Newest Plugins

HP Operations Manager / Operations Agent < 11.13 XSS (HPSBMU03126)


Synopsis:

The remote web server is affected by a cross-site scripting
vulnerability.

Description:

According to its self-reported version, the version of the HP
Operations Agent service running on the remote host is affected by a
cross-site scripting vulnerability. Operations Agent is often an
included component of Operations Manager.

See also :

http://www.nessus.org/u?0b1480af

Solution :

Apply the relevant update referenced in HP Security Bulletin
HPSBMU03126.

Risk factor :

Medium / CVSS Base Score : 4.3
(CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N)
CVSS Temporal Score : 3.7
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

This script is Copyright (C) 2014 Tenable Network Security, Inc.

MS KB3010060: Vulnerability in Microsoft OLE Could Allow Remote Code Execution


Synopsis:

The remote host is affected by a remote code execution vulnerability.

Description:

The remote host is missing one of the workarounds referenced in
Microsoft Security Advisory 3010060.

The version of Microsoft Office installed on the remote host is
affected by a remote code execution vulnerability due to a flaw in the
OLE package manager. A remote attacker can exploit this vulnerability
by convincing a user to open an Office file containing specially
crafted OLE objects, resulting in execution of arbitrary code in the
context of the current user.

See also :

https://technet.microsoft.com/library/security/3010060

Solution :

Apply the Microsoft Fix it solution 'OLE packager Shim Workaround' or
deploy the Enhanced Mitigation Experience Toolkit (EMET) 5.0 and
configure Attack Surface Reduction with the settings provided by
Microsoft.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)

This script is Copyright (C) 2014 Tenable Network Security, Inc.

VLC Media Player < 2.1.5 Multiple Vulnerabilities


Synopsis:

The remote Windows host contains a media player that is affected by
multiple vulnerabilities.

Description:

The version of VLC media player installed on the remote host is prior
to 2.1.5. It is, therefore, affected by the following vulnerabilities :

- An error exists in the 'png_push_read_chunk' function
within the file 'pngpread.c' from the included libpng
library that can allow denial of service attacks.
(CVE-2014-0333)

- A buffer overflow error exists in the
'read_server_hello' function within the file
'lib/gnutls_handshake.c' from the included GnuTLS
library that can allow arbitrary code execution or
a denial of service. (CVE-2014-3466)

See also :

http://www.videolan.org/developers/vlc-branch/NEWS
http://www.videolan.org/vlc/releases/2.1.5.html

Solution :

Upgrade to version 2.1.5 or later.

Risk factor :

Medium / CVSS Base Score : 6.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 5.9
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Cisco TelePresence VCS / Expressway Series < 8.2 Multiple DoS Vulnerabilities


Synopsis:

The remote device is affected by flaws that can allow a denial of
service via a device reload.

Description:

According to the self-reported version, returned by a standard SNMP
request, the version of the Cisco TelePresence VCS or Expressway
Series device prior to 8.2. It is, therefore, potentially affected by
multiple denial of service vulnerabilities :

- A flaw exists in packet processing when processing IP
packets at a high rate. This can allow a remote attacker
to cause a kernel crash via specially crafted packets.
(CVE-2014-3368)

- A flaw in the SIP IX Channel is triggered when handling
a specially crafted SDP packet. This can allow a remote
attacker to cause a system reload. SIP IX Filtering must
be enabled for the system to be affected.
(CVE-2014-3369)

- A flaw exists in the SIP module that can allow a remote
attacker to cause a system reload via a specially
crafted SIP packet. (CVE-2014-3370)

See also :

http://www.nessus.org/u?6ea0f5bf
https://tools.cisco.com/bugsearch/bug/CSCui06507
https://tools.cisco.com/bugsearch/bug/CSCuo42252
https://tools.cisco.com/bugsearch/bug/CSCum60447
https://tools.cisco.com/bugsearch/bug/CSCum60442

Solution :

Upgrade to version 8.2 or later.

Risk factor :

High / CVSS Base Score : 7.8
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C)
CVSS Temporal Score : 6.8
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Cisco TelePresence MCU Software Memory Exhaustion


Synopsis:

The remote device is affected by a flaw that can allow a denial of
service via memory exhaustion.

Description:

According to the self-reported version, returned by either the SNMP or
FTP service running on the remote device, the Cisco TelePresence MCU
software is affected by a vulnerability that can allow a remote,
unauthenticated attacker to cause a denial of service via memory
exhaustion.

See also :

http://www.nessus.org/u?d8abd8d8
https://tools.cisco.com/bugsearch/bug/CSCtz35468

Solution :

Upgrade to the appropriate software version per the vendor's advisory.

Risk factor :

High / CVSS Base Score : 7.8
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C)
CVSS Temporal Score : 6.8
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Asterisk Information Disclosure (POODLE) (AST-2014-011)


Synopsis:

The version of Asterisk installed on the remote host may be affected
by an information disclosure vulnerability.

Description:

According to the version in its SIP banner, the version of Asterisk
running on the remote host is potentially affected by an error related
to the way SSL 3.0 handles padding bytes when decrypting messages
encrypted using block ciphers in cipher block chaining (CBC) mode. A
man-in-the-middle attacker can decrypt a selected byte of a cipher
text in as few as 256 tries if they are able to force a victim
application to repeatedly send the same data over newly created SSL
3.0 connections. This is also known as the 'POODLE' issue.

Note that Nessus has not tested for this issue but has instead relied
only on the application's self-reported version number.

See also :

http://downloads.asterisk.org/pub/security/AST-2014-011.html
https://issues.asterisk.org/jira/browse/ASTERISK-24425
https://www.openssl.org/news/secadv_20141015.txt
https://www.openssl.org/news/vulnerabilities.html
https://www.imperialviolet.org/2014/10/14/poodle.html
https://www.openssl.org/~bodo/ssl-poodle.pdf
https://tools.ietf.org/html/draft-ietf-tls-downgrade-scsv-00

Solution :

Upgrade to Asterisk 1.8.31.1 / 11.13.1 / 12.6.1 / 1.8.28-cert2 /
11.6-cert7 or apply the appropriate patch listed in the Asterisk
advisory.

Risk factor :

Medium / CVSS Base Score : 4.3
(CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N)
CVSS Temporal Score : 3.7
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Scientific Linux Security Update : qemu-kvm on SL7.x x86_64


Synopsis:

The remote Scientific Linux host is missing one or more security
updates.

Description:

An information leak flaw was found in the way QEMU's VGA emulator
accessed frame buffer memory for high resolution displays. A
privileged guest user could use this flaw to leak memory contents of
the host to the guest by setting the display to use a high resolution
in the guest. (CVE-2014-3615)

This update also fixes the following bug :

- This update fixes a regression in the
scsi_block_new_request() function, which caused all read
requests to through SG_IO if the host cache was not
used.

After installing this update, shut down all running virtual machines.
Once all virtual machines have shut down, start them again for this
update to take effect.

