This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Hp First view 1997-01-01
Product Hp-Ux Last view 2007-04-12
Version 11.00 Type Os
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:o:hp:hp-ux

Activity : Overall

Related : CVE

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
  Date Alert Description
4.9 2007-04-12 CVE-2007-1994

Unspecified vulnerability in the Address and Routing Parameter Area (ARPA) transport functionality in HP-UX B.11.00 allows local users to cause a denial of service via unknown vectors. NOTE: due to lack of vendor details, it is not clear whether this is the same as CVE-2007-0916.

10 2006-10-27 CVE-2006-5558

Format string vulnerability in the swask command in HP-UX B.11.11 and possibly other versions allows local users to execute arbitrary code via format string specifiers in the -s argument. NOTE: this might be a duplicate of CVE-2006-2574, but the details relating to CVE-2006-2574 are too vague to be certain.

4.6 2006-10-27 CVE-2006-5557

Stack-based buffer overflow in the (1) swpackage and (2) swmodify commands in HP-UX B.11.11 and possibly other versions allows local users to execute arbitrary code via a long -S argument. NOTE: this might be a duplicate of CVE-2006-2574, but the details relating to CVE-2006-2574 are too vague to be certain.

4.6 2006-10-27 CVE-2006-5556

Buffer overflow in the localtime_r function, and certain other functions, in libc in HP-UX B.11.11 and possibly other versions allows local users to execute arbitrary code via a long TZ environment variable.

4.6 2006-10-23 CVE-2006-5452

Buffer overflow in dtmail on HP Tru64 UNIX 4.0F through 5.1B and HP-UX B.11.00 through B.11.23 allows local users to execute arbitrary code via a long -a (aka attachment) argument.

10 2006-10-05 CVE-2006-5151

Unspecified vulnerability in HP Ignite-UX server before C.6.9.150 for HP-UX B.11.00, B.11.11, and B.11.23 allows remote attackers to "gain root access" via unspecified vectors.

2.1 2006-09-15 CVE-2006-4820

Unspecified vulnerability in X.25 on HP-UX B.11.00, B.11.11, and B.11.23 allows local users to cause an unspecified denial of service via unknown vectors.

5 2006-08-16 CVE-2006-4188

Unspecified vulnerability in the LP subsystem in HP-UX B.11.00, B.11.04, B.11.11, and B.11.23 allows remote attackers to cause a denial of service via unknown vectors.

2.1 2006-08-16 CVE-2006-4187

Unspecified vulnerability in HP-UX B.11.00, B.11.11 and B.11.23, when running in trusted mode, allows local users to cause a denial of service via unspecified vectors.

7.2 2006-07-02 CVE-2006-3335

Unspecified vulnerability in mkdir in HP-UX B.11.00, B.11.04, B.11.11, and B.11.23 allows local users to gain privileges via unknown attack vectors.

4.9 2006-06-23 CVE-2006-3201

Unspecified vulnerability in the kernel in HP-UX B.11.00, B.11.11, and B.11.23 allows local users to cause an unspecified denial of service via unknown vectors.

7.2 2006-05-24 CVE-2006-2574

Multiple unspecified vulnerabilities in Software Distributor in HP-UX B.11.00, B.11.04, B.11.11, and B.11.23 allow local users to gain privileges via unspecified attack vectors.

2.1 2006-05-23 CVE-2006-2551

Unspecified vulnerability in the kernel in HP-UX B.11.00 allows local users to cause an unspecified denial of service via unknown vectors.

4.9 2006-03-29 CVE-2006-1509

/sbin/passwd in HP-UX B.11.00, B.11.11, and B.11.23 before 20060326 "does not recover gracefully from some error conditions," which allows local users to cause a denial of service.

7.8 2006-03-24 CVE-2006-1389

Unspecified vulnerability in swagentd in HP-UX B.11.00, B.11.04, and B.11.11 allows remote attackers to cause a denial of service (application crash) via unspecified vectors.

4.6 2006-03-17 CVE-2006-1248

Unspecified vulnerability in usermod in HP-UX B.11.00, B.11.11, and B.11.23, when run with certain options that involve a new home directory, might cause usermod to change the ownership of all directories and files under the new directory, which might result in less secure permissions than intended.

7.2 2006-01-26 CVE-2006-0436

Unspecified vulnerability in HP HP-UX B.11.00, B.11.04, and B.11.11 allows local users to gain privileges via unknown attack vectors.

