Newest Plugins

Schneider Electric Multiple Products Buffer Overflow


Synopsis:

The remote host is affected by a buffer overflow.

Description:

The remote host has Schneider Electric software installed that is
affected by a stack-based buffer overflow vulnerability in file
'isObjectModel.dll' of the DTM development kit. This flaw can be
exploited by a remote attacker to execute arbitrary code.

See also :

http://www.nessus.org/u?bc03dafa

Solution :

Apply the vendor-supplied patch.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)

This script is Copyright (C) 2015 Tenable Network Security, Inc.

McAfee ePolicy Orchestrator XML External Entity Injection and Information Disclosure Vulnerabilities


Synopsis:

A security management application on the remote host is affected by
multiple vulnerabilities.

Description:

The remote host is running a version of McAfee ePolicy Orchestrator
(ePO) that is prior to 4.6.9 / 5.1.2. It is, therefore, affected by
multiple vulnerabilities :

- An XXE (XML External Entity) injection vulnerability
exists in the Server Task Log due to an incorrectly
configured XML parser accepting XML external entities
from an untrusted source. A remote, authenticated
attacker, by sending specially crafted XML data via the
'conditionXML' parameter, can gain access to arbitrary
files. (CVE-2015-0921)

- An information disclosure vulnerability exists due to
the use of a shared secret key to encrypt password
information. A remote attacker with knowledge of the key
can decrypt the administrator password. (CVE-2015-0922)

See also :

https://kc.mcafee.com/corporate/index?page=content&id=SB10095
http://seclists.org/fulldisclosure/2015/Jan/37

Solution :

See Vendor.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)

This script is Copyright (C) 2015 Tenable Network Security, Inc.

Apache Struts 2.0.0 < 2.3.16.1 Multiple Vulnerabilities (credentialed check)


Synopsis:

The remote web server contains a web application that uses a Java
framework that is affected by a multiple vulnerabilities.

Description:

The remote web application appears to use Struts 2, a web framework
that utilizes OGNL (Object-Graph Navigation Language) as an expression
language. The version of Struts 2 in use is affected by multiple
vulnerabilities :

- A denial of service vulnerability exists due to an issue
in the Commons FileUpload version 1.3 that allows remote
attackers to cause an infinite loop via a crafted
Content-Type header. (CVE-2014-0050)

- A security bypass vulnerability exists due to the
application allowing manipulation of the ClassLoader
via the 'class' parameter, which is directly mapped to
the getClass() method. A remote, unauthenticated
attacker can manipulate the ClassLoader used by the
application server, resulting in a bypass of certain
security restrictions. (CVE-2014-0094)

Note that Nessus has not tested for these issues but has instead
relied only on the application's self-reported version number.

See also :

http://struts.apache.org/docs/version-notes-23161.html
http://struts.apache.org/docs/s2-020.html

Solution :

Upgrade to version 2.3.16.1 or later.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)

This script is Copyright (C) 2015 Tenable Network Security, Inc.

RHEL 4 : glibc (RHSA-2015:0101)


Synopsis:

The remote Red Hat host is missing one or more security updates.

Description:

Updated glibc packages that fix one security issue are now available
for Red Hat Enterprise Linux 4 Extended Life Cycle Support.

Red Hat Product Security has rated this update as having Critical
security impact. A Common Vulnerability Scoring System (CVSS) base
score, which gives a detailed severity rating, is available from the
CVE link in the References section.

The glibc packages provide the standard C libraries (libc), POSIX
thread libraries (libpthread), standard math libraries (libm), and the
Name Server Caching Daemon (nscd) used by multiple programs on the
system. Without these libraries, the Linux system cannot function
correctly.

A heap-based buffer overflow was found in glibc's
__nss_hostname_digits_dots() function, which is used by the
gethostbyname() and gethostbyname2() glibc function calls. A remote
attacker able to make an application call either of these functions
could use this flaw to execute arbitrary code with the permissions of
the user running the application. (CVE-2015-0235)

Red Hat would like to thank Qualys for reporting this issue.

All glibc users are advised to upgrade to these updated packages,
which contain a backported patch to correct this issue.

See also :

https://www.redhat.com/security/data/cve/CVE-2015-0235.html
http://rhn.redhat.com/errata/RHSA-2015-0101.html

Solution :

Update the affected packages.

Risk factor :

Medium / CVSS Base Score : 6.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 5.9
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

This script is Copyright (C) 2015 Tenable Network Security, Inc.

OracleVM 3.3 : glibc (OVMSA-2015-0022)


Synopsis:

The remote OracleVM host is missing one or more security updates.

Description:

The remote OracleVM system is missing necessary patches to address
critical security updates :

- Fix parsing of numeric hosts in gethostbyname_r
(CVE-2015-0235, #1183533).

See also :

http://www.nessus.org/u?73666800

Solution :

Update the affected glibc / glibc-common / nscd packages.

Risk factor :

Medium / CVSS Base Score : 6.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 5.9
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

This script is Copyright (C) 2015 Tenable Network Security, Inc.

Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2015-3005)


Synopsis:

The remote Oracle Linux host is missing one or more security updates.

Description:

Description of changes:

kernel-uek
[2.6.32-400.36.14.el6uek]
- net: sctp: fix NULL pointer dereference in af->from_addr_param on
malformed packet (Daniel Borkmann) [Orabug: 20425334] {CVE-2014-7841}

See also :

https://oss.oracle.com/pipermail/el-errata/2015-January/004825.html
https://oss.oracle.com/pipermail/el-errata/2015-January/004824.html

Solution :

Update the affected unbreakable enterprise kernel packages.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)

This script is Copyright (C) 2015 Tenable Network Security, Inc.

Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2015-3004)


Synopsis:

The remote Oracle Linux host is missing one or more security updates.

Description:

Description of changes:

[2.6.39-400.246.2.el5uek]
- net: sctp: fix NULL pointer dereference in af->from_addr_param on
malformed packet (Daniel Borkmann) [Orabug: 20425333] {CVE-2014-7841}