See also :

http://www.nessus.org/u?a4284b82

Solution :

Update the affected packages.

Risk factor :

High

This script is Copyright (C) 2014 Tenable Network Security, Inc.

RHEL 5 : wireshark (RHSA-2014:1677)


Synopsis:

The remote Red Hat host is missing one or more security updates.

Description:

Updated wireshark packages that fix multiple security issues are now
available for Red Hat Enterprise Linux 5.

Red Hat Product Security has rated this update as having Moderate
security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.

Wireshark is a network protocol analyzer. It is used to capture and
browse the traffic running on a computer network.

Multiple flaws were found in Wireshark. If Wireshark read a malformed
packet off a network or opened a malicious dump file, it could crash
or, possibly, execute arbitrary code as the user running Wireshark.
(CVE-2014-6429, CVE-2014-6430, CVE-2014-6431, CVE-2014-6432)

Several denial of service flaws were found in Wireshark. Wireshark
could crash or stop responding if it read a malformed packet off a
network, or opened a malicious dump file. (CVE-2014-6421,
CVE-2014-6422, CVE-2014-6423, CVE-2014-6425, CVE-2014-6428)

All wireshark users are advised to upgrade to these updated packages,
which contain backported patches to correct these issues. All running
instances of Wireshark must be restarted for the update to take
effect.

See also :

https://www.redhat.com/security/data/cve/CVE-2014-6421.html
https://www.redhat.com/security/data/cve/CVE-2014-6422.html
https://www.redhat.com/security/data/cve/CVE-2014-6423.html
https://www.redhat.com/security/data/cve/CVE-2014-6425.html
https://www.redhat.com/security/data/cve/CVE-2014-6428.html
https://www.redhat.com/security/data/cve/CVE-2014-6429.html
https://www.redhat.com/security/data/cve/CVE-2014-6430.html
https://www.redhat.com/security/data/cve/CVE-2014-6431.html
https://www.redhat.com/security/data/cve/CVE-2014-6432.html
http://rhn.redhat.com/errata/RHSA-2014-1677.html

Solution :

Update the affected wireshark, wireshark-debuginfo and / or
wireshark-gnome packages.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)

This script is Copyright (C) 2014 Tenable Network Security, Inc.

RHEL 6 / 7 : wireshark (RHSA-2014:1676)


Synopsis:

The remote Red Hat host is missing one or more security updates.

Description:

Updated wireshark packages that fix multiple security issues are now
available for Red Hat Enterprise Linux 6 and 7.

Red Hat Product Security has rated this update as having Moderate
security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.

Wireshark is a network protocol analyzer. It is used to capture and
browse the traffic running on a computer network.

Multiple flaws were found in Wireshark. If Wireshark read a malformed
packet off a network or opened a malicious dump file, it could crash
or, possibly, execute arbitrary code as the user running Wireshark.
(CVE-2014-6429, CVE-2014-6430, CVE-2014-6431, CVE-2014-6432)

Several denial of service flaws were found in Wireshark. Wireshark
could crash or stop responding if it read a malformed packet off a
network, or opened a malicious dump file. (CVE-2014-6421,
CVE-2014-6422, CVE-2014-6423, CVE-2014-6424, CVE-2014-6425,
CVE-2014-6426, CVE-2014-6427, CVE-2014-6428)

All wireshark users are advised to upgrade to these updated packages,
which contain backported patches to correct these issues. All running
instances of Wireshark must be restarted for the update to take
effect.

See also :

https://www.redhat.com/security/data/cve/CVE-2014-6421.html
https://www.redhat.com/security/data/cve/CVE-2014-6422.html
https://www.redhat.com/security/data/cve/CVE-2014-6423.html
https://www.redhat.com/security/data/cve/CVE-2014-6424.html
https://www.redhat.com/security/data/cve/CVE-2014-6425.html
https://www.redhat.com/security/data/cve/CVE-2014-6426.html
https://www.redhat.com/security/data/cve/CVE-2014-6427.html
https://www.redhat.com/security/data/cve/CVE-2014-6428.html
https://www.redhat.com/security/data/cve/CVE-2014-6429.html
https://www.redhat.com/security/data/cve/CVE-2014-6430.html
https://www.redhat.com/security/data/cve/CVE-2014-6431.html
https://www.redhat.com/security/data/cve/CVE-2014-6432.html
http://rhn.redhat.com/errata/RHSA-2014-1676.html

Solution :

Update the affected packages.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Oracle Linux 7 : wireshark (ELSA-2014-1676)


Synopsis:

The remote Oracle Linux host is missing one or more security updates.

Description:

From Red Hat Security Advisory 2014:1676 :

Updated wireshark packages that fix multiple security issues are now
available for Red Hat Enterprise Linux 6 and 7.

Red Hat Product Security has rated this update as having Moderate
security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.

Wireshark is a network protocol analyzer. It is used to capture and
browse the traffic running on a computer network.

Multiple flaws were found in Wireshark. If Wireshark read a malformed
packet off a network or opened a malicious dump file, it could crash
or, possibly, execute arbitrary code as the user running Wireshark.
(CVE-2014-6429, CVE-2014-6430, CVE-2014-6431, CVE-2014-6432)

Several denial of service flaws were found in Wireshark. Wireshark
could crash or stop responding if it read a malformed packet off a
network, or opened a malicious dump file. (CVE-2014-6421,
CVE-2014-6422, CVE-2014-6423, CVE-2014-6424, CVE-2014-6425,
CVE-2014-6426, CVE-2014-6427, CVE-2014-6428)

All wireshark users are advised to upgrade to these updated packages,
which contain backported patches to correct these issues. All running
instances of Wireshark must be restarted for the update to take
effect.

See also :

https://oss.oracle.com/pipermail/el-errata/2014-October/004557.html

Solution :

Update the affected wireshark packages.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Oracle Linux 6 : kernel (ELSA-2014-1392)


Synopsis:

The remote Oracle Linux host is missing one or more security updates.

Description:

From Red Hat Security Advisory 2014:1392 :

Updated kernel packages that fix multiple security issues, address
several hundred bugs, and add numerous enhancements are now available
as part of the ongoing support and maintenance of Red Hat Enterprise
Linux version 6. This is the sixth regular update.

Red Hat Product Security has rated this update as having Important
security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.

The kernel packages contain the Linux kernel, the core of any Linux
operating system.