7.8 2005-12-17 CVE-2005-4316

HP-UX B.11.00, B.11.04, B.11.11, and B.11.23 allows remote attackers to cause a denial of service via a "Rose Attack" that involves sending a subset of small IP fragments that do not form a complete, larger packet.

10 2005-12-08 CVE-2005-4090

Unspecified vulnerability in HP-UX B.11.00 to B.11.23, when IPSEC is running, allows remote attackers to have unknown impact.

7.2 2005-11-22 CVE-2005-3779

Unspecified vulnerability in xterm for HP-UX 11.00, 11.11, and 11.23 allows local users to gain privileges via unknown vectors.

7.8 2005-11-18 CVE-2005-3670

Multiple unspecified vulnerabilities in the Internet Key Exchange version 1 (IKEv1) implementation in HP HP-UX B.11.00, B.11.11, and B.11.23 running IPSec, HP Jetdirect 635n IPv6/IPsec Print Server, and HP Tru64 UNIX 5.1B-3 and 5.1B-2/PK4, allow remote attackers to cause a denial of service via certain IKE packets, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1. NOTE: due to the lack of details in the HP advisory, it is unclear which of CVE-2005-3666, CVE-2005-3667, and/or CVE-2005-3668 this issue applies to.

7.5 2005-11-16 CVE-2005-3565

Unknown vulnerability in remshd daemon in HP-UX B.11.00, B.11.11, and B.11.23 while running in "Trusted Mode" allows remote attackers to gain unauthorized system access via unknown attack vectors.

7.2 2005-11-16 CVE-2005-3564

envd daemon in HP-UX B.11.00 through B.11.11 allows local users to obtain privileges via unknown attack vectors.

10 2005-10-21 CVE-2005-3277

The LPD service in HP-UX 10.20 11.11 (11i) and earlier allows remote attackers to execute arbitrary code via shell metacharacters ("`" or single backquote) in a request that is not properly handled when an error occurs, as demonstrated by killing the connection, a different vulnerability than CVE-2002-1473.

1.7 2005-09-20 CVE-2005-2993

Unspecified vulnerability in the FTP Daemon (ftpd) for HP Tru64 UNIX 4.0F PK8 and other versions up to HP Tru64 UNIX 5.1B-3, and HP-UX B.11.00, B.11.04, B.11.11, and B.11.23, allows remote authenticated users to cause a denial of service (hang).

CWE : Common Weakness Enumeration

%idName
54% (6) CWE-264 Permissions, Privileges, and Access Controls
36% (4) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
9% (1) CWE-200 Information Exposure

CAPEC : Common Attack Pattern Enumeration & Classification

id Name
CAPEC-8 Buffer Overflow in an API Call
CAPEC-9 Buffer Overflow in Local Command-Line Utilities
CAPEC-10 Buffer Overflow via Environment Variables
CAPEC-14 Client-side Injection-induced Buffer Overflow
CAPEC-24 Filter Failure through Buffer Overflow
CAPEC-27 Leveraging Race Conditions via Symbolic Links
CAPEC-42 MIME Conversion
CAPEC-44 Overflow Binary Resource File
CAPEC-45 Buffer Overflow via Symbolic Links
CAPEC-46 Overflow Variables and Tags
CAPEC-47 Buffer Overflow via Parameter Expansion
CAPEC-67 String Format Overflow in syslog()
CAPEC-92 Forced Integer Overflow
CAPEC-100 Overflow Buffers
CAPEC-123 Buffer Attacks

SAINT Exploits

Description Link
Samba call_trans2open buffer overflow More info here
System V login argument array buffer overflow More info here

Open Source Vulnerability Database (OSVDB)

