Vulnerabilities > CVE-2008-1662 - Configuration vulnerability in HP Hp-Ux and System Administration Manager
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
Unspecified vulnerability in the HP System Administration Manager (SAM) on HP-UX B.11.11 and B.11.23, when used to configure NFS, might allow remote attackers to read or modify arbitrary files, related to an "empty systems list."
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| OS | 2 | |
| Application | 1 |
Common Weakness Enumeration (CWE)
Nessus
NASL family HP-UX Local Security Checks NASL id HPUX_PHCO_36563.NASL description s700_800 11.23 cumulative SAM patch : A potential security vulnerability has been identified in HP-UX running System Administration Manager (SAM). This vulnerability may allow unintended remote access. last seen 2020-06-01 modified 2020-06-02 plugin id 33829 published 2008-08-05 reporter This script is Copyright (C) 2008-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/33829 title HP-UX PHCO_36563 : HP-UX Running System Administration Manager (SAM), Unintended Remote Access (HPSBUX02286 SSRT071466 rev.1) code # # (C) Tenable Network Security, Inc. # # The descriptive text and patch checks in this plugin were # extracted from HP patch PHCO_36563. The text itself is # copyright (C) Hewlett-Packard Development Company, L.P. # include("compat.inc"); if (description) { script_id(33829); script_version("1.20"); script_cvs_date("Date: 2018/11/19 11:02:42"); script_cve_id("CVE-2008-1662"); script_xref(name:"HP", value:"emr_na-c01367453"); script_xref(name:"HP", value:"HPSBUX02286"); script_xref(name:"HP", value:"SSRT071466"); script_xref(name:"IAVT", value:"2008-T-0042"); script_name(english:"HP-UX PHCO_36563 : HP-UX Running System Administration Manager (SAM), Unintended Remote Access (HPSBUX02286 SSRT071466 rev.1)"); script_summary(english:"Checks for the patch in the swlist output"); script_set_attribute( attribute:"synopsis", value:"The remote HP-UX host is missing a security-related patch." ); script_set_attribute( attribute:"description", value: "s700_800 11.23 cumulative SAM patch : A potential security vulnerability has been identified in HP-UX running System Administration Manager (SAM). This vulnerability may allow unintended remote access." ); # http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01367453 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?f5cdf550" ); script_set_attribute( attribute:"solution", value:"Install patch PHCO_36563 or subsequent." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_cwe_id(16); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:hp:hp-ux"); script_set_attribute(attribute:"patch_publication_date", value:"2008/07/31"); script_set_attribute(attribute:"plugin_publication_date", value:"2008/08/05"); script_set_attribute(attribute:"stig_severity", value:"I"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2008-2018 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"HP-UX Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/HP-UX/version", "Host/HP-UX/swlist"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("hpux.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/HP-UX/version")) audit(AUDIT_OS_NOT, "HP-UX"); if (!get_kb_item("Host/HP-UX/swlist")) audit(AUDIT_PACKAGE_LIST_MISSING); if (!hpux_check_ctx(ctx:"11.23")) { exit(0, "The host is not affected since PHCO_36563 applies to a different OS release."); } patches = make_list("PHCO_36563", "PHCO_38185", "PHCO_39360", "PHCO_40349"); foreach patch (patches) { if (hpux_installed(app:patch)) { exit(0, "The host is not affected because patch "+patch+" is installed."); } } flag = 0; if (hpux_check_patch(app:"InternetSrvcs.INETSVCS-BOOT", version:"B.11.23")) flag++; if (hpux_check_patch(app:"OS-Core.UX-CORE", version:"B.11.23")) flag++; if (hpux_check_patch(app:"SystemAdmin.SAM", version:"B.11.23")) flag++; if (hpux_check_patch(app:"SystemAdmin.SAM-ENG-A-MAN", version:"B.11.23")) flag++; if (hpux_check_patch(app:"SystemAdmin.SAM-HELP", version:"B.11.23")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:hpux_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family HP-UX Local Security Checks NASL id HPUX_PHCO_36562.NASL description s700_800 11.11 cumulative SAM patch : A potential security vulnerability has been identified in HP-UX running System Administration Manager (SAM). This vulnerability may allow unintended remote access. last seen 2020-06-01 modified 2020-06-02 plugin id 33828 published 2008-08-05 reporter This script is Copyright (C) 2008-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/33828 title HP-UX PHCO_36562 : HP-UX Running System Administration Manager (SAM), Unintended Remote Access (HPSBUX02286 SSRT071466 rev.1)
Oval
| accepted | 2014-03-24T04:01:47.941-04:00 | ||||||||||||
| class | vulnerability | ||||||||||||
| contributors |
| ||||||||||||
| description | Unspecified vulnerability in the HP System Administration Manager (SAM) on HP-UX B.11.11 and B.11.23, when used to configure NFS, might allow remote attackers to read or modify arbitrary files, related to an "empty systems list." | ||||||||||||
| family | unix | ||||||||||||
| id | oval:org.mitre.oval:def:5814 | ||||||||||||
| status | accepted | ||||||||||||
| submitted | 2008-07-31T12:40:22.000-04:00 | ||||||||||||
| title | HP-UX Running System Administration Manager (SAM), Unintended Remote Access | ||||||||||||
| version | 40 |
Seebug
| bulletinFamily | exploit |
| description | BUGTRAQ ID: 30449 CVE ID:CVE-2008-1662 CNCVE ID:CNCVE-20081662 HP-UX是一款商业性质的操作系统。 HP-UX SAM应用程序可为NFS提供不可期的配置,远程攻击者可以利用漏洞绕过部分安全限制,访问受影响的电脑。 目前没有详细漏洞细节提供。 HP-UX B.11.23 HP-UX B.11.11 可参考如下安全公告获得补丁信息: <a href=http://www12.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c01367453&admit=109447627+1217458131718+28353475 target=_blank>http://www12.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c01367453&admit=109447627+1217458131718+28353475</a> |
| id | SSV:3754 |
| last seen | 2017-11-19 |
| modified | 2008-07-31 |
| published | 2008-07-31 |
| reporter | Root |
| title | HP-UX System Administration Manager NFS配置安全绕过漏洞 |
References
- http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01367453
- http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01367453
- http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01367453
- http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01367453
- http://secunia.com/advisories/31309
- http://secunia.com/advisories/31309
- http://securitytracker.com/id?1020580
- http://securitytracker.com/id?1020580
- http://www.securityfocus.com/bid/30449
- http://www.securityfocus.com/bid/30449
- http://www.vupen.com/english/advisories/2008/2258
- http://www.vupen.com/english/advisories/2008/2258
- https://exchange.xforce.ibmcloud.com/vulnerabilities/44119
- https://exchange.xforce.ibmcloud.com/vulnerabilities/44119
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5814
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5814