A vulnerability classified as critical has been found in HP OpenVMS 7.3-2/8.2/8.3-1h1/8.4 (Operating System). Affected is an unknown code block of the component Authentication Handler. The manipulation with an unknown input leads to a denial of service vulnerability. CWE is classifying the issue as CWE-404. The product does not release or incorrectly releases a resource before it is made available for re-use. This is going to have an impact on availability. CVE summarizes:

HP OpenVMS 8.3, 8.3-1H1, and 8.4 on the Itanium platform and 7.3-2, 8.2, 8.3, and 8.4 on the Alpha platform does not properly implement the LOGIN and ACME_SERVER ACMELOGIN programs, which allows remote attackers to cause a denial of service via unspecified vectors.

The weakness was published 12/10/2012 as 79 as confirmed mailinglist post (Bugtraq). The advisory is available at seclists.org. The public release has been coordinated with the vendor. This vulnerability is traded as CVE-2012-3277 since 06/06/2012. The exploitability is told to be easy. It is possible to launch the attack remotely. The exploitation doesn't require any form of authentication. The technical details are unknown and an exploit is not available.

Applying a patch is able to eliminate this problem. A possible mitigation has been published immediately after the disclosure of the vulnerability.

The vulnerability is also documented in the vulnerability database at X-Force (80637). Similar entry is available at 7111.

Productinfo

Type

• Operating System

Vendor

• HP

Name

• OpenVMS

Version

• 7.3-2
• 8.2
• 8.3-1h1
• 8.4

License

• commercial

CPE 2.3info

• 🔍
• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Discussion