[2.6.39-400.246.1.el5uek]
- sched: Fix possible divide by zero in avg_atom() calculation (Mateusz
Guzik) [Orabug: 20148169]
- include/linux/math64.h: add div64_ul() (Alex Shi)
- deadlock when two nodes are converting same lock from PR to EX and
idletimeout closes conn (Tariq Saeed) [Orabug: 18639535]
- bonding: Bond master should reflect slave's features. (Ashish Samant)
[Orabug: 20231825]
- x86, fpu: remove the logic of non-eager fpu mem allocation at the
first usage (Annie Li) [Orabug: 20239143]
- x86, fpu: remove cpu_has_xmm check in the fx_finit() (Suresh Siddha)
[Orabug: 20239143]
- x86, fpu: make eagerfpu= boot param tri-state (Suresh Siddha)
[Orabug: 20239143]
- x86, fpu: enable eagerfpu by default for xsaveopt (Suresh Siddha)
[Orabug: 20239143]
- x86, fpu: decouple non-lazy/eager fpu restore from xsave (Suresh
Siddha) [Orabug: 20239143]
- x86, fpu: use non-lazy fpu restore for processors supporting xsave
(Suresh Siddha) [Orabug: 20239143]
- lguest, x86: handle guest TS bit for lazy/non-lazy fpu host models
(Suresh Siddha) [Orabug: 20239143]
- x86, fpu: always use kernel_fpu_begin/end() for in-kernel FPU usage
(Suresh Siddha) [Orabug: 20239143]
- x86, kvm: use kernel_fpu_begin/end() in kvm_load/put_guest_fpu()
(Suresh Siddha) [Orabug: 20239143]
- x86, fpu: remove unnecessary user_fpu_end() in save_xstate_sig()
(Suresh Siddha) [Orabug: 20239143]
- raid5: add AVX optimized RAID5 checksumming (Jim Kukunas) [Orabug:
20239143]
- x86, fpu: drop the fpu state during thread exit (Suresh Siddha)
[Orabug: 20239143]
- x32: Add a thread flag for x32 processes (H. Peter Anvin) [Orabug:
20239143]
- x86, fpu: Unify signal handling code paths for x86 and x86_64 kernels
(Suresh Siddha) [Orabug: 20239143]
- x86, fpu: Consolidate inline asm routines for saving/restoring fpu
state (Suresh Siddha) [Orabug: 20239143]
- x86, signal: Cleanup ifdefs and is_ia32, is_x32 (Suresh Siddha)
[Orabug: 20239143]
into exported and internal interfaces (Linus Torvalds) [Orabug: 20239143]
- i387: Uninline the generic FP helpers that we expose to kernel modules
(Linus Torvalds) [Orabug: 20239143]
- i387: use 'restore_fpu_checking()' directly in task switching code
(Linus Torvalds) [Orabug: 20239143]
- i387: fix up some fpu_counter confusion (Linus Torvalds) [Orabug:
20239143]

See also :

https://oss.oracle.com/pipermail/el-errata/2015-January/004822.html
https://oss.oracle.com/pipermail/el-errata/2015-January/004823.html

Solution :

Update the affected unbreakable enterprise kernel packages.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)

This script is Copyright (C) 2015 Tenable Network Security, Inc.

Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2015-3003)


Synopsis:

The remote Oracle Linux host is missing one or more security updates.

Description:

Description of changes:

kernel-uek
[3.8.13-55.1.5.el7uek]
- [CIFS] Possible null ptr deref in SMB2_tcon (Steve French) [Orabug:
20433140] {CVE-2014-7145}

[3.8.13-55.1.4.el7uek]
- net: sctp: fix NULL pointer dereference in af->from_addr_param on
malformed packet (Daniel Borkmann) [Orabug: 20425332] {CVE-2014-7841}

[3.8.13-55.1.3.el7uek]
- ACPI: x2apic entry ignored (Cathy Avery) [Orabug: 19475776] - i40e:
relax the firmware API version check (Shannon Nelson) [Orabug: 20216831]
- x86, fpu: remove the logic of non-eager fpu mem allocation at the
first usage (Annie Li) [Orabug: 20232585]
- iommu/{vt-d,amd}: Remove multifunction assumption around grouping
(Alex Williamson) [Orabug: 20192796]

See also :

https://oss.oracle.com/pipermail/el-errata/2015-January/004820.html
https://oss.oracle.com/pipermail/el-errata/2015-January/004821.html

Solution :

Update the affected unbreakable enterprise kernel packages.

Risk factor :

High / CVSS Base Score : 7.8
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C)

This script is Copyright (C) 2015 Tenable Network Security, Inc.

Oracle Linux 4 : glibc (ELSA-2015-0101)


Synopsis:

The remote Oracle Linux host is missing one or more security updates.

Description:

From Red Hat Security Advisory 2015:0101 :

Updated glibc packages that fix one security issue are now available
for Red Hat Enterprise Linux 4 Extended Life Cycle Support.

Red Hat Product Security has rated this update as having Critical
security impact. A Common Vulnerability Scoring System (CVSS) base
score, which gives a detailed severity rating, is available from the
CVE link in the References section.

The glibc packages provide the standard C libraries (libc), POSIX
thread libraries (libpthread), standard math libraries (libm), and the
Name Server Caching Daemon (nscd) used by multiple programs on the
system. Without these libraries, the Linux system cannot function
correctly.

A heap-based buffer overflow was found in glibc's
__nss_hostname_digits_dots() function, which is used by the
gethostbyname() and gethostbyname2() glibc function calls. A remote
attacker able to make an application call either of these functions
could use this flaw to execute arbitrary code with the permissions of
the user running the application. (CVE-2015-0235)

Red Hat would like to thank Qualys for reporting this issue.

All glibc users are advised to upgrade to these updated packages,
which contain a backported patch to correct this issue.

See also :

https://oss.oracle.com/pipermail/el-errata/2015-January/004827.html

Solution :

Update the affected glibc packages.

Risk factor :

Medium / CVSS Base Score : 6.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 5.9
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

This script is Copyright (C) 2015 Tenable Network Security, Inc.

openSUSE Security Update : flash-player (openSUSE-SU-2015:0174-1)


Synopsis:

The remote openSUSE host is missing a security update.

Description:

Adobe Flash Player was updated to 11.2.202.440 (bsc#914463) :

- APSA15-01, CVE-2015-0311

- Update of flashplayer (executable binary) for i386 is
not available. This binary was disabled.

- Security update to 11.2.202.438 (bsc#914333) :

- APSB15-02, CVE-2015-0310

- Security update to 11.2.202.429 (bsc#913057) :

- APSB15-01, CVE-2015-0301, CVE-2015-0302, CVE-2015-0303,
CVE-2015-0304, CVE-2015-0305, CVE-2015-0306,
CVE-2015-0307, CVE-2015-0308, CVE-2015-0309.

- Disable flash player on machines without SSE2
(bnc#856386).

- Remove outdated README and keep only up-to-date
readme.txt.

See also :

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-CVE-2015-0301
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-CVE-2015-0302
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-CVE-2015-0303
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-CVE-2015-0304
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-CVE-2015-0305
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-CVE-2015-0306
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-CVE-2015-0307
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-CVE-2015-0308
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-CVE-2015-0309
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-CVE-2015-0310
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-CVE-2015-0311
http://lists.opensuse.org/opensuse-updates/2015-01/msg00086.html
https://bugzilla.opensuse.org/show_bug.cgi?id=856386
https://bugzilla.opensuse.org/show_bug.cgi?id=913057
https://bugzilla.opensuse.org/show_bug.cgi?id=914333
https://bugzilla.opensuse.org/show_bug.cgi?id=914463

Solution :

Update the affected flash-player packages.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
Public Exploit Available : true

This script is Copyright (C) 2015 Tenable Network Security, Inc.