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
61012 HP JetDirect Print Server ISAKMP Protocol Unspecified Malformed Input Remote ...
61011 HP-UX IPSec ISAKMP Protocol Unspecified Malformed Input Remote DoS (PROTOS)
60454 dtterm Window Title Escape Sequence Arbitrary Command Execution
60339 HP-UX rwrite Argument Handling Local Overflow
60337 HP-UX sort File Handling Unspecified Issue
60336 HP-UX rs.F300 PATH Environment Variable Subversion Local Privilege Escalation
60333 HP-UX wall File Argument Handling Local Overflow
60231 HP-UX VJE.VJE-RUN /etc/PATH Ownership Weakness Local Privilege Escalation
60142 HP-UX xntpd Unspecified Remote DoS
60058 HP Advanced Server/9000 Malformed UDP Packet Remote DoS
59511 HP-UX CIFS/9000 Server (SAMBA) Unspecified Resource Modification Arbitrary Fi...
43410 HP-UX ied Command Unspecified Local Information Disclosure
37559 HP-UX LDAP-UX Integration pam_authz Unspecified Remote Command Execution
35306 HP-UX ARPA Transport Unspecified Local DoS
34271 HP-UX swask -s Argument Local Format String
34027 HP-UX libc localtime_r Function TZ Variable Local Overflow
33994 HP-UX swpackage -S Argument Local Overflow
33993 HP-UX swmodify -S Argument Local Overflow
29974 HP-UX / Tru64 Unix dtmail -a Argument Local Overflow
29438 HP-UX Ignite-UX Server Unspecified Privilege Escalation
28828 HP-UX X.25 Unspecified Local DoS
27967 HP-UX Trusted Mode Unspecified Local DoS
27959 HP-UX LP Subsystem Unspecified Local DoS
26953 HP-UX mkdir Unspecified Local Privilege Escalation
26873 HP-UX Kernel Unspecified Local DoS

ExploitDB Exploits

id Description
21180 Solaris/SPARC 2.5.1/2.6/7/8 Derived 'login' Buffer Overflow Vulnerability
716 Solaris 2.5.1/2.6/7/8 rlogin /bin/login - Buffer Overflow Exploit (SPARC)

OpenVAS Exploits

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2011-09-27 Name : CDE ToolTalk RPC Database Server Multiple Vulnerabilities
File : nvt/secpod_tooltalk_rpc_database_server_mult_vuln.nasl
2011-09-22 Name : Calendar Manager Service rpc.cmsd Service Detection
File : nvt/gb_cde_rpc_cmsd_service_detect.nasl
2009-11-17 Name : Mac OS X Version
File : nvt/macosx_version.nasl
2009-10-10 Name : SLES9: Security update for Java2
File : nvt/sles9p5013049.nasl
2009-10-10 Name : SLES9: Security update for apache
File : nvt/sles9p5014050.nasl
2009-10-10 Name : SLES9: Security update for webdav apache module
File : nvt/sles9p5013988.nasl
2009-10-10 Name : SLES9: Security update for Apache 2
File : nvt/sles9p5009547.nasl
2009-06-03 Name : Solaris Update for CDE 1.5 114495-01
File : nvt/gb_solaris_114495_01.nasl
2009-05-05 Name : HP-UX Update for rlpdaemon HPSBUX00163
File : nvt/gb_hp_ux_HPSBUX00163.nasl
2009-05-05 Name : HP-UX Update for sendmail HPSBUX00246
File : nvt/gb_hp_ux_HPSBUX00246.nasl
2009-05-05 Name : HP-UX Update for sendmail HPSBUX00281
File : nvt/gb_hp_ux_HPSBUX00281.nasl
2009-05-05 Name : HP-UX Update for dtterm HPSBUX00309
File : nvt/gb_hp_ux_HPSBUX00309.nasl
2009-05-05 Name : HP-UX Update for AAA Server HPSBUX01011
File : nvt/gb_hp_ux_HPSBUX01011.nasl
2009-05-05 Name : HP-UX Update for ARPA Transport HPSBUX02205
File : nvt/gb_hp_ux_HPSBUX02205.nasl
2009-05-05 Name : HP-UX Update for Java Web Start HPSBUX01214
File : nvt/gb_hp_ux_HPSBUX01214.nasl
2009-05-05 Name : HP-UX Update for TCP/IP (IPv4) HPSBUX01137
File : nvt/gb_hp_ux_HPSBUX01137.nasl
2009-05-05 Name : HP-UX Update for Java Plug-In (JPI) HPSBUX01100
File : nvt/gb_hp_ux_HPSBUX01100.nasl
2009-05-05 Name : HP-UX Update for Apache with PHP HPSBUX01090
File : nvt/gb_hp_ux_HPSBUX01090.nasl
2009-05-05 Name : HP-UX Update for Apache HPSBUX01019
File : nvt/gb_hp_ux_HPSBUX01019.nasl
2008-10-24 Name : rpc.nisd overflow
File : nvt/nisd_overflow.nasl
2008-10-24 Name : SysV /bin/login buffer overflow (telnet)
File : nvt/binlogin_overflow_telnet.nasl
2008-09-24 Name : Gentoo Security Advisory GLSA 200403-03 (OpenSSL)
File : nvt/glsa_200403_03.nasl
2008-09-24 Name : Gentoo Security Advisory GLSA 200409-21 (apache)
File : nvt/glsa_200409_21.nasl
2008-09-24 Name : Gentoo Security Advisory GLSA 200411-03 (apache)
File : nvt/glsa_200411_03.nasl
2008-09-24 Name : Gentoo Security Advisory GLSA 200411-38 (Java)
File : nvt/glsa_200411_38.nasl

