Newest Plugins

MediaWiki < 1.19.22 / 1.22.14 / 1.23.7 Multiple Vulnerabilities


Synopsis:

The remote web server contains an application that is affected by
multiple vulnerabilities.

Description:

According to its version number, the MediaWiki application installed
on the remote host is affected by the following vulnerabilities :

- An input validation error exists related to handling
previews of wikitext that could allow cross-site
scripting attacks. (CVE-2014-9276)

- An input validation error exists related to flash policy
mangling, API clients, and 'format=php' that could allow
cross-site scripting. (CVE-2014-9277)

- An error exists related to 'content model' editing
that could allow a remote, unprivileged attacker to
modify a user's 'common.js' file. (Bug 70901)

- An error exists related to deleting an entry. The
'DELETED_ACTION' and the action 'revdeleted' could allow
information disclosure via log files. (Bug 72222)

Note that Nessus has not tested for these issues but has instead
relied only on the application's self-reported version number.

See also :

http://www.nessus.org/u?7796737d
https://www.mediawiki.org/wiki/Release_notes/1.19#MediaWiki_1.19.22
https://www.mediawiki.org/wiki/Release_notes/1.22#MediaWiki_1.22.14
http://www.mediawiki.org/wiki/Release_notes/1.23#MediaWiki_1.23.7

Solution :

Upgrade to MediaWiki version 1.19.22 / 1.22.14 / 1.23.7 or later.

Risk factor :

Medium / CVSS Base Score : 4.3
(CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N)

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Microsoft Windows 2003 Approaching End Of Life


Synopsis:

The remote host is running a version of Windows that is approaching
end-of-life status.

Description:

The remote host is running Microsoft Windows Server 2003. This
operating system is approaching end-of-life (EOL) status and will no
longer be supported by Microsoft or receive security updates after
2015/07/14.

See also :

http://www.nessus.org/u?7eae3f0b

Solution :

Consult your corporate policies regarding phasing out unsupported
software.

Risk factor :

None

This script is Copyright (C) 2014 Tenable Network Security, Inc.

F5 Networks BIG-IP : Directory Traversal and File Deletion (ID 363027)


Synopsis:

The remote device is missing a vendor-supplied security patch.

Description:

The 'properties.jsp' and 'tmui/Control/form' contain a flaw in how
user-supplied parameters are validated, specifically the 'name'
parameter. An authenticated user with the role of 'Resource
Administrator' or 'Administrator' can exploit this flaw to arbitrarily
enumerate and subsequently delete files on the system via standard
HTTP requests using directory traversal sequences.

See also :

http://www.nessus.org/u?c2087c03
http://www.exploit-db.com/exploits/35222/

Solution :

Upgrade to version 10.2.2 Hotfix 2 / version 11 or later.

Risk factor :

Medium / CVSS Base Score : 6.2
(CVSS2#AV:L/AC:L/Au:S/C:N/I:C/A:C)

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Symantec Web Gateway < 5.2.2 Authenticated OS Command Injection (SYM14-016)


Synopsis:

A web security application hosted on the remote web server is affected
by a OS command injection vulnerability.

Description:

According to its self-reported version number, the remote web server
is hosting a version of Symantec Web Gateway prior to version 5.2.2.
It is, therefore, affected by a operating system (OS) command
injection vulnerability in an unspecified PHP script which impacts the
management console. A remote, authenticated user can exploit this
issue to execute arbitrary OS commands subject to the privileges of
the authenticated user.

See also :

http://www.nessus.org/u?2f3741bb

Solution :

Upgrade to Symantec Web Gateway 5.2.2 or later.

Risk factor :

Medium / CVSS Base Score : 6.5
(CVSS2#AV:A/AC:H/Au:S/C:C/I:C/A:C)

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Scientific Linux Security Update : jasper on SL6.x, SL7.x i386/x86_64


Synopsis:

The remote Scientific Linux host is missing one or more security
updates.

Description:

Multiple off-by-one flaws, leading to heap-based buffer overflows,
were found in the way JasPer decoded JPEG 2000 image files. A
specially crafted file could cause an application using JasPer to
crash or, possibly, execute arbitrary code. (CVE-2014-9029)

A heap-based buffer overflow flaw was found in the way JasPer decoded
JPEG 2000 image files. A specially crafted file could cause an
application using JasPer to crash or, possibly, execute arbitrary
code. (CVE-2014-8138)

A double free flaw was found in the way JasPer parsed ICC color
profiles in JPEG 2000 image files. A specially crafted file could
cause an application using JasPer to crash or, possibly, execute
arbitrary code. (CVE-2014-8137)

All applications using the JasPer libraries must be restarted for the
update to take effect.

See also :

http://www.nessus.org/u?76036159

Solution :

Update the affected packages.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)

This script is Copyright (C) 2014 Tenable Network Security, Inc.

RHEL 7 : glibc (RHSA-2014:2023)


Synopsis:

The remote Red Hat host is missing one or more security updates.

Description:

Updated glibc packages that fix one security issue and one bug are now
available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having Moderate
security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.

The glibc packages provide the standard C libraries (libc), POSIX
thread libraries (libpthread), standard math libraries (libm), and the
Name Server Caching Daemon (nscd) used by multiple programs on the
system. Without these libraries, the Linux system cannot function
correctly.

It was found that the wordexp() function would perform command
substitution even when the WRDE_NOCMD flag was specified. An attacker
able to provide specially crafted input to an application using the
wordexp() function, and not sanitizing the input correctly, could
potentially use this flaw to execute arbitrary commands with the
credentials of the user running that application. (CVE-2014-7817)

This issue was discovered by Tim Waugh of the Red Hat Developer
Experience Team.

