Newest Plugins

Mac OS X : Apple Safari < 6.2.7 / 7.1.7 / 8.0.7 Multiple Vulnerabilities


Synopsis:

The web browser installed on the remote host is affected by multiple
vulnerabilities.

Description:

The version of Apple Safari installed on the remote Mac OS X host is
prior to 6.2.7 / 7.1.7 / 8.0.7. It is, therefore, affected by the
following vulnerabilities :

- A flaw exists in WebKit Page Loading due to the Origin
request header being preserved for cross-origin
redirects. A remote attacker can exploit this, via a
specially crafted web page, to circumvent cross-site
request forgery (XSRF) protections. (CVE-2015-3658)

- A flaw exists in the WebKit Storage's SQLite authorizer
due to insufficient comparison. A remote attacker can
exploit this, via a specially crafted web page, to
invoke arbitrary SQL functions, resulting in a denial
of service condition or executing arbitrary code.
(CVE-2015-3659)

- An information disclosure vulnerability exists in WebKit
PDF due to improper restrictions, related to JavaScript
execution, of links embedded in PDF files. A remote
attacker can exploit this, via a specially crafted PDF
file, to disclose sensitive information from the file
system, including cookies. (CVE-2015-3660)

- An information disclosure vulnerability exists in WebKit
due to improper restrictions on renaming WebSQL tables.
A remote attacker can exploit this, via a specially
crafted website, to access WebSQL databases belonging to
other websites. (CVE-2015-3727)

See also :

https://support.apple.com/en-us/HT204950

Solution :

Upgrade to Apple Safari 6.2.7 / 7.1.7 / 8.0.7 or later.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)

This script is Copyright (C) 2015 Tenable Network Security, Inc.

Apple iOS < 8.4


Synopsis:

The version of iOS running on the mobile device is affected by
multiple vulnerabilities.

Description:

The mobile device is running a version of iOS prior to version 8.4. It
is, therefore, affected by vulnerabilities in the following
components :

- Application Store
- Certificate Trust Policy
- CFNetwork HTTPAuthentication
- CoreGraphics
- CoreText
- coreTLS
- DiskImages
- FontParser
- ImageIO
- Kernel
- Mail
- MobileInstallation
- Safari
- Security
- SQLite
- Telephony
- WebKit
- WiFi Connectivity

See also :

http://www.nessus.org/u?26c23cd2
https://support.apple.com/en-us/HT204941

Solution :

Upgrade to iOS version 8.4 or later.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)

This script is Copyright (C) 2015 Tenable Network Security, Inc.

Mac OS X Multiple Vulnerabilities (Security Update 2015-005)


Synopsis:

The remote host is missing a Mac OS X update that fixes multiple
security vulnerabilities.

Description:

The remote host is running a version of Mac OS X 10.8.5 or 10.9.5
that is missing Security Update 2015-005. It is, therefore, affected
multiple vulnerabilities in the following components :

- Admin Framework
- afpserver
- apache
- AppleFSCompression
- AppleGraphicsControl
- AppleThunderboltEDMService
- ATS
- Bluetooth
- Certificate Trust Policy
- CFNetwork HTTPAuthentication
- CoreText
- coreTLS
- DiskImages
- Display Drivers
- EFI
- FontParser
- Graphics Driver
- ImageIO
- Install Framework Legacy
- Intel Graphics Driver
- IOAcceleratorFamily
- IOFireWireFamily
- Kernel
- kext tools
- Mail
- ntfs
- ntp
- OpenSSL
- QuickTime
- Security
- Spotlight
- SQLite
- System Stats
- TrueTypeScaler
- zip

Note that successful exploitation of the most serious issues can
result in arbitrary code execution.

See also :

https://support.apple.com/en-ca/HT204942
http://www.nessus.org/u?956357d4

Solution :

Install Security Update 2015-005 or later.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)

This script is Copyright (C) 2015 Tenable Network Security, Inc.

Mac OS X < 10.10.4 Multiple Vulnerabilities


Synopsis:

The remote host is missing a Mac OS X update that fixes multiple
security vulnerabilities.

Description:

The remote host is running a version of Mac OS X 10.10.x that is prior
to 10.10.4. It is, therefore, affected multiple vulnerabilities in the
following components :

- Admin Framework
- afpserver
- apache
- AppleFSCompression
- AppleGraphicsControl
- AppleThunderboltEDMService
- ATS
- Bluetooth
- Certificate Trust Policy
- CFNetwork HTTPAuthentication
- CoreText
- coreTLS
- DiskImages
- Display Drivers
- EFI
- FontParser
- Graphics Driver
- ImageIO
- Install Framework Legacy
- Intel Graphics Driver
- IOAcceleratorFamily
- IOFireWireFamily
- Kernel
- kext tools
- Mail
- ntfs
- ntp
- OpenSSL
- QuickTime
- Security
- Spotlight
- SQLite
- System Stats
- TrueTypeScaler
- zip

Note that successful exploitation of the most serious issues can
result in arbitrary code execution.

See also :

https://support.apple.com/en-ca/HT204942
http://www.nessus.org/u?956357d4

Solution :

Upgrade to Mac OS X 10.10.4 or later.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)

This script is Copyright (C) 2015 Tenable Network Security, Inc.

Ubuntu 14.04 / 14.10 / 15.04 : oxide-qt vulnerabilities (USN-2652-1)


Synopsis:

The remote Ubuntu host is missing a security-related patch.

