‘HP-UX Running OpenSSL Execution of Arbitrary Code and Denial of Service Vulnerabilities’


Potential security vulnerabilities have been identified with HP-UX OpenSSL.’


‘The original article can be found at: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02629503


Vulnerable Systems:
 * HP-UX B.11.11 running OpenSSL before vA.00.09.08o.
 * HP-UX B.11.23 running OpenSSL before vA.00.09.08o.
 * HP-UX B.11.31 running OpenSSL before vA.00.09.08o.

Immune Systems:
 * HP-UX running OpenSSL vA.00.09.08o or subsequent.

This vulnerability could be exploited remotely to execute arbitrary code or create a Denial of Service (DoS).

Patch Availability:
HP has provided upgrades to resolve this vulnerability. The upgrades are available from the following location:

CVE Information:

Disclosure Timeline:
December 2010 – Initial release’

Categories: UNIX