Vulnerabilities > CVE-2007-1993 - Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in HP Hp-Ux B.11.00/B.11.11/B.11.23
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
Buffer overflow in the pfs_mountd.rpc RPC daemon in the Portable File System (PFS) in HP-UX B.11.00, B.11.11, and B.11.23 allows remote attackers to execute arbitrary code by sending "a call to procedure 5, followed by a crafted payload to procedure 2."
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| OS | 3 |
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Buffer Overflow via Environment Variables This attack pattern involves causing a buffer overflow through manipulation of environment variables. Once the attacker finds that they can modify an environment variable, they may try to overflow associated buffers. This attack leverages implicit trust often placed in environment variables.
- Overflow Buffers Buffer Overflow attacks target improper or missing bounds checking on buffer operations, typically triggered by input injected by an attacker. As a consequence, an attacker is able to write past the boundaries of allocated buffer regions in memory, causing a program crash or potentially redirection of execution as per the attackers' choice.
- Client-side Injection-induced Buffer Overflow This type of attack exploits a buffer overflow vulnerability in targeted client software through injection of malicious content from a custom-built hostile service.
- Filter Failure through Buffer Overflow In this attack, the idea is to cause an active filter to fail by causing an oversized transaction. An attacker may try to feed overly long input strings to the program in an attempt to overwhelm the filter (by causing a buffer overflow) and hoping that the filter does not fail securely (i.e. the user input is let into the system unfiltered).
- MIME Conversion An attacker exploits a weakness in the MIME conversion routine to cause a buffer overflow and gain control over the mail server machine. The MIME system is designed to allow various different information formats to be interpreted and sent via e-mail. Attack points exist when data are converted to MIME compatible format and back.
Nessus
NASL family HP-UX Local Security Checks NASL id HPUX_PHCO_26449.NASL description s700_800 11.00 Add Rock Ridge extension to mount_cdfs(1M) : A potential security vulnerability has been identified in HP-UX with the Portable File System (PFS). The vulnerability could be exploited remotely to gain an increase in privilege. last seen 2020-06-01 modified 2020-06-02 plugin id 26119 published 2007-09-25 reporter This script is Copyright (C) 2007-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/26119 title HP-UX PHCO_26449 : HP-UX Running Portable File System (PFS), Remote Increase in Privilege (HPSBUX02203 SSRT071339 rev.1) code # # (C) Tenable Network Security, Inc. # # The descriptive text and patch checks in this plugin were # extracted from HP patch PHCO_26449. The text itself is # copyright (C) Hewlett-Packard Development Company, L.P. # include("compat.inc"); if (description) { script_id(26119); script_version("1.12"); script_cvs_date("Date: 2018/07/12 19:01:15"); script_cve_id("CVE-2007-1993"); script_bugtraq_id(23401); script_xref(name:"HP", value:"emr_na-c00913684"); script_xref(name:"HP", value:"HPSBUX02203"); script_xref(name:"HP", value:"SSRT071339"); script_name(english:"HP-UX PHCO_26449 : HP-UX Running Portable File System (PFS), Remote Increase in Privilege (HPSBUX02203 SSRT071339 rev.1)"); script_summary(english:"Checks for the patch in the swlist output"); script_set_attribute( attribute:"synopsis", value:"The remote HP-UX host is missing a security-related patch." ); script_set_attribute( attribute:"description", value: "s700_800 11.00 Add Rock Ridge extension to mount_cdfs(1M) : A potential security vulnerability has been identified in HP-UX with the Portable File System (PFS). The vulnerability could be exploited remotely to gain an increase in privilege." ); # http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00913684 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?b9f3a7ae" ); script_set_attribute( attribute:"solution", value:"Install patch PHCO_26449 or subsequent." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_cwe_id(119); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:hp:hp-ux"); script_set_attribute(attribute:"patch_publication_date", value:"2007/04/09"); script_set_attribute(attribute:"plugin_publication_date", value:"2007/09/25"); script_set_attribute(attribute:"vuln_publication_date", value:"2007/03/30"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2007-2018 Tenable Network Security, Inc."); script_family(english:"HP-UX Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/HP-UX/version", "Host/HP-UX/swlist"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("hpux.