FreeBSD : asterisk -- Mitigation for libcURL HTTP request injection vulnerability (7656fc62-a7a7-11e4-96ba-001999f8d30b)


Synopsis:

The remote FreeBSD host is missing one or more security-related
updates.

Description:

The Asterisk project reports :

CVE-2014-8150 reported an HTTP request injection vulnerability in
libcURL. Asterisk uses libcURL in its func_curl.so module (the CURL()
dialplan function), as well as its res_config_curl.so (cURL realtime
backend) modules.

Since Asterisk may be configured to allow for user-supplied URLs to be
passed to libcURL, it is possible that an attacker could use Asterisk
as an attack vector to inject unauthorized HTTP requests if the
version of libcURL installed on the Asterisk server is affected by
CVE-2014-8150.

See also :

http://downloads.asterisk.org/pub/security/AST-2015-002.html
http://www.nessus.org/u?3a1aaf9f

Solution :

Update the affected packages.

Risk factor :

High

This script is Copyright (C) 2015 Tenable Network Security, Inc.

FreeBSD : asterisk -- File descriptor leak when incompatible codecs are offered (2eeb6652-a7a6-11e4-96ba-001999f8d30b)


Synopsis:

The remote FreeBSD host is missing a security-related update.

Description:

The Asterisk project reports :

Asterisk may be configured to only allow specific audio or video
codecs to be used when communicating with a particular endpoint. When
an endpoint sends an SDP offer that only lists codecs not allowed by
Asterisk, the offer is rejected. However, in this case, RTP ports that
are allocated in the process are not reclaimed.

This issue only affects the PJSIP channel driver in Asterisk. Users of
the chan_sip channel driver are not affected.

As the resources are allocated after authentication, this issue only
affects communications with authenticated endpoints.

See also :

http://downloads.asterisk.org/pub/security/AST-2015-001.html
http://www.nessus.org/u?d667b71e

Solution :

Update the affected package.

Risk factor :

High

This script is Copyright (C) 2015 Tenable Network Security, Inc.

Fedora 20 : unzip-6.0-15.fc20 (2015-1267)


Synopsis:

The remote Fedora host is missing a security update.

Description:

Security fix for CVE-2014-9636

See also :

https://bugzilla.redhat.com/show_bug.cgi?id=1184985
http://www.nessus.org/u?352d7e19

Solution :

Update the affected unzip package.

Risk factor :

High

This script is Copyright (C) 2015 Tenable Network Security, Inc.

Fedora 21 : vorbis-tools-1.4.0-18.fc21 (2015-1253)


Synopsis:

The remote Fedora host is missing a security update.

Description:

- do not use stack variable out of its scope of validity
(CVE-2014-9640)

See also :

https://bugzilla.redhat.com/show_bug.cgi?id=1185272
http://www.nessus.org/u?0d751c6e

Solution :

Update the affected vorbis-tools package.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)

This script is Copyright (C) 2015 Tenable Network Security, Inc.

Fedora 21 : polarssl-1.3.9-3.fc21 (2015-1045)


Synopsis:

The remote Fedora host is missing a security update.

Description:

- Fix for CVE-2015-1182

See also :

https://bugzilla.redhat.com/show_bug.cgi?id=1184028
http://www.nessus.org/u?b6893f2a

Solution :

Update the affected polarssl package.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)

This script is Copyright (C) 2015 Tenable Network Security, Inc.

Fedora 20 : polarssl-1.2.12-3.fc20 (2015-0991)


Synopsis:

The remote Fedora host is missing a security update.

Description:

- Fix for CVE-2015-1182

See also :

https://bugzilla.redhat.com/show_bug.cgi?id=1184028
http://www.nessus.org/u?7206f0c4

Solution :

Update the affected polarssl package.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)

This script is Copyright (C) 2015 Tenable Network Security, Inc.

Fedora 20 : thunderbird-31.4.0-1.fc20 (2015-0809)


Synopsis:

The remote Fedora host is missing a security update.

Description:

For list of changes see
https://www.mozilla.org/en-US/thunderbird/31.4.0/releasenotes/ See
https://www.mozilla.org/en-US/thunderbird/31.3.0/releasenotes/ for
changes.

See also :

https://bugzilla.redhat.com/show_bug.cgi?id=1172386
https://www.mozilla.org/en-US/thunderbird/31.3.0/releasenotes/
https://www.mozilla.org/en-US/thunderbird/31.4.0/releasenotes/
http://www.nessus.org/u?769e4fea

Solution :

Update the affected thunderbird package.

Risk factor :

High

This script is Copyright (C) 2015 Tenable Network Security, Inc.

Debian DSA-3144-1 : openjdk-7 - security update


Synopsis:

The remote Debian host is missing a security-related update.

Description:

Several vulnerabilities have been discovered in OpenJDK, an
implementation of the Oracle Java platform, resulting in the execution
of arbitrary code, information disclosure or denial of service.

See also :

http://www.debian.org/security/2015/dsa-3144

Solution :

Upgrade the openjdk-7 packages.

For the stable distribution (wheezy), these problems have been fixed
in version 7u75-2.5.4-1~deb7u1.

For the upcoming stable distribution (jessie), these problems will be
fixed soon.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 8.7
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

This script is Copyright (C) 2015 Tenable Network Security, Inc.

CentOS 7 : kernel (CESA-2015:0102)


Synopsis:

The remote CentOS host is missing one or more security updates.

Description:

Updated kernel packages that fix multiple security issues and several
bugs are now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having Important
security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.

The kernel packages contain the Linux kernel, the core of any Linux
operating system.

* A flaw was found in the way the Linux kernel's SCTP implementation
validated INIT chunks when performing Address Configuration Change
(ASCONF). A remote attacker could use this flaw to crash the system by
sending a specially crafted SCTP packet to trigger a NULL pointer
dereference on the system. (CVE-2014-7841, Important)

* A race condition flaw was found in the way the Linux kernel's
mmap(2), madvise(2), and fallocate(2) system calls interacted with
each other while operating on virtual memory file system files. A
local user could use this flaw to cause a denial of service.
(CVE-2014-4171, Moderate)

* A NULL pointer dereference flaw was found in the way the Linux
kernel's Common Internet File System (CIFS) implementation handled
mounting of file system shares. A remote attacker could use this flaw
to crash a client system that would mount a file system share from a
malicious server. (CVE-2014-7145, Moderate)

* A flaw was found in the way the Linux kernel's splice() system call
validated its parameters. On certain file systems, a local,
unprivileged user could use this flaw to write past the maximum file
size, and thus crash the system. (CVE-2014-7822, Moderate)

* It was found that the parse_rock_ridge_inode_internal() function of
the Linux kernel's ISOFS implementation did not correctly check
relocated directories when processing Rock Ridge child link (CL) tags.
An attacker with physical access to the system could use a specially
crafted ISO image to crash the system or, potentially, escalate their
privileges on the system. (CVE-2014-5471, CVE-2014-5472, Low)

Red Hat would like to thank Akira Fujita of NEC for reporting the
CVE-2014-7822 issue. The CVE-2014-7841 issue was discovered by Liu Wei
of Red Hat.