Description:

It was discovered that Chromium did not properly consider the scheme
when determining whether a URL is associated with a WebUI
SiteInstance. If a user were tricked in to opening a specially crafted
website, an attacker could potentially exploit this to bypass security
restrictions. (CVE-2015-1266)

It was discovered that Blink did not properly restrict the creation
context during creation of a DOM wrapper. If a user were tricked in to
opening a specially crafted website, an attacker could potentially
exploit this to bypass same-origin restrictions. (CVE-2015-1267,
CVE-2015-1268)

It was discovered that Chromium did not properly canonicalize DNS
hostnames before comparing to HSTS or HPKP preload entries. An
attacker could potentially exploit this to bypass intended access
restrictions. (CVE-2015-1269).

Solution :

Update the affected liboxideqtcore0 package.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)
CVSS Temporal Score : 4.3
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

This script is Copyright (C) 2015 Tenable Network Security, Inc.

RHEL 6 : kernel (RHSA-2015:1199)


Synopsis:

The remote Red Hat host is missing one or more security updates.

Description:

Updated kernel packages that fix two security issues and three bugs
are now available for Red Hat Enterprise Linux 6.5 Extended Update
Support.

Red Hat Product Security has rated this update as having Important
security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.

The kernel packages contain the Linux kernel, the core of any Linux
operating system.

* It was found that the Linux kernel's implementation of vectored pipe
read and write functionality did not take into account the I/O vectors
that were already processed when retrying after a failed atomic access
operation, potentially resulting in memory corruption due to an I/O
vector array overrun. A local, unprivileged user could use this flaw
to crash the system or, potentially, escalate their privileges on the
system. (CVE-2015-1805, Important)

* A buffer overflow flaw was found in the way the Linux kernel's Intel
AES-NI instructions optimized version of the RFC4106 GCM mode
decryption functionality handled fragmented packets. A remote attacker
could use this flaw to crash, or potentially escalate their privileges
on, a system over a connection with an active AES-GCM mode IPSec
security association. (CVE-2015-3331, Important)

The security impact of the CVE-2015-1805 issue was discovered by Red
Hat.

This update also fixes the following bugs :

* Parallel extending direct I/O writes to a file could previously race
to update the size of the file. If executed in an incorrect order, the
file size could move backwards and push a previously completed write
beyond the end of the file, which resulted in losing the write. With
this update, file size updates always execute in appropriate order,
thus fixing this bug. (BZ#1218498)

* When the load rose and run queues were busy due to the effects of
the enqueue_entity() function, tasks with large sched_entity.vruntime
values could previously be prevented from using the CPU time. A patch
eliminating the entity_key() function in the sched_fair.c latency
value has been backported from upstream, and all tasks are now
provided with fair CPU runtime. (BZ#1219121)

* Previously, running the clock_gettime() function quickly in a loop
could result in a jump back in time. Consequently, programs could
behave unexpectedly when they assumed that clock_getime() returned an
equal or greater time in subsequent calls. With this update, if the
time delta between calls is negative, the clock is no longer updated.
As a result, a subsequent call to clock_gettime() is guaranteed to
return a time greater than or equal to a previous call. (BZ#1219500)

All kernel users are advised to upgrade to these updated packages,
which contain backported patches to correct these issues. The system
must be rebooted for this update to take effect.

See also :

https://www.redhat.com/security/data/cve/CVE-2015-1805.html
https://www.redhat.com/security/data/cve/CVE-2015-3331.html
http://rhn.redhat.com/errata/RHSA-2015-1199.html

Solution :

Update the affected packages.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)

This script is Copyright (C) 2015 Tenable Network Security, Inc.

Oracle Linux 5 : openssl (ELSA-2015-1197)


Synopsis:

The remote Oracle Linux host is missing one or more security updates.

Description:

Description of changes:

[0.9.8e-36.0.1]
- Backport openssl 08-Jan-2015 security fixes (John Haxby) [orabug 20409893]
- fix CVE-2014-3570 - Bignum squaring may produce incorrect results
- fix CVE-2014-3571 - DTLS segmentation fault in dtls1_get_record
- fix CVE-2014-3572 - ECDHE silently downgrades to ECDH [Client]

[0.9.8e-36]
- also change the default DH parameters in s_server to 1024 bits

[0.9.8e-35]
- fix CVE-2015-1789 - out-of-bounds read in X509_cmp_time
- fix CVE-2015-1790 - PKCS7 crash with missing EncryptedContent
- fix CVE-2015-4000 - prevent the logjam attack on client - restrict
the DH key size to at least 768 bits (limit will be increased in future)

See also :

https://oss.oracle.com/pipermail/el-errata/2015-June/005186.html

Solution :

Update the affected openssl packages.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)

This script is Copyright (C) 2015 Tenable Network Security, Inc.

FreeBSD : cups-filters -- buffer overflow in texttopdf size allocation (b19da422-1e02-11e5-b43d-002590263bf5)


Synopsis:

The remote FreeBSD host is missing a security-related update.

Description:

Stefan Cornelius from Red Hat reports :

A heap-based buffer overflow was discovered in the way the texttopdf
utility of cups-filters processed print jobs with a specially crafted
line size. An attacker being able to submit print jobs could exploit
this flaw to crash texttopdf or, possibly, execute arbitrary code.

Till Kamppeter reports :

texttopdf: Fixed buffer overflow on size allocation of texttopdf when
working with extremely small line sizes, which causes the size
calculation to result in 0 (CVE-2015-3258, thanks to Stefan Cornelius
from Red Hat for the patch).

See also :

http://www.openwall.com/lists/oss-security/2015/06/26/4
http://www.nessus.org/u?648c1352
http://www.nessus.org/u?c1607da1

Solution :

Update the affected package.

