HP OpenVMS SSH server unauthorized access
| openvms-sshserver-unauthorized-access (41519) |  Medium Risk |
Description:
An unspecified vulnerability in the HP OpenVMS TCP/IP Services SSH server running on HP Integrity and HP Alpha could allow a remote attacker to gain unauthorized access using unknown attack vectors.
Platforms Affected:
- HP, TCP IP Services OpenVMS v5.4 prior to ECO 7
- HP, TCP IP Services OpenVMS v5.5 prior to ECO 3
- HP, TCP IP Services OpenVMS v5.6 prior to ECO 2
Remedy:
Refer to HPSBOV02278 SSRT071479 rev.1 for patch, upgrade or suggested workaround information. See References.
Consequences:
Gain Access
References:
- HP TCP/IP Services for OpenVMS Web site, HP OpenVMS Systems at http://h71000.www7.hp.com/network/tcpip.html.
- HPSBOV02278 SSRT071479 rev.1, HP OpenVMS SSH Using TCP/IP Services for OpenVMS, Remote Unauthorized Access at http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01414022&jumpid=reg_R1002_USEN.
- BID-28486: HP TCP/IP Services for OpenVMS SSH Unspecified Remote Unauthorized Access Vulnerability
- CVE-2008-0704: Unspecified vulnerability in the SSH server in HP OpenVMS TCP/IP Services on OpenVMS on the Alpha platform with 5.4 before ECO 7, and on the Integrity and Alpha platforms with 5.5 before ECO 3 and 5.6 before ECO 2, allows remote attackers to obtain unspecified access via unknown vectors.
- FrSIRT/ADV-2008-1009: HP TCP/IP Services for OpenVMS Unauthorized Access Vulnerability
- SA29566: HP TCP/IP Services for OpenVMS SSH Server Vulnerability
- SECTRACK ID: 1019727: TCP/IP Services for OpenVMS SSH Bug Lets Remote Users Gain Access
Reported:
Mar 28, 2008
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
Copyright (c) 1994-2008 Internet Security Systems, Inc. All rights reserved worldwide.
For corrections or additions please email xforce@iss.net