploited by a local user to gain unauthorized access to files. (HPSBUX01059 SSRT4704)" ); # http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00951272 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?6ca73dfe" ); # http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00951289 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?353e3f75" ); # http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00572225 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?2fb36360" ); # http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01035676 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?0e3b95fe" ); # http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01035678 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?9d4b2076" ); script_set_attribute( attribute:"solution", value:"Install patch PHNE_29462 or subsequent." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:hp:hp-ux"); script_set_attribute(attribute:"patch_publication_date", value:"2004/06/03"); script_set_attribute(attribute:"patch_modification_date", value:"2006/01/23"); script_set_attribute(attribute:"plugin_publication_date", value:"2005/02/16"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2005-2016 Tenable Network Security, Inc."); script_family(english:"HP-UX Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/HP-UX/version", "Host/HP-UX/swlist"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("hpux.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/HP-UX/version")) audit(AUDIT_OS_NOT, "HP-UX"); if (!get_kb_item("Host/HP-UX/swlist")) audit(AUDIT_PACKAGE_LIST_MISSING); if (!hpux_check_ctx(ctx:"11.22")) { exit(0, "The host is not affected since PHNE_29462 applies to a different OS release."); } patches = make_list("PHNE_29462"); foreach patch (patches) { if (hpux_installed(app:patch)) { exit(0, "The host is not affected because patch "+patch+" is installed."); } } flag = 0; if (hpux_check_patch(app:"InternetSrvcs.INETSVCS2-RUN", version:"B.11.22")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:hpux_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family HP-UX Local Security Checks NASL id HPUX_PHNE_24395.NASL description s700_800 11.04 (VVOS) ftpd(1M) and ftp(1) patch : The remote HP-UX host is affected by multiple vulnerabilities : - A potential vulnerability has been identified with HP-UX running ftpd. The vulnerability could be exploited by a remote unauthenticated user to list directories with the privileges of the root user. (HPSBUX02071 SSRT051064) - ftpd and ftp incorrectly manage buffers. (HPSBUX00162 SSRT4883) last seen 2020-06-01 modified 2020-06-02 plugin id 16931 published 2005-02-16 reporter This script is Copyright (C) 2005-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/16931 title HP-UX PHNE_24395 : s700_800 11.04 (VVOS) ftpd(1M) and ftp(1) patch code # # (C) Tenable Network Security, Inc. # # The descriptive text and patch checks in this plugin were # extracted from HP patch PHNE_24395. The text itself is # copyright (C) Hewlett-Packard Development Company, L.P. # include("compat.inc"); if (description) { script_id(16931); script_version("1.13"); script_cvs_date("Date: 2018/08/10 18:07:07"); script_cve_id("CVE-2004-1332", "CVE-2005-3296"); script_xref(name:"HP", value:"emr_na-c00542740"); script_xref(name:"HP", value:"emr_na-c00898886"); script_xref(name:"HP", value:"HPSBUX00162"); script_xref(name:"HP", value:"HPSBUX02071"); script_xref(name:"HP", value:"SSRT051064"); script_xref(name:"HP", value:"SSRT4883"); script_name(english:"HP-UX PHNE_24395 : s700_800 11.04 (VVOS) ftpd(1M) and ftp(1) patch"); script_summary(english:"Checks for the patch in the swlist output"); script_set_attribute( attribute:"synopsis", value:"The remote HP-UX host is missing a security-related patch." ); script_set_attribute( attribute:"description", value: "s700_800 11.04 (VVOS) ftpd(1M) and ftp(1) patch : The remote HP-UX host is affected by multiple vulnerabilities : - A potential vulnerability has been identified with HP-UX running ftpd. The vulnerability could be exploited by a remote unauthenticated user to list directories with the privileges of the root user. (HPSBUX02071 SSRT051064) - ftpd and ftp incorrectly manage buffers. (HPSBUX00162 SSRT4883)" ); # http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00898886 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?1aba643e" ); # http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00542740 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?a8f47fb9" ); script_set_attribute( attribute:"solution", value:"Install patch PHNE_24395 or subsequent." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:hp:hp-ux"); script_set_attribute(attribute:"patch_publication_date", value:"2001/08/28"); script_set_attribute(attribute:"patch_modification_date", value:"2006/01/23"); script_set_attribute(attribute:"plugin_publication_date", value:"2005/02/16"); script_set_attribute(attribute:"vuln_publication_date", value:"2005/10/19"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2005-2018 Tenable Network Security, Inc."); script_family(english:"HP-UX Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/HP-UX/version", "Host/HP-UX/swlist"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("hpux.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/HP-UX/version")) audit(AUDIT_OS_NOT, "HP-UX"); if (!get_kb_item("Host/HP-UX/swlist")) audit(AUDIT_PACKAGE_LIST_MISSING); if (!hpux_check_ctx(ctx:"11.04")) { exit(0, "The host is not affected since PHNE_24395 applies to a different OS release."); } patches = make_list("PHNE_24395", "PHNE_31034", "PHNE_32813", "PHNE_34077"); foreach patch (patches) { if (hpux_installed(app:patch)) { exit(0, "The host is not affected because patch "+patch+" is installed."); } } flag = 0; if (hpux_check_patch(app:"InternetSrvcs.INET-ENG-A-MAN", version:"B.11.04")) flag++; if (hpux_check_patch(app:"InternetSrvcs.INETSVCS-RUN", version:"B.11.04")) flag++; if (hpux_check_patch(app:"VirtualVaultOS.VVOS-AUX-IA", version:"B.11.04")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:hpux_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family HP-UX Local Security Checks NASL id HPUX_PHNE_23949.NASL description s700_800 11.00 ftpd(1M) and ftp(1) patch : The remote HP-UX host is affected by multiple vulnerabilities : - A potential vulnerability has been identified with HP-UX running ftpd. The vulnerability could be exploited by a remote unauthenticated user to list directories with the privileges of the root user. (HPSBUX02071 SSRT051064) - ftpd and ftp incorrectly manage buffers. (HPSBUX00162 SSRT4883) last seen 2020-06-01 modified 2020-06-02 plugin id 16577 published 2005-02-16 reporter This script is Copyright (C) 2005-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/16577 title HP-UX PHNE_23949 : s700_800 11.00 ftpd(1M) and ftp(1) patch code # # (C) Tenable Network Security, Inc. # # The descriptive text and patch checks in this plugin were # extracted from HP patch PHNE_23949. The text itself is # copyright (C) Hewlett-Packard Development Company, L.P. # include("compat.inc"); if (description) { script_id(16577); script_version("1.14"); script_cvs_date("Date: 2018/08/10 18:07:07"); script_cve_id("CVE-2004-1332", "CVE-2005-3296"); script_xref(name:"HP", value:"emr_na-c00542740"); script_xref(name:"HP", value:"emr_na-c00898886"); script_xref(name:"HP", value:"HPSBUX00162"); script_xref(name:"HP", value:"HPSBUX02071"); script_xref(name:"HP", value:"SSRT051064"); script_xref(name:"HP", value:"SSRT4883"); script_name(english:"HP-UX PHNE_23949 : s700_800 11.00 ftpd(1M) and ftp(1) patch"); script_summary(english:"Checks for the patch in the swlist output"); script_set_attribute( attribute:"synopsis", value:"The remote HP-UX host is missing a security-related patch." ); script_set_attribute( attribute:"description", value: "s700_800 11.00 ftpd(1M) and ftp(1) patch : The remote HP-UX host is affected by multiple vulnerabilities : - A potential vulnerability has been identified with HP-UX running ftpd. The vulnerability could be exploited by a remote unauthenticated user to list directories with the privileges of the root user. (HPSBUX02071 SSRT051064) - ftpd and ftp incorrectly manage buffers. (HPSBUX00162 SSRT4883)" ); # http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00898886 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?1aba643e" ); # http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00542740 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?a8f47fb9" ); script_set_attribute( attribute:"solution", value:"Install patch PHNE_23949 or subsequent." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:hp:hp-ux"); script_set_attribute(attribute:"patch_publication_date", value:"2001/05/18"); script_set_attribute(attribute:"patch_modification_date", value:"2006/01/23"); script_set_attribute(attribute:"plugin_publication_date", value:"2005/02/16"); script_set_attribute(attribute:"vuln_publication_date", value:"2005/10/19"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2005-2018 Tenable Network Security, Inc."); script_family(english:"HP-UX Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/HP-UX/version", "Host/HP-UX/swlist"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("hpux.