This update also fixes the following bug :

* Prior to this update, if a file stream that was opened in append
mode and its underlying file descriptor were used at the same time and
the file was truncated using the ftruncate() function on the file
descriptor, a subsequent ftell() call on the stream incorrectly
modified the file offset by seeking to the new end of the file. This
update ensures that ftell() modifies the state of the file stream only
when it is in append mode and its buffer is not empty. As a result,
the described incorrect changes to the file offset no longer occur.
(BZ#1170187)

All glibc users are advised to upgrade to these updated packages,
which contain backported patches to correct these issues.

See also :

https://www.redhat.com/security/data/cve/CVE-2014-7817.html
http://rhn.redhat.com/errata/RHSA-2014-2023.html

Solution :

Update the affected packages.

Risk factor :

Medium / CVSS Base Score : 4.6
(CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P)

This script is Copyright (C) 2014 Tenable Network Security, Inc.

RHEL 6 / 7 : jasper (RHSA-2014:2021)


Synopsis:

The remote Red Hat host is missing one or more security updates.

Description:

Updated jasper packages that fix three security issues are now
available for Red Hat Enterprise Linux 6 and 7.

Red Hat Product Security has rated this update as having Important
security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.

JasPer is an implementation of Part 1 of the JPEG 2000 image
compression standard.

Multiple off-by-one flaws, leading to heap-based buffer overflows,
were found in the way JasPer decoded JPEG 2000 image files. A
specially crafted file could cause an application using JasPer to
crash or, possibly, execute arbitrary code. (CVE-2014-9029)

A heap-based buffer overflow flaw was found in the way JasPer decoded
JPEG 2000 image files. A specially crafted file could cause an
application using JasPer to crash or, possibly, execute arbitrary
code. (CVE-2014-8138)

A double free flaw was found in the way JasPer parsed ICC color
profiles in JPEG 2000 image files. A specially crafted file could
cause an application using JasPer to crash or, possibly, execute
arbitrary code. (CVE-2014-8137)

Red Hat would like to thank oCERT for reporting these issues. oCERT
acknowledges Jose Duart of the Google Security Team as the original
reporter.

All JasPer users are advised to upgrade to these updated packages,
which contain backported patches to correct these issues. All
applications using the JasPer libraries must be restarted for the
update to take effect.

See also :

https://www.redhat.com/security/data/cve/CVE-2014-8137.html
https://www.redhat.com/security/data/cve/CVE-2014-8138.html
https://www.redhat.com/security/data/cve/CVE-2014-9029.html
http://rhn.redhat.com/errata/RHSA-2014-2021.html

Solution :

Update the affected packages.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Oracle Linux 7 : glibc (ELSA-2014-2023)


Synopsis:

The remote Oracle Linux host is missing one or more security updates.

Description:

From Red Hat Security Advisory 2014:2023 :

Updated glibc packages that fix one security issue and one bug are now
available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having Moderate
security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.

The glibc packages provide the standard C libraries (libc), POSIX
thread libraries (libpthread), standard math libraries (libm), and the
Name Server Caching Daemon (nscd) used by multiple programs on the
system. Without these libraries, the Linux system cannot function
correctly.

It was found that the wordexp() function would perform command
substitution even when the WRDE_NOCMD flag was specified. An attacker
able to provide specially crafted input to an application using the
wordexp() function, and not sanitizing the input correctly, could
potentially use this flaw to execute arbitrary commands with the
credentials of the user running that application. (CVE-2014-7817)

This issue was discovered by Tim Waugh of the Red Hat Developer
Experience Team.

This update also fixes the following bug :

* Prior to this update, if a file stream that was opened in append
mode and its underlying file descriptor were used at the same time and
the file was truncated using the ftruncate() function on the file
descriptor, a subsequent ftell() call on the stream incorrectly
modified the file offset by seeking to the new end of the file. This
update ensures that ftell() modifies the state of the file stream only
when it is in append mode and its buffer is not empty. As a result,
the described incorrect changes to the file offset no longer occur.
(BZ#1170187)

All glibc users are advised to upgrade to these updated packages,
which contain backported patches to correct these issues.

See also :

https://oss.oracle.com/pipermail/el-errata/2014-December/004751.html

Solution :

Update the affected glibc packages.

Risk factor :

Medium / CVSS Base Score : 4.6
(CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 4.0
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Oracle Linux 6 / 7 : jasper (ELSA-2014-2021)


Synopsis:

The remote Oracle Linux host is missing one or more security updates.

Description:

From Red Hat Security Advisory 2014:2021 :

Updated jasper packages that fix three security issues are now
available for Red Hat Enterprise Linux 6 and 7.

Red Hat Product Security has rated this update as having Important
security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.

JasPer is an implementation of Part 1 of the JPEG 2000 image
compression standard.

Multiple off-by-one flaws, leading to heap-based buffer overflows,
were found in the way JasPer decoded JPEG 2000 image files. A
specially crafted file could cause an application using JasPer to
crash or, possibly, execute arbitrary code. (CVE-2014-9029)

A heap-based buffer overflow flaw was found in the way JasPer decoded
JPEG 2000 image files. A specially crafted file could cause an
application using JasPer to crash or, possibly, execute arbitrary
code. (CVE-2014-8138)

A double free flaw was found in the way JasPer parsed ICC color
profiles in JPEG 2000 image files. A specially crafted file could
cause an application using JasPer to crash or, possibly, execute
arbitrary code. (CVE-2014-8137)

Red Hat would like to thank oCERT for reporting these issues. oCERT
acknowledges Jose Duart of the Google Security Team as the original
reporter.

All JasPer users are advised to upgrade to these updated packages,
which contain backported patches to correct these issues. All
applications using the JasPer libraries must be restarted for the
update to take effect.