* A NULL pointer dereference flaw was found in the way the Linux
kernel's Stream Control Transmission Protocol (SCTP) implementation
handled simultaneous connections between the same hosts. A remote
attacker could use this flaw to crash the system. (CVE-2014-5077,
Important)

* An integer overflow flaw was found in the way the Linux kernel's
Frame Buffer device implementation mapped kernel memory to user space
via the mmap syscall. A local user able to access a frame buffer
device file (/dev/fb*) could possibly use this flaw to escalate their
privileges on the system. (CVE-2013-2596, Important)

* A flaw was found in the way the ipc_rcu_putref() function in the
Linux kernel's IPC implementation handled reference counter
decrementing. A local, unprivileged user could use this flaw to
trigger an Out of Memory (OOM) condition and, potentially, crash the
system. (CVE-2013-4483, Moderate)

* It was found that the permission checks performed by the Linux
kernel when a netlink message was received were not sufficient. A
local, unprivileged user could potentially bypass these restrictions
by passing a netlink socket as stdout or stderr to a more privileged
process and altering the output of this process. (CVE-2014-0181,
Moderate)

* It was found that the try_to_unmap_cluster() function in the Linux
kernel's Memory Managment subsystem did not properly handle page
locking in certain cases, which could potentially trigger the BUG_ON()
macro in the mlock_vma_page() function. A local, unprivileged user
could use this flaw to crash the system. (CVE-2014-3122, Moderate)

* A flaw was found in the way the Linux kernel's kvm_iommu_map_pages()
function handled IOMMU mapping failures. A privileged user in a guest
with an assigned host device could use this flaw to crash the host.
(CVE-2014-3601, Moderate)

* Multiple use-after-free flaws were found in the way the Linux
kernel's Advanced Linux Sound Architecture (ALSA) implementation
handled user controls. A local, privileged user could use either of
these flaws to crash the system. (CVE-2014-4653, CVE-2014-4654,
CVE-2014-4655, Moderate)

* A flaw was found in the way the Linux kernel's VFS subsystem handled
reference counting when performing unmount operations on symbolic
links. A local, unprivileged user could use this flaw to exhaust all
available memory on the system or, potentially, trigger a
use-after-free error, resulting in a system crash or privilege
escalation. (CVE-2014-5045, Moderate)

* An integer overflow flaw was found in the way the
lzo1x_decompress_safe() function of the Linux kernel's LZO
implementation processed Literal Runs. A local attacker could, in
extremely rare cases, use this flaw to crash the system or,
potentially, escalate their privileges on the system. (CVE-2014-4608,
Low)

Red Hat would like to thank Vladimir Davydov of Parallels for
reporting CVE-2013-4483, Jack Morgenstein of Mellanox for reporting
CVE-2014-3601, Vasily Averin of Parallels for reporting CVE-2014-5045,
and Don A. Bailey from Lab Mouse Security for reporting CVE-2014-4608.
The security impact of the CVE-2014-3601 issue was discovered by
Michael Tsirkin of Red Hat.

This update also fixes several hundred bugs and adds numerous
enhancements. Refer to the Red Hat Enterprise Linux 6.6 Release Notes
for information on the most significant of these changes, and the
Technical Notes for further information, both linked to in the
References.

All Red Hat Enterprise Linux 6 users are advised to install these
updated packages, which correct these issues, and fix the bugs and add
the enhancements noted in the Red Hat Enterprise Linux 6.6 Release
Notes and Technical Notes. The system must be rebooted for this update
to take effect.

See also :

https://oss.oracle.com/pipermail/el-errata/2014-October/004556.html

Solution :

Update the affected kernel packages.

Risk factor :

Medium / CVSS Base Score : 6.9
(CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 6.0
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Mandriva Linux Security Advisory : kernel (MDVSA-2014:201)


Synopsis:

The remote Mandriva Linux host is missing one or more security
updates.

Description:

Multiple vulnerabilities has been found and corrected in the Linux
kernel :

The try_to_unmap_cluster function in mm/rmap.c in the Linux kernel
before 3.14.3 does not properly consider which pages must be locked,
which allows local users to cause a denial of service (system crash)
by triggering a memory-usage pattern that requires removal of
page-table mappings (CVE-2014-3122).

Multiple stack-based buffer overflows in the magicmouse_raw_event
function in drivers/hid/hid-magicmouse.c in the Magic Mouse HID driver
in the Linux kernel through 3.16.3 allow physically proximate
attackers to cause a denial of service (system crash) or possibly
execute arbitrary code via a crafted device that provides a large
amount of (1) EHCI or (2) XHCI data associated with an event
(CVE-2014-3181).

Array index error in the logi_dj_raw_event function in
drivers/hid/hid-logitech-dj.c in the Linux kernel before 3.16.2 allows
physically proximate attackers to execute arbitrary code or cause a
denial of service (invalid kfree) via a crafted device that provides a
malformed REPORT_TYPE_NOTIF_DEVICE_UNPAIRED value (CVE-2014-3182).

The report_fixup functions in the HID subsystem in the Linux kernel
before 3.16.2 might allow physically proximate attackers to cause a
denial of service (out-of-bounds write) via a crafted device that
provides a small report descriptor, related to (1)
drivers/hid/hid-cherry.c, (2) drivers/hid/hid-kye.c, (3)
drivers/hid/hid-lg.c, (4) drivers/hid/hid-monterey.c, (5)
drivers/hid/hid-petalynx.c, and (6) drivers/hid/hid-sunplus.c
(CVE-2014-3184).

Multiple buffer overflows in the command_port_read_callback function
in drivers/usb/serial/whiteheat.c in the Whiteheat USB Serial Driver
in the Linux kernel before 3.16.2 allow physically proximate attackers
to execute arbitrary code or cause a denial of service (memory
corruption and system crash) via a crafted device that provides a
large amount of (1) EHCI or (2) XHCI data associated with a bulk
response (CVE-2014-3185).

Buffer overflow in the picolcd_raw_event function in
devices/hid/hid-picolcd_core.c in the PicoLCD HID device driver in the
Linux kernel through 3.16.3, as used in Android on Nexus 7 devices,
allows physically proximate attackers to cause a denial of service
(system crash) or possibly execute arbitrary code via a crafted device
that sends a large report (CVE-2014-3186).

arch/s390/kernel/ptrace.c in the Linux kernel before 3.15.8 on the
s390 platform does not properly restrict address-space control
operations in PTRACE_POKEUSR_AREA requests, which allows local users
to obtain read and write access to kernel memory locations, and
consequently gain privileges, via a crafted application that makes a
ptrace system call (CVE-2014-3534).

The kvm_iommu_map_pages function in virt/kvm/iommu.c in the Linux
kernel through 3.16.1 miscalculates the number of pages during the
handling of a mapping failure, which allows guest OS users to (1)
cause a denial of service (host OS memory corruption) or possibly have
unspecified other impact by triggering a large gfn value or (2) cause
a denial of service (host OS memory consumption) by triggering a small
gfn value that leads to permanently pinned pages (CVE-2014-3601).

The sctp_assoc_update function in net/sctp/associola.c in the Linux
kernel through 3.15.8, when SCTP authentication is enabled, allows
remote attackers to cause a denial of service (NULL pointer
dereference and OOPS) by starting to establish an association between
two endpoints immediately after an exchange of INIT and INIT ACK
chunks to establish an earlier association between these endpoints in
the opposite direction (CVE-2014-5077).