Snort® IPS/IDS

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
Date Description
2014-01-10 HP-UX lpd command execution attempt
RuleID : 9790 - Type : SERVER-OTHER - Revision : 8
2014-01-10 RCPT TO overflow
RuleID : 654-community - Type : SERVER-MAIL - Revision : 28
2014-01-10 RCPT TO overflow
RuleID : 654 - Type : SERVER-MAIL - Revision : 28
2014-01-10 portmap ttdbserv request UDP
RuleID : 588-community - Type : PROTOCOL-RPC - Revision : 27
2014-01-10 portmap ttdbserv request UDP
RuleID : 588 - Type : PROTOCOL-RPC - Revision : 27
2014-01-10 portmap pcnfsd request UDP
RuleID : 581-community - Type : PROTOCOL-RPC - Revision : 18
2014-01-10 portmap pcnfsd request UDP
RuleID : 581 - Type : PROTOCOL-RPC - Revision : 18
2014-01-10 portmap nisd request UDP
RuleID : 580-community - Type : PROTOCOL-RPC - Revision : 21
2014-01-10 portmap nisd request UDP
RuleID : 580 - Type : PROTOCOL-RPC - Revision : 21
2014-01-10 DOS ttdbserv Solaris
RuleID : 572-community - Type : PROTOCOL-RPC - Revision : 14
2014-01-10 DOS ttdbserv Solaris
RuleID : 572 - Type : PROTOCOL-RPC - Revision : 14
2014-01-10 EXPLOIT ttdbserv Solaris overflow
RuleID : 571 - Type : RPC - Revision : 10
2014-01-10 EXPLOIT ttdbserv solaris overflow
RuleID : 570 - Type : RPC - Revision : 12
2014-01-10 SITE INDEX format string attempt
RuleID : 3523 - Type : PROTOCOL-FTP - Revision : 11
2015-07-28 Apache mod_include buffer overflow attempt
RuleID : 34973 - Type : SERVER-OTHER - Revision : 2
2014-01-10 EXPLOIT wu-ftpd 2.6.0
RuleID : 348 - Type : FTP - Revision : 8
2014-01-10 EXPLOIT wu-ftpd 2.6.0 site exec format string check
RuleID : 346 - Type : FTP - Revision : 9
2014-01-10 EXPLOIT wu-ftpd 2.6.0 site exec format string overflow generic
RuleID : 345 - Type : FTP - Revision : 10
2014-01-10 EXPLOIT wu-ftpd 2.6.0 site exec format string overflow Linux
RuleID : 344 - Type : FTP - Revision : 9
2014-01-10 EXPLOIT wu-ftpd 2.6.0 site exec format string overflow FreeBSD
RuleID : 343 - Type : FTP - Revision : 10
2014-01-10 EXPLOIT wu-ftpd 2.6.0 site exec format string overflow Solaris 2.8
RuleID : 342 - Type : FTP - Revision : 9
2014-01-10 EXPLOIT format string
RuleID : 338 - Type : FTP - Revision : 9
2014-01-10 login buffer non-evasive overflow attempt
RuleID : 3274-community - Type : PROTOCOL-TELNET - Revision : 14
2014-01-10 login buffer non-evasive overflow attempt
RuleID : 3274 - Type : PROTOCOL-TELNET - Revision : 14
2014-01-10 login buffer overflow attempt
RuleID : 3147-community - Type : PROTOCOL-TELNET - Revision : 15