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/HP-UX/version")) audit(AUDIT_OS_NOT, "HP-UX"); if (!get_kb_item("Host/HP-UX/swlist")) audit(AUDIT_PACKAGE_LIST_MISSING); if (!hpux_check_ctx(ctx:"11.00")) { exit(0, "The host is not affected since PHNE_23949 applies to a different OS release."); } patches = make_list("PHNE_23949", "PHNE_29460", "PHNE_30989", "PHNE_33406", "PHNE_34543"); foreach patch (patches) { if (hpux_installed(app:patch)) { exit(0, "The host is not affected because patch "+patch+" is installed."); } } flag = 0; if (hpux_check_patch(app:"InternetSrvcs.INET-ENG-A-MAN", version:"B.11.00")) flag++; if (hpux_check_patch(app:"InternetSrvcs.INETSVCS-RUN", version:"B.11.00")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:hpux_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family HP-UX Local Security Checks NASL id HPUX_PHNE_29460.NASL description s700_800 11.00 ftpd(1M) and ftp(1) patch : The remote HP-UX host is affected by multiple vulnerabilities : - A potential security vulnerability has been identified with HP-UX running ftp where the vulnerability could be exploited remotely to allow unauthorized access. (HPSBUX01050 SSRT3456) - A potential security vulnerability has been identified with HP-UX running ftpd, where a buffer overflow in ftpd could be remotely exploited to allow an unauthorized user to gain privileged access. (HPSBUX01118 SSRT4883) - The wu-ftpd program is potentially vulnerable to a buffer overflow. (HPSBUX00277 SSRT3606) last seen 2020-06-01 modified 2020-06-02 plugin id 16909 published 2005-02-16 reporter This script is Copyright (C) 2005-2016 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/16909 title HP-UX PHNE_29460 : s700_800 11.00 ftpd(1M) and ftp(1) patch code # # (C) Tenable Network Security, Inc. # # The descriptive text and patch checks in this plugin were # extracted from HP patch PHNE_29460. The text itself is # copyright (C) Hewlett-Packard Development Company, L.P. # include("compat.inc"); if (description) { script_id(16909); script_version("$Revision: 1.13 $"); script_cvs_date("$Date: 2016/01/14 15:20:32 $"); script_cve_id("CVE-2003-0466", "CVE-2004-1332"); script_xref(name:"HP", value:"emr_na-c00951272"); script_xref(name:"HP", value:"emr_na-c00951289"); script_xref(name:"HP", value:"emr_na-c01035676"); script_xref(name:"HP", value:"HPSBUX00277"); script_xref(name:"HP", value:"HPSBUX01050"); script_xref(name:"HP", value:"HPSBUX01118"); script_xref(name:"HP", value:"SSRT3456"); script_xref(name:"HP", value:"SSRT3606"); script_xref(name:"HP", value:"SSRT4883"); script_name(english:"HP-UX PHNE_29460 : s700_800 11.00 ftpd(1M) and ftp(1) patch"); script_summary(english:"Checks for the patch in the swlist output"); script_set_attribute( attribute:"synopsis", value:"The remote HP-UX host is missing a security-related patch." ); script_set_attribute( attribute:"description", value: "s700_800 11.00 ftpd(1M) and ftp(1) patch : The remote HP-UX host is affected by multiple vulnerabilities : - A potential security vulnerability has been identified with HP-UX running ftp where the vulnerability could be exploited remotely to allow unauthorized access. (HPSBUX01050 SSRT3456) - A potential security vulnerability has been identified with HP-UX running ftpd, where a buffer overflow in ftpd could be remotely exploited to allow an unauthorized user to gain privileged access. (HPSBUX01118 SSRT4883) - The wu-ftpd program is potentially vulnerable to a buffer overflow. (HPSBUX00277 SSRT3606)" ); # http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00951272 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?6ca73dfe" ); # http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00951289 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?353e3f75" ); # http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01035676 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?0e3b95fe" ); script_set_attribute( attribute:"solution", value:"Install patch PHNE_29460 or subsequent." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:hp:hp-ux"); script_set_attribute(attribute:"patch_publication_date", value:"2004/02/10"); script_set_attribute(attribute:"patch_modification_date", value:"2007/04/05"); script_set_attribute(attribute:"plugin_publication_date", value:"2005/02/16"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2005-2016 Tenable Network Security, Inc."); script_family(english:"HP-UX Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/HP-UX/version", "Host/HP-UX/swlist"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("hpux.