The do_remount function in fs/namespace.c in the Linux kernel through
3.16.1 does not maintain the MNT_LOCK_READONLY bit across a remount of
a bind mount, which allows local users to bypass an intended read-only
restriction and defeat certain sandbox protection mechanisms via a
mount -o remount command within a user namespace (CVE-2014-5206).

Stack consumption vulnerability in the parse_rock_ridge_inode_internal
function in fs/isofs/rock.c in the Linux kernel through 3.16.1 allows
local users to cause a denial of service (uncontrolled recursion, and
system crash or reboot) via a crafted iso9660 image with a CL entry
referring to a directory entry that has a CL entry (CVE-2014-5471).

The parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the
Linux kernel through 3.16.1 allows local users to cause a denial of
service (unkillable mount process) via a crafted iso9660 image with a
self-referential CL entry (CVE-2014-5472).

The __udf_read_inode function in fs/udf/inode.c in the Linux kernel
through 3.16.3 does not restrict the amount of ICB indirection, which
allows physically proximate attackers to cause a denial of service
(infinite loop or stack consumption) via a UDF filesystem with a
crafted inode (CVE-2014-6410).

The do_umount function in fs/namespace.c in the Linux kernel through
3.17 does not require the CAP_SYS_ADMIN capability for do_remount_sb
calls that change the root filesystem to read-only, which allows local
users to cause a denial of service (loss of writability) by making
certain unshare system calls, clearing the / MNT_LOCKED flag, and
making an MNT_FORCE umount system call (CVE-2014-7975).

The updated packages provides a solution for these security issues.

Solution :

Update the affected packages.

Risk factor :

High / CVSS Base Score : 7.2
(CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 6.3
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Mandriva Linux Security Advisory : bugzilla (MDVSA-2014:200)


Synopsis:

The remote Mandriva Linux host is missing one or more security
updates.

Description:

Updated bugzilla packages fix security vulnerabilities :

If a new comment was marked private to the insider group, and a flag
was set in the same transaction, the comment would be visible to flag
recipients even if they were not in the insider group (CVE-2014-1571).

An attacker creating a new Bugzilla account can override certain
parameters when finalizing the account creation that can lead to the
user being created with a different email address than originally
requested. The overridden login name could be automatically added to
groups based on the group's regular expression setting
(CVE-2014-1572).

During an audit of the Bugzilla code base, several places were found
where cross-site scripting exploits could occur which could allow an
attacker to access sensitive information (CVE-2014-1573).

See also :

http://advisories.mageia.org/MGASA-2014-0412.html

Solution :

Update the affected bugzilla and / or bugzilla-contrib packages.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)
CVSS Temporal Score : 4.3
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Mandriva Linux Security Advisory : perl (MDVSA-2014:199)


Synopsis:

The remote Mandriva Linux host is missing one or more security
updates.

Description:

Updated perl and perl-Data-Dumper packages fixes security
vulnerability :

The Dumper method in Data::Dumper before 2.154, allows
context-dependent attackers to cause a denial of service (stack
consumption and crash) via an Array-Reference with many nested
Array-References, which triggers a large number of recursive calls to
the DD_dump function (CVE-2014-4330).

The Data::Dumper module bundled with perl and the perl-Data-Dumper
packages has been updated to fix this issue.

See also :

http://advisories.mageia.org/MGASA-2014-0405.html
http://advisories.mageia.org/MGASA-2014-0407.html

Solution :

Update the affected packages.

Risk factor :

Low / CVSS Base Score : 2.1
(CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:P)
CVSS Temporal Score : 1.6
(CVSS2#E:POC/RL:OF/RC:C)
Public Exploit Available : true

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Mandriva Linux Security Advisory : mediawiki (MDVSA-2014:198)


Synopsis:

The remote Mandriva Linux host is missing one or more security
updates.

Description:

Updated mediawiki packages fix security vulnerability :

MediaWiki before 1.23.4 is vulnerable to cross-site scripting due to
JavaScript injection via CSS in uploaded SVG files (CVE-2014-7199).

MediaWiki before 1.23.5 is vulnerable to cross-site scripting due to
JavaScript injection via user-specificed CSS in certain special pages
(CVE-2014-7295).

See also :

http://advisories.mageia.org/MGASA-2014-0400.html

Solution :

Update the affected packages.

Risk factor :

Medium / CVSS Base Score : 4.3
(CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N)
CVSS Temporal Score : 3.7
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Mandriva Linux Security Advisory : python (MDVSA-2014:197)


Synopsis:

The remote Mandriva Linux host is missing one or more security
updates.

Description:

Updated python packages fix security vulnerability :

Python before 2.7.8 is vulnerable to an integer overflow in the buffer
type (CVE-2014-7185).

See also :

http://advisories.mageia.org/MGASA-2014-0399.html

Solution :

Update the affected packages.

Risk factor :

Medium / CVSS Base Score : 6.4
(CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P)
CVSS Temporal Score : 5.6
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Mandriva Linux Security Advisory : rsyslog (MDVSA-2014:196)


Synopsis:

The remote Mandriva Linux host is missing one or more security
updates.

Description:

Updated rsyslog packages fix security vulnerability :

Rainer Gerhards, the rsyslog project leader, reported a vulnerability
in Rsyslog. As a consequence of this vulnerability an attacker can
send malformed messages to a server, if this one accepts data from
untrusted sources, and trigger a denial of service attack
(CVE-2014-3634).

See also :

http://advisories.mageia.org/MGASA-2014-0411.html

Solution :

Update the affected packages.

Risk factor :

High

This script is Copyright (C) 2014 Tenable Network Security, Inc.

FreeBSD : asterisk -- Asterisk Susceptibility to POODLE Vulnerability (76c7a0f5-5928-11e4-adc7-001999f8d30b)


Synopsis:

The remote FreeBSD host is missing one or more security-related
updates.

Description:

The Asterisk project reports :

The POODLE vulnerability is described under CVE-2014-3566. This
advisory describes the Asterisk's project susceptibility to this
vulnerability.

See also :

http://downloads.asterisk.org/pub/security/AST-2014-011.html
http://www.nessus.org/u?177d6815

Solution :

Update the affected packages.

Risk factor :

Medium / CVSS Base Score : 4.3
(CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N)
Public Exploit Available : true

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Fedora 21 : kernel-3.17.1-302.fc21 (2014-13222)


Synopsis:

The remote Fedora host is missing a security update.

Description:

Even more btrfs corruption/error fixes. Small b43 wireless regression
fix.

See also :

https://bugzilla.redhat.com/show_bug.cgi?id=1151353
http://www.nessus.org/u?4860e8e5

Solution :

Update the affected kernel package.

Risk factor :

Medium / CVSS Base Score : 4.9
(CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:C)

This script is Copyright (C) 2014 Tenable Network Security, Inc.

CentOS 5 : wireshark (CESA-2014:1677)


Synopsis:

The remote CentOS host is missing one or more security updates.

Description:

Updated wireshark packages that fix multiple security issues are now
available for Red Hat Enterprise Linux 5.