See also :

https://oss.oracle.com/pipermail/el-errata/2014-December/004749.html
https://oss.oracle.com/pipermail/el-errata/2014-December/004746.html

Solution :

Update the affected jasper packages.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Oracle Linux 7 : kernel (ELSA-2014-2010)


Synopsis:

The remote Oracle Linux host is missing one or more security updates.

Description:

From Red Hat Security Advisory 2014:2010 :

Updated kernel packages that fix one security issue are now available
for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having Important
security impact. A Common Vulnerability Scoring System (CVSS) base
score, which gives a detailed severity rating, is available from the
CVE link in the References section.

The kernel packages contain the Linux kernel, the core of any Linux
operating system.

* A flaw was found in the way the Linux kernel handled GS segment
register base switching when recovering from a #SS (stack segment)
fault on an erroneous return to user space. A local, unprivileged user
could use this flaw to escalate their privileges on the system.
(CVE-2014-9322, Important)

Red Hat would like to thank Andy Lutomirski for reporting this issue.

All kernel users are advised to upgrade to these updated packages,
which contain a backported patch to correct this issue. The system
must be rebooted for this update to take effect.

See also :

https://oss.oracle.com/pipermail/el-errata/2014-December/004750.html

Solution :

Update the affected kernel packages.

Risk factor :

High / CVSS Base Score : 7.2
(CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Oracle Linux 5 : kernel (ELSA-2014-2008)


Synopsis:

The remote Oracle Linux host is missing one or more security updates.

Description:

From Red Hat Security Advisory 2014:2008 :

Updated kernel packages that fix one security issue are now available
for Red Hat Enterprise Linux 5.

Red Hat Product Security has rated this update as having Important
security impact. A Common Vulnerability Scoring System (CVSS) base
score, which gives a detailed severity rating, is available from the
CVE link in the References section.

The kernel packages contain the Linux kernel, the core of any Linux
operating system.

* A flaw was found in the way the Linux kernel handled GS segment
register base switching when recovering from a #SS (stack segment)
fault on an erroneous return to user space. A local, unprivileged user
could use this flaw to escalate their privileges on the system.
(CVE-2014-9322, Important)

Red Hat would like to thank Andy Lutomirski for reporting this issue.

All kernel users are advised to upgrade to these updated packages,
which contain a backported patch to correct this issue. The system
must be rebooted for this update to take effect.

See also :

https://oss.oracle.com/pipermail/el-errata/2014-December/004740.html

Solution :

Update the affected kernel packages.

Risk factor :

High / CVSS Base Score : 7.2
(CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 6.3
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Oracle Linux 5 : kernel (ELSA-2014-2008-1)


Synopsis:

The remote Oracle Linux host is missing one or more security updates.

Description:

From Red Hat Security Advisory 2014:2008 :

Updated kernel packages that fix one security issue are now available
for Red Hat Enterprise Linux 5.

Red Hat Product Security has rated this update as having Important
security impact. A Common Vulnerability Scoring System (CVSS) base
score, which gives a detailed severity rating, is available from the
CVE link in the References section.

The kernel packages contain the Linux kernel, the core of any Linux
operating system.

* A flaw was found in the way the Linux kernel handled GS segment
register base switching when recovering from a #SS (stack segment)
fault on an erroneous return to user space. A local, unprivileged user
could use this flaw to escalate their privileges on the system.
(CVE-2014-9322, Important)

Red Hat would like to thank Andy Lutomirski for reporting this issue.

All kernel users are advised to upgrade to these updated packages,
which contain a backported patch to correct this issue. The system
must be rebooted for this update to take effect.

See also :

https://oss.oracle.com/pipermail/el-errata/2014-December/004747.html

Solution :

Update the affected kernel packages.

Risk factor :

High / CVSS Base Score : 7.2
(CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 6.3
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

This script is Copyright (C) 2014 Tenable Network Security, Inc.

GLSA-201412-31 : ZNC: Denial of Service


Synopsis:

The remote Gentoo host is missing one or more security-related
patches.

Description:

The remote host is affected by the vulnerability described in GLSA-201412-31
(ZNC: Denial of Service)

Multiple NULL pointer dereferences have been found in ZNC.

Impact :

A remote attacker could send a specially crafted request, possibly
resulting in a Denial of Service condition.

Workaround :

There is no known workaround at this time.

See also :

http://www.gentoo.org/security/en/glsa/glsa-201412-31.xml

Solution :

All ZNC users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose '>=net-irc/znc-1.2-r1'

Risk factor :

Medium / CVSS Base Score : 4.0
(CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P)

This script is Copyright (C) 2014 Tenable Network Security, Inc.

F5 Networks BIG-IP : Apache vulnerability (SOL15920)


Synopsis:

The remote device is missing a vendor-supplied security patch.

Description:

Stack consumption vulnerability in the fnmatch implementation in
apr_fnmatch.c in the Apache Portable Runtime (APR) library before
1.4.3 and the Apache HTTP Server before 2.2.18, and in fnmatch.c in
libc in NetBSD 5.1, OpenBSD 4.8, FreeBSD, Apple Mac OS X 10.6, Oracle
Solaris 10, and Android, allows context-dependent attackers to cause a
denial of service (CPU and memory consumption) via *? sequences in the
first argument, as demonstrated by attacks against mod_autoindex in
httpd.

See also :

http://www.nessus.org/u?d5636504

Solution :

Upgrade to one of the non-vulnerable versions listed in the F5
Solution SOL15920.

Risk factor :

Medium / CVSS Base Score : 4.3
(CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P)
CVSS Temporal Score : 3.7
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

This script is Copyright (C) 2014 Tenable Network Security, Inc.