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/HP-UX/version")) audit(AUDIT_OS_NOT, "HP-UX"); if (!get_kb_item("Host/HP-UX/swlist")) audit(AUDIT_PACKAGE_LIST_MISSING); if (!hpux_check_ctx(ctx:"11.00")) { exit(0, "The host is not affected since PHNE_29460 applies to a different OS release."); } patches = make_list("PHNE_29460", "PHNE_30989", "PHNE_33406", "PHNE_34543"); foreach patch (patches) { if (hpux_installed(app:patch)) { exit(0, "The host is not affected because patch "+patch+" is installed."); } } flag = 0; if (hpux_check_patch(app:"InternetSrvcs.INET-ENG-A-MAN", version:"B.11.00")) flag++; if (hpux_check_patch(app:"InternetSrvcs.INETSVCS-RUN", version:"B.11.00")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:hpux_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family HP-UX Local Security Checks NASL id HPUX_PHNE_29461.NASL description s700_800 11.11 ftpd(1M) and ftp(1) patch : The remote HP-UX host is affected by multiple vulnerabilities : - The wu-ftpd program is potentially vulnerable to a buffer overflow. (HPSBUX00277 SSRT3606) - A potential security vulnerability has been identified with HP-UX running ftpd, where a buffer overflow in ftpd could be remotely exploited to allow an unauthorized user to gain privileged access. (HPSBUX01118 SSRT4883) - A potential security vulnerability has been identified with HP-UX running ftp where the vulnerability could be exploited remotely to allow unauthorized access. (HPSBUX01050 SSRT3456) last seen 2020-06-01 modified 2020-06-02 plugin id 16908 published 2005-02-16 reporter This script is Copyright (C) 2005-2016 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/16908 title HP-UX PHNE_29461 : s700_800 11.11 ftpd(1M) and ftp(1) patch code # # (C) Tenable Network Security, Inc. # # The descriptive text and patch checks in this plugin were # extracted from HP patch PHNE_29461. The text itself is # copyright (C) Hewlett-Packard Development Company, L.P. # include("compat.inc"); if (description) { script_id(16908); script_version("$Revision: 1.16 $"); script_cvs_date("$Date: 2016/01/14 15:20:32 $"); script_cve_id("CVE-2003-0466", "CVE-2004-1332"); script_xref(name:"HP", value:"emr_na-c00951272"); script_xref(name:"HP", value:"emr_na-c00951289"); script_xref(name:"HP", value:"emr_na-c01035676"); script_xref(name:"HP", value:"HPSBUX00277"); script_xref(name:"HP", value:"HPSBUX01050"); script_xref(name:"HP", value:"HPSBUX01118"); script_xref(name:"HP", value:"SSRT3456"); script_xref(name:"HP", value:"SSRT3606"); script_xref(name:"HP", value:"SSRT4883"); script_name(english:"HP-UX PHNE_29461 : s700_800 11.11 ftpd(1M) and ftp(1) patch"); script_summary(english:"Checks for the patch in the swlist output"); script_set_attribute( attribute:"synopsis", value:"The remote HP-UX host is missing a security-related patch." ); script_set_attribute( attribute:"description", value: "s700_800 11.11 ftpd(1M) and ftp(1) patch : The remote HP-UX host is affected by multiple vulnerabilities : - The wu-ftpd program is potentially vulnerable to a buffer overflow. (HPSBUX00277 SSRT3606) - A potential security vulnerability has been identified with HP-UX running ftpd, where a buffer overflow in ftpd could be remotely exploited to allow an unauthorized user to gain privileged access. (HPSBUX01118 SSRT4883) - A potential security vulnerability has been identified with HP-UX running ftp where the vulnerability could be exploited remotely to allow unauthorized access. (HPSBUX01050 SSRT3456)" ); # http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00951272 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?6ca73dfe" ); # http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00951289 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?353e3f75" ); # http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01035676 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?0e3b95fe" ); script_set_attribute( attribute:"solution", value:"Install patch PHNE_29461 or subsequent." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:hp:hp-ux"); script_set_attribute(attribute:"patch_publication_date", value:"2003/12/17"); script_set_attribute(attribute:"patch_modification_date", value:"2007/04/05"); script_set_attribute(attribute:"plugin_publication_date", value:"2005/02/16"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2005-2016 Tenable Network Security, Inc."); script_family(english:"HP-UX Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/HP-UX/version", "Host/HP-UX/swlist"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("hpux.