Red Hat Product Security has rated this update as having Moderate
security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.

Wireshark is a network protocol analyzer. It is used to capture and
browse the traffic running on a computer network.

Multiple flaws were found in Wireshark. If Wireshark read a malformed
packet off a network or opened a malicious dump file, it could crash
or, possibly, execute arbitrary code as the user running Wireshark.
(CVE-2014-6429, CVE-2014-6430, CVE-2014-6431, CVE-2014-6432)

Several denial of service flaws were found in Wireshark. Wireshark
could crash or stop responding if it read a malformed packet off a
network, or opened a malicious dump file. (CVE-2014-6421,
CVE-2014-6422, CVE-2014-6423, CVE-2014-6425, CVE-2014-6428)

All wireshark users are advised to upgrade to these updated packages,
which contain backported patches to correct these issues. All running
instances of Wireshark must be restarted for the update to take
effect.

See also :

http://www.nessus.org/u?87353926

Solution :

Update the affected wireshark packages.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)

This script is Copyright (C) 2014 Tenable Network Security, Inc.

CentOS 7 : wireshark (CESA-2014:1676)


Synopsis:

The remote CentOS host is missing one or more security updates.

Description:

Updated wireshark packages that fix multiple security issues are now
available for Red Hat Enterprise Linux 6 and 7.

Red Hat Product Security has rated this update as having Moderate
security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.

Wireshark is a network protocol analyzer. It is used to capture and
browse the traffic running on a computer network.

Multiple flaws were found in Wireshark. If Wireshark read a malformed
packet off a network or opened a malicious dump file, it could crash
or, possibly, execute arbitrary code as the user running Wireshark.
(CVE-2014-6429, CVE-2014-6430, CVE-2014-6431, CVE-2014-6432)

Several denial of service flaws were found in Wireshark. Wireshark
could crash or stop responding if it read a malformed packet off a
network, or opened a malicious dump file. (CVE-2014-6421,
CVE-2014-6422, CVE-2014-6423, CVE-2014-6424, CVE-2014-6425,
CVE-2014-6426, CVE-2014-6427, CVE-2014-6428)

All wireshark users are advised to upgrade to these updated packages,
which contain backported patches to correct these issues. All running
instances of Wireshark must be restarted for the update to take
effect.

See also :

http://www.nessus.org/u?f06302bd

Solution :

Update the affected wireshark packages.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)

This script is Copyright (C) 2014 Tenable Network Security, Inc.

CentOS 5 : rsyslog5 (CESA-2014:1671)


Synopsis:

The remote CentOS host is missing one or more security updates.

Description:

Updated rsyslog5 and rsyslog packages that fix one security issue are
now available for Red Hat Enterprise Linux 5 and 6 respectively.

Red Hat Product Security has rated this update as having Moderate
security impact. A Common Vulnerability Scoring System (CVSS) base
score, which gives a detailed severity rating, is available from the
CVE link in the References section.

The rsyslog packages provide an enhanced, multi-threaded syslog daemon
that supports writing to relational databases, syslog/TCP, RFC 3195,
permitted sender lists, filtering on any message part, and fine
grained output format control.

A flaw was found in the way rsyslog handled invalid log message
priority values. In certain configurations, a local attacker, or a
remote attacker able to connect to the rsyslog port, could use this
flaw to crash the rsyslog daemon. (CVE-2014-3634)

Red Hat would like to thank Rainer Gerhards of rsyslog upstream for
reporting this issue.

All rsyslog5 and rsyslog users are advised to upgrade to these updated
packages, which contain a backported patch to correct this issue.
After installing the update, the rsyslog service will be restarted
automatically.

See also :

http://www.nessus.org/u?e488f455

Solution :

Update the affected rsyslog5 packages.

Risk factor :

Medium / CVSS Base Score : 5.8
(CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:P)
CVSS Temporal Score : 5.0
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

This script is Copyright (C) 2014 Tenable Network Security, Inc.

CentOS 7 : qemu-kvm (CESA-2014:1669)


Synopsis:

The remote CentOS host is missing one or more security updates.

Description:

Updated qemu-kvm packages that fix one security issue and one bug are
now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having Low security
impact. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available from the CVE link in
the References section.

KVM (Kernel-based Virtual Machine) is a full virtualization solution
for Linux on AMD64 and Intel 64 systems. The qemu-kvm package provides
the user-space component for running virtual machines using KVM.

An information leak flaw was found in the way QEMU's VGA emulator
accessed frame buffer memory for high resolution displays. A
privileged guest user could use this flaw to leak memory contents of
the host to the guest by setting the display to use a high resolution
in the guest. (CVE-2014-3615)

This issue was discovered by Laszlo Ersek of Red Hat.

This update also fixes the following bug :

* This update fixes a regression in the scsi_block_new_request()
function, which caused all read requests to through SG_IO if the host
cache was not used. (BZ#1141189)

All qemu-kvm users are advised to upgrade to these updated packages,
which contain backported patches to correct these issues. After
installing this update, shut down all running virtual machines. Once
all virtual machines have shut down, start them again for this update
to take effect.

See also :

http://www.nessus.org/u?c6dec810

Solution :

Update the affected qemu-kvm packages.

Risk factor :

Low

This script is Copyright (C) 2014 Tenable Network Security, Inc.

CentOS 7 : libxml2 (CESA-2014:1655)


Synopsis:

The remote CentOS host is missing one or more security updates.

Description:

Updated libxml2 packages that fix one security issue are now available
for Red Hat Enterprise Linux 6 and 7.

Red Hat Product Security has rated this update as having Moderate
security impact. A Common Vulnerability Scoring System (CVSS) base
score, which gives a detailed severity rating, is available from the
CVE link in the References section.

The libxml2 library is a development toolbox providing the
implementation of various XML standards.

A denial of service flaw was found in libxml2, a library providing
support to read, modify and write XML and HTML files. A remote
attacker could provide a specially crafted XML file that, when
processed by an application using libxml2, would lead to excessive CPU
consumption (denial of service) based on excessive entity
substitutions, even if entity substitution was disabled, which is the
parser default behavior. (CVE-2014-3660)

All libxml2 users are advised to upgrade to these updated packages,
which contain a backported patch to correct this issue. The desktop
must be restarted (log out, then log back in) for this update to take
effect.

See also :

http://www.nessus.org/u?ab79dc64

Solution :

Update the affected libxml2 packages.

Risk factor :

Medium

This script is Copyright (C) 2014 Tenable Network Security, Inc.

IBM WebSphere Application Server 7.0 < Fix Pack 35 Multiple Vulnerabilities


Synopsis:

The remote application server is affected by multiple vulnerabilities.

