Vulnerabilities > CVE-2007-5946 - Local Unauthorized Access vulnerability in HP-UX Aries PA-RISC Emulator
Attack vector
LOCAL Attack complexity
LOW Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
Unspecified vulnerability in the Aries PA-RISC emulator on HP-UX B.11.23 and B.11.31 on the IA-64 platform allows local users to obtain unspecified access.
Nessus
NASL family HP-UX Local Security Checks NASL id HPUX_PHSS_35528.NASL description s700_800 11.23 Aries cumulative patch : A potential security vulnerability has been identified in the Aries PA-RISC emulation software running on HP-UX IA-64 platforms only. This vulnerability may allow local unauthorized access. last seen 2020-06-01 modified 2020-06-02 plugin id 38968 published 2007-11-15 reporter This script is Copyright (C) 2007-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/38968 title HP-UX PHSS_35528 : HP-UX Running Aries PA Emulator, Local Unauthorized Access (HPSBUX02285 SSRT071484 rev.1) code # # (C) Tenable Network Security, Inc. # # The descriptive text and patch checks in this plugin were # extracted from HP patch PHSS_35528. The text itself is # copyright (C) Hewlett-Packard Development Company, L.P. # include("compat.inc"); if (description) { script_id(38968); script_version("1.25"); script_cvs_date("Date: 2018/11/19 11:02:42"); script_cve_id("CVE-2007-5946"); script_xref(name:"HP", value:"emr_na-c01241483"); script_xref(name:"HP", value:"HPSBUX02285"); script_xref(name:"HP", value:"SSRT071484"); script_name(english:"HP-UX PHSS_35528 : HP-UX Running Aries PA Emulator, Local Unauthorized Access (HPSBUX02285 SSRT071484 rev.1)"); script_summary(english:"Checks for the patch in the swlist output"); script_set_attribute( attribute:"synopsis", value:"The remote HP-UX host is missing a security-related patch." ); script_set_attribute( attribute:"description", value: "s700_800 11.23 Aries cumulative patch : A potential security vulnerability has been identified in the Aries PA-RISC emulation software running on HP-UX IA-64 platforms only. This vulnerability may allow local unauthorized access." ); # http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01241483 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?5b6b00a9" ); script_set_attribute( attribute:"solution", value:"Install patch PHSS_35528 or subsequent." ); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:hp:hp-ux"); script_set_attribute(attribute:"patch_publication_date", value:"2007/11/01"); script_set_attribute(attribute:"plugin_publication_date", value:"2007/11/15"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2007-2018 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"HP-UX Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/HP-UX/version", "Host/HP-UX/swlist"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("hpux.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/HP-UX/version")) audit(AUDIT_OS_NOT, "HP-UX"); if (!get_kb_item("Host/HP-UX/swlist")) audit(AUDIT_PACKAGE_LIST_MISSING); if (!hpux_check_ctx(ctx:"11.23", proc:"ia64")) { exit(0, "The host is not affected since PHSS_35528 applies to a different OS release / architecture."); } patches = make_list("PHSS_35528", "PHSS_36519", "PHSS_37552", "PHSS_38526", "PHSS_39293", "PHSS_39897", "PHSS_41098", "PHSS_41422", "PHSS_42738", "PHSS_42862", "PHSS_43149", "PHSS_44257"); foreach patch (patches) { if (hpux_installed(app:patch)) { exit(0, "The host is not affected because patch "+patch+" is installed."); } } flag = 0; if (hpux_check_patch(app:"OS-Core.CORE2-64SLIB", version:"B.11.23")) flag++; if (hpux_check_patch(app:"OS-Core.CORE2-SHLIBS", version:"B.11.23")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:hpux_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family HP-UX Local Security Checks NASL id HPUX_PHSS_36311.NASL description s700_800 11.31 Aries cumulative patch : A potential security vulnerability has been identified in the Aries PA-RISC emulation software running on HP-UX IA-64 platforms only. This vulnerability may allow local unauthorized access. last seen 2020-06-01 modified 2020-06-02 plugin id 38969 published 2007-11-15 reporter This script is Copyright (C) 2007-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/38969 title HP-UX PHSS_36311 : HP-UX Running Aries PA Emulator, Local Unauthorized Access (HPSBUX02285 SSRT071484 rev.1)
Oval
| accepted | 2014-03-10T04:00:50.669-04:00 | ||||||||
| class | vulnerability | ||||||||
| contributors |
| ||||||||
| description | Unspecified vulnerability in the Aries PA-RISC emulator on HP-UX B.11.23 and B.11.31 on the IA-64 platform allows local users to obtain unspecified access. | ||||||||
| family | unix | ||||||||
| id | oval:org.mitre.oval:def:5548 | ||||||||
| status | accepted | ||||||||
| submitted | 2008-07-03T16:09:04.000-04:00 | ||||||||
| title | HP-UX Running Aries PA Emulator, Local Unauthorized Access | ||||||||
| version | 41 |
References
- http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01241483
- http://secunia.com/advisories/27606
- http://securitytracker.com/id?1018925
- http://www.securityfocus.com/bid/26383
- http://www.vupen.com/english/advisories/2007/3820
- https://exchange.xforce.ibmcloud.com/vulnerabilities/38361
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5548