CentOS 6 / 7 : jasper (CESA-2014:2021)


Synopsis:

The remote CentOS host is missing one or more security updates.

Description:

Updated jasper packages that fix three security issues are now
available for Red Hat Enterprise Linux 6 and 7.

Red Hat Product Security has rated this update as having Important
security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.

JasPer is an implementation of Part 1 of the JPEG 2000 image
compression standard.

Multiple off-by-one flaws, leading to heap-based buffer overflows,
were found in the way JasPer decoded JPEG 2000 image files. A
specially crafted file could cause an application using JasPer to
crash or, possibly, execute arbitrary code. (CVE-2014-9029)

A heap-based buffer overflow flaw was found in the way JasPer decoded
JPEG 2000 image files. A specially crafted file could cause an
application using JasPer to crash or, possibly, execute arbitrary
code. (CVE-2014-8138)

A double free flaw was found in the way JasPer parsed ICC color
profiles in JPEG 2000 image files. A specially crafted file could
cause an application using JasPer to crash or, possibly, execute
arbitrary code. (CVE-2014-8137)

Red Hat would like to thank oCERT for reporting these issues. oCERT
acknowledges Jose Duart of the Google Security Team as the original
reporter.

All JasPer users are advised to upgrade to these updated packages,
which contain backported patches to correct these issues. All
applications using the JasPer libraries must be restarted for the
update to take effect.

See also :

http://www.nessus.org/u?09db416c
http://www.nessus.org/u?4e08c17e

Solution :

Update the affected jasper packages.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 6.5
(CVSS2#E:ND/RL:OF/RC:ND)
Public Exploit Available : false

This script is Copyright (C) 2014 Tenable Network Security, Inc.

CentOS 7 : kernel (CESA-2014:2010)


Synopsis:

The remote CentOS host is missing one or more security updates.

Description:

Updated kernel packages that fix one security issue are now available
for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having Important
security impact. A Common Vulnerability Scoring System (CVSS) base
score, which gives a detailed severity rating, is available from the
CVE link in the References section.

The kernel packages contain the Linux kernel, the core of any Linux
operating system.

* A flaw was found in the way the Linux kernel handled GS segment
register base switching when recovering from a #SS (stack segment)
fault on an erroneous return to user space. A local, unprivileged user
could use this flaw to escalate their privileges on the system.
(CVE-2014-9322, Important)

Red Hat would like to thank Andy Lutomirski for reporting this issue.

All kernel users are advised to upgrade to these updated packages,
which contain a backported patch to correct this issue. The system
must be rebooted for this update to take effect.

See also :

http://www.nessus.org/u?47b78022

Solution :

Update the affected kernel packages.

Risk factor :

High / CVSS Base Score : 7.2
(CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)

This script is Copyright (C) 2014 Tenable Network Security, Inc.

CentOS 5 : kernel (CESA-2014:2008)


Synopsis:

The remote CentOS host is missing one or more security updates.

Description:

Updated kernel packages that fix one security issue are now available
for Red Hat Enterprise Linux 5.

Red Hat Product Security has rated this update as having Important
security impact. A Common Vulnerability Scoring System (CVSS) base
score, which gives a detailed severity rating, is available from the
CVE link in the References section.

The kernel packages contain the Linux kernel, the core of any Linux
operating system.

* A flaw was found in the way the Linux kernel handled GS segment
register base switching when recovering from a #SS (stack segment)
fault on an erroneous return to user space. A local, unprivileged user
could use this flaw to escalate their privileges on the system.
(CVE-2014-9322, Important)

Red Hat would like to thank Andy Lutomirski for reporting this issue.

All kernel users are advised to upgrade to these updated packages,
which contain a backported patch to correct this issue. The system
must be rebooted for this update to take effect.

See also :

http://www.nessus.org/u?78bb6a24

Solution :

Update the affected kernel packages.

Risk factor :

High / CVSS Base Score : 7.2
(CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 6.3
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Firebird SQL Server Remote Denial of Service (CVE-2014-9323)


Synopsis:

The remote Windows host has an application that is vulnerable to a
remote denial of service.

Description:

The version of Firebird SQL Server installed on the remote host is
vulnerable to a remote denial of service attack.

See also :

http://tracker.firebirdsql.org/browse/CORE-4630

Solution :

Upgrade to Firebird 2.1.7.18553 or 2.5.3.26780 or later.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Firebird SQL Server Installed


Synopsis:

An open source database server is installed on the remote host.

Description:

Firebird SQL Server, an open source database server, is installed on
the remote Windows host.

See also :

http://firebirdsql.com/

Solution :

n/a

Risk factor :

None

This script is Copyright (C) 2014 Tenable Network Security, Inc.

SSL Custom CA Setup


Synopsis:

Configure the SSL certificates for validation of connections.

Description:

Configure the loading of the certificate authorities for SSL
validation. This will load the Tenable-managed default certificate
authorities and allow Nessus users to load custom certificate
authorities.

Multiple custom CA files are available to help with the management of
custom certificate authorities. Custom certificate authority naming :

- custom_CA.inc
- custom_CA_0.inc
- custom_CA_1.inc
- custom_CA_2.inc
- custom_CA_3.inc
- custom_CA_4.inc
- custom_CA_5.inc
- custom_CA_6.inc
- custom_CA_7.inc
- custom_CA_8.inc
- custom_CA_9.inc

Solution :

n/a

Risk factor :

None

This script is Copyright (C) 2014 Tenable Network Security, Inc.

IPMI v2.0 Password Hash Disclosure


Synopsis:

The remote host supports IPMI version 2.0.

