Vulnerabilities > CVE-2011-2398 - Local Privilege Escalation vulnerability in HP Hp-Ux B.11.11/B.11.23/B.11.31

047910
CVSS 6.8 - MEDIUM
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
SINGLE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE
local
low complexity
hp
nessus

Summary

Unspecified vulnerability in the dynamic loader in HP HP-UX B.11.11, B.11.23, and B.11.31 allows local users to gain privileges or cause a denial of service via unknown vectors.

Vulnerable Configurations

Part Description Count
OS
Hp
3

Nessus

  • NASL familyHP-UX Local Security Checks
    NASL idHPUX_PHSS_42040.NASL
    descriptions700_800 11.31 linker + fdp cumulative patch : A potential security vulnerability has been identified in HP-UX dynamic loader. The vulnerability could be exploited locally to create a privilege escalation, or a Denial of Service (DoS).
    last seen2020-06-01
    modified2020-06-02
    plugin id56846
    published2012-03-06
    reporterThis script is Copyright (C) 2012-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/56846
    titleHP-UX PHSS_42040 : HP-UX Dynamic Loader, Local Privilege Escalation, Denial of Service (DoS) (HPSBUX02688 SSRT100513 rev.1)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and patch checks in this plugin were 
    # extracted from HP patch PHSS_42040. The text itself is
    # copyright (C) Hewlett-Packard Development Company, L.P.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(56846);
      script_version("1.30");
      script_cvs_date("Date: 2018/09/04 13:20:07");
    
      script_cve_id("CVE-2011-2398");
      script_bugtraq_id(48577);
      script_xref(name:"HP", value:"emr_na-c02904002");
      script_xref(name:"IAVB", value:"2011-B-0079");
      script_xref(name:"HP", value:"HPSBUX02688");
      script_xref(name:"HP", value:"SSRT100513");
    
      script_name(english:"HP-UX PHSS_42040 : HP-UX Dynamic Loader, Local Privilege Escalation, Denial of Service (DoS) (HPSBUX02688 SSRT100513 rev.1)");
      script_summary(english:"Checks for the patch in the swlist output");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote HP-UX host is missing a security-related patch."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "s700_800 11.31 linker + fdp cumulative patch : 
    
    A potential security vulnerability has been identified in HP-UX
    dynamic loader. The vulnerability could be exploited locally to create
    a privilege escalation, or a Denial of Service (DoS)."
      );
      # http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02904002
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?9bc129ed"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Install patch PHSS_42040 or subsequent."
      );
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:hp:hp-ux");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2011/07/05");
      script_set_attribute(attribute:"plugin_publication_date", value:"2012/03/06");
      script_set_attribute(attribute:"stig_severity", value:"II");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2012-2018 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"HP-UX Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/HP-UX/version", "Host/HP-UX/swlist");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("hpux.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/HP-UX/version")) audit(AUDIT_OS_NOT, "HP-UX");
    if (!get_kb_item("Host/HP-UX/swlist")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    if (!hpux_check_ctx(ctx:"11.31"))
    {
      exit(0, "The host is not affected since PHSS_42040 applies to a different OS release.");
    }
    
    patches = make_list("PHSS_42040", "PHSS_42979", "PHSS_43207", "PHSS_43585", "PHSS_43743", "PHSS_44164", "PHSS_44250", "PHSS_44402", "PHSS_44422", "PHSS_44628", "PHSS_44731");
    foreach patch (patches)
    {
      if (hpux_installed(app:patch))
      {
        exit(0, "The host is not affected because patch "+patch+" is installed.");
      }
    }
    