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/HP-UX/version")) audit(AUDIT_OS_NOT, "HP-UX"); if (!get_kb_item("Host/HP-UX/swlist")) audit(AUDIT_PACKAGE_LIST_MISSING); if (!hpux_check_ctx(ctx:"11.00")) { exit(0, "The host is not affected since PHCO_26449 applies to a different OS release."); } patches = make_list("PHCO_26449"); foreach patch (patches) { if (hpux_installed(app:patch)) { exit(0, "The host is not affected because patch "+patch+" is installed."); } } flag = 0; if (hpux_check_patch(app:"OS-Core.CORE-ENG-A-MAN", version:"B.11.00")) flag++; if (hpux_check_patch(app:"OS-Core.UX-CORE", version:"B.11.00")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:hpux_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family HP-UX Local Security Checks NASL id HPUX_PHKL_28025.NASL description s700_800 11.11 Rock Ridge extension for ISO-9660 : A potential security vulnerability has been identified in HP-UX with the Portable File System (PFS). The vulnerability could be exploited remotely to gain an increase in privilege. last seen 2020-06-01 modified 2020-06-02 plugin id 26126 published 2007-09-25 reporter This script is Copyright (C) 2007-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/26126 title HP-UX PHKL_28025 : HP-UX Running Portable File System (PFS), Remote Increase in Privilege (HPSBUX02203 SSRT071339 rev.1) code # # (C) Tenable Network Security, Inc. # # The descriptive text and patch checks in this plugin were # extracted from HP patch PHKL_28025. The text itself is # copyright (C) Hewlett-Packard Development Company, L.P. # include("compat.inc"); if (description) { script_id(26126); script_version("1.13"); script_cvs_date("Date: 2018/07/12 19:01:15"); script_cve_id("CVE-2007-1993"); script_bugtraq_id(23401); script_xref(name:"HP", value:"emr_na-c00913684"); script_xref(name:"HP", value:"HPSBUX02203"); script_xref(name:"HP", value:"SSRT071339"); script_name(english:"HP-UX PHKL_28025 : HP-UX Running Portable File System (PFS), Remote Increase in Privilege (HPSBUX02203 SSRT071339 rev.1)"); script_summary(english:"Checks for the patch in the swlist output"); script_set_attribute( attribute:"synopsis", value:"The remote HP-UX host is missing a security-related patch." ); script_set_attribute( attribute:"description", value: "s700_800 11.11 Rock Ridge extension for ISO-9660 : A potential security vulnerability has been identified in HP-UX with the Portable File System (PFS). The vulnerability could be exploited remotely to gain an increase in privilege." ); # http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00913684 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?b9f3a7ae" ); script_set_attribute( attribute:"solution", value:"Install patch PHKL_28025 or subsequent." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_cwe_id(119); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:hp:hp-ux"); script_set_attribute(attribute:"patch_publication_date", value:"2007/04/09"); script_set_attribute(attribute:"plugin_publication_date", value:"2007/09/25"); script_set_attribute(attribute:"vuln_publication_date", value:"2007/03/30"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2007-2018 Tenable Network Security, Inc."); script_family(english:"HP-UX Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/HP-UX/version", "Host/HP-UX/swlist"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("hpux.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/HP-UX/version")) audit(AUDIT_OS_NOT, "HP-UX"); if (!get_kb_item("Host/HP-UX/swlist")) audit(AUDIT_PACKAGE_LIST_MISSING); if (!hpux_check_ctx(ctx:"11.11")) { exit(0, "The host is not affected since PHKL_28025 applies to a different OS release."); } patches = make_list("PHKL_28025", "PHKL_32035", "PHKL_34153", "PHKL_37535"); foreach patch (patches) { if (hpux_installed(app:patch)) { exit(0, "The host is not affected because patch "+patch+" is installed."); } } flag = 0; if (hpux_check_patch(app:"OS-Core.CORE-KRN", version:"B.11.11")) flag++; if (hpux_check_patch(app:"OS-Core.CORE2-KRN", version:"B.11.11")) flag++; if (hpux_check_patch(app:"ProgSupport.C-INC", version:"B.11.11")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:hpux_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family HP-UX Local Security Checks NASL id HPUX_PHKL_26450.NASL description s700_800 11.00 Rock Ridge extension for ISO-9660 : A potential security vulnerability has been identified in HP-UX with the Portable File System (PFS). The vulnerability could be exploited remotely to gain an increase in privilege. last seen 2020-06-01 modified 2020-06-02 plugin id 26125 published 2007-09-25 reporter This script is Copyright (C) 