Risk factor :

High

This script is Copyright (C) 2015 Tenable Network Security, Inc.

FreeBSD : wesnoth -- disclosure of .pbl files with lowercase, uppercase, and mixed-case extension (2a8b7d21-1ecc-11e5-a4a5-002590263bf5)


Synopsis:

The remote FreeBSD host is missing a security-related update.

Description:

Ignacio R. Morelle reports :

As mentioned in the Wesnoth 1.12.4 and Wesnoth 1.13.1 release
announcements, a security vulnerability targeting add-on authors was
found (bug #23504) which allowed a malicious user to obtain add-on
server passphrases from the client's .pbl files and transmit them over
the network, or store them in saved game files intended to be shared
by the victim. This vulnerability affects all existing releases up to
and including versions 1.12.2 and 1.13.0. Additionally, version 1.12.3
included only a partial fix that failed to guard users against
attempts to read from .pbl files with an uppercase or mixed-case
extension. CVE-2015-5069 and CVE-2015-5070 have been assigned to the
vulnerability affecting .pbl files with a lowercase extension, and
.pbl files with an uppercase or mixed-case extension, respectively.

See also :

http://forums.wesnoth.org/viewtopic.php?t=42776
http://forums.wesnoth.org/viewtopic.php?t=42775
http://www.nessus.org/u?a1867410

Solution :

Update the affected package.

Risk factor :

High

This script is Copyright (C) 2015 Tenable Network Security, Inc.

FreeBSD : ntp -- control message remote Deinal of Service vulnerability (0d0f3050-1f69-11e5-9ba9-d050996490d0)


Synopsis:

The remote FreeBSD host is missing one or more security-related
updates.

Description:

ntp.org reports :

Under limited and specific circumstances an attacker can send a
crafted packet to cause a vulnerable ntpd instance to crash. This
requires each of the following to be true :

- ntpd set up to allow for remote configuration (not allowed by
default), and

- knowledge of the configuration password, and

- access to a computer entrusted to perform remote configuration.

See also :

http://bugs.ntp.org/show_bug.cgi?id=2853
https://www.kb.cert.org/vuls/id/668167
http://www.nessus.org/u?e1d497be
http://www.nessus.org/u?6e63ba37

Solution :

Update the affected packages.

Risk factor :

High

This script is Copyright (C) 2015 Tenable Network Security, Inc.

Fedora 22 : pam-1.1.8-19.fc22 (2015-10830)


Synopsis:

The remote Fedora host is missing a security update.

Description:

Update fixing a minor security issue CVE-2015-3238.

See also :

https://bugzilla.redhat.com/show_bug.cgi?id=1228571
http://www.nessus.org/u?75643046

Solution :

Update the affected pam package.

Risk factor :

Medium / CVSS Base Score : 6.4
(CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P)

This script is Copyright (C) 2015 Tenable Network Security, Inc.

Fedora 21 : kernel-4.0.6-200.fc21 (2015-10678)


Synopsis:

The remote Fedora host is missing a security update.

Description:

The 4.0.6 stable update contains a number of important fixes across
the tree.

See also :

https://bugzilla.redhat.com/show_bug.cgi?id=1230770
http://www.nessus.org/u?7b19c45c

Solution :

Update the affected kernel package.

Risk factor :

Medium / CVSS Base Score : 4.7
(CVSS2#AV:L/AC:M/Au:N/C:N/I:N/A:C)

This script is Copyright (C) 2015 Tenable Network Security, Inc.

Fedora 21 : rubygem-activesupport-4.1.5-2.fc21 (2015-10545)


Synopsis:

The remote Fedora host is missing a security update.

Description:

Fixes for :

CVE-2015-3226 Escape HTML entities in JSON keys

CVE-2015-3227 XML documents that are too deep can cause an stack
overflow, which in turn will cause a potential DoS attack.

See also :

http://www.nessus.org/u?0bc29272

Solution :

Update the affected rubygem-activesupport package.

Risk factor :

Medium / CVSS Base Score : 5.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N)

This script is Copyright (C) 2015 Tenable Network Security, Inc.

Fedora 22 : rubygem-activesupport-4.2.0-2.fc22 (2015-10538)


Synopsis:

The remote Fedora host is missing a security update.

Description:

Fixes for :

CVE-2015-3226 Escape HTML entities in JSON keys

CVE-2015-3227 XML documents that are too deep can cause an stack
overflow, which in turn will cause a potential DoS attack.

See also :

http://www.nessus.org/u?7e9c7f6f

Solution :

Update the affected rubygem-activesupport package.

Risk factor :

Medium / CVSS Base Score : 5.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N)

This script is Copyright (C) 2015 Tenable Network Security, Inc.

Fedora 22 : cups-x2go-3.0.1.3-1.fc22 (2015-10459)


Synopsis:

The remote Fedora host is missing a security update.

Description:

- New upstream version (3.0.1.2) :

- cups-x2go{,.conf}: port to File::Temp. Use
Text::ParseWords to split up the ps2pdf command line
correctly. Don't use system() but IPC::Open2::open2().
Capture the ps2pdf program's stdout and write it to
the temporary file handle 'manually'. Should fix
problems reported by Jan Bi on IRC.

- cups-x2go: fix commented out second ps2pdf definition
to output PDF data to stdout.

- New upstream version (3.0.1.3) :

- cups-x2go: import tempfile() function from File::Temp
module.

- cups-x2go: only repeat the last X, not the whole
'.pdfX' string (or the like.)

- cups-x2go: actually print 'real' executed command
instead of the 'original' one with placeholders.

