Vulnerabilities > CVE-2005-3295 - Local Denial Of Service vulnerability in HP Hp-Ux 11.23

CVSS 2.1 - LOW

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

PARTIAL

local

low complexity

nessus

NVD

Published: 2005-10-23

Updated: 2018-05-03

Summary

Unspecified vulnerability in HP-UX B.11.23 on Itanium platforms allows local users to cause a denial of service due to a "specific stack size."

Vulnerable Configurations

Part	Description	Count
OS	Hp HP HP UX 11.23	1

Nessus

NASL family	HP-UX Local Security Checks
NASL id	HPUX_PHKL_33714.NASL
description	s700_800 11.23 exec(2) and setrlimit(2) system call fix : A potential security vulnerability has been identified with HP-UX running on Itanium platforms where, under certain conditions, a specific stack size prevents proper operation. This vulnerability could be exploited by a local authorized user to create a Denial of Service (DoS).
last seen	2020-06-01
modified	2020-06-02
plugin id	20038
published	2005-10-19
reporter	This script is Copyright (C) 2005-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/20038
title	HP-UX PHKL_33714 : HP-UX Running on Itanium Platforms Local Denial of Service (DoS) (HPSBUX01233 SSRT5975 rev.2)
code	# # (C) Tenable Network Security, Inc. # # The descriptive text and patch checks in this plugin were # extracted from HP patch PHKL_33714. The text itself is # copyright (C) Hewlett-Packard Development Company, L.P. # include("compat.inc"); if (description) { script_id(20038); script_version("1.13"); script_cvs_date("Date: 2018/08/10 18:07:07"); script_cve_id("CVE-2005-3295"); script_xref(name:"HP", value:"emr_na-c00587134"); script_xref(name:"HP", value:"HPSBUX01233"); script_xref(name:"HP", value:"SSRT5975"); script_name(english:"HP-UX PHKL_33714 : HP-UX Running on Itanium Platforms Local Denial of Service (DoS) (HPSBUX01233 SSRT5975 rev.2)"); script_summary(english:"Checks for the patch in the swlist output"); script_set_attribute( attribute:"synopsis", value:"The remote HP-UX host is missing a security-related patch." ); script_set_attribute( attribute:"description", value: "s700_800 11.23 exec(2) and setrlimit(2) system call fix : A potential security vulnerability has been identified with HP-UX running on Itanium platforms where, under certain conditions, a specific stack size prevents proper operation. This vulnerability could be exploited by a local authorized user to create a Denial of Service (DoS)." ); # http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00587134 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?8627456a" ); script_set_attribute( attribute:"solution", value:"Install patch PHKL_33714 or subsequent." ); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:hp:hp-ux"); script_set_attribute(attribute:"patch_publication_date", value:"2005/09/29"); script_set_attribute(attribute:"patch_modification_date", value:"2006/01/05"); script_set_attribute(attribute:"plugin_publication_date", value:"2005/10/19"); script_set_attribute(attribute:"vuln_publication_date", value:"2005/10/14"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2005-2018 Tenable Network Security, Inc."); script_family(english:"HP-UX Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/HP-UX/version", "Host/HP-UX/swlist"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("hpux.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/HP-UX/version")) audit(AUDIT_OS_NOT, "HP-UX"); if (!get_kb_item("Host/HP-UX/swlist")) audit(AUDIT_PACKAGE_LIST_MISSING); if (!hpux_check_ctx(ctx:"11.23", proc:"ia64")) { exit(0, "The host is not affected since PHKL_33714 applies to a different OS release / architecture."); } patches = make_list("PHKL_33714"); foreach patch (patches) { if (hpux_installed(app:patch)) { exit(0, "The host is not affected because patch "+patch+" is installed."); } } flag = 0; if (hpux_check_patch(app:"OS-Core.CORE2-KRN", version:"B.11.23")) flag++; if (flag) { if (report_verbosity > 0) security_note(port:0, extra:hpux_report_get()); else security_note(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");