2007-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/26125 title HP-UX PHKL_26450 : HP-UX Running Portable File System (PFS), Remote Increase in Privilege (HPSBUX02203 SSRT071339 rev.1) code # # (C) Tenable Network Security, Inc. # # The descriptive text and patch checks in this plugin were # extracted from HP patch PHKL_26450. The text itself is # copyright (C) Hewlett-Packard Development Company, L.P. # include("compat.inc"); if (description) { script_id(26125); script_version("1.12"); script_cvs_date("Date: 2018/07/12 19:01:15"); script_cve_id("CVE-2007-1993"); script_bugtraq_id(23401); script_xref(name:"HP", value:"emr_na-c00913684"); script_xref(name:"HP", value:"HPSBUX02203"); script_xref(name:"HP", value:"SSRT071339"); script_name(english:"HP-UX PHKL_26450 : HP-UX Running Portable File System (PFS), Remote Increase in Privilege (HPSBUX02203 SSRT071339 rev.1)"); script_summary(english:"Checks for the patch in the swlist output"); script_set_attribute( attribute:"synopsis", value:"The remote HP-UX host is missing a security-related patch." ); script_set_attribute( attribute:"description", value: "s700_800 11.00 Rock Ridge extension for ISO-9660 : A potential security vulnerability has been identified in HP-UX with the Portable File System (PFS). The vulnerability could be exploited remotely to gain an increase in privilege." ); # http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00913684 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?b9f3a7ae" ); script_set_attribute( attribute:"solution", value:"Install patch PHKL_26450 or subsequent." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_cwe_id(119); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:hp:hp-ux"); script_set_attribute(attribute:"patch_publication_date", value:"2007/04/09"); script_set_attribute(attribute:"plugin_publication_date", value:"2007/09/25"); script_set_attribute(attribute:"vuln_publication_date", value:"2007/03/30"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2007-2018 Tenable Network Security, Inc."); script_family(english:"HP-UX Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/HP-UX/version", "Host/HP-UX/swlist"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("hpux.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/HP-UX/version")) audit(AUDIT_OS_NOT, "HP-UX"); if (!get_kb_item("Host/HP-UX/swlist")) audit(AUDIT_PACKAGE_LIST_MISSING); if (!hpux_check_ctx(ctx:"11.00")) { exit(0, "The host is not affected since PHKL_26450 applies to a different OS release."); } patches = make_list("PHKL_26450"); foreach patch (patches) { if (hpux_installed(app:patch)) { exit(0, "The host is not affected because patch "+patch+" is installed."); } } flag = 0; if (hpux_check_patch(app:"OS-Core.CORE-KRN", version:"B.11.00")) flag++; if (hpux_check_patch(app:"ProgSupport.C-INC", version:"B.11.00")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:hpux_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family HP-UX Local Security Checks NASL id HPUX_PHCO_25841.NASL description s700_800 11.11 Add Rock Ridge extension to mount_cdfs(1M) : A potential security vulnerability has been identified in HP-UX with the Portable File System (PFS). The vulnerability could be exploited remotely to gain an increase in privilege. last seen 2020-06-01 modified 2020-06-02 plugin id 26118 published 2007-09-25 reporter This script is Copyright (C) 2007-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/26118 title HP-UX PHCO_25841 : HP-UX Running Portable File System (PFS), Remote Increase in Privilege (HPSBUX02203 SSRT071339 rev.1) code # # (C) Tenable Network Security, Inc. # # The descriptive text and patch checks in this plugin were # extracted from HP patch PHCO_25841. The text itself is # copyright (C) Hewlett-Packard Development Company, L.P. # include("compat.inc"); if (description) { script_id(26118); script_version("1.12"); script_cvs_date("Date: 2018/07/12 19:01:15"); script_cve_id("CVE-2007-1993"); script_bugtraq_id(23401); script_xref(name:"HP", value:"emr_na-c00913684"); script_xref(name:"HP", value:"HPSBUX02203"); script_xref(name:"HP", value:"SSRT071339"); script_name(english:"HP-UX PHCO_25841 : HP-UX Running Portable File System (PFS), Remote Increase in Privilege (HPSBUX02203 SSRT071339 rev.1)"); script_summary(english:"Checks for the patch in the swlist output"); script_set_attribute( attribute:"synopsis", value:"The remote HP-UX host is missing a security-related patch." ); script_set_attribute( attribute:"description", value: "s700_800 11.11 Add Rock Ridge extension to mount_cdfs(1M) : A potential security vulnerability has been identified in HP-UX with the Portable File System (PFS). The vulnerability could be exploited remotely to gain an increase in privilege." ); # http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00913684 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?b9f3a7ae" ); script_set_attribute( attribute:"solution", value:"Install patch PHCO_25841 or subsequent." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_cwe_id(119); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:hp:hp-ux"); script_set_attribute(attribute:"patch_publication_date", value:"2007/04/09"); script_set_attribute(attribute:"plugin_publication_date", value:"2007/09/25"); script_set_attribute(attribute:"vuln_publication_date", value:"2007/03/30"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2007-2018 Tenable Network Security, Inc."); script_family(english:"HP-UX Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/HP-UX/version", "Host/HP-UX/swlist"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("hpux.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/HP-UX/version")) audit(AUDIT_OS_NOT, "HP-UX"); if (!get_kb_item("Host/HP-UX/swlist")) audit(AUDIT_PACKAGE_LIST_MISSING); if (!hpux_check_ctx(ctx:"11.11")) { exit(0, "The host is not affected since PHCO_25841 applies to a different OS release."); } patches = make_list("PHCO_25841"); foreach patch (patches) { if (hpux_installed(app:patch)) { exit(0, "The host is not affected because patch "+patch+" is installed."); } } flag = 0; if (hpux_check_patch(app:"OS-Core.CORE-ENG-A-MAN", version:"B.11.11")) flag++; if (hpux_check_patch(app:"OS-Core.UX-CORE", version:"B.11.11")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:hpux_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family HP-UX Local Security Checks NASL id HPUX_PHKL_28060.NASL description s700_800 11.00 Y2k; Rock Ridge extension for ISO-9660 : A potential security vulnerability has been identified in HP-UX with the Portable File System (PFS). The vulnerability could be exploited remotely to gain an increase in privilege. last seen 2020-06-01 modified 2020-06-02 plugin id 26127 published 2007-09-25 reporter This script is Copyright (C) 2007-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/26127 title HP-UX PHKL_28060 : HP-UX Running Portable File System (PFS), Remote Increase in Privilege (HPSBUX02203 SSRT071339 rev.1) code # # (C) Tenable Network Security, Inc. # # The descriptive text and patch checks in this plugin were # extracted from HP patch PHKL_28060. The text itself is # copyright (C) Hewlett-Packard Development Company, L.P. # include("compat.inc"); if (description) { script_id(26127); script_version("1.12"); script_cvs_date("Date: 2018/07/12 19:01:15"); script_cve_id("CVE-2007-1993"); script_bugtraq_id(23401); script_xref(name:"HP", value:"emr_na-c00913684"); script_xref(name:"HP", value:"HPSBUX02203"); script_xref(name:"HP", value:"SSRT071339"); script_name(english:"HP-UX PHKL_28060 : HP-UX Running Portable File System (PFS), Remote Increase in Privilege (HPSBUX02203 SSRT071339 rev.1)"); script_summary(english:"Checks for the patch in the swlist output"); script_set_attribute( attribute:"synopsis", value:"The remote HP-UX host is missing a security-related patch." ); script_set_attribute( attribute:"description", value: "s700_800 11.00 Y2k; Rock Ridge extension for ISO-9660 : A potential security vulnerability has been identified in HP-UX with the Portable File System (PFS). The vulnerability could be exploited remotely to gain an increase in privilege." ); # http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00913684 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?b9f3a7ae" ); script_set_attribute( attribute:"solution", value:"Install patch PHKL_28060 or subsequent." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_cwe_id(119); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:hp:hp-ux"); script_set_attribute(attribute:"patch_publication_date", value:"2007/04/09"); script_set_attribute(attribute:"plugin_publication_date", value:"2007/09/25"); script_set_attribute(attribute:"vuln_publication_date", value:"2007/03/30"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2007-2018 Tenable Network Security, Inc."); script_family(english:"HP-UX Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/HP-UX/version", "Host/HP-UX/swlist"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("hpux.