    
    flag = 0;
    if (hpux_check_patch(app:"OS-Core.C-KRN", version:"B.11.31")) flag++;
    if (hpux_check_patch(app:"OS-Core.C-MIN", version:"B.11.31")) flag++;
    if (hpux_check_patch(app:"OS-Core.C-MIN-64ALIB", version:"B.11.31")) flag++;
    if (hpux_check_patch(app:"OS-Core.CMDS2-AUX", version:"B.11.31")) flag++;
    if (hpux_check_patch(app:"OS-Core.CORE-64SLIB", version:"B.11.31")) flag++;
    if (hpux_check_patch(app:"OS-Core.CORE-SHLIBS", version:"B.11.31")) flag++;
    if (hpux_check_patch(app:"OS-Core.CORE2-64SLIB", version:"B.11.31")) flag++;
    if (hpux_check_patch(app:"OS-Core.CORE2-SHLIBS", version:"B.11.31")) flag++;
    if (hpux_check_patch(app:"OS-Core.LINKER-HELP", version:"B.11.31")) flag++;
    if (hpux_check_patch(app:"OS-Core.LINKER-PAOBJ", version:"B.11.31")) flag++;
    if (hpux_check_patch(app:"ProgSupport.C2-INC", version:"B.11.31")) flag++;
    if (hpux_check_patch(app:"ProgSupport.LANG-64ALIB", version:"B.11.31")) flag++;
    if (hpux_check_patch(app:"ProgSupport.LANG-MIN", version:"B.11.31")) flag++;
    if (hpux_check_patch(app:"ProgSupport.PROG-AX-64ALIB", version:"B.11.31")) flag++;
    if (hpux_check_patch(app:"ProgSupport.PROG2-AUX", version:"B.11.31")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:hpux_report_get());
      else security_warning(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyHP-UX Local Security Checks
    NASL idHPUX_PHSS_42253.NASL
    descriptions700_800 11.11 ld(1) and linker tools cumulative patch : A potential security vulnerability has been identified in HP-UX dynamic loader. The vulnerability could be exploited locally to create a privilege escalation, or a Denial of Service (DoS).
    last seen2020-06-01
    modified2020-06-02
    plugin id56848
    published2012-03-06
    reporterThis script is Copyright (C) 2012-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/56848
    titleHP-UX PHSS_42253 : HP-UX Dynamic Loader, Local Privilege Escalation, Denial of Service (DoS) (HPSBUX02688 SSRT100513 rev.1)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and patch checks in this plugin were 
    # extracted from HP patch PHSS_42253. The text itself is
    # copyright (C) Hewlett-Packard Development Company, L.P.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(56848);
      script_version("1.13");
      script_cvs_date("Date: 2018/07/12 19:01:15");
    
      script_cve_id("CVE-2011-2398");
      script_bugtraq_id(48577);
      script_xref(name:"HP", value:"emr_na-c02904002");
      script_xref(name:"IAVB", value:"2011-B-0079");
      script_xref(name:"HP", value:"HPSBUX02688");
      script_xref(name:"HP", value:"SSRT100513");
    
      script_name(english:"HP-UX PHSS_42253 : HP-UX Dynamic Loader, Local Privilege Escalation, Denial of Service (DoS) (HPSBUX02688 SSRT100513 rev.1)");
      script_summary(english:"Checks for the patch in the swlist output");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote HP-UX host is missing a security-related patch."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "s700_800 11.11 ld(1) and linker tools cumulative patch : 
    
    A potential security vulnerability has been identified in HP-UX
    dynamic loader. The vulnerability could be exploited locally to create
    a privilege escalation, or a Denial of Service (DoS)."
      );
      # http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02904002
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?9bc129ed"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Install patch PHSS_42253 or subsequent."
      );
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:hp:hp-ux");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2011/07/05");
      script_set_attribute(attribute:"plugin_publication_date", value:"2012/03/06");
      script_set_attribute(attribute:"stig_severity", value:"II");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2012-2018 Tenable Network Security, Inc.");
      script_family(english:"HP-UX Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/HP-UX/version", "Host/HP-UX/swlist");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("hpux.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/HP-UX/version")) audit(AUDIT_OS_NOT, "HP-UX");
    if (!get_kb_item("Host/HP-UX/swlist")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    if (!hpux_check_ctx(ctx:"11.11"))
    {
      exit(0, "The host is not affected since PHSS_42253 applies to a different OS release.");
    }
    
    patches = make_list("PHSS_42253", "PHSS_42977");
    foreach patch (patches)
    {
      if (hpux_installed(app:patch))
      {
        exit(0, "The host is not affected because patch "+patch+" is installed.");
      }
    }
    