This update also fixes the following bugs :

* Previously, a kernel panic could occur if a process reading from a
locked NFS file was killed and the lock was not released properly
before the read operations finished. Consequently, the system crashed.
The code handling file locks has been fixed, and instead of halting,
the system now emits a warning about the unreleased lock. (BZ#1172266)

* A race condition in the command abort handling logic of the ipr
device driver could cause the kernel to panic when the driver received
a response to an abort command prior to receiving other responses to
the aborted command due to the support for multiple interrupts. With
this update, the abort handler waits for the aborted command's
responses first before completing an abort operation. (BZ#1162734)

* Previously, a race condition could occur when changing a Page Table
Entry (PTE) or a Page Middle Directory (PMD) to 'pte_numa' or
'pmd_numa', respectively, causing the kernel to crash. This update
removes the BUG_ON() macro from the __handle_mm_fault() function,
preventing the kernel panic in the aforementioned scenario.
(BZ#1170662)

All kernel users are advised to upgrade to these updated packages,
which contain backported patches to correct these issues. The system
must be rebooted for this update to take effect.

See also :

http://www.nessus.org/u?cf17edac
http://www.nessus.org/u?24799f2f

Solution :

Update the affected kernel packages.

Risk factor :

High / CVSS Base Score : 7.8
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C)
CVSS Temporal Score : 6.8
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

This script is Copyright (C) 2015 Tenable Network Security, Inc.

Mac OS X Multiple Vulnerabilities (Security Update 2015-001)


Synopsis:

The remote host is missing a Mac OS X update that fixes several
security issues.

Description:

The remote host is running a version of Mac OS X 10.8 or 10.9 that
does not have Security Update 2015-001 applied. This update contains
several security-related fixes for the following components :

- AFP Server
- Bluetooth
- CoreGraphics
- CoreSymbolication
- FontParser
- Foundation
- Intel Graphics Driver
- IOAcceleratorFamily
- IOHIDFamily
- Kernel
- LaunchServices
- libnetcore
- LoginWindow
- lukemftp
- OpenSSL
- Sandbox
- SceneKit
- Security
- security_taskgate
- Spotlight
- sysmond

Note that successful exploitation of the most serious issues can
result in arbitrary code execution.

See also :

http://support.apple.com/en-us/HT204244
http://www.securityfocus.com/archive/1/534559
https://www.imperialviolet.org/2014/10/14/poodle.html
https://www.openssl.org/~bodo/ssl-poodle.pdf
https://tools.ietf.org/html/draft-ietf-tls-downgrade-scsv-00

Solution :

Install Security Update 2015-001 or later.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 8.1
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

This script is Copyright (C) 2015 Tenable Network Security, Inc.

Mac OS X < 10.10.2 Multiple Vulnerabilities (POODLE)


Synopsis:

The remote host is missing a Mac OS X update that fixes multiple
vulnerabilities.

Description:

The remote host is running a version of Mac OS X 10.10.x that is prior
to version 10.10.2. This update contains several security-related
fixes for the following components :

- bash
- Bluetooth
- CFNetwork Cache
- CommerceKit Framework
- CoreGraphics
- CoreSymbolication
- CPU Software
- FontParser
- Foundation
- Intel Graphics Driver
- IOAcceleratorFamily
- IOHIDFamily
- IOKit
- IOUSBFamily
- Kernel
- LaunchServices
- libnetcore
- LoginWindow
- lukemftp
- OpenSSL
- Safari
- SceneKit
- Security
- security_taskgate
- Spotlight
- SpotlightIndex
- sysmond
- UserAccountUpdater

Note that successful exploitation of the most serious issues can
result in arbitrary code execution.

See also :

http://support.apple.com/en-us/HT204244
http://www.securityfocus.com/archive/1/534559
https://www.imperialviolet.org/2014/10/14/poodle.html
https://www.openssl.org/~bodo/ssl-poodle.pdf
https://tools.ietf.org/html/draft-ietf-tls-downgrade-scsv-00

Solution :

Upgrade to Mac OS X 10.10.2 or later.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 8.1
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

This script is Copyright (C) 2015 Tenable Network Security, Inc.

Privoxy < 3.0.22 Multiple Vulnerabilities


Synopsis:

The remote web proxy is affected by multiple vulnerabilities.

Description:

According to its self-identified version number, the Privoxy installed
on the remote host is a version prior to 3.0.22. It is, therefore,
affected by multiple vulnerabilities:

- An denial of service vulnerability exists due to a
memory leak when client connections are rejected when
the socket limit has been reached. Note that this issue
only affects version 3.0.21 with IPv6 support, which is
enabled by default. (CVE-2015-1030)

- Multiple unspecified use-after-free vulnerabilities
exist that could lead to arbitrary code execution.
(CVE-2015-1031)

Note that Nessus has not tested for these issues but has instead
relied only on the application's self-reported version number.

See also :

http://sourceforge.net/p/ijbswa/mailman/message/33089172/

Solution :

Upgrade to version 3.0.22 or later.

Risk factor :

Medium / CVSS Base Score : 6.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 5.9
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

This script is Copyright (C) 2015 Tenable Network Security, Inc.

ESXi 5.5 < Build 2352327 Multiple Vulnerabilities (remote check)


Synopsis:

The remote VMware ESXi 5.5 host is affected by multiple
vulnerabilities.