Description:

The remote host is running a version of IBM WebSphere Application
Server 7.0 prior to Fix Pack 35. It is, therefore, affected by the
following vulnerabilities :

- Multiple errors exist related to the included IBM HTTP
server that could allow remote code execution or denial
of service. (CVE-2013-5704, CVE-2014-0118,
CVE-2014-0226, CVE-2014-0231 / PI22070)

- An error exists related to HTTP header handling that
could allow the disclosure of sensitive information.
(CVE-2014-3021 / PI08268)

- An unspecified error exists that could allow the
disclosure of sensitive information.
(CVE-2014-3083 / PI17768)

- An unspecified input-validation errors exist related to
the 'Admin Console' that could allow cross-site
scripting and cross-site request forgery attacks.
(CVE-2014-4770, CVE-2014-4816 / PI23055)

See also :

https://www-304.ibm.com/support/docview.wss?uid=swg21684612
http://www-01.ibm.com/support/docview.wss?uid=swg27004980#ver70
http://www.nessus.org/u?834c5fca
https://www-304.ibm.com/support/docview.wss?uid=swg24038178
https://www-304.ibm.com/support/docview.wss?uid=swg21672428
https://www-304.ibm.com/support/docview.wss?uid=swg21682767

Solution :

Apply Fix Pack 35 (7.0.0.35) or later.

Note that the following interim fixes are available :

- CVE-2013-5704, CVE-2014-0118, CVE-2014-0226, and
CVE-2014-0231 are corrected in IF PI22070.
- CVE-2014-3083 is corrected in IF PI17768.
- CVE-2014-4770 and CVE-2014-4816 are corrected in
IF PI23055.

Risk factor :

Medium / CVSS Base Score : 6.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 5.9
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Oracle Endeca Information Discovery Studio Multiple Vulnerabilities (October 2014 CPU)


Synopsis:

The remote host is affected by multiple vulnerabilities.

Description:

The remote host is running a version of Oracle Endeca Information
Discovery Studio that may be missing a vendor-supplied security patch
that fixes multiple bugs and OpenSSL related security vulnerabilities.

Note that depending on how the remote host is configured, Nessus may
not be able to detect the correct version. You'll need to manually
verify that the remote host has not been patched.

See also :

http://www.nessus.org/u?6dcc7b47

Solution :

Apply the appropriate patch according to the October 2014 Oracle
Critical Patch Update advisory.

Risk factor :

Medium / CVSS Base Score : 6.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 5.9
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Oracle Endeca Information Discovery Studio Detection


Synopsis:

The remote host is running a web-based data discovery and analysis
tool.

Description:

Oracle Endeca Information Discovery Studio was detected on the remote
host. Oracle Endeca Information Discovery Studio is a web based data
discovery and analysis tool.

See also :

http://www.nessus.org/u?cd1869fe

Solution :

n/a

Risk factor :

None

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Mac OS X : OS X Server < 4.0 Multiple Vulnerabilities (POODLE)


Synopsis:

The remote host is missing a security update for OS X Server.

Description:

The remote Mac OS X host has a version of OS X Server that is prior to
version 4.0. It is, therefore, affected by the following
vulnerabilities :

- There are multiple vulnerabilities within the included
BIND, the most serious of which can lead to a denial of
service. (CVE-2013-3919, CVE-2013-4854, CVE-2014-0591)

- There are multiple vulnerabilities within the included
LibYAML for the Profile Manager and ServerRuby, the most
serious of which can lead to arbitrary code execution.
(CVE-2013-4164, CVE-2013-6393)

- There are multiple vulnerabilities within the included
PostgreSQL, the most serious of which can lead to
arbitrary code execution. (CVE-2014-0060, CVE-2014-0061,
CVE-2014-0062, CVE-2014-0063, CVE-2014-0064,
CVE-2014-0065, CVE-2014-0066)

- An error exists related to the way SSL 3.0 handles
padding bytes when decrypting messages encrypted using
block ciphers in cipher block chaining (CBC) mode. A
man-in-the-middle attacker can decrypt a selected byte
of a cipher text in as few as 256 tries if they are able
to force a victim application to repeatedly send the
same data over newly created SSL 3.0 connections. This
is also known as the 'POODLE' issue. (CVE-2014-3566)

- A cross-site scripting flaw exists in the Xcode Server
due to not properly validating input before returning it
to the user. This can allow a remote attacker, using a
specially crafted request, to execute code within the
browser / server trust relationship. (CVE-2014-4406)

- A SQL injection flaw exists in the Wiki Server due to
not properly sanitizing user input before using it in
SQL queries. This can allow a remote attacker, using a
specially crafted request, to inject or manipulate SQL
queries, thus allowing the manipulation or disclosure
of arbitrary data. (CVE-2014-4424)

- A restriction bypass flaw exists in the Mail Server due
to SCAL changes being cached and not enforced until the
service had restarted. This can allow an authenticated
remote attacker to bypass those restrictions.
(CVE-2014-4446)

- A password disclosure flaw exists in the Profile Manager
due to passwords being potentially saved to a file when
editing or setting up a profile. This can allow a local
attacker to gain access to password information.
(CVE-2014-4447)

See also :

http://support.apple.com/kb/HT6536
http://www.securityfocus.com/archive/1/533722/30/0/threaded
https://www.imperialviolet.org/2014/10/14/poodle.html
https://www.openssl.org/~bodo/ssl-poodle.pdf
https://tools.ietf.org/html/draft-ietf-tls-downgrade-scsv-00

Solution :

Upgrade to Mac OS X Server 4.0 or later.

Note that OS X Server 4.0 is available only for OS X 10.10 or later.

Risk factor :

High / CVSS Base Score : 7.8
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C)
CVSS Temporal Score : 6.8
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Mac OS X : OS X Server < 3.2.2 SSLv3 Information Disclosure (POODLE)


Synopsis:

The remote host is missing a security update for OS X Server.

Description:

The remote Mac OS X 10.9 host has a version of OS X Server that is
prior to version 3.2.2. It is, therefore, affected by an information
disclosure vulnerability.

An error exists related to the way SSL 3.0 handles padding bytes when
decrypting messages encrypted using block ciphers in cipher block
chaining (CBC) mode. A man-in-the-middle attacker can decrypt a
selected byte of a cipher text in as few as 256 tries if they are able
to force a victim application to repeatedly send the same data over
newly created SSL 3.0 connections. This is also known as the 'POODLE'
issue.

See also :

http://support.apple.com/kb/HT6527
http://www.securityfocus.com/archive/1/533724/30/0/threaded
https://www.imperialviolet.org/2014/10/14/poodle.html
https://www.openssl.org/~bodo/ssl-poodle.pdf
https://tools.ietf.org/html/draft-ietf-tls-downgrade-scsv-00

Solution :

Upgrade to Mac OS X Server 3.2.2 or later.

Risk factor :

Medium / CVSS Base Score : 4.3
(CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N)
CVSS Temporal Score : 3.7
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Mac OS X : OS X Server < 2.2.5 SSLv3 Information Disclosure (POODLE)


Synopsis:

The remote host is missing a security update for OS X Server.