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/HP-UX/version")) audit(AUDIT_OS_NOT, "HP-UX"); if (!get_kb_item("Host/HP-UX/swlist")) audit(AUDIT_PACKAGE_LIST_MISSING); if (!hpux_check_ctx(ctx:"11.11")) { exit(0, "The host is not affected since PHNE_29461 applies to a different OS release."); } patches = make_list("PHNE_29461", "PHNE_30432", "PHNE_30990", "PHNE_33412", "PHNE_34544", "PHNE_36129", "PHNE_36192", "PHNE_38458", "PHNE_40774"); foreach patch (patches) { if (hpux_installed(app:patch)) { exit(0, "The host is not affected because patch "+patch+" is installed."); } } flag = 0; if (hpux_check_patch(app:"InternetSrvcs.INETSVCS-RUN", version:"B.11.11")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:hpux_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family HP-UX Local Security Checks NASL id HPUX_PHNE_31034.NASL description s700_800 11.04 (VVOS) ftpd(1M) and ftp(1) patch : The remote HP-UX host is affected by multiple vulnerabilities : - A potential security vulnerability has been identified with HP-UX running ftpd, where a buffer overflow in ftpd could be remotely exploited to allow an unauthorized user to gain privileged access. (HPSBUX01118 SSRT4883) - A potential security vulnerability has been identified with HP-UX running ftp where the vulnerability could be exploited remotely to allow unauthorized access. (HPSBUX01050 SSRT3456) last seen 2020-06-01 modified 2020-06-02 plugin id 16971 published 2005-02-16 reporter This script is Copyright (C) 2005-2013 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/16971 title HP-UX PHNE_31034 : s700_800 11.04 (VVOS) ftpd(1M) and ftp(1) patch code # # (C) Tenable Network Security, Inc. # # The descriptive text and patch checks in this plugin were # extracted from HP patch PHNE_31034. The text itself is # copyright (C) Hewlett-Packard Development Company, L.P. # include("compat.inc"); if (description) { script_id(16971); script_version("$Revision: 1.11 $"); script_cvs_date("$Date: 2013/04/20 00:36:49 $"); script_cve_id("CVE-2004-1332"); script_xref(name:"HP", value:"emr_na-c00951289"); script_xref(name:"HP", value:"emr_na-c01035676"); script_xref(name:"HP", value:"HPSBUX01050"); script_xref(name:"HP", value:"HPSBUX01118"); script_xref(name:"HP", value:"SSRT3456"); script_xref(name:"HP", value:"SSRT4883"); script_name(english:"HP-UX PHNE_31034 : s700_800 11.04 (VVOS) ftpd(1M) and ftp(1) patch"); script_summary(english:"Checks for the patch in the swlist output"); script_set_attribute( attribute:"synopsis", value:"The remote HP-UX host is missing a security-related patch." ); script_set_attribute( attribute:"description", value: "s700_800 11.04 (VVOS) ftpd(1M) and ftp(1) patch : The remote HP-UX host is affected by multiple vulnerabilities : - A potential security vulnerability has been identified with HP-UX running ftpd, where a buffer overflow in ftpd could be remotely exploited to allow an unauthorized user to gain privileged access. (HPSBUX01118 SSRT4883) - A potential security vulnerability has been identified with HP-UX running ftp where the vulnerability could be exploited remotely to allow unauthorized access. (HPSBUX01050 SSRT3456)" ); # http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00951289 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?353e3f75" ); # http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01035676 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?0e3b95fe" ); script_set_attribute( attribute:"solution", value:"Install patch PHNE_31034 or subsequent." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:hp:hp-ux"); script_set_attribute(attribute:"patch_publication_date", value:"2007/04/05"); script_set_attribute(attribute:"plugin_publication_date", value:"2005/02/16"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2005-2013 Tenable Network Security, Inc."); script_family(english:"HP-UX Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/HP-UX/version", "Host/HP-UX/swlist"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("hpux.