Executive Summary

Summary
Title HP-UX running PAM libpam_updbe, Remote Authentication Bypass
Informations
Name HPSBUX03166 SSRT101489 First vendor Publication 2014-11-25
Vendor HP Last vendor Modification 2015-02-06
Severity (Vendor) N/A Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:S/C:C/I:C/A:C)
Cvss Base Score 8.5 Attack Range Network
Cvss Impact Score 10 Attack Complexity Medium
Cvss Expoit Score 6.8 Authentication Requires single instance
Calculate full CVSS 2.0 Vectors scores

Detail

A potential security vulnerability has been identified in the HP-UX running PAM using libpam_updbe in pam.conf(4). This vulnerability could allow remote users to bypass certain authentication restrictions.

Original Source

Url : http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c04511778

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-287 Improper Authentication

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:28359
 
Oval ID: oval:org.mitre.oval:def:28359
Title: A potential security vulnerability has been identified in the HP-UX running PAM using libpam_updbe in pam.conf(4). This vulnerability could allow remote users to bypass certain authentication restrictions.
Description: HP HP-UX B.11.11, B.11.23, and B.11.31, when the PAM configuration includes libpam_updbe, allows remote authenticated users to bypass authentication, and consequently execute arbitrary code, via unspecified vectors.
Family: unix Class: vulnerability
Reference(s): CVE-2014-7879
Version: 6
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Os 3

Nessus® Vulnerability Scanner

Date Description
2014-11-26 Name : The remote HP-UX host is missing a security-related patch.
File : hpux_PHCO_43873.nasl - Type : ACT_GATHER_INFO
2014-11-26 Name : The remote HP-UX host is missing a security-related patch.
File : hpux_PHCO_43874.nasl - Type : ACT_GATHER_INFO
2014-11-26 Name : The remote HP-UX host is missing a security-related patch.
File : hpux_PHCO_43875.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
1
2
3
Date Informations
2015-02-09 21:22:29
  • Multiple Updates
2014-12-11 21:27:19
  • Multiple Updates
2014-12-11 05:32:07
  • Multiple Updates
2014-11-26 09:26:18
  • First insertion