- cups-x2go: read output from ghostscript, don't write a
filehandle to the temporary file. Fixes a hanging
ghostscript call and... well... random junk, instead
of a 'real' PDF file.

- cups-x2go: use parentheses around function arguments.

- cups-x2go: fix binmode() call, :raw layer is implicit.

- cups-x2go: fix print call... Does not allow to
separate parameters with a comma.

- cups-x2go: add correct :raw layer to binmode calls.

- cups-x2go: fix tiny typo.

- cups-x2go: read data from GS and STDIN in chunks of 8
kbytes, instead of everything at once. Handles large
print jobs gracefully.

- cups-x2go: add parentheses to close() calls.

- cups-x2go: delete PDF and title temporary files
automatically.

- cups-x2go: unlink PS temporary file on-demand in END
block. Also move closelog to END block, because we
want to print diagnosis messages in the END block.

- cups-x2go: don't use unlink() explicitly. Trust
File::Temp and our END block to clean up correctly.

- cups-x2go: there is no continue in perl for stepping
forward a loop. Still not. I keep forgetting that. Use
next. (Partly) Fixes: #887.

- cups-x2go: use the same temp file template for PS, PDF
and title files. Use appropriate suffixes if necessary
when generating PDF and title temp files. (Fully)
Fixes: #887. Update to 3.0.1.1 :

- Add a short README that provides some getting started
information. Update to 3.0.1.1 :

- Add a short README that provides some getting started
information.

See also :

http://www.nessus.org/u?e1ae310e

Solution :

Update the affected cups-x2go package.

Risk factor :

High

This script is Copyright (C) 2015 Tenable Network Security, Inc.

Fedora 22 : elfutils-0.163-1.fc22 (2015-10370)


Synopsis:

The remote Fedora host is missing a security update.

Description:

Update to 0.163. Hardening fixes. Updated eu-addr2line utility.
Various bug fixes. Updated translations. Update to 0.162. Hardening
fixes. Updated eu-addr2line utility. Various bug fixes.

See also :

https://bugzilla.redhat.com/show_bug.cgi?id=1020842
https://bugzilla.redhat.com/show_bug.cgi?id=1129756
https://bugzilla.redhat.com/show_bug.cgi?id=1139815
https://bugzilla.redhat.com/show_bug.cgi?id=1170810
https://bugzilla.redhat.com/show_bug.cgi?id=1230468
https://bugzilla.redhat.com/show_bug.cgi?id=1230798
https://bugzilla.redhat.com/show_bug.cgi?id=1231454
https://bugzilla.redhat.com/show_bug.cgi?id=1232206
http://www.nessus.org/u?7d434cde

Solution :

Update the affected elfutils package.

Risk factor :

High

This script is Copyright (C) 2015 Tenable Network Security, Inc.

Fedora 21 : abrt-2.3.0-7.fc21 / gnome-abrt-1.0.0-3.fc21 / libreport-2.3.0-8.fc21 (2015-10193)


Synopsis:

The remote Fedora host is missing one or more security updates.

Description:

Security fixes for :

- CVE-2015-3315

- CVE-2015-3142

- CVE-2015-1869

- CVE-2015-1870

- CVE-2015-3151

- CVE-2015-3150

- CVE-2015-3159

abrt: =====

- Move the default dump location from /var/tmp/abrt to
/var/spool/abrt

- Use root for owner of all dump directories

- Stop reading hs_error.log from /tmp

- Don not save the system logs by default

- Don not save dmesg if kernel.dmesg_restrict=1

libreport: ==========

- Harden the code against directory traversal, symbolic
and hard link attacks

- Fix a bug causing that the first value of
AlwaysExcludedElements was ignored

- Fix missing icon for the 'Stop' button icon name

- Improve development documentation

- Translations updates

gnome-abrt: ===========

- Use DBus to get problem data for detail dialog

- Fix an error introduced with the details on System
page

- Enabled the Details also for the System problems

See also :

https://bugzilla.redhat.com/show_bug.cgi?id=1169774
https://bugzilla.redhat.com/show_bug.cgi?id=1179752
https://bugzilla.redhat.com/show_bug.cgi?id=1193656
https://bugzilla.redhat.com/show_bug.cgi?id=1212821
https://bugzilla.redhat.com/show_bug.cgi?id=1212865
https://bugzilla.redhat.com/show_bug.cgi?id=1212871
https://bugzilla.redhat.com/show_bug.cgi?id=1213485
https://bugzilla.redhat.com/show_bug.cgi?id=1214452
https://bugzilla.redhat.com/show_bug.cgi?id=1214609
https://bugzilla.redhat.com/show_bug.cgi?id=1216975
https://bugzilla.redhat.com/show_bug.cgi?id=1218239
https://bugzilla.redhat.com/show_bug.cgi?id=986876
http://www.nessus.org/u?9e916c0f
http://www.nessus.org/u?d3b69026
http://www.nessus.org/u?d7b58c5a

Solution :

Update the affected abrt, gnome-abrt and / or libreport packages.

Risk factor :

High / CVSS Base Score : 7.2
(CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)

This script is Copyright (C) 2015 Tenable Network Security, Inc.

Debian DSA-3298-1 : jackrabbit - security update


Synopsis:

The remote Debian host is missing a security-related update.

Description:

It was discovered that the Jackrabbit WebDAV bundle was susceptible to
a XXE/XEE attack. When processing a WebDAV request body containing
XML, the XML parser could be instructed to read content from network
resources accessible to the host, identified by URI schemes such
as'http(s)' or 'file'. Depending on the WebDAV request, this could not
only be used to trigger internal network requests, but might also be
used to insert said content into the request, potentially exposing it
to the attacker and others.