Description:

The remote host supports IPMI v2.0. The Intelligent Platform
Management Interface (IPMI) protocol is affected by an information
disclosure vulnerability due to the support of RMCP+ Authenticated
Key-Exchange Protocol (RAKP) authentication. A remote attacker can
obtain password hash information for valid user accounts via the HMAC
from a RAKP message 2 response from a BMC.

See also :

http://fish2.com/ipmi/remote-pw-cracking.html

Solution :

There is no patch for this vulnerability
it is an inherent problem
with the specification for IPMI v2.0. Suggested mitigations include :

- Disabling IPMI over LAN if it is not needed.

- Using strong passwords to limit the successfulness of
off-line dictionary attacks.

- Using Access Control Lists (ACLs) or isolated networks
to limit access to your IPMI management interfaces.

Risk factor :

High / CVSS Base Score : 7.8
(CVSS2#AV:N/AC:L/Au:N/C:C/I:N/A:N)
CVSS Temporal Score : 7.8
(CVSS2#E:ND/RL:U/RC:ND)
Public Exploit Available : true

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Scientific Linux Security Update : kernel on SL5.x i386/x86_64


Synopsis:

The remote Scientific Linux host is missing one or more security
updates.

Description:

* A flaw was found in the way the Linux kernel handled GS segment
register base switching when recovering from a #SS (stack segment)
fault on an erroneous return to user space. A local, unprivileged user
could use this flaw to escalate their privileges on the system.
(CVE-2014-9322, Important)

The system must be rebooted for this update to take effect.

See also :

http://www.nessus.org/u?f9256ceb

Solution :

Update the affected packages.

Risk factor :

High / CVSS Base Score : 7.2
(CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Scientific Linux Security Update : kernel on SL6.x i386/x86_64


Synopsis:

The remote Scientific Linux host is missing one or more security
updates.

Description:

- A flaw was found in the way the Linux kernel's SCTP
implementation handled malformed or duplicate Address
Configuration Change Chunks (ASCONF). A remote attacker
could use either of these flaws to crash the system.
(CVE-2014-3673, CVE-2014-3687, Important)

- A flaw was found in the way the Linux kernel's SCTP
implementation handled the association's output queue. A
remote attacker could send specially crafted packets
that would cause the system to use an excessive amount
of memory, leading to a denial of service.
(CVE-2014-3688, Important)

- A stack overflow flaw caused by infinite recursion was
found in the way the Linux kernel's UDF file system
implementation processed indirect ICBs. An attacker with
physical access to the system could use a specially
crafted UDF image to crash the system. (CVE-2014-6410,
Low)

- It was found that the Linux kernel's networking
implementation did not correctly handle the setting of
the keepalive socket option on raw sockets. A local user
able to create a raw socket could use this flaw to crash
the system. (CVE-2012-6657, Low)

- It was found that the parse_rock_ridge_inode_internal()
function of the Linux kernel's ISOFS implementation did
not correctly check relocated directories when
processing Rock Ridge child link (CL) tags. An attacker
with physical access to the system could use a specially
crafted ISO image to crash the system or, potentially,
escalate their privileges on the system. (CVE-2014-5471,
CVE-2014-5472, Low)

Bug fixes :

- This update fixes a race condition issue between the
sock_queue_err_skb function and sk_forward_alloc
handling in the socket error queue (MSG_ERRQUEUE), which
could occasionally cause the kernel, for example when
using PTP, to incorrectly track allocated memory for the
error queue, in which case a traceback would occur in
the system log.

- The zcrypt device driver did not detect certain crypto
cards and the related domains for crypto adapters on
System z and s390x architectures. Consequently, it was
not possible to run the system on new crypto hardware.
This update enables toleration mode for such devices so
that the system can make use of newer crypto hardware.

- After mounting and unmounting an XFS file system several
times consecutively, the umount command occasionally
became unresponsive. This was caused by the
xlog_cil_force_lsn() function that was not waiting for
completion as expected. With this update,
xlog_cil_force_lsn() has been modified to correctly wait
for completion, thus fixing this bug.

- When using the ixgbe adapter with disabled LRO and the
tx-usec or rs- usec variables set to 0, transmit
interrupts could not be set lower than the default of 8
buffered tx frames. Consequently, a delay of TCP
transfer occurred. The restriction of a minimum of 8
buffered frames has been removed, and the TCP delay no
longer occurs.

- The offb driver has been updated for the QEMU standard
VGA adapter, fixing an incorrect displaying of colors
issue.

- Under certain circumstances, when a discovered MTU
expired, the IPv6 connection became unavailable for a
short period of time. This bug has been fixed, and the
connection now works as expected.

- A low throughput occurred when using the dm-thin driver
to write to unprovisioned or shared chunks for a thin
pool with the chunk size bigger than the max_sectors_kb
variable.

- Large write workloads on thin LVs could cause the iozone
and smallfile utilities to terminate unexpectedly.

See also :

http://www.nessus.org/u?0ddef4c3

Solution :

Update the affected packages.

Risk factor :

High / CVSS Base Score : 7.8
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C)

This script is Copyright (C) 2014 Tenable Network Security, Inc.

RHEL 7 : kernel (RHSA-2014:2010)


Synopsis:

The remote Red Hat host is missing one or more security updates.

Description:

Updated kernel packages that fix one security issue are now available
for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having Important
security impact. A Common Vulnerability Scoring System (CVSS) base
score, which gives a detailed severity rating, is available from the
CVE link in the References section.

The kernel packages contain the Linux kernel, the core of any Linux
operating system.

* A flaw was found in the way the Linux kernel handled GS segment
register base switching when recovering from a #SS (stack segment)
fault on an erroneous return to user space. A local, unprivileged user
could use this flaw to escalate their privileges on the system.
(CVE-2014-9322, Important)

Red Hat would like to thank Andy Lutomirski for reporting this issue.