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/HP-UX/version")) audit(AUDIT_OS_NOT, "HP-UX"); if (!get_kb_item("Host/HP-UX/swlist")) audit(AUDIT_PACKAGE_LIST_MISSING); if (!hpux_check_ctx(ctx:"11.04")) { exit(0, "The host is not affected since PHNE_31034 applies to a different OS release."); } patches = make_list("PHNE_31034", "PHNE_32813", "PHNE_34077"); foreach patch (patches) { if (hpux_installed(app:patch)) { exit(0, "The host is not affected because patch "+patch+" is installed."); } } flag = 0; if (hpux_check_patch(app:"InternetSrvcs.INET-ENG-A-MAN", version:"B.11.04")) flag++; if (hpux_check_patch(app:"InternetSrvcs.INETSVCS-RUN", version:"B.11.04")) flag++; if (hpux_check_patch(app:"VirtualVaultOS.VVOS-AUX-IA", version:"B.11.04")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:hpux_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family HP-UX Local Security Checks NASL id HPUX_PHNE_23950.NASL description s700_800 11.11 ftpd(1M) patch : ftpd and ftp incorrectly manage buffers. last seen 2020-06-01 modified 2020-06-02 plugin id 16576 published 2005-02-16 reporter This script is Copyright (C) 2005-2013 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/16576 title HP-UX PHNE_23950 : HP-UX Running ftp and ftpd, Remote Unauthorized Access (HPSBUX00162 SSRT4883 rev.4) code # # (C) Tenable Network Security, Inc. # # The descriptive text and patch checks in this plugin were # extracted from HP patch PHNE_23950. The text itself is # copyright (C) Hewlett-Packard Development Company, L.P. # include("compat.inc"); if (description) { script_id(16576); script_version("$Revision: 1.15 $"); script_cvs_date("$Date: 2013/04/20 00:32:52 $"); script_cve_id("CVE-2004-1332"); script_xref(name:"HP", value:"emr_na-c00898886"); script_xref(name:"HP", value:"HPSBUX00162"); script_xref(name:"HP", value:"SSRT4883"); script_name(english:"HP-UX PHNE_23950 : HP-UX Running ftp and ftpd, Remote Unauthorized Access (HPSBUX00162 SSRT4883 rev.4)"); script_summary(english:"Checks for the patch in the swlist output"); script_set_attribute( attribute:"synopsis", value:"The remote HP-UX host is missing a security-related patch." ); script_set_attribute( attribute:"description", value: "s700_800 11.11 ftpd(1M) patch : ftpd and ftp incorrectly manage buffers." ); # http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00898886 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?1aba643e" ); script_set_attribute( attribute:"solution", value:"Install patch PHNE_23950 or subsequent." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:hp:hp-ux"); script_set_attribute(attribute:"patch_publication_date", value:"2001/07/17"); script_set_attribute(attribute:"patch_modification_date", value:"2007/03/22"); script_set_attribute(attribute:"plugin_publication_date", value:"2005/02/16"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2005-2013 Tenable Network Security, Inc."); script_family(english:"HP-UX Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/HP-UX/version", "Host/HP-UX/swlist"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("hpux.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/HP-UX/version")) audit(AUDIT_OS_NOT, "HP-UX"); if (!get_kb_item("Host/HP-UX/swlist")) audit(AUDIT_PACKAGE_LIST_MISSING); if (!hpux_check_ctx(ctx:"11.11")) { exit(0, "The host is not affected since PHNE_23950 applies to a different OS release."); } patches = make_list("PHNE_23950", "PHNE_27765", "PHNE_29461", "PHNE_30432", "PHNE_30990", "PHNE_33412", "PHNE_34544", "PHNE_36129", "PHNE_36192", "PHNE_38458", "PHNE_40774"); foreach patch (patches) { if (hpux_installed(app:patch)) { exit(0, "The host is not affected because patch "+patch+" is installed."); } } flag = 0; if (hpux_check_patch(app:"InternetSrvcs.INETSVCS-RUN", version:"B.11.11")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:hpux_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
Oval
| accepted | 2014-03-24T04:01:45.272-04:00 | ||||||||
| class | vulnerability | ||||||||
| contributors |
| ||||||||
| description | Stack-based buffer overflow in the FTP daemon in HP-UX 11.11i, with the -v (debug) option enabled, allows remote attackers to execute arbitrary code via a long command request. | ||||||||
| family | unix | ||||||||
| id | oval:org.mitre.oval:def:5701 | ||||||||
| status | accepted | ||||||||
| submitted | 2008-07-08T17:01:37.000-04:00 | ||||||||
| title | HP-UX ftpd, Remote Privileged Access | ||||||||
| version | 40 |
References
- http://marc.info/?l=bugtraq&m=110797179710695&w=2
- http://secunia.com/advisories/13608
- http://securitytracker.com/id?1012650
- http://www.idefense.com/application/poi/display?id=175&type=vulnerabilities&flashstatus=false
- http://www.kb.cert.org/vuls/id/647438
- http://www.securityfocus.com/bid/12077
- https://exchange.xforce.ibmcloud.com/vulnerabilities/18636
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5701