See also :

https://packages.debian.org/source/wheezy/jackrabbit
https://packages.debian.org/source/jessie/jackrabbit
http://www.debian.org/security/2015/dsa-3298

Solution :

Upgrade the jackrabbit packages.

For the oldstable distribution (wheezy), this problem has been fixed
in version 2.3.6-1+deb7u1.

For the stable distribution (jessie), this problem has been fixed in
version 2.3.6-1+deb8u1.

Risk factor :

Medium / CVSS Base Score : 6.4
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N)

This script is Copyright (C) 2015 Tenable Network Security, Inc.

Debian DLA-262-1 : libcrypto++ security update


Synopsis:

The remote Debian host is missing a security update.

Description:

Evgeny Sidorov discovered that libcrypto++, a general purpose C++
cryptographic library, did not properly implement blinding to mask
private key operations for the Rabin-Williams digital signature
algorithm. This could allow remote attackers to mount a timing attack
and retrieve the user's private key.

NOTE: Tenable Network Security has extracted the preceding description
block directly from the DLA security advisory. Tenable has attempted
to automatically clean and format it as much as possible without
introducing additional issues.

See also :

https://lists.debian.org/debian-lts-announce/2015/06/msg00029.html
https://packages.debian.org/source/squeeze-lts/libcrypto++

Solution :

Upgrade the affected packages.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)
CVSS Temporal Score : 4.3
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

This script is Copyright (C) 2015 Tenable Network Security, Inc.

Debian DLA-261-1 : aptdaemon security update


Synopsis:

The remote Debian host is missing a security update.

Description:

Tavis Ormandy discovered that Aptdeamon incorrectly handled the
simulate dbus method. A local attacker could use this issue to
possibly expose sensitive information, or perform other file access as
the root user.

For Debian 6 'Squeeze', this problem has been fixed in
version 0.31+bzr413-1.1+deb6u1 of aptdaemon. We recommend that you
upgrade yout aptdaemon package.

NOTE: Tenable Network Security has extracted the preceding description
block directly from the DLA security advisory. Tenable has attempted
to automatically clean and format it as much as possible without
introducing additional issues.

See also :

https://lists.debian.org/debian-lts-announce/2015/06/msg00028.html
https://packages.debian.org/source/squeeze-lts/aptdaemon

Solution :

Upgrade the affected packages.

Risk factor :

Low / CVSS Base Score : 2.1
(CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N)
CVSS Temporal Score : 1.8
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

This script is Copyright (C) 2015 Tenable Network Security, Inc.

Debian DLA-260-1 : hostapd security update


Synopsis:

The remote Debian host is missing a security update.

Description:

A vulnerability was found in WMM Action frame processing in a case
where hostapd is used to implement AP mode MLME/SME functionality
(i.e., Host AP driver of a mac80211-based driver on Linux).

This vulnerability can be used to perform denial of service attacks by
an attacker that is within radio range of the AP that uses hostapd for
MLME/SME operations.

For Debian 6 'Squeeze', this vulnerability has been fixed
in version 1:0.6.10-2+squeeze2 of hostapd. We recommend that you
upgrade your hostapd package.

NOTE: Tenable Network Security has extracted the preceding description
block directly from the DLA security advisory. Tenable has attempted
to automatically clean and format it as much as possible without
introducing additional issues.

See also :

https://lists.debian.org/debian-lts-announce/2015/06/msg00027.html
https://packages.debian.org/source/squeeze-lts/hostapd

Solution :

Upgrade the affected hostapd package.

Risk factor :

Medium / CVSS Base Score : 4.3
(CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P)
CVSS Temporal Score : 3.7
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

This script is Copyright (C) 2015 Tenable Network Security, Inc.

TLS Version 1.0 Protocol Detection (PCI DSS)


Synopsis:

The remote service encrypts traffic using a protocol with known
weaknesses.

Description:

The remote service accepts connections encrypted using TLS 1.0.
These versions of TLS reportedly suffer from several cryptographic
flaws. An attacker may be able to exploit these flaws to conduct
man-in-the-middle attacks or to decrypt communications between the
affected service and clients.

Solution :

Consult the application's documentation to disable TLS 1.0. Use TLS
1.1 or higher instead.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)

This script is Copyright (C) 2015 Tenable Network Security, Inc.

SUSE SLES11 Security Update : Xen (SUSE-SU-2015:1157-1)


Synopsis:

The remote SUSE host is missing one or more security updates.

Description:

Xen was updated to fix six security issues :

CVE-2015-4103: Potential unintended writes to host MSI message data
field via qemu. (XSA-128, bsc#931625)

CVE-2015-4104: PCI MSI mask bits inadvertently exposed to guests.
(XSA-129, bsc#931626)

CVE-2015-4105: Guest triggerable qemu MSI-X pass-through error
messages. (XSA-130, bsc#931627)

CVE-2015-4106: Unmediated PCI register access in qemu. (XSA-131,
bsc#931628)

CVE-2015-3209: Heap overflow in qemu pcnet controller allowing guest
to host escape. (XSA-135, bsc#932770)

CVE-2015-4164: DoS through iret hypercall handler. (XSA-136,
bsc#932996)

Note that Tenable Network Security has extracted the preceding
description block directly from the SUSE security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.