Description:

The remote Mac OS X 10.8 host has a version of OS X Server that is
prior to version 2.2.5. It is, therefore, affected by an information
disclosure vulnerability.

An error exists related to the way SSL 3.0 handles padding bytes when
decrypting messages encrypted using block ciphers in cipher block
chaining (CBC) mode. A man-in-the-middle attacker can decrypt a
selected byte of a cipher text in as few as 256 tries if they are able
to force a victim application to repeatedly send the same data over
newly created SSL 3.0 connections. This is also known as the 'POODLE'
issue.

See also :

http://support.apple.com/kb/HT6529
http://www.securityfocus.com/archive/1/533725/30/0/threaded
https://www.imperialviolet.org/2014/10/14/poodle.html
https://www.openssl.org/~bodo/ssl-poodle.pdf
https://tools.ietf.org/html/draft-ietf-tls-downgrade-scsv-00

Solution :

Upgrade to Mac OS X Server 2.2.5 or later.

Risk factor :

Medium / CVSS Base Score : 4.3
(CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N)
CVSS Temporal Score : 3.7
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

This script is Copyright (C) 2014 Tenable Network Security, Inc.

iTunes < 12.0.1 Multiple Vulnerabilities (uncredentialed check)


Synopsis:

The remote host contains an application that is affected by multiple
vulnerabilities.

Description:

The version of iTunes on the remote host is prior to version 12.0.1.
It is, therefore, affected by multiple vulnerabilities related to the
included version of WebKit. The errors could lead to application
crashes or arbitrary code execution.

Note that Nessus has not tested for this issue but has instead relied
only on the application's self-reported version number.

See also :

http://support.apple.com/kb/HT6537
http://www.securityfocus.com/archive/1/533723/30/0/threaded

Solution :

Upgrade to iTunes 12.0.1 or later.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 8.7
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

This script is Copyright (C) 2014 Tenable Network Security, Inc.

iTunes < 12.0.1 Multiple Vulnerabilities (credentialed check)


Synopsis:

The remote host contains an application that is affected by multiple
vulnerabilities.

Description:

The version of iTunes installed on the remote Windows host is prior to
12.0.1. It is, therefore, affected by multiple vulnerabilities due to
the included version of WebKit. The errors could lead to application
crashes or arbitrary code execution.

Note that Nessus has not tested for this issue but has instead relied
only on the application's self-reported version number.

See also :

http://support.apple.com/kb/HT6537
http://www.securityfocus.com/archive/1/533723/30/0/threaded

Solution :

Upgrade to iTunes 12.0.1 or later.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 8.7
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Cisco TelePresence Video Communication Server Bash Remote Code Execution (Shellshock)


Synopsis:

The version of Cisco TelePresence Video Communication Server installed
on the remote host is affected by a command injection vulnerability.

Description:

According to its self-reported version number, the version of Cisco
TelePresence Video Communication Server is affected by a command
injection vulnerability known as Shellshock in its included GNU Bash
shell. The vulnerability is due to the processing of trailing strings
after function definitions in the values of environment variables.
This allows a remote attacker to execute arbitrary code via
environment variable manipulation depending on the configuration of
the system. The API over HTTP(S) and/or SSH can therefore be
exploited.

An attacker must be authenticated before the system is exposed to this
exploit.

See also :

http://seclists.org/oss-sec/2014/q3/650
http://www.nessus.org/u?dacf7829
https://www.invisiblethreat.ca/2014/09/cve-2014-6271/
https://tools.cisco.com/bugsearch/bug/CSCur01461
http://www.nessus.org/u?7269978d

Solution :

Upgrade to version 7.2.4 / 8.1.2 / 8.2.2 / 8.5 or later.

Risk factor :

High / CVSS Base Score : 9.0
(CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C)
CVSS Temporal Score : 7.8
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

This script is Copyright (C) 2014 Tenable Network Security, Inc.

RHEL 5 / 6 : rsyslog5 and rsyslog (RHSA-2014:1671)


Synopsis:

The remote Red Hat host is missing one or more security updates.

Description:

Updated rsyslog5 and rsyslog packages that fix one security issue are
now available for Red Hat Enterprise Linux 5 and 6 respectively.

Red Hat Product Security has rated this update as having Moderate
security impact. A Common Vulnerability Scoring System (CVSS) base
score, which gives a detailed severity rating, is available from the
CVE link in the References section.

The rsyslog packages provide an enhanced, multi-threaded syslog daemon
that supports writing to relational databases, syslog/TCP, RFC 3195,
permitted sender lists, filtering on any message part, and fine
grained output format control.

A flaw was found in the way rsyslog handled invalid log message
priority values. In certain configurations, a local attacker, or a
remote attacker able to connect to the rsyslog port, could use this
flaw to crash the rsyslog daemon. (CVE-2014-3634)

Red Hat would like to thank Rainer Gerhards of rsyslog upstream for
reporting this issue.

All rsyslog5 and rsyslog users are advised to upgrade to these updated
packages, which contain a backported patch to correct this issue.
After installing the update, the rsyslog service will be restarted
automatically.

See also :

https://www.redhat.com/security/data/cve/CVE-2014-3634.html
http://rhn.redhat.com/errata/RHSA-2014-1671.html

Solution :

Update the affected packages.

Risk factor :

Medium / CVSS Base Score : 6.8
(CVSS2#AV:A/AC:H/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 5.9
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

This script is Copyright (C) 2014 Tenable Network Security, Inc.

RHEL 7 : qemu-kvm (RHSA-2014:1669)


Synopsis:

The remote Red Hat host is missing one or more security updates.

Description:

Updated qemu-kvm packages that fix one security issue and one bug are
now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having Low security
impact. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available from the CVE link in
the References section.

KVM (Kernel-based Virtual Machine) is a full virtualization solution
for Linux on AMD64 and Intel 64 systems. The qemu-kvm package provides
the user-space component for running virtual machines using KVM.

An information leak flaw was found in the way QEMU's VGA emulator
accessed frame buffer memory for high resolution displays. A
privileged guest user could use this flaw to leak memory contents of
the host to the guest by setting the display to use a high resolution
in the guest. (CVE-2014-3615)

This issue was discovered by Laszlo Ersek of Red Hat.

This update also fixes the following bug :

* This update fixes a regression in the scsi_block_new_request()
function, which caused all read requests to through SG_IO if the host
cache was not used. (BZ#1141189)

All qemu-kvm users are advised to upgrade to these updated packages,
which contain backported patches to correct these issues. After
installing this update, shut down all running virtual machines. Once
all virtual machines have shut down, start them again for this update
to take effect.

See also :

https://www.redhat.com/security/data/cve/CVE-2014-3615.html
http://rhn.redhat.com/errata/RHSA-2014-1669.html

Solution :

Update the affected packages.

Risk factor :

Low / CVSS Base Score : 2.9
(CVSS2#AV:A/AC:H/Au:S/C:P/I:P/A:N)

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Oracle Linux 5 : rsyslog / rsyslog5 (ELSA-2014-1671)


Synopsis:

The remote Oracle Linux host is missing one or more security updates.