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/HP-UX/version")) audit(AUDIT_OS_NOT, "HP-UX"); if (!get_kb_item("Host/HP-UX/swlist")) audit(AUDIT_PACKAGE_LIST_MISSING); if (!hpux_check_ctx(ctx:"11.00")) { exit(0, "The host is not affected since PHKL_28060 applies to a different OS release."); } patches = make_list("PHKL_28060"); foreach patch (patches) { if (hpux_installed(app:patch)) { exit(0, "The host is not affected because patch "+patch+" is installed."); } } flag = 0; if (hpux_check_patch(app:"OS-Core.CORE-KRN", version:"B.11.00")) flag++; if (hpux_check_patch(app:"OS-Core.CORE2-KRN", version:"B.11.00")) flag++; if (hpux_check_patch(app:"ProgSupport.C-INC", version:"B.11.00")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:hpux_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family HP-UX Local Security Checks NASL id HPUX_PHKL_26269.NASL description s700_800 11.11 Rock Ridge extension for ISO-9660 : A potential security vulnerability has been identified in HP-UX with the Portable File System (PFS). The vulnerability could be exploited remotely to gain an increase in privilege. last seen 2020-06-01 modified 2020-06-02 plugin id 26124 published 2007-09-25 reporter This script is Copyright (C) 2007-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/26124 title HP-UX PHKL_26269 : HP-UX Running Portable File System (PFS), Remote Increase in Privilege (HPSBUX02203 SSRT071339 rev.1) code # # (C) Tenable Network Security, Inc. # # The descriptive text and patch checks in this plugin were # extracted from HP patch PHKL_26269. The text itself is # copyright (C) Hewlett-Packard Development Company, L.P. # include("compat.inc"); if (description) { script_id(26124); script_version("1.12"); script_cvs_date("Date: 2018/07/12 19:01:15"); script_cve_id("CVE-2007-1993"); script_bugtraq_id(23401); script_xref(name:"HP", value:"emr_na-c00913684"); script_xref(name:"HP", value:"HPSBUX02203"); script_xref(name:"HP", value:"SSRT071339"); script_name(english:"HP-UX PHKL_26269 : HP-UX Running Portable File System (PFS), Remote Increase in Privilege (HPSBUX02203 SSRT071339 rev.1)"); script_summary(english:"Checks for the patch in the swlist output"); script_set_attribute( attribute:"synopsis", value:"The remote HP-UX host is missing a security-related patch." ); script_set_attribute( attribute:"description", value: "s700_800 11.11 Rock Ridge extension for ISO-9660 : A potential security vulnerability has been identified in HP-UX with the Portable File System (PFS). The vulnerability could be exploited remotely to gain an increase in privilege." ); # http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00913684 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?b9f3a7ae" ); script_set_attribute( attribute:"solution", value:"Install patch PHKL_26269 or subsequent." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_cwe_id(119); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:hp:hp-ux"); script_set_attribute(attribute:"patch_publication_date", value:"2007/04/09"); script_set_attribute(attribute:"plugin_publication_date", value:"2007/09/25"); script_set_attribute(attribute:"vuln_publication_date", value:"2007/03/30"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2007-2018 Tenable Network Security, Inc."); script_family(english:"HP-UX Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/HP-UX/version", "Host/HP-UX/swlist"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("hpux.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/HP-UX/version")) audit(AUDIT_OS_NOT, "HP-UX"); if (!get_kb_item("Host/HP-UX/swlist")) audit(AUDIT_PACKAGE_LIST_MISSING); if (!hpux_check_ctx(ctx:"11.11")) { exit(0, "The host is not affected since PHKL_26269 applies to a different OS release."); } patches = make_list("PHKL_26269"); foreach patch (patches) { if (hpux_installed(app:patch)) { exit(0, "The host is not affected because patch "+patch+" is installed."); } } flag = 0; if (hpux_check_patch(app:"OS-Core.CORE-KRN", version:"B.11.11")) flag++; if (hpux_check_patch(app:"ProgSupport.C-INC", version:"B.11.11")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:hpux_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
Oval
| accepted | 2014-03-24T04:01:46.291-04:00 | ||||||||
| class | vulnerability | ||||||||
| contributors |
| ||||||||
| description | Buffer overflow in the pfs_mountd.rpc RPC daemon in the Portable File System (PFS) in HP-UX B.11.00, B.11.11, and B.11.23 allows remote attackers to execute arbitrary code by sending "a call to procedure 5, followed by a crafted payload to procedure 2." | ||||||||
| family | unix | ||||||||
| id | oval:org.mitre.oval:def:5751 | ||||||||
| status | accepted | ||||||||
| submitted | 2008-10-30T17:10:23.000-04:00 | ||||||||
| title | HP-UX Running Portable File System (PFS), Remote Increase in Privilege | ||||||||
| version | 40 |
References
- http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00913684
- http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=512
- http://secunia.com/advisories/24855
- http://www.securityfocus.com/bid/23401
- http://www.securitytracker.com/id?1017893
- http://www.vupen.com/english/advisories/2007/1343
- https://exchange.xforce.ibmcloud.com/vulnerabilities/33567
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5751