See also :

https://bugzilla.suse.com/931625
https://bugzilla.suse.com/931626
https://bugzilla.suse.com/931627
https://bugzilla.suse.com/931628
https://bugzilla.suse.com/932770
https://bugzilla.suse.com/932996
http://www.nessus.org/u?ae01d921
https://www.suse.com/security/cve/CVE-2015-3209.html
https://www.suse.com/security/cve/CVE-2015-4103.html
https://www.suse.com/security/cve/CVE-2015-4104.html
https://www.suse.com/security/cve/CVE-2015-4105.html
https://www.suse.com/security/cve/CVE-2015-4106.html
https://www.suse.com/security/cve/CVE-2015-4163.html
https://www.suse.com/security/cve/CVE-2015-4164.html
http://www.nessus.org/u?af76b452

Solution :

To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product :

SUSE Linux Enterprise Server 11 SP2 LTSS :

zypper in -t patch slessp2-xen-201506=10729

To bring your system up-to-date, use 'zypper patch'.

Risk factor :

High / CVSS Base Score : 7.8
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C)
CVSS Temporal Score : 6.8
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

This script is Copyright (C) 2015 Tenable Network Security, Inc.

SUSE SLES11 Security Update : Xen (SUSE-SU-2015:1156-1)


Synopsis:

The remote SUSE host is missing one or more security updates.

Description:

Xen was updated to fix six security issues :

CVE-2015-4103: Potential unintended writes to host MSI message data
field via qemu. (XSA-128, bsc#931625)

CVE-2015-4104: PCI MSI mask bits inadvertently exposed to guests.
(XSA-129, bsc#931626)

CVE-2015-4105: Guest triggerable qemu MSI-X pass-through error
messages. (XSA-130, bsc#931627)

CVE-2015-4106: Unmediated PCI register access in qemu. (XSA-131,
bsc#931628)

CVE-2015-3209: heap overflow in qemu pcnet controller allowing guest
to host escape. (XSA-135, bsc#932770)

CVE-2015-4164: DoS through iret hypercall handler. (XSA-136,
bsc#932996)

Note that Tenable Network Security has extracted the preceding
description block directly from the SUSE security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.

See also :

https://bugzilla.suse.com/931625
https://bugzilla.suse.com/931626
https://bugzilla.suse.com/931627
https://bugzilla.suse.com/931628
https://bugzilla.suse.com/932770
https://bugzilla.suse.com/932996
http://www.nessus.org/u?cbd169d9
https://www.suse.com/security/cve/CVE-2015-3209.html
https://www.suse.com/security/cve/CVE-2015-4103.html
https://www.suse.com/security/cve/CVE-2015-4104.html
https://www.suse.com/security/cve/CVE-2015-4105.html
https://www.suse.com/security/cve/CVE-2015-4106.html
https://www.suse.com/security/cve/CVE-2015-4164.html
http://www.nessus.org/u?baa6b0ae

Solution :

To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product :

SUSE Linux Enterprise Server 11 SP1 LTSS :

zypper in -t patch slessp1-xen-201506=10726

To bring your system up-to-date, use 'zypper patch'.

Risk factor :

High / CVSS Base Score : 7.8
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C)
CVSS Temporal Score : 6.8
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

This script is Copyright (C) 2015 Tenable Network Security, Inc.

RHEL 5 : openssl (RHSA-2015:1197)


Synopsis:

The remote Red Hat host is missing one or more security updates.

Description:

Updated openssl packages that fix three security issues are now
available for Red Hat Enterprise Linux 5.

Red Hat Product Security has rated this update as having Moderate
security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.

OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL
v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a
full-strength, general purpose cryptography library.

An out-of-bounds read flaw was found in the X509_cmp_time() function
of OpenSSL. A specially crafted X.509 certificate or a Certificate
Revocation List (CRL) could possibly cause a TLS/SSL server or client
using OpenSSL to crash. (CVE-2015-1789)

A NULL pointer dereference was found in the way OpenSSL handled
certain PKCS#7 inputs. A specially crafted PKCS#7 input with missing
EncryptedContent data could cause an application using OpenSSL to
crash. (CVE-2015-1790)

A flaw was found in the way the TLS protocol composes the
Diffie-Hellman (DH) key exchange. A man-in-the-middle attacker could
use this flaw to force the use of weak 512 bit export-grade keys
during the key exchange, allowing them to decrypt all traffic.
(CVE-2015-4000)

Note: This update forces the TLS/SSL client implementation in OpenSSL
to reject DH key sizes below 768 bits, which prevents sessions to be
downgraded to export-grade keys. Future updates may raise this limit
to 1024 bits.

Red Hat would like to thank the OpenSSL project for reporting
CVE-2015-1789 and CVE-2015-1790. Upstream acknowledges Robert Swiecki
and Hanno Böck as the original reporters of CVE-2015-1789, and Michal
Zalewski as the original reporter of CVE-2015-1790.

All openssl users are advised to upgrade to these updated packages,
which contain backported patches to correct these issues. For the
update to take effect, all services linked to the OpenSSL library must
be restarted, or the system rebooted.

See also :

https://www.redhat.com/security/data/cve/CVE-2015-1789.html
https://www.redhat.com/security/data/cve/CVE-2015-1790.html
https://www.redhat.com/security/data/cve/CVE-2015-4000.html
https://www.openssl.org/news/secadv_20150611.txt
http://rhn.redhat.com/errata/RHSA-2015-1197.html

Solution :

Update the affected packages.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)

This script is Copyright (C) 2015 Tenable Network Security, Inc.

RHEL 6 / 7 : postgresql (RHSA-2015:1194)


Synopsis:

The remote Red Hat host is missing one or more security updates.

