Rapid7 Vulnerability & Exploit Database

HP-UX: CVE-2010-4252: Running OpenSSL, Remote Execution of Arbitrary Code, Denial of Service (DoS), Authentication Bypass

Back to Search

HP-UX: CVE-2010-4252: Running OpenSSL, Remote Execution of Arbitrary Code, Denial of Service (DoS), Authentication Bypass

Severity

CVSS

(AV:N/AC:L/Au:N/C:P/I:P/A:P)

Published

12/06/2010

Created

07/25/2018

Added

08/11/2017

Modified

09/12/2017

Description

OpenSSL before 1.0.0c, when J-PAKE is enabled, does not properly validate the public parameters in the J-PAKE protocol, which allows remote attackers to bypass the need for knowledge of the shared secret, and successfully authenticate, by sending crafted values in each round of the protocol.

Solution(s)

hpux-update-openssl-openssl-cer
hpux-update-openssl-openssl-conf
hpux-update-openssl-openssl-doc
hpux-update-openssl-openssl-inc
hpux-update-openssl-openssl-lib
hpux-update-openssl-openssl-man
hpux-update-openssl-openssl-mis
hpux-update-openssl-openssl-prng
hpux-update-openssl-openssl-pvt
hpux-update-openssl-openssl-run
hpux-update-openssl-openssl-src

References

https://attackerkb.com/topics/cve-2010-4252
45163
CVE - 2010-4252
Category I
V0033794
V0033884
2012-A-0148
2012-A-0153
OVAL19039

Advanced vulnerability management analytics and reporting.

Key Features

Free InsightVM Trial View All Features

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;

Rapid7 Vulnerability & Exploit Database

HP-UX: CVE-2010-4252: Running OpenSSL, Remote Execution of Arbitrary Code, Denial of Service (DoS), Authentication Bypass