Description:

From Red Hat Security Advisory 2014:1671 :

Updated rsyslog5 and rsyslog packages that fix one security issue are
now available for Red Hat Enterprise Linux 5 and 6 respectively.

Red Hat Product Security has rated this update as having Moderate
security impact. A Common Vulnerability Scoring System (CVSS) base
score, which gives a detailed severity rating, is available from the
CVE link in the References section.

The rsyslog packages provide an enhanced, multi-threaded syslog daemon
that supports writing to relational databases, syslog/TCP, RFC 3195,
permitted sender lists, filtering on any message part, and fine
grained output format control.

A flaw was found in the way rsyslog handled invalid log message
priority values. In certain configurations, a local attacker, or a
remote attacker able to connect to the rsyslog port, could use this
flaw to crash the rsyslog daemon. (CVE-2014-3634)

Red Hat would like to thank Rainer Gerhards of rsyslog upstream for
reporting this issue.

All rsyslog5 and rsyslog users are advised to upgrade to these updated
packages, which contain a backported patch to correct this issue.
After installing the update, the rsyslog service will be restarted
automatically.

See also :

https://oss.oracle.com/pipermail/el-errata/2014-October/004554.html

Solution :

Update the affected rsyslog and / or rsyslog5 packages.

Risk factor :

Medium / CVSS Base Score : 4.3
(CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P)
CVSS Temporal Score : 3.7
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Oracle Linux 7 : qemu-kvm (ELSA-2014-1669)


Synopsis:

The remote Oracle Linux host is missing one or more security updates.

Description:

From Red Hat Security Advisory 2014:1669 :

Updated qemu-kvm packages that fix one security issue and one bug are
now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having Low security
impact. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available from the CVE link in
the References section.

KVM (Kernel-based Virtual Machine) is a full virtualization solution
for Linux on AMD64 and Intel 64 systems. The qemu-kvm package provides
the user-space component for running virtual machines using KVM.

An information leak flaw was found in the way QEMU's VGA emulator
accessed frame buffer memory for high resolution displays. A
privileged guest user could use this flaw to leak memory contents of
the host to the guest by setting the display to use a high resolution
in the guest. (CVE-2014-3615)

This issue was discovered by Laszlo Ersek of Red Hat.

This update also fixes the following bug :

* This update fixes a regression in the scsi_block_new_request()
function, which caused all read requests to through SG_IO if the host
cache was not used. (BZ#1141189)

All qemu-kvm users are advised to upgrade to these updated packages,
which contain backported patches to correct these issues. After
installing this update, shut down all running virtual machines. Once
all virtual machines have shut down, start them again for this update
to take effect.

See also :

https://oss.oracle.com/pipermail/el-errata/2014-October/004553.html

Solution :

Update the affected qemu-kvm packages.

Risk factor :

Low / CVSS Base Score : 2.9
(CVSS2#AV:A/AC:H/Au:S/C:P/I:P/A:N)
CVSS Temporal Score : 2.5
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

This script is Copyright (C) 2014 Tenable Network Security, Inc.

openSUSE Security Update : bash (openSUSE-SU-2014:1310-1)


Synopsis:

The remote openSUSE host is missing a security update.

Description:

- Replace patches bash-4.2-heredoc-eof-delim.patch and
bash-4.2-parse-exportfunc.patch with the official
upstream patch levels bash42-052 and bash42-053

- Replace patch bash-4.2-CVE-2014-7187.patch with upstream
patch level bash42-051

- Add patches bash-4.2-heredoc-eof-delim.patch for
bsc#898812, CVE-2014-6277: more troubles with functions
bash-4.2-parse-exportfunc.patch for bsc#898884,
CVE-2014-6278: code execution after original 6271 fix

- Make bash-4.2-extra-import-func.patch an optional patch
due instruction

- Remove and replace patches bash-4.2-CVE-2014-6271.patch
bash-4.2-BSC898604.patch bash-4.2-CVE-2014-7169.patch
with bash upstream patch 48, patch 49, and patch 50

- Add patch bash-4.2-extra-import-func.patch which is
based on the BSD patch of Christos. As further
enhancements the option import-functions is mentioned in
the manual page and a shopt switch is added to enable
and disable import-functions on the fly

See also :

http://lists.opensuse.org/opensuse-updates/2014-10/msg00025.html
https://bugzilla.opensuse.org/show_bug.cgi?id=898812
https://bugzilla.opensuse.org/show_bug.cgi?id=898884

Solution :

Update the affected bash packages.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
Public Exploit Available : true

This script is Copyright (C) 2014 Tenable Network Security, Inc.

openSUSE Security Update : bash (openSUSE-SU-2014:1308-1)


Synopsis:

The remote openSUSE host is missing a security update.

Description:

- Replace patches bash-4.2-heredoc-eof-delim.patch and
bash-4.2-parse-exportfunc.patch with the official
upstream patch levels bash42-052 and bash42-053

- Replace patch bash-4.2-CVE-2014-7187.patch with upstream
patch level bash42-051

- Make bash-4.2-extra-import-func.patch an optional patch
due instruction

- Remove and replace patches bash-4.2-CVE-2014-6271.patch
bash-4.2-BSC898604.patch bash-4.2-CVE-2014-7169.patch
with bash upstream patch 48, patch 49, and patch 50

- Add patch bash-4.2-extra-import-func.patch which is
based on the BSD patch of Christos. As further
enhancements the option import-functions is mentioned in
the manual page and a shopt switch is added to enable
and disable import-functions on the fly

See also :

http://lists.opensuse.org/opensuse-updates/2014-10/msg00023.html
https://bugzilla.opensuse.org/show_bug.cgi?id=896776
https://bugzilla.opensuse.org/show_bug.cgi?id=898346

Solution :

Update the affected bash packages.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
Public Exploit Available : true

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Debian DSA-3054-1 : mysql-5.5 - security update


Synopsis:

The remote Debian host is missing a security-related update.

Description:

Several issues have been discovered in the MySQL database server. The
vulnerabilities are addressed by upgrading MySQL to the new upstream
version 5.5.40. Please see the MySQL 5.5 Release Notes and Oracle's
Critical Patch Update advisory for further details :

-
https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5
-39.html
-
https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5
-40.html

-
http://www.oracle.com/technetwork/topics/security/cpuoct
2014-1972960.html

See also :

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=765663
https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-39.html
https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-40.html
http://www.nessus.org/u?6dcc7b47
http://www.debian.org/security/2014/dsa-3054

Solution :

Upgrade the mysql-5.5 packages.

For the stable distribution (wheezy), these problems have been fixed
in version 5.5.40-0+wheezy1.

Risk factor :

High / CVSS Base Score : 8.0
(CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:C)
CVSS Temporal Score : 7.0
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

This script is Copyright (C) 2014 Tenable Network Security, Inc.