Description:

Updated postgresql packages that fix three security issues are now
available for Red Hat Enterprise Linux 6 and 7.

Red Hat Product Security has rated this update as having Moderate
security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.

PostgreSQL is an advanced object-relational database management system
(DBMS).

A double-free flaw was found in the connection handling. An
unauthenticated attacker could exploit this flaw to crash the
PostgreSQL back end by disconnecting at approximately the same time as
the authentication time out is triggered. (CVE-2015-3165)

It was discovered that PostgreSQL did not properly check the return
values of certain standard library functions. If the system is in a
state that would cause the standard library functions to fail, for
example memory exhaustion, an authenticated user could exploit this
flaw to disclose partial memory contents or cause the GSSAPI
authentication to use an incorrect keytab file. (CVE-2015-3166)

It was discovered that the pgcrypto module could return different
error messages when decrypting certain data with an incorrect key.
This can help an authenticated user to launch a possible cryptographic
attack, although no suitable attack is currently known.
(CVE-2015-3167)

Red Hat would like to thank the PostgreSQL project for reporting these
issues. Upstream acknowledges Benkocs Norbert Attila as the original
reporter of CVE-2015-3165 and Noah Misch as the original reporter of
CVE-2015-3166 and CVE-2015-3167.

All PostgreSQL users are advised to upgrade to these updated packages,
which contain backported patches to correct these issues. If the
postgresql service is running, it will be automatically restarted
after installing this update.

See also :

https://www.redhat.com/security/data/cve/CVE-2015-3165.html
https://www.redhat.com/security/data/cve/CVE-2015-3166.html
https://www.redhat.com/security/data/cve/CVE-2015-3167.html
http://rhn.redhat.com/errata/RHSA-2015-1194.html

Solution :

Update the affected packages.

Risk factor :

Medium / CVSS Base Score : 4.3
(CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P)
CVSS Temporal Score : 3.7
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

This script is Copyright (C) 2015 Tenable Network Security, Inc.

RHEL 7 : xerces-c (RHSA-2015:1193)


Synopsis:

The remote Red Hat host is missing one or more security updates.

Description:

An updated xerces-c package that fixes one security issue is now
available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having Moderate
security impact. A Common Vulnerability Scoring System (CVSS) base
score, which gives a detailed severity rating, is available from the
CVE link in the References section.

Xerces-C is a validating XML parser written in a portable subset of
C++.

A flaw was found in the way the Xerces-C XML parser processed certain
XML documents. A remote attacker could provide specially crafted XML
input that, when parsed by an application using Xerces-C, would cause
that application to crash. (CVE-2015-0252)

All xerces-c users are advised to upgrade to this updated package,
which contains a backported patch to correct this issue.

See also :

https://www.redhat.com/security/data/cve/CVE-2015-0252.html
http://rhn.redhat.com/errata/RHSA-2015-1193.html

Solution :

Update the affected packages.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVSS Temporal Score : 4.3
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

This script is Copyright (C) 2015 Tenable Network Security, Inc.

Oracle Linux 6 / 7 : postgresql (ELSA-2015-1194)


Synopsis:

The remote Oracle Linux host is missing one or more security updates.

Description:

Description of changes:

[9.2.13-1]
- update to 9.2.13 per release notes
http://www.postgresql.org/docs/9.2/static/release-9-2-13.html

[9.2.12-1]
- update to 9.2.12 per release notes
http://www.postgresql.org/docs/9.2/static/release-9-2-12.html

[9.2.11-1]
- update to 9.2.11 per release notes
http://www.postgresql.org/docs/9.2/static/release-9-2-11.html

See also :

https://oss.oracle.com/pipermail/el-errata/2015-June/005184.html
https://oss.oracle.com/pipermail/el-errata/2015-June/005185.html

Solution :

Update the affected postgresql packages.

Risk factor :

Medium / CVSS Base Score : 4.3
(CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P)
CVSS Temporal Score : 3.7
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

This script is Copyright (C) 2015 Tenable Network Security, Inc.

Oracle Linux 7 : xerces-c (ELSA-2015-1193)


Synopsis:

The remote Oracle Linux host is missing one or more security updates.

Description:

Description of changes:

[3.1.1-7]
Resolves: rhbz#1217104 CVE-2015-0252

See also :

https://oss.oracle.com/pipermail/el-errata/2015-June/005182.html

Solution :

Update the affected xerces-c packages.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVSS Temporal Score : 4.3
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

This script is Copyright (C) 2015 Tenable Network Security, Inc.

Fedora 21 : postgresql-9.3.9-1.fc21 (2015-9925)


Synopsis:

The remote Fedora host is missing a security update.

Description:

update to 9.3.9 minor release update to 9.3.8 per release notes update
to 9.3.7 per release notes

See also :

http://www.nessus.org/u?01d92973

Solution :

Update the affected postgresql package.

Risk factor :

High

This script is Copyright (C) 2015 Tenable Network Security, Inc.

Fedora 21 : openvas-cli-1.4.1-2.fc21 / openvas-libraries-8.0.3-2.fc21 / openvas-manager-6.0.3-3.fc21 / etc (2015-10514)


Synopsis:

The remote Fedora host is missing one or more security updates.

Description:

Bump to openvas8 because of the issues found in previous versions.
This should be the first version with scanner really working on
Fedora.

See also :

https://bugzilla.redhat.com/show_bug.cgi?id=1169170
http://www.nessus.org/u?15565068
http://www.nessus.org/u?d19d449b
http://www.nessus.org/u?526d91f8
http://www.nessus.org/u?b4bdafba

Solution :

Update the affected packages.