All kernel users are advised to upgrade to these updated packages,
which contain a backported patch to correct this issue. The system
must be rebooted for this update to take effect.

See also :

https://www.redhat.com/security/data/cve/CVE-2014-9322.html
http://rhn.redhat.com/errata/RHSA-2014-2010.html

Solution :

Update the affected packages.

Risk factor :

High / CVSS Base Score : 7.2
(CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)

This script is Copyright (C) 2014 Tenable Network Security, Inc.

RHEL 6 : kernel (RHSA-2014:2009)


Synopsis:

The remote Red Hat host is missing one or more security updates.

Description:

Updated kernel packages that fix one security issue are now available
for Red Hat Enterprise Linux 6.5 Extended Update Support.

Red Hat Product Security has rated this update as having Important
security impact. A Common Vulnerability Scoring System (CVSS) base
score, which gives a detailed severity rating, is available from the
CVE link in the References section.

The kernel packages contain the Linux kernel, the core of any Linux
operating system.

* A flaw was found in the way the Linux kernel handled GS segment
register base switching when recovering from a #SS (stack segment)
fault on an erroneous return to user space. A local, unprivileged user
could use this flaw to escalate their privileges on the system.
(CVE-2014-9322, Important)

Red Hat would like to thank Andy Lutomirski for reporting this issue.

All kernel users are advised to upgrade to these updated packages,
which contain a backported patch to correct this issue. The system
must be rebooted for this update to take effect.

See also :

https://www.redhat.com/security/data/cve/CVE-2014-9322.html
http://rhn.redhat.com/errata/RHSA-2014-2009.html

Solution :

Update the affected packages.

Risk factor :

High / CVSS Base Score : 7.2
(CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 6.3
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

This script is Copyright (C) 2014 Tenable Network Security, Inc.

RHEL 5 : kernel (RHSA-2014:2008)


Synopsis:

The remote Red Hat host is missing one or more security updates.

Description:

Updated kernel packages that fix one security issue are now available
for Red Hat Enterprise Linux 5.

Red Hat Product Security has rated this update as having Important
security impact. A Common Vulnerability Scoring System (CVSS) base
score, which gives a detailed severity rating, is available from the
CVE link in the References section.

The kernel packages contain the Linux kernel, the core of any Linux
operating system.

* A flaw was found in the way the Linux kernel handled GS segment
register base switching when recovering from a #SS (stack segment)
fault on an erroneous return to user space. A local, unprivileged user
could use this flaw to escalate their privileges on the system.
(CVE-2014-9322, Important)

Red Hat would like to thank Andy Lutomirski for reporting this issue.

All kernel users are advised to upgrade to these updated packages,
which contain a backported patch to correct this issue. The system
must be rebooted for this update to take effect.

See also :

https://www.redhat.com/security/data/cve/CVE-2014-9322.html
http://rhn.redhat.com/errata/RHSA-2014-2008.html

Solution :

Update the affected packages.

Risk factor :

High / CVSS Base Score : 7.2
(CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 6.3
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

This script is Copyright (C) 2014 Tenable Network Security, Inc.

openSUSE Security Update : MozillaThunderbird (openSUSE-SU-2014:1654-1)


Synopsis:

The remote openSUSE host is missing a security update.

Description:

This MozillaThunderbird update fixes several security and non security
issues :

Changes in MozillaThunderbird :

- update to Thunderbird 31.3.0 (bnc#908009)

- MFSA 2014-83/CVE-2014-1587 Miscellaneous memory safety
hazards

- MFSA 2014-85/CVE-2014-1590 (bmo#1087633) XMLHttpRequest
crashes with some input streams

- MFSA 2014-87/CVE-2014-1592 (bmo#1088635) Use-after-free
during HTML5 parsing

- MFSA 2014-88/CVE-2014-1593 (bmo#1085175) Buffer overflow
while parsing media content

- MFSA 2014-89/CVE-2014-1594 (bmo#1074280) Bad casting
from the BasicThebesLayer to BasicContainerLayer

- fix bashism in mozilla.sh script

- Limit RAM usage during link for ARM

- remove add-plugins.sh and use /usr/share/myspell
directly (bnc#900639)

See also :

http://lists.opensuse.org/opensuse-updates/2014-12/msg00067.html
https://bugzilla.opensuse.org/show_bug.cgi?id=900639
https://bugzilla.opensuse.org/show_bug.cgi?id=908009

Solution :

Update the affected MozillaThunderbird packages.

Risk factor :

Medium / CVSS Base Score : 6.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)

This script is Copyright (C) 2014 Tenable Network Security, Inc.

openSUSE Security Update : seamonkey (openSUSE-SU-2014:1656-1)


Synopsis:

The remote openSUSE host is missing a security update.

Description:

seamonkey was updated to version 2.31 to fix eight security issues.

These security issues were fixed :

- Miscellaneous memory safety hazards (CVE-2014-1587,
CVE-2014-1588).

- XBL bindings accessible via improper CSS declarations
(CVE-2014-1589).

- XMLHttpRequest crashes with some input streams
(CVE-2014-1590).

- CSP leaks redirect data via violation reports
(CVE-2014-1591).

- Use-after-free during HTML5 parsing (CVE-2014-1592).

- Buffer overflow while parsing media content
(CVE-2014-1593).

- Bad casting from the BasicThebesLayer to
BasicContainerLayer (CVE-2014-1594).

This non-security issue was fixed :

- define /usr/share/myspell as additional dictionary
location and remove add-plugins.sh finally (bnc#900639).