Description:

The remote VMware ESXi host is version 5.5 prior to build 2352327. It
is, therefore, affected by the following vulnerabilities :

- An error exists related to DTLS SRTP extension handling
and specially crafted handshake messages that can allow
denial of service attacks via memory leaks.
(CVE-2014-3513)

- An error exists related to the way SSL 3.0 handles
padding bytes when decrypting messages encrypted using
block ciphers in cipher block chaining (CBC) mode. A
man-in-the-middle attacker can decrypt a selected byte
of a cipher text in as few as 256 tries if they are able
to force a victim application to repeatedly send the
same data over newly created SSL 3.0 connections. This
is also known as the 'POODLE' issue. (CVE-2014-3566)

- An error exists related to session ticket handling that
can allow denial of service attacks via memory leaks.
(CVE-2014-3567)

- An error exists related to the build configuration
process and the 'no-ssl3' build option that allows
servers and clients to process insecure SSL 3.0
handshake messages. (CVE-2014-3568)

- A denial of service vulnerability in libxml2 due to
entity expansion even when entity substitution is
disabled. A remote attacker, using a crafted XML
document containing larger number of nested entity
references, can cause the consumption of CPU resources.
(CVE-2014-3660)

- An unspecified privilege escalation vulnerability.
(CVE-2014-8370)

- An unspecified denial of service vulnerability due to an
input validation issue in the VMware Authorization
process (vmware-authd). (CVE-2015-1044)

See also :

https://www.vmware.com/security/advisories/VMSA-2015-0001.html

Solution :

Apply patch ESXi550-201403102-SG and ESXi550-201501101-SG to ESXi 5.5.

Risk factor :

High / CVSS Base Score : 7.1
(CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C)
CVSS Temporal Score : 6.2
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

This script is Copyright (C) 2015 Tenable Network Security, Inc.

ESXi 5.1 < Build 1743201 Multiple Vulnerabilities (remote check)


Synopsis:

The remote VMware ESXi 5.1 host is affected by multiple
vulnerabilities.

Description:

The remote VMware ESXi host is version 5.1 prior to build 1743201. It
is, therefore, affected by the following vulnerabilities :

- An unspecified privilege escalation vulnerability.
(CVE-2014-8370)

- An unspecified denial of service vulnerability due to an
input validation issue in the VMware Authorization
process (vmware-authd). (CVE-2015-1044)

See also :

https://www.vmware.com/security/advisories/VMSA-2015-0001.html

Solution :

Apply patch ESXi510-201404101-SG to ESXi 5.1.

Risk factor :

Medium / CVSS Base Score : 6.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 5.9
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

This script is Copyright (C) 2015 Tenable Network Security, Inc.

ESXi 5.0 < Build 1749766 Unspecified Remote Privilege Escalation Vulnerability (remote check)


Synopsis:

The remote VMware ESXi 5.0 host is affected by a privilege escalation
vulnerability.

Description:

The remote VMware ESXi host is version 5.0 prior to build 1749766. It
is, therefore, affected by an unspecified remote privilege escalation
vulnerability.

See also :

https://www.vmware.com/security/advisories/VMSA-2015-0001.html

Solution :

Apply patch ESXi500-201405101-SG to ESXi 5.0.

Risk factor :

Medium / CVSS Base Score : 6.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 5.9
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

This script is Copyright (C) 2015 Tenable Network Security, Inc.

PHP 5.6.x < 5.6.5 Multiple Vulnerabilities


Synopsis:

The remote web server uses a version of PHP that is affected by
multiple vulnerabilities.

Description:

According to its banner, the version of PHP 5.6.x installed on the
remote host is prior to 5.6.5. It is, therefore, affected by multiple
vulnerabilities:

- The CGI component has an out-of-bounds read flaw in file
'cgi_main.c' when nmap is used to process an invalid
file that begins with a hash character (#) but lacks a
newline character. A remote attacker, using a specially
crafted PHP file, can exploit this vulnerability to
disclose memory contents, cause a denial of service, or
possibly execute code. (CVE-2014-9427)

- A use-after-free memory error exists in the function
'process_nested_data' within 'var_unserializer.re' due
to the improper handling of duplicate numerical keys
within the serialized properties of an object. A remote
attacker, using a crafted unserialize method call, can
exploit this vulnerability to execute arbitrary code.
(CVE-2015-0231)

- A flaw exists in function 'exif_process_unicode' within
'exif.c' that allows freeing an uninitialized pointer. A
remote attacker, using specially crafted EXIF data in a
JPEG image, can exploit this to cause a denial of
service or to execute arbitrary code. (CVE-2015-0232)

Note that Nessus has not attempted to exploit these issues but has
instead relied only on the application's self-reported version number.

See also :

http://php.net/ChangeLog-5.php#5.6.5
https://bugs.php.net/bug.php?id=68618
https://bugs.php.net/bug.php?id=68710
https://bugs.php.net/bug.php?id=68799

Solution :

Upgrade to PHP version 5.6.5 or later.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 6.5
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

This script is Copyright (C) 2015 Tenable Network Security, Inc.

PHP 5.5.x < 5.5.21 Multiple Vulnerabilities


Synopsis:

The remote web server uses a version of PHP that is affected by
multiple vulnerabilities.

Description:

According to its banner, the version of PHP 5.5.x installed on the
remote host is prior to 5.5.21. It is, therefore, affected by multiple
vulnerabilities:

- The CGI component has an out-of-bounds read flaw in file
'cgi_main.c' when nmap is used to process an invalid
file that begins with a hash character (#) but lacks a
newline character. A remote attacker, using a specially
crafted PHP file, can exploit this vulnerability to
disclose memory contents, cause a denial of service, or
possibly execute code. (CVE-2014-9427)

- A use-after-free memory error exists in the function
'process_nested_data' within 'var_unserializer.re' due
to the improper handling of duplicate numerical keys
within the serialized properties of an object. A remote
attacker, using a crafted unserialize method call, can
exploit this vulnerability to execute arbitrary code.
(CVE-2015-0231)

- A flaw exists in function 'exif_process_unicode' within
'exif.c' that allows freeing an uninitialized pointer. A
remote attacker, using specially crafted EXIF data in a
JPEG image, can exploit this to cause a denial of
service or to execute arbitrary code. (CVE-2015-0232)

Note that Nessus has not attempted to exploit these issues but has
instead relied only on the application's self-reported version number.

See also :

http://php.net/ChangeLog-5.php#5.5.21
https://bugs.php.net/bug.php?id=68618
https://bugs.php.net/bug.php?id=68710
https://bugs.php.net/bug.php?id=68799

Solution :

Upgrade to PHP version 5.5.21 or later.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 6.5
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

This script is Copyright (C) 2015 Tenable Network Security, Inc.

PHP 5.4.x < 5.4.37 Multiple Vulnerabilities


Synopsis:

The remote web server uses a version of PHP that is affected by
multiple vulnerabilities.

Description:

According to its banner, the version of PHP 5.4.x installed on the
remote host is prior to 5.4.37. It is, therefore, affected by multiple
vulnerabilities:

- The CGI component has an out-of-bounds read flaw in file
'cgi_main.c' when nmap is used to process an invalid
file that begins with a hash character (#) but lacks a
newline character. A remote attacker, using a specially
crafted PHP file, can exploit this vulnerability to
disclose memory contents, cause a denial of service, or
possibly execute code. (CVE-2014-9427)

- A use-after-free memory error exists in the function
'process_nested_data' within 'var_unserializer.re' due
to the improper handling of duplicate numerical keys
within the serialized properties of an object. A remote
attacker, using a crafted unserialize method call, can
exploit this vulnerability to execute arbitrary code.
(CVE-2015-0231)

- A flaw exists in function 'exif_process_unicode' within
'exif.c' that allows freeing an uninitialized pointer. A
remote attacker, using specially crafted EXIF data in a
JPEG image, can exploit this to cause a denial of
service or to execute arbitrary code. (CVE-2015-0232)

Note that Nessus has not attempted to exploit these issues but has
instead relied only on the application's self-reported version number.