    
    flag = 0;
    if (hpux_check_patch(app:"OS-Core.C-KRN", version:"B.11.11")) flag++;
    if (hpux_check_patch(app:"OS-Core.C-MIN", version:"B.11.11")) flag++;
    if (hpux_check_patch(app:"OS-Core.C-MIN-64ALIB", version:"B.11.11")) flag++;
    if (hpux_check_patch(app:"OS-Core.CAUX-ENG-A-MAN", version:"B.11.11")) flag++;
    if (hpux_check_patch(app:"OS-Core.CMDS-AUX", version:"B.11.11")) flag++;
    if (hpux_check_patch(app:"OS-Core.CORE-64SLIB", version:"B.11.11")) flag++;
    if (hpux_check_patch(app:"OS-Core.CORE-SHLIBS", version:"B.11.11")) flag++;
    if (hpux_check_patch(app:"OS-Core.LINKER-HELP", version:"B.11.11")) flag++;
    if (hpux_check_patch(app:"OS-Core.UX-FRE-I-MSG", version:"B.11.11")) flag++;
    if (hpux_check_patch(app:"OS-Core.UX-FRE-U-MSG", version:"B.11.11")) flag++;
    if (hpux_check_patch(app:"OS-Core.UX-GER-I-MSG", version:"B.11.11")) flag++;
    if (hpux_check_patch(app:"OS-Core.UX-GER-U-MSG", version:"B.11.11")) flag++;
    if (hpux_check_patch(app:"OS-Core.UX-ITA-I-MSG", version:"B.11.11")) flag++;
    if (hpux_check_patch(app:"OS-Core.UX-ITA-U-MSG", version:"B.11.11")) flag++;
    if (hpux_check_patch(app:"OS-Core.UX-JPN-E-MSG", version:"B.11.11")) flag++;
    if (hpux_check_patch(app:"OS-Core.UX-JPN-S-MSG", version:"B.11.11")) flag++;
    if (hpux_check_patch(app:"OS-Core.UX-JPN-U-MSG", version:"B.11.11")) flag++;
    if (hpux_check_patch(app:"OS-Core.UX-KOR-E-MSG", version:"B.11.11")) flag++;
    if (hpux_check_patch(app:"OS-Core.UX-KOR-U-MSG", version:"B.11.11")) flag++;
    if (hpux_check_patch(app:"OS-Core.UX-SCH-H-MSG", version:"B.11.11")) flag++;
    if (hpux_check_patch(app:"OS-Core.UX-SCH-U-MSG", version:"B.11.11")) flag++;
    if (hpux_check_patch(app:"OS-Core.UX-SPA-I-MSG", version:"B.11.11")) flag++;
    if (hpux_check_patch(app:"OS-Core.UX-SPA-U-MSG", version:"B.11.11")) flag++;
    if (hpux_check_patch(app:"OS-Core.UX-TCH-B-MSG", version:"B.11.11")) flag++;
    if (hpux_check_patch(app:"OS-Core.UX-TCH-E-MSG", version:"B.11.11")) flag++;
    if (hpux_check_patch(app:"OS-Core.UX-TCH-U-MSG", version:"B.11.11")) flag++;
    if (hpux_check_patch(app:"ProgSupport.C-ENG-A-MAN", version:"B.11.11")) flag++;
    if (hpux_check_patch(app:"ProgSupport.C-INC", version:"B.11.11")) flag++;
    if (hpux_check_patch(app:"ProgSupport.LANG-MIN", version:"B.11.11")) flag++;
    if (hpux_check_patch(app:"ProgSupport.PAUX-ENG-A-MAN", version:"B.11.11")) flag++;
    if (hpux_check_patch(app:"ProgSupport.PROG-AUX", version:"B.11.11")) flag++;
    if (hpux_check_patch(app:"ProgSupport.PROG-AX-64ALIB", version:"B.11.11")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:hpux_report_get());
      else security_warning(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyHP-UX Local Security Checks
    NASL idHPUX_PHSS_42043.NASL
    descriptions700_800 11.23 linker + fdp cumulative patch : A potential security vulnerability has been identified in HP-UX dynamic loader. The vulnerability could be exploited locally to create a privilege escalation, or a Denial of Service (DoS).
    last seen2020-06-01
    modified2020-06-02
    plugin id56847
    published2012-03-06
    reporterThis script is Copyright (C) 2012-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/56847
    titleHP-UX PHSS_42043 : HP-UX Dynamic Loader, Local Privilege Escalation, Denial of Service (DoS) (HPSBUX02688 SSRT100513 rev.1)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and patch checks in this plugin were 
    # extracted from HP patch PHSS_42043. The text itself is
    # copyright (C) Hewlett-Packard Development Company, L.P.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(56847);
      script_version("1.25");
      script_cvs_date("Date: 2018/07/12 19:01:15");
    
      script_cve_id("CVE-2011-2398");
      script_bugtraq_id(48577);
      script_xref(name:"HP", value:"emr_na-c02904002");
      script_xref(name:"IAVB", value:"2011-B-0079");
      script_xref(name:"HP", value:"HPSBUX02688");
      script_xref(name:"HP", value:"SSRT100513");
    
      script_name(english:"HP-UX PHSS_42043 : HP-UX Dynamic Loader, Local Privilege Escalation, Denial of Service (DoS) (HPSBUX02688 SSRT100513 rev.1)");
      script_summary(english:"Checks for the patch in the swlist output");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote HP-UX host is missing a security-related patch."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "s700_800 11.23 linker + fdp cumulative patch : 
    