Risk factor :

High

This script is Copyright (C) 2015 Tenable Network Security, Inc.

Fedora 22 : python-jwt-1.3.0-1.fc22 (2015-10350)


Synopsis:

The remote Fedora host is missing a security update.

Description:

Latest upstream with security fix for
http://seclists.org/oss-sec/2015/q2/3
https://github.com/jpadilla/pyjwt/commit/88a9fc56bdc6c870aa6af93bda401
414a217db2a

See also :

http://seclists.org/oss-sec/2015/q2/3
https://bugzilla.redhat.com/show_bug.cgi?id=1231173
http://www.nessus.org/u?32c7f261
http://www.nessus.org/u?0c94090e

Solution :

Update the affected python-jwt package.

Risk factor :

High

This script is Copyright (C) 2015 Tenable Network Security, Inc.

Fedora 22 : chicken-4.9.0.1-4.fc22 (2015-10333)


Synopsis:

The remote Fedora host is missing a security update.

Description:

Apply patch to work around out of bounds bug: BZ 1231871.

See also :

https://bugzilla.redhat.com/show_bug.cgi?id=1231871
http://www.nessus.org/u?a0f3afcb

Solution :

Update the affected chicken package.

Risk factor :

Low / CVSS Base Score : 3.3
(CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:N)

This script is Copyright (C) 2015 Tenable Network Security, Inc.

Fedora 22 : rubygem-jquery-rails-3.1.0-3.fc22 (2015-10258)


Synopsis:

The remote Fedora host is missing a security update.

Description:

Security fix for CVE-2015-1840

See also :

https://bugzilla.redhat.com/show_bug.cgi?id=1233334
http://www.nessus.org/u?56a52444

Solution :

Update the affected rubygem-jquery-rails package.

Risk factor :

Medium / CVSS Base Score : 4.3
(CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N)

This script is Copyright (C) 2015 Tenable Network Security, Inc.

Fedora 21 : python-jwt-1.3.0-1.fc21 (2015-10249)


Synopsis:

The remote Fedora host is missing a security update.

Description:

Latest upstream with security fix for
http://seclists.org/oss-sec/2015/q2/3
https://github.com/jpadilla/pyjwt/commit/88a9fc56bdc6c870aa6af93bda401
414a217db2a

See also :

http://seclists.org/oss-sec/2015/q2/3
https://bugzilla.redhat.com/show_bug.cgi?id=1231173
http://www.nessus.org/u?32c7f261
http://www.nessus.org/u?89d9eaa6

Solution :

Update the affected python-jwt package.

Risk factor :

High

This script is Copyright (C) 2015 Tenable Network Security, Inc.

Fedora 21 : php-htmLawed-1.1.20-1.fc21 (2015-10169)


Synopsis:

The remote Fedora host is missing a security update.

Description:

**1.1.20** - 9 June 2015. Fix for a potential security vulnerability
arising from unescaped double-quote character in single-quoted
attribute value of some deprecated elements when tag transformation is
enabled
recognition for non-(HTML4) standard 'allowfullscreen'
attribute of 'iframe.'

See also :

http://www.nessus.org/u?c8df22da

Solution :

Update the affected php-htmLawed package.

Risk factor :

High

This script is Copyright (C) 2015 Tenable Network Security, Inc.

Fedora 21 : chicken-4.9.0.1-4.fc21 (2015-10165)


Synopsis:

The remote Fedora host is missing a security update.

Description:

Apply patch to work around out of bounds bug: BZ 1231871.

See also :

https://bugzilla.redhat.com/show_bug.cgi?id=1231871
http://www.nessus.org/u?cef9c2c2

Solution :

Update the affected chicken package.

Risk factor :

Low / CVSS Base Score : 3.3
(CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:N)

This script is Copyright (C) 2015 Tenable Network Security, Inc.

Fedora 21 : rubygem-jquery-rails-3.1.0-3.fc21 (2015-10144)


Synopsis:

The remote Fedora host is missing a security update.

Description:

Security fix for CVE-2015-1840

See also :

https://bugzilla.redhat.com/show_bug.cgi?id=1233334
http://www.nessus.org/u?5a26a96b

Solution :

Update the affected rubygem-jquery-rails package.

Risk factor :

Medium / CVSS Base Score : 4.3
(CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N)

This script is Copyright (C) 2015 Tenable Network Security, Inc.

Fedora 22 : php-htmLawed-1.1.20-1.fc22 (2015-10139)


Synopsis:

The remote Fedora host is missing a security update.

Description:

**1.1.20** - 9 June 2015. Fix for a potential security vulnerability
arising from unescaped double-quote character in single-quoted
attribute value of some deprecated elements when tag transformation is
enabled
recognition for non-(HTML4) standard 'allowfullscreen'
attribute of 'iframe.'

See also :

http://www.nessus.org/u?d1c203d7

Solution :

Update the affected php-htmLawed package.

Risk factor :

High

This script is Copyright (C) 2015 Tenable Network Security, Inc.

Fedora 22 : rubygem-web-console-2.1.3-1.fc22 (2015-10128)


Synopsis:

The remote Fedora host is missing a security update.

Description:

Security fix for CVE-2015-3224. Please note that since the security
fix was not really backportable, I opted in for rebase.

See also :

https://bugzilla.redhat.com/show_bug.cgi?id=1233327
http://www.nessus.org/u?654c947b

Solution :

Update the affected rubygem-web-console package.

Risk factor :

Medium / CVSS Base Score : 4.3
(CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N)

This script is Copyright (C) 2015 Tenable Network Security, Inc.