See also :

http://php.net/ChangeLog-5.php#5.4.37
https://bugs.php.net/bug.php?id=68618
https://bugs.php.net/bug.php?id=68710
https://bugs.php.net/bug.php?id=68799

Solution :

Upgrade to PHP version 5.4.37 or later.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 6.5
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

This script is Copyright (C) 2015 Tenable Network Security, Inc.

VMSA-2015-0001 : VMware vCenter Server, ESXi, Workstation, Player, and Fusion updates address security issues


Synopsis:

The remote VMware ESXi host is missing one or more security-related
patches.

Description:

a. VMware ESXi, Workstation, Player, and Fusion host privilege
escalation vulnerability

VMware ESXi, Workstation, Player and Fusion contain an arbitrary
file write issue. Exploitation this issue may allow for privilege
escalation on the host.

The vulnerability does not allow for privilege escalation from
the guest Operating System to the host or vice-versa. This means
that host memory can not be manipulated from the Guest Operating
System.

Mitigation

For ESXi to be affected, permissions must have been added to ESXi
(or a vCenter Server managing it) for a virtual machine
administrator role or greater.

VMware would like to thank Shanon Olsson for reporting this issue to
us through JPCERT.

The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the identifier CVE-2014-8370 to this issue.

b. VMware Workstation, Player, and Fusion Denial of Service
vulnerability

VMware Workstation, Player, and Fusion contain an input validation
issue in the Host Guest File System (HGFS). This issue may allow
for a Denial of Service of the Guest Operating system.

VMware would like to thank Peter Kamensky from Digital Security for
reporting this issue to us.

The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the identifier CVE-2015-1043 to this issue.

c. VMware ESXi, Workstation, and Player Denial of Service
vulnerability

VMware ESXi, Workstation, and Player contain an input
validation issue in VMware Authorization process (vmware-authd).
This issue may allow for a Denial of Service of the host. On
VMware ESXi and on Workstation running on Linux the Denial of
Service would be partial.

VMware would like to thank Dmitry Yudin @ret5et for reporting
this issue to us through HP's Zero Day Initiative.

The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the identifier CVE-2015-1044 to this issue.

d. Update to VMware vCenter Server and ESXi for OpenSSL 1.0.1
and 0.9.8 package

The OpenSSL library is updated to version 1.0.1j or 0.9.8zc
to resolve multiple security issues.

The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the names CVE-2014-3513, CVE-2014-3567,
CVE-2014-3566 ('POODLE') and CVE-2014-3568 to these issues.

e. Update to ESXi libxml2 package

The libxml2 library is updated to version libxml2-2.7.6-17
to resolve a security issue.

The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2014-3660 to this issue.

See also :

http://lists.vmware.com/pipermail/security-announce/2015/000286.html

Solution :

Apply the missing patches.

Risk factor :

High / CVSS Base Score : 7.1
(CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C)
CVSS Temporal Score : 6.2
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

This script is Copyright (C) 2015 Tenable Network Security, Inc.

SuSE 11.3 Security Update : libsndfile (SAT Patch Number 10221)


Synopsis:

The remote SuSE 11 host is missing one or more security updates.

Description:

This update for libsndfile fixes two buffer read overflows in
sd2_parse_rsrc_fork(). (CVE-2014-9496, bsc#911796)

See also :

https://bugzilla.novell.com/show_bug.cgi?id=911796
http://support.novell.com/security/cve/CVE-2014-9496.html

Solution :

Apply SAT patch number 10221.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

This script is Copyright (C) 2015 Tenable Network Security, Inc.

SuSE 11.3 Security Update : flash-player (SAT Patch Number 10226)


Synopsis:

The remote SuSE 11 host is missing one or more security updates.

Description:

Adobe Flash Player was updated to version 11.2.202.440 (bsc#914463,
APSA15-01, CVE-2015-0311).

More information can be found at
https://helpx.adobe.com/security/products/flash-player/apsa15-01.html
.

An update of flashplayer (executable binary) for i386 is currently not
available and was thus disabled.

See also :

https://bugzilla.novell.com/show_bug.cgi?id=914463
http://support.novell.com/security/cve/CVE-2015-0311.html

Solution :

Apply SAT patch number 10226.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
Public Exploit Available : true

This script is Copyright (C) 2015 Tenable Network Security, Inc.

SuSE 11.3 Security Update : binutils (SAT Patch Number 10214)


Synopsis:

The remote SuSE 11 host is missing a security update.

Description:

binutils has been updated to fix eight security issues :

- Lack of range checking leading to controlled write in
_bfd_elf_setup_sections(). (CVE-2014-8485)

- Invalid read flaw in libbfd. (CVE-2014-8484)

- Write to uninitialized memory in the PE parser.
(CVE-2014-8501)

- Crash in the PE parser. (CVE-2014-8502)

- Segfault in the ihex parser when it encounters a
malformed ihex file. (CVE-2014-8503)

- Stack buffer overflow in srec_scan. (CVE-2014-8504)

- Out-of-bounds memory write while processing a crafted
'ar' archive. (CVE-2014-8738)

- Directory traversal vulnerability allowing random file
deletion/creation. (CVE-2014-8737)

See also :

https://bugzilla.novell.com/show_bug.cgi?id=902676
https://bugzilla.novell.com/show_bug.cgi?id=902677
https://bugzilla.novell.com/show_bug.cgi?id=903655
https://bugzilla.novell.com/show_bug.cgi?id=905735
https://bugzilla.novell.com/show_bug.cgi?id=905736
http://support.novell.com/security/cve/CVE-2014-8484.html
http://support.novell.com/security/cve/CVE-2014-8485.html
http://support.novell.com/security/cve/CVE-2014-8501.html
http://support.novell.com/security/cve/CVE-2014-8502.html
http://support.novell.com/security/cve/CVE-2014-8503.html
http://support.novell.com/security/cve/CVE-2014-8504.html
http://support.novell.com/security/cve/CVE-2014-8737.html
http://support.novell.com/security/cve/CVE-2014-8738.html

Solution :

Apply SAT patch number 10214.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)

This script is Copyright (C) 2015 Tenable Network Security, Inc.

Slackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / current : glibc (SSA:2015-028-01)


Synopsis:

The remote Slackware host is missing a security update.