NASL family	HP-UX Local Security Checks
NASL id	HPUX_PHKL_33713.NASL
description	s700_800 11.23 exec(2) and setrlimit(2) fix : A potential security vulnerability has been identified with HP-UX running on Itanium platforms where, under certain conditions, a specific stack size prevents proper operation. This vulnerability could be exploited by a local authorized user to create a Denial of Service (DoS).
last seen	2020-06-01
modified	2020-06-02
plugin id	20037
published	2005-10-19
reporter	This script is Copyright (C) 2005-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/20037
title	HP-UX PHKL_33713 : HP-UX Running on Itanium Platforms Local Denial of Service (DoS) (HPSBUX01233 SSRT5975 rev.2)
code	# # (C) Tenable Network Security, Inc. # # The descriptive text and patch checks in this plugin were # extracted from HP patch PHKL_33713. The text itself is # copyright (C) Hewlett-Packard Development Company, L.P. # include("compat.inc"); if (description) { script_id(20037); script_version("1.15"); script_cvs_date("Date: 2018/08/10 18:07:07"); script_cve_id("CVE-2005-3295"); script_xref(name:"HP", value:"emr_na-c00587134"); script_xref(name:"HP", value:"HPSBUX01233"); script_xref(name:"HP", value:"SSRT5975"); script_name(english:"HP-UX PHKL_33713 : HP-UX Running on Itanium Platforms Local Denial of Service (DoS) (HPSBUX01233 SSRT5975 rev.2)"); script_summary(english:"Checks for the patch in the swlist output"); script_set_attribute( attribute:"synopsis", value:"The remote HP-UX host is missing a security-related patch." ); script_set_attribute( attribute:"description", value: "s700_800 11.23 exec(2) and setrlimit(2) fix : A potential security vulnerability has been identified with HP-UX running on Itanium platforms where, under certain conditions, a specific stack size prevents proper operation. This vulnerability could be exploited by a local authorized user to create a Denial of Service (DoS)." ); # http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00587134 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?8627456a" ); script_set_attribute( attribute:"solution", value:"Install patch PHKL_33713 or subsequent." ); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:hp:hp-ux"); script_set_attribute(attribute:"patch_publication_date", value:"2005/09/29"); script_set_attribute(attribute:"patch_modification_date", value:"2006/01/05"); script_set_attribute(attribute:"plugin_publication_date", value:"2005/10/19"); script_set_attribute(attribute:"vuln_publication_date", value:"2005/10/14"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2005-2018 Tenable Network Security, Inc."); script_family(english:"HP-UX Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/HP-UX/version", "Host/HP-UX/swlist"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("hpux.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/HP-UX/version")) audit(AUDIT_OS_NOT, "HP-UX"); if (!get_kb_item("Host/HP-UX/swlist")) audit(AUDIT_PACKAGE_LIST_MISSING); if (!hpux_check_ctx(ctx:"11.23", proc:"ia64")) { exit(0, "The host is not affected since PHKL_33713 applies to a different OS release / architecture."); } patches = make_list("PHKL_33713", "PHKL_34095", "PHKL_34432", "PHKL_44285"); foreach patch (patches) { if (hpux_installed(app:patch)) { exit(0, "The host is not affected because patch "+patch+" is installed."); } } flag = 0; if (hpux_check_patch(app:"OS-Core.CORE2-KRN", version:"B.11.23")) flag++; if (flag) { if (report_verbosity > 0) security_note(port:0, extra:hpux_report_get()); else security_note(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");

Oval

accepted

2014-03-10T04:00:52.551-04:00

class

vulnerability

contributors

name Robert L. Hollis
organization ThreatGuard, Inc.
name Matthew Wojcik
organization The MITRE Corporation
name Matthew Wojcik
organization The MITRE Corporation
name Todd Dolinsky
organization Opsware, Inc.
name Michael Wood
organization Hewlett-Packard
name Sushant Kumar Singh
organization Hewlett-Packard

description

Unspecified vulnerability in HP-UX B.11.23 on Itanium platforms allows local users to cause a denial of service due to a "specific stack size."

family

unix

oval:org.mitre.oval:def:992

status

accepted

submitted

2006-01-11T12:55:00.000-04:00

title

HP-UX Running on Itanium Platforms Local Denial of Service (DoS)

version

Summary

Vulnerable Configurations

Nessus

Oval

References