See also :

http://lists.opensuse.org/opensuse-updates/2014-12/msg00069.html
https://bugzilla.opensuse.org/show_bug.cgi?id=900639
https://bugzilla.opensuse.org/show_bug.cgi?id=908009

Solution :

Update the affected seamonkey packages.

Risk factor :

Medium / CVSS Base Score : 6.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)

This script is Copyright (C) 2014 Tenable Network Security, Inc.

openSUSE Security Update : seamonkey (openSUSE-SU-2014:1655-1)


Synopsis:

The remote openSUSE host is missing a security update.

Description:

seamonkey was updated to version 2.31 to fix 20 security issues.

These security issues were fixed :

- Miscellaneous memory safety hazards (CVE-2014-1587,
CVE-2014-1588).

- XBL bindings accessible via improper CSS declarations
(CVE-2014-1589).

- XMLHttpRequest crashes with some input streams
(CVE-2014-1590).

- CSP leaks redirect data via violation reports
(CVE-2014-1591).

- Use-after-free during HTML5 parsing (CVE-2014-1592).

- Buffer overflow while parsing media content
(CVE-2014-1593).

- Bad casting from the BasicThebesLayer to
BasicContainerLayer (CVE-2014-1594).

- Miscellaneous memory safety hazards (CVE-2014-1574,
CVE-2014-1575).

- Buffer overflow during CSS manipulation (CVE-2014-1576).

- Web Audio memory corruption issues with custom waveforms
(CVE-2014-1577).

- Out-of-bounds write with WebM video (CVE-2014-1578).

- Further uninitialized memory use during GIF rendering
(CVE-2014-1580).

- Use-after-free interacting with text directionality
(CVE-2014-1581).

- Key pinning bypasses (CVE-2014-1582, CVE-2014-1584).

- Inconsistent video sharing within iframe (CVE-2014-1585,
CVE-2014-1586).

- Accessing cross-origin objects via the Alarms API (only
relevant for installed web apps) (CVE-2014-1583).

This non-security issue was fixed :

- define /usr/share/myspell as additional dictionary
location and remove add-plugins.sh finally (bnc#900639).

See also :

http://lists.opensuse.org/opensuse-updates/2014-12/msg00068.html
https://bugzilla.opensuse.org/show_bug.cgi?id=894370
https://bugzilla.opensuse.org/show_bug.cgi?id=900639
https://bugzilla.opensuse.org/show_bug.cgi?id=900941
https://bugzilla.opensuse.org/show_bug.cgi?id=908009

Solution :

Update the affected seamonkey packages.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Fedora 20 : tcpdump-4.5.1-3.fc20 (2014-16861)


Synopsis:

The remote Fedora host is missing a security update.

Description:

Fix for CVE-2014-9140

See also :

https://bugzilla.redhat.com/show_bug.cgi?id=1171182
http://www.nessus.org/u?0d4028c7

Solution :

Update the affected tcpdump package.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Fedora 20 : bind-9.9.4-17.P2.fc20 (2014-16607)


Synopsis:

The remote Fedora host is missing a security update.

Description:

Fix for CVE-2014-8500

See also :

https://bugzilla.redhat.com/show_bug.cgi?id=1171912
http://www.nessus.org/u?b6667cb9

Solution :

Update the affected bind package.

Risk factor :

High / CVSS Base Score : 7.8
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C)

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Fedora 20 : pam-1.1.8-2.fc20 (2014-16350)


Synopsis:

The remote Fedora host is missing a security update.

Description:

Update fixing minor security issues and bugs.

See also :

https://bugzilla.redhat.com/show_bug.cgi?id=1038555
https://bugzilla.redhat.com/show_bug.cgi?id=1080243
http://www.nessus.org/u?42543731

Solution :

Update the affected pam package.

Risk factor :

Medium / CVSS Base Score : 5.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N)

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Fedora 21 : cpio-2.11-33.fc21 (2014-16168)


Synopsis:

The remote Fedora host is missing a security update.

Description:

Security fix for CVE-2014-9112 (#1167573)

See also :

https://bugzilla.redhat.com/show_bug.cgi?id=1167571
http://www.nessus.org/u?c72b40a5

Solution :

Update the affected cpio package.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)

This script is Copyright (C) 2014 Tenable Network Security, Inc.

CentOS 6 : kernel (CESA-2014:1997)


Synopsis:

The remote CentOS host is missing one or more security updates.

Description:

Updated kernel packages that fix multiple security issues and several
bugs are now available for Red Hat Enterprise Linux 6.

Red Hat Product Security has rated this update as having Important
security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.

The kernel packages contain the Linux kernel, the core of any Linux
operating system.

* A flaw was found in the way the Linux kernel handled GS segment
register base switching when recovering from a #SS (stack segment)
fault on an erroneous return to user space. A local, unprivileged user
could use this flaw to escalate their privileges on the system.
(CVE-2014-9322, Important)

* A flaw was found in the way the Linux kernel's SCTP implementation
handled malformed or duplicate Address Configuration Change Chunks
(ASCONF). A remote attacker could use either of these flaws to crash
the system. (CVE-2014-3673, CVE-2014-3687, Important)

* A flaw was found in the way the Linux kernel's SCTP implementation
handled the association's output queue. A remote attacker could send
specially crafted packets that would cause the system to use an
excessive amount of memory, leading to a denial of service.
(CVE-2014-3688, Important)

* A stack overflow flaw caused by infinite recursion was found in the
way the Linux kernel's UDF file system implementation processed
indirect ICBs. An attacker with physical access to the system could
use a specially crafted UDF image to crash the system. (CVE-2014-6410,
Low)

* It was found that the Linux kernel's networking implementation did
not correctly handle the setting of the keepalive socket option on raw
sockets. A local user able to create a raw socket could use this flaw
to crash the system. (CVE-2012-6657, Low)

* It was found that the parse_rock_ridge_inode_internal() function of
the Linux kernel's ISOFS implementation did not correctly check
relocated directories when processing Rock Ridge child link (CL) tags.
An attacker with physical access to the system could use a specially
crafted ISO image to crash the system or, potentially, escalate their
privileges on the system. (CVE-2014-5471, CVE-2014-5472, Low)

Red Hat would like to thank Andy Lutomirski for reporting
CVE-2014-9322. The CVE-2014-3673 issue was discovered by Liu Wei of
Red Hat.