Description:

New glibc packages are available for Slackware 13.0, 13.1, 13.37,
14.0, and 14.1 to fix a security issue.

See also :

http://www.nessus.org/u?ccc24009

Solution :

Update the affected packages.

Risk factor :

Medium / CVSS Base Score : 6.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)

This script is Copyright (C) 2015 Tenable Network Security, Inc.

Scientific Linux Security Update : libyaml on SL6.x, SL7.x i386/x86_64


Synopsis:

The remote Scientific Linux host is missing one or more security
updates.

Description:

An assertion failure was found in the way the libyaml library parsed
wrapped strings. An attacker able to load specially crafted YAML input
into an application using libyaml could cause the application to
crash. (CVE-2014-9130)

All running applications linked against the libyaml library must be
restarted for this update to take effect.

See also :

http://www.nessus.org/u?be157fe4

Solution :

Update the affected libyaml, libyaml-debuginfo and / or libyaml-devel
packages.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)

This script is Copyright (C) 2015 Tenable Network Security, Inc.

Scientific Linux Security Update : kernel on SL7.x x86_64


Synopsis:

The remote Scientific Linux host is missing one or more security
updates.

Description:

- A flaw was found in the way the Linux kernel's SCTP
implementation validated INIT chunks when performing
Address Configuration Change (ASCONF). A remote attacker
could use this flaw to crash the system by sending a
specially crafted SCTP packet to trigger a NULL pointer
dereference on the system. (CVE-2014-7841, Important)

- A race condition flaw was found in the way the Linux
kernel's mmap(2), madvise(2), and fallocate(2) system
calls interacted with each other while operating on
virtual memory file system files. A local user could use
this flaw to cause a denial of service. (CVE-2014-4171,
Moderate)

- A NULL pointer dereference flaw was found in the way the
Linux kernel's Common Internet File System (CIFS)
implementation handled mounting of file system shares. A
remote attacker could use this flaw to crash a client
system that would mount a file system share from a
malicious server. (CVE-2014-7145, Moderate)

- A flaw was found in the way the Linux kernel's splice()
system call validated its parameters. On certain file
systems, a local, unprivileged user could use this flaw
to write past the maximum file size, and thus crash the
system. (CVE-2014-7822, Moderate)

- It was found that the parse_rock_ridge_inode_internal()
function of the Linux kernel's ISOFS implementation did
not correctly check relocated directories when
processing Rock Ridge child link (CL) tags. An attacker
with physical access to the system could use a specially
crafted ISO image to crash the system or, potentially,
escalate their privileges on the system. (CVE-2014-5471,
CVE-2014-5472, Low)

This update also fixes the following bugs :

- Previously, a kernel panic could occur if a process
reading from a locked NFS file was killed and the lock
was not released properly before the read operations
finished. Consequently, the system crashed. The code
handling file locks has been fixed, and instead of
halting, the system now emits a warning about the
unreleased lock.

- A race condition in the command abort handling logic of
the ipr device driver could cause the kernel to panic
when the driver received a response to an abort command
prior to receiving other responses to the aborted
command due to the support for multiple interrupts. With
this update, the abort handler waits for the aborted
command's responses first before completing an abort
operation.

- Previously, a race condition could occur when changing a
Page Table Entry (PTE) or a Page Middle Directory (PMD)
to 'pte_numa' or 'pmd_numa', respectively, causing the
kernel to crash. This update removes the BUG_ON() macro
from the __handle_mm_fault() function, preventing the
kernel panic in the aforementioned scenario.

The system must be rebooted for this update to take effect.

See also :

http://www.nessus.org/u?7ec4b7cc

Solution :

Update the affected packages.

Risk factor :

High / CVSS Base Score : 7.8
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C)

This script is Copyright (C) 2015 Tenable Network Security, Inc.

Scientific Linux Security Update : kernel on SL6.x i386/srpm/x86_64


Synopsis:

The remote Scientific Linux host is missing one or more security
updates.

Description:

* A flaw was found in the way the Linux kernel's SCTP implementation
validated INIT chunks when performing Address Configuration Change
(ASCONF). A remote attacker could use this flaw to crash the system by
sending a specially crafted SCTP packet to trigger a NULL pointer
dereference on the system. (CVE-2014-7841, Important)

* An integer overflow flaw was found in the way the Linux kernel's
Advanced Linux Sound Architecture (ALSA) implementation handled user
controls. A local, privileged user could use this flaw to crash the
system. (CVE-2014-4656, Moderate)

The system must be rebooted for this update to take effect.

See also :

http://www.nessus.org/u?7fcb8568

Solution :

Update the affected packages.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)

This script is Copyright (C) 2015 Tenable Network Security, Inc.

RHEL 6 : ntp (RHSA-2015:0104)


Synopsis:

The remote Red Hat host is missing one or more security updates.

Description:

Updated ntp packages that fix several security issues are now
available for Red Hat Enterprise Linux 6.5 Extended Update Support.

Red Hat Product Security has rated this update as having Important
security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.

The Network Time Protocol (NTP) is used to synchronize a computer's
time with a referenced time source.

Multiple buffer overflow flaws were discovered in ntpd's
crypto_recv(), ctl_putdata(), and configure() functions. A remote
attacker could use either of these flaws to send a specially crafted
request packet that could crash ntpd or, potentially, execute
arbitrary code with the privileges of the ntp user. Note: the
crypto_recv() flaw requires non-default configurations to be active,
while the ctl_putdata() flaw, by default, can only be exploited via
local attackers, and the configure() flaw requires additional
authentication to exploit. (CVE-2014-9295)

It was found that ntpd automatically generated weak keys for its
internal use if no ntpdc request authentication key was specified in
the ntp.conf configuration file. A remote attacker able to match the
configured IP restrictions could guess the generated key, and possibly
use it to send ntpdc query or configuration requests. (CVE-2014-9293)

It was found that ntp-keygen used a weak method for generating MD5
keys. This could possibly allow an attacker to guess generated MD5
keys that could then be used to spoof an NTP client or server. Note:
it is recommended to regenerate any MD5 keys that had explicitly been
generated with ntp-keygen
the default installation does not contain
such keys. (CVE-2014-9294)

A missing return statement in the receive() function could potentially
allow a remote attacker to bypass NTP's authentication mechanism.
(CVE-2014-9296)

All ntp users are advised to upgrade to this updated package, which
contains backported patches to resolve these issues. After installing
the update, the ntpd daemon will restart automatically.

See also :

https://www.redhat.com/security/data/cve/CVE-2014-9293.html
https://www.redhat.com/security/data/cve/CVE-2014-9294.html
https://www.redhat.com/security/data/cve/CVE-2014-9295.html
https://www.redhat.com/security/data/cve/CVE-2014-9296.html
http://rhn.redhat.com/errata/RHSA-2015-0104.html

Solution :

Update the affected packages.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)

This script is Copyright (C) 2015 Tenable Network Security, Inc.

