HP-UX ICMP Message Handling Denial of Service - Advisories

Software Inspectors

	Scan Online

	Personal (PSI)

	Network (NSI 2.0)

Solutions For

	Security Professionals

	Security Vendors

Free Solutions For

	Open Communities

	Journalists & Media

Secunia Advisories

	Search

	Historic Advisories

	Listed By Product

	Listed By Vendor

	Statistics / Graphs

	Secunia Research

	Report Vulnerability

	About Advisories

Virus Information

	Chronological List

	Last 10 Virus Alerts

	About Virus Information

Secunia Customers

	Customer Area

HP-UX ICMP Message Handling Denial of Service

Secunia Advisory:	SA15526
Release Date:	2005-05-27
Last Update:	2005-12-08

Critical:	Less critical
Impact:	DoS
Where:	From remote
Solution Status:	Partial Fix

OS:	HP-UX 11.x


CVE reference:	CVE-2004-0790 (Secunia mirror) CVE-2004-0791 (Secunia mirror) CVE-2004-1060 (Secunia mirror)



Description: HP has acknowledged a vulnerability in HP-UX, which can be exploited by malicious people to cause a DoS (Denial of Service). For more information: SA14904 The vulnerability affects HP-UX B.11.00, B.11.04, B.11.11, B.11.22, and B.11.23 running TCP/IP. Solution: Apply updates. http://www.hp.com/go/softwaredepot HP-UX B.11.00: Install PHNE_33395 or later, and optionally set ip_pmtu_strategy=0. HP-UX B.11.04: Install PHNE_33427 or later, and optionally set ip_pmtu_strategy=0. HP-UX B.11.11: Install PHNE_33159 or later, and optionally set ip_pmtu_strategy=0. HP-UX B.11.22: Install binary files, and optionally set ip_pmtu_strategy=0. HP-UX B.11.23: Install PHNE_32606 or later, and optionally set ip_pmtu_strategy=0. HP-UX B.11.11/HP-UX B.11.23 (TOUR_PRODUCT.T-NET2-KRN): Install revision A.03.00, and optionally set ip_pmtu_strategy=0. The vendor recommends setting ip_pmtu_strategy=0 as a workaround for CAN-2004-1060 (see vendor advisory for additional information). Changelog: 2005-12-08: Vendor released patches. Updated "Solution" and "Original Advisory" sections. Original Advisory: SSRT4884: http://itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX01164 HPSBUX01164 SSRT4884: http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00576017 Other References: SA14904: http://secunia.com/advisories/14904/



Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise. Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.

185 Related Secunia Security Advisories, displaying 10

1. HP-UX update for Apache

2. HP-UX ftpd Missing User Privileged Access Vulnerability

3. HP-UX libc Denial of Service Vulnerability

4. HP-UX System Administration Manager Security Issue

5. HP-UX update for bind

6. HP-UX HP CIFS Server Multiple Vulnerabilities

7. HP-UX update for Apache with PHP

8. HP-UX Secure Shell Unauthorized Access Vulnerability

9. HP-UX useradd Security Bypass

10. HP-UX ftp Server Unspecified Denial of Service

Show all related advisories

Send Feedback to Secunia

If you have new information regarding this Secunia advisory or a product in our database, please send it to us using either our web form or email us at vuln@secunia.com. Ideas, suggestions, and other feedback are most welcome.

Secunia PSI
Scan | Patch | Track
Free Download

Secunia Poll

Most Popular Advisories

1.	phpJobScheduler "installed_conf ig_file" File Inclusion Vulnerabilities

2.	Slackware update for amarok

3.	Subdreamer Light Global Variables SQL Injection Vulnerability

4.	HP TCP/IP Services for OpenVMS Finger Format String Vulnerability

5.	Caudium "configvar" Insecure Temporary Files

6.	Novell eDirectory Multiple Vulnerabilities

7.	dotProject SQL Injection and Cross-Site Scripting

8.	phpMyRealty "price_max" SQL Injection Vulnerability

9.	Ultra Office ActiveX Control Multiple Vulnerabilities

10.	Blogn Cross-Site Scripting and Cross-Site Request Forgery