Bug fixes :

* This update fixes a race condition issue between the
sock_queue_err_skb function and sk_forward_alloc handling in the
socket error queue (MSG_ERRQUEUE), which could occasionally cause the
kernel, for example when using PTP, to incorrectly track allocated
memory for the error queue, in which case a traceback would occur in
the system log. (BZ#1155427)

* The zcrypt device driver did not detect certain crypto cards and the
related domains for crypto adapters on System z and s390x
architectures. Consequently, it was not possible to run the system on
new crypto hardware. This update enables toleration mode for such
devices so that the system can make use of newer crypto hardware.
(BZ#1158311)

* After mounting and unmounting an XFS file system several times
consecutively, the umount command occasionally became unresponsive.
This was caused by the xlog_cil_force_lsn() function that was not
waiting for completion as expected. With this update,
xlog_cil_force_lsn() has been modified to correctly wait for
completion, thus fixing this bug. (BZ#1158325)

* When using the ixgbe adapter with disabled LRO and the tx-usec or
rs-usec variables set to 0, transmit interrupts could not be set lower
than the default of 8 buffered tx frames. Consequently, a delay of TCP
transfer occurred. The restriction of a minimum of 8 buffered frames
has been removed, and the TCP delay no longer occurs. (BZ#1158326)

* The offb driver has been updated for the QEMU standard VGA adapter,
fixing an incorrect displaying of colors issue. (BZ#1158328)

* Under certain circumstances, when a discovered MTU expired, the IPv6
connection became unavailable for a short period of time. This bug has
been fixed, and the connection now works as expected. (BZ#1161418)

* A low throughput occurred when using the dm-thin driver to write to
unprovisioned or shared chunks for a thin pool with the chunk size
bigger than the max_sectors_kb variable. (BZ#1161420)

* Large write workloads on thin LVs could cause the iozone and
smallfile utilities to terminate unexpectedly. (BZ#1161421)

See also :

http://www.nessus.org/u?e23ca55d

Solution :

Update the affected kernel packages.

Risk factor :

High / CVSS Base Score : 7.8
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C)
CVSS Temporal Score : 6.8
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Multiple XSRF Vulnerabilities in Huawei Products (HWPSIRT-2014-0406)


Synopsis:

The remote host is affected by multiple cross-site request forgery
vulnerabilities.

Description:

The remote Huawei device is running a firmware version that is
affected by multiple cross-site request forgery vulnerabilities in the
web interface.

See also :

http://www.nessus.org/u?de58c16b

Solution :

Apply the appropriate patch per the vendor's advisory.

Risk factor :

Medium / CVSS Base Score : 6.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 5.9
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Information Leakage Vulnerability via MPLS Ping in Huawei VRP Platform (HWPSIRT-2014-0418)


Synopsis:

The remote host is affected by an information disclosure
vulnerability.

Description:

The firmware version of the remote host is affected by an information
disclosure vulnerability. The MPLS LSP ping service is bound to
unnecessary interfaces which may allow a remote attacker to determine
IP addresses of devices.

See also :

http://www.nessus.org/u?697554d8

Solution :

Apply the appropriate patch per the vendor's advisory.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Huawei Versatile Security / Storage Platform Version Detection


Synopsis:

It is possible to obtain the operating system version of the remote
device.

Description:

The remote host is running Huawei Versatile Security / Storage
Platform (VSP), an operating system for Huawei storage and security
devices.

It is possible to read the VSP version number by logging into the
device via SSH or via the SNMP sysDescription.

See also :

http://enterprise.huawei.com/en/index.htm

Solution :

n/a

Risk factor :

None

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Visual Mining NetCharts Server Default Credentials (Web UI)


Synopsis:

The remote web application uses default credentials.

Description:

It is possible to log into the remote Visual Mining NetCharts Server
installation by providing the default credentials. A remote,
unauthenticated attacker can exploit this to gain administrative
control.

Solution :

Contact the vendor to see if patches are available. If patches are
unavailable, restrict access to the web service.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Visual Mining NetCharts Server Arbitrary File Upload


Synopsis:

The remote web server contains a JSP script that allows arbitrary file
uploads.

Description:

The Visual Mining NetCharts Server web interface installed on the
remote web server is affected by a file upload vulnerability due to a
built-in hidden account. An unauthenticated, remote attacker can
exploit this issue to upload files with arbitrary code and then
execute them on the remote host.

See also :

http://www.zerodayinitiative.com/advisories/ZDI-14-372/

Solution :

Restrict access to the vulnerable server.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 10.0
(CVSS2#E:ND/RL:U/RC:C)
Public Exploit Available : true

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Visual Mining NetCharts Server Web UI Detection


Synopsis:

The remote host is running the web based user interface for Visual
Mining NetCharts Server.

Description:

The remote host is running the web based user interface for Visual
Mining NetCharts Server. It is possible to read the web UI version
from a standard request.

See also :

http://www.visualmining.com/nc-server/

Solution :

n/a

Risk factor :

None

This script is Copyright (C) 2014 Tenable Network Security, Inc.