Nessus® Vulnerability Scanner

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2013-02-22 Name: The remote Unix host has an application that is affected by a security bypass...
File: java_jre_multiple_applet_vulnerability_unix.nasl - Type: ACT_GATHER_INFO
2012-01-04 Name: The remote server is vulnerable to a denial of service attack.
File: openssl_0_9_6m_0_9_7d.nasl - Type: ACT_GATHER_INFO
2009-09-24 Name: The remote SuSE 9 host is missing a security-related patch.
File: suse9_9363.nasl - Type: ACT_GATHER_INFO
2009-04-23 Name: The remote FreeBSD host is missing one or more security-related updates.
File: freebsd_pkg_013fa252072411d9b45d000c41e2cdad.nasl - Type: ACT_GATHER_INFO
2009-04-23 Name: The remote FreeBSD host is missing a security-related update.
File: freebsd_pkg_207f8ff3f69711d881b0000347a4fa7d.nasl - Type: ACT_GATHER_INFO
2009-04-23 Name: The remote FreeBSD host is missing one or more security-related updates.
File: freebsd_pkg_68233cba777411d889ed0020ed76ef5a.nasl - Type: ACT_GATHER_INFO
2009-04-23 Name: The remote FreeBSD host is missing one or more security-related updates.
File: freebsd_pkg_6e6a6b8a2fde11d9b3a20050fc56d258.nasl - Type: ACT_GATHER_INFO
2009-04-23 Name: The remote FreeBSD host is missing one or more security-related updates.
File: freebsd_pkg_ac619d063ef811d98741c942c075aa41.nasl - Type: ACT_GATHER_INFO
2009-04-23 Name: The remote FreeBSD host is missing one or more security-related updates.
File: freebsd_pkg_f04cc5cb2d0b11d8beaf000a95c4d922.nasl - Type: ACT_GATHER_INFO
2007-11-20 Name: The remote HP-UX host is missing a security-related patch.
File: hpux_PHCO_32549.nasl - Type: ACT_GATHER_INFO
2007-10-03 Name: The remote HP-UX host is missing a security-related patch.
File: hpux_PHSS_32196.nasl - Type: ACT_GATHER_INFO
2007-09-25 Name: The remote HP-UX host is missing a security-related patch.
File: hpux_PHNE_35351.nasl - Type: ACT_GATHER_INFO
2007-09-25 Name: The remote HP-UX host is missing a security-related patch.
File: hpux_PHNE_35483.nasl - Type: ACT_GATHER_INFO
2007-09-25 Name: The remote HP-UX host is missing a security-related patch.
File: hpux_PHNE_35484.nasl - Type: ACT_GATHER_INFO
2007-09-25 Name: The remote HP-UX host is missing a security-related patch.
File: hpux_PHNE_35485.nasl - Type: ACT_GATHER_INFO
2007-09-25 Name: The remote HP-UX host is missing a security-related patch.
File: hpux_PHNE_35729.nasl - Type: ACT_GATHER_INFO
2007-09-25 Name: The remote HP-UX host is missing a security-related patch.
File: hpux_PHNE_35766.nasl - Type: ACT_GATHER_INFO
2006-10-25 Name: The remote HP-UX host is missing a security-related patch.
File: hpux_PHSS_35433.nasl - Type: ACT_GATHER_INFO
2006-10-25 Name: The remote HP-UX host is missing a security-related patch.
File: hpux_PHSS_35434.nasl - Type: ACT_GATHER_INFO
2006-10-25 Name: The remote HP-UX host is missing a security-related patch.
File: hpux_PHSS_35435.nasl - Type: ACT_GATHER_INFO
2006-10-20 Name: The remote HP-UX host is missing a security-related patch.
File: hpux_PHNE_30161.nasl - Type: ACT_GATHER_INFO
2006-09-22 Name: The remote HP-UX host is missing a security-related patch.
File: hpux_PHNE_34009.nasl - Type: ACT_GATHER_INFO
2006-09-22 Name: The remote HP-UX host is missing a security-related patch.
File: hpux_PHNE_34988.nasl - Type: ACT_GATHER_INFO
2006-09-22 Name: The remote HP-UX host is missing a security-related patch.
File: hpux_PHNE_34999.nasl - Type: ACT_GATHER_INFO
2006-09-12 Name: The remote HP-UX host is missing a security-related patch.
File: hpux_PHCO_34763.nasl - Type: ACT_GATHER_INFO