RHEL 7 : kernel (RHSA-2015:0102)


Synopsis:

The remote Red Hat host is missing one or more security updates.

Description:

Updated kernel packages that fix multiple security issues and several
bugs are now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having Important
security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.

The kernel packages contain the Linux kernel, the core of any Linux
operating system.

* A flaw was found in the way the Linux kernel's SCTP implementation
validated INIT chunks when performing Address Configuration Change
(ASCONF). A remote attacker could use this flaw to crash the system by
sending a specially crafted SCTP packet to trigger a NULL pointer
dereference on the system. (CVE-2014-7841, Important)

* A race condition flaw was found in the way the Linux kernel's
mmap(2), madvise(2), and fallocate(2) system calls interacted with
each other while operating on virtual memory file system files. A
local user could use this flaw to cause a denial of service.
(CVE-2014-4171, Moderate)

* A NULL pointer dereference flaw was found in the way the Linux
kernel's Common Internet File System (CIFS) implementation handled
mounting of file system shares. A remote attacker could use this flaw
to crash a client system that would mount a file system share from a
malicious server. (CVE-2014-7145, Moderate)

* A flaw was found in the way the Linux kernel's splice() system call
validated its parameters. On certain file systems, a local,
unprivileged user could use this flaw to write past the maximum file
size, and thus crash the system. (CVE-2014-7822, Moderate)

* It was found that the parse_rock_ridge_inode_internal() function of
the Linux kernel's ISOFS implementation did not correctly check
relocated directories when processing Rock Ridge child link (CL) tags.
An attacker with physical access to the system could use a specially
crafted ISO image to crash the system or, potentially, escalate their
privileges on the system. (CVE-2014-5471, CVE-2014-5472, Low)

Red Hat would like to thank Akira Fujita of NEC for reporting the
CVE-2014-7822 issue. The CVE-2014-7841 issue was discovered by Liu Wei
of Red Hat.

This update also fixes the following bugs :

* Previously, a kernel panic could occur if a process reading from a
locked NFS file was killed and the lock was not released properly
before the read operations finished. Consequently, the system crashed.
The code handling file locks has been fixed, and instead of halting,
the system now emits a warning about the unreleased lock. (BZ#1172266)

* A race condition in the command abort handling logic of the ipr
device driver could cause the kernel to panic when the driver received
a response to an abort command prior to receiving other responses to
the aborted command due to the support for multiple interrupts. With
this update, the abort handler waits for the aborted command's
responses first before completing an abort operation. (BZ#1162734)

* Previously, a race condition could occur when changing a Page Table
Entry (PTE) or a Page Middle Directory (PMD) to 'pte_numa' or
'pmd_numa', respectively, causing the kernel to crash. This update
removes the BUG_ON() macro from the __handle_mm_fault() function,
preventing the kernel panic in the aforementioned scenario.
(BZ#1170662)

All kernel users are advised to upgrade to these updated packages,
which contain backported patches to correct these issues. The system
must be rebooted for this update to take effect.

See also :

https://www.redhat.com/security/data/cve/CVE-2014-4171.html
https://www.redhat.com/security/data/cve/CVE-2014-5471.html
https://www.redhat.com/security/data/cve/CVE-2014-5472.html
https://www.redhat.com/security/data/cve/CVE-2014-7145.html
https://www.redhat.com/security/data/cve/CVE-2014-7822.html
https://www.redhat.com/security/data/cve/CVE-2014-7841.html
http://rhn.redhat.com/errata/RHSA-2015-0102.html

Solution :

Update the affected packages.

Risk factor :

High / CVSS Base Score : 7.8
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C)
CVSS Temporal Score : 6.8
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

This script is Copyright (C) 2015 Tenable Network Security, Inc.

RHEL 6 / 7 : libyaml (RHSA-2015:0100)


Synopsis:

The remote Red Hat host is missing one or more security updates.

Description:

Updated libyaml packages that fix one security issue are now available
for Red Hat Enterprise Linux 6 and 7.

Red Hat Product Security has rated this update as having Moderate
security impact. A Common Vulnerability Scoring System (CVSS) base
score, which gives a detailed severity rating, is available from the
CVE link in the References section.

YAML is a data serialization format designed for human readability and
interaction with scripting languages. LibYAML is a YAML parser and
emitter written in C.

An assertion failure was found in the way the libyaml library parsed
wrapped strings. An attacker able to load specially crafted YAML input
into an application using libyaml could cause the application to
crash. (CVE-2014-9130)

All libyaml users are advised to upgrade to these updated packages,
which contain a backported patch to correct this issue. All running
applications linked against the libyaml library must be restarted for
this update to take effect.

See also :

https://www.redhat.com/security/data/cve/CVE-2014-9130.html
http://rhn.redhat.com/errata/RHSA-2015-0100.html

Solution :

Update the affected libyaml, libyaml-debuginfo and / or libyaml-devel
packages.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)

This script is Copyright (C) 2015 Tenable Network Security, Inc.

RHEL 5 / 6 : glibc (RHSA-2015:0099)


Synopsis:

The remote Red Hat host is missing one or more security updates.

Description:

Updated glibc packages that fix one security issue are now available
for Red Hat Enterprise Linux 5.6 Long Life, Red Hat Enterprise Linux
5.9 Extended Update Support, Red Hat Enterprise Linux 6.2 Advanced
Update Support, and Red Hat Enterprise Linux 6.4 and 6.5 Extended
Update Support.

Red Hat Product Security has rated this update as having Critical
security impact. A Common Vulnerability Scoring System (CVSS) base
score, which gives a detailed severity rating, is available from the
CVE link in the References section.

The glibc packages provide the standard C libraries (libc), POSIX
thread libraries (libpthread), standard math libraries (libm), and the
Name Server Caching Daemon (nscd) used by multiple programs on the
system. Without these libraries, the Linux system cannot function
correctly.

A heap-based buffer overflow was found in glibc's
__nss_hostname_digits_dots() function, which is used by the
gethostbyname() and gethostbyname2() glibc function calls. A remote
attacker able to make an application call either of these functions
could use this flaw to execute arbitrary code with the permissions of
the user running the application. (CVE-2015-0235)

Red Hat would like to thank Qualys for reporting this issue.

All glibc users are advised to upgrade to these updated packages,
which contain a backported patch to correct this issue.

See also :

https://www.redhat.com/security/data/cve/CVE-2015-0235.html
http://rhn.redhat.com/errata/RHSA-2015-0099.html

Solution :

Update the affected packages.

Risk factor :

Medium / CVSS Base Score : 6.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)

This script is Copyright (C) 2015 Tenable Network Security, Inc.