    A potential security vulnerability has been identified in HP-UX
    dynamic loader. The vulnerability could be exploited locally to create
    a privilege escalation, or a Denial of Service (DoS)."
      );
      # http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02904002
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?9bc129ed"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Install patch PHSS_42043 or subsequent."
      );
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:hp:hp-ux");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2011/07/05");
      script_set_attribute(attribute:"plugin_publication_date", value:"2012/03/06");
      script_set_attribute(attribute:"stig_severity", value:"II");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2012-2018 Tenable Network Security, Inc.");
      script_family(english:"HP-UX Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/HP-UX/version", "Host/HP-UX/swlist");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("hpux.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/HP-UX/version")) audit(AUDIT_OS_NOT, "HP-UX");
    if (!get_kb_item("Host/HP-UX/swlist")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    if (!hpux_check_ctx(ctx:"11.23"))
    {
      exit(0, "The host is not affected since PHSS_42043 applies to a different OS release.");
    }
    
    patches = make_list("PHSS_42043", "PHSS_42978", "PHSS_43206", "PHSS_43584", "PHSS_43742", "PHSS_44163", "PHSS_44249", "PHSS_44401");
    foreach patch (patches)
    {
      if (hpux_installed(app:patch))
      {
        exit(0, "The host is not affected because patch "+patch+" is installed.");
      }
    }
    
    
    flag = 0;
    if (hpux_check_patch(app:"OS-Core.C-KRN", version:"B.11.23")) flag++;
    if (hpux_check_patch(app:"OS-Core.C-MIN", version:"B.11.23")) flag++;
    if (hpux_check_patch(app:"OS-Core.C-MIN-64ALIB", version:"B.11.23")) flag++;
    if (hpux_check_patch(app:"OS-Core.CMDS2-AUX", version:"B.11.23")) flag++;
    if (hpux_check_patch(app:"OS-Core.CORE-64SLIB", version:"B.11.23")) flag++;
    if (hpux_check_patch(app:"OS-Core.CORE-SHLIBS", version:"B.11.23")) flag++;
    if (hpux_check_patch(app:"OS-Core.CORE2-64SLIB", version:"B.11.23")) flag++;
    if (hpux_check_patch(app:"OS-Core.CORE2-SHLIBS", version:"B.11.23")) flag++;
    if (hpux_check_patch(app:"OS-Core.LINKER-HELP", version:"B.11.23")) flag++;
    if (hpux_check_patch(app:"OS-Core.LINKER-PAOBJ", version:"B.11.23")) flag++;
    if (hpux_check_patch(app:"ProgSupport.C2-INC", version:"B.11.23")) flag++;
    if (hpux_check_patch(app:"ProgSupport.LANG-64ALIB", version:"B.11.23")) flag++;
    if (hpux_check_patch(app:"ProgSupport.LANG-MIN", version:"B.11.23")) flag++;
    if (hpux_check_patch(app:"ProgSupport.PROG-AX-64ALIB", version:"B.11.23")) flag++;
    if (hpux_check_patch(app:"ProgSupport.PROG2-AUX", version:"B.11.23")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:hpux_report_get());
      else security_warning(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    

Oval

accepted2015-04-20T04:00:31.202-04:00
classvulnerability
contributors
  • nameYamini Mohan R
    organizationHewlett-Packard
  • nameSushant Kumar Singh
    organizationHewlett-Packard
  • nameSushant Kumar Singh
    organizationHewlett-Packard
  • namePrashant Kumar
    organizationHewlett-Packard
  • nameMike Cokus
    organizationThe MITRE Corporation
descriptionUnspecified vulnerability in the dynamic loader in HP HP-UX B.11.11, B.11.23, and B.11.31 allows local users to gain privileges or cause a denial of service via unknown vectors.
familyunix
idoval:org.mitre.oval:def:12615
statusaccepted
submitted2011-07-28T11:27:09.000-05:00
titleHP-UX Dynamic Loader, Local Privilege Escalation, Denial of Service (DoS)
version51