Multiple vulnerabilities in HP-UX
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 2 |
| CVE-ID | CVE-2011-2398 CVE-2011-0891 |
| CWE-ID | CWE-20 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software |
HP-UX Other software / Other software solutions |
| Vendor | Hewlett Packard Enterprise Development LP |
Security Bulletin
This security bulletin contains information about 2 vulnerabilities.
1) Input validation error
EUVDB-ID: #VU44895
Risk: Low
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2011-2398
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local #AU# to execute arbitrary code.
Unspecified vulnerability in the dynamic loader in HP HP-UX B.11.11, B.11.23, and B.11.31 allows local users to gain privileges or cause a denial of service via unknown vectors.
MitigationInstall update from vendor's website.
Vulnerable software versionsHP-UX: b.11.11 - b.11.31
CPE2.3- cpe:2.3:a:hewlett_packard_enterprise_development_lp:hp-ux:b.11.11:*:*:*:*:*:*:*
- cpe:2.3:a:hewlett_packard_enterprise_development_lp:hp-ux:b.11.23:*:*:*:*:*:*:*
- cpe:2.3:a:hewlett_packard_enterprise_development_lp:hp-ux:b.11.31:*:*:*:*:*:*:*
https://marc.info/?l=bugtraq&m=130997622428494&w=2
https://secunia.com/advisories/45132
https://securityreason.com/securityalert/8303
https://securitytracker.com/id?1025749
https://www.osvdb.org/73616
https://www.securityfocus.com/bid/48577
https://exchange.xforce.ibmcloud.com/vulnerabilities/68399
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12615
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Input validation error
EUVDB-ID: #VU45147
Risk: Low
CVSSv4.0: 4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2011-0891
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local #AU# to perform a denial of service (DoS) attack.
Unspecified vulnerability in the OS-Core.CORE2-KRN fileset in HP HP-UX B.11.23 and B.11.31 allows local users to cause a denial of service via unknown vectors.
MitigationInstall update from vendor's website.
Vulnerable software versionsHP-UX: b.11.23 - b.11.31
CPE2.3- cpe:2.3:a:hewlett_packard_enterprise_development_lp:hp-ux:b.11.23:*:*:*:*:*:*:*
- cpe:2.3:a:hewlett_packard_enterprise_development_lp:hp-ux:b.11.31:*:*:*:*:*:*:*
https://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02753287
https://www.securitytracker.com/id?1025279
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
