Newest Plugins

Oracle BI Publisher Mobile Service Unspecified Remote Information Disclosure (July 2014 CPU)


Synopsis:

The remote host is affected by an unspecified remote information
disclosure vulnerability.

Description:

The remote Oracle Business Intelligence Publisher install is affected
by an unspecified information disclosure vulnerability related to the
'Mobile Service' component.

See also :

http://www.nessus.org/u?7de2f8eb

Solution :

Apply the appropriate patch according to the vendor advisory.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)
CVSS Temporal Score : 4.3
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Oracle BI Publisher Installation Detection


Synopsis:

The remote host has a web based reporting solution installed.

Description:

The remote host has Oracle Business Intelligence Publisher installed.
Oracle BI Publisher is a web-based business reporting solution.

See also :

http://www.nessus.org/u?3ff02b8c

Solution :

n/a

Risk factor :

None

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Ubuntu 12.04 LTS : acpi-support vulnerability (USN-2297-1)


Synopsis:

The remote Ubuntu host is missing a security-related patch.

Description:

CESG discovered that acpi-support incorrectly handled certain
privileged operations when checking for power management daemons. A
local attacker could use this flaw to execute arbitrary code and
elevate privileges to root.

Solution :

Update the affected acpi-support package.

Risk factor :

High

Ubuntu Security Notice (C) 2014 Canonical, Inc. / NASL script (C) 2014 Tenable Network Security, Inc.

Ubuntu 12.04 LTS / 14.04 : thunderbird vulnerabilities (USN-2296-1)


Synopsis:

The remote Ubuntu host is missing a security-related patch.

Description:

Christian Holler, David Keeler and Byron Campen discovered multiple
memory safety issues in Thunderbird. If a user were tricked in to
opening a specially crafted message with scripting enabled, an
attacker could potentially exploit these to cause a denial of service
via application crash, or execute arbitrary code with the privileges
of the user invoking Thunderbird. (CVE-2014-1547)

Atte Kettunen discovered a buffer overflow when interacting with
WebAudio buffers. If a user had enabled scripting, an attacker could
potentially exploit this to cause a denial of service via application
crash or execute arbitrary code with the privileges of the user
invoking Thunderbird. (CVE-2014-1549)

Atte Kettunen discovered a use-after-free in WebAudio. If a user had
enabled scripting, an attacker could potentially exploit this to cause
a denial of service via application crash or execute arbitrary code
with the privileges of the user invoking Thunderbird. (CVE-2014-1550)

Jethro Beekman discovered a use-after-free when the FireOnStateChange
event is triggered in some circumstances. If a user had enabled
scripting, an attacker could potentially exploit this to cause a
denial of service via application crash or execute arbitrary code with
the priviliges of the user invoking Thunderbird. (CVE-2014-1555)

Patrick Cozzi discovered a crash when using the Cesium JS library to
generate WebGL content. If a user had enabled scripting, an attacker
could potentially exploit this to execute arbitrary code with the
privilges of the user invoking Thunderbird. (CVE-2014-1556)

Tyson Smith and Jesse Schwartzentruber discovered a use-after-free in
CERT_DestroyCertificate. If a user had enabled scripting, an attacker
could potentially exploit this to cause a denial of service via
application crash or execute arbitrary code with the privileges of the
user invoking Thunderbird. (CVE-2014-1544)

A crash was discovered in Skia when scaling an image, if the scaling
operation takes too long. If a user had enabled scripting, an attacker
could potentially exploit this to execute arbitrary code with the
privileges of the user invoking Thunderbird. (CVE-2014-1557)

Christian Holler discovered several issues when parsing certificates
with non-standard character encoding, resulting in the inability to
use valid SSL certificates in some circumstances. (CVE-2014-1558,
CVE-2014-1559, CVE-2014-1560)

Boris Zbarsky discovered that network redirects could cause an iframe
to escape the confinements defined by its sandbox attribute in some
circumstances. If a user had enabled scripting, an attacker could
potentially exploit this to conduct cross-site scripting attacks.
(CVE-2014-1552).

Solution :

Update the affected thunderbird package.

Risk factor :

High

Ubuntu Security Notice (C) 2014 Canonical, Inc. / NASL script (C) 2014 Tenable Network Security, Inc.

Ubuntu 12.04 LTS / 14.04 : firefox vulnerabilities (USN-2295-1)


Synopsis:

The remote Ubuntu host is missing a security-related patch.

Description:

Christian Holler, David Keeler, Byron Campen, Gary Kwong, Jesse
Ruderman, Andrew McCreight, Alon Zakai, Bobby Holley, Jonathan Watt,
Shu-yu Guo, Steve Fink, Terrence Cole, Gijs Kruitbosch and Cătălin
Badea discovered multiple memory safety issues in Firefox. If a user
were tricked in to opening a specially crafted website, an attacker
could potentially exploit these to cause a denial of service via
application crash, or execute arbitrary code with the privileges of
the user invoking Firefox. (CVE-2014-1547, CVE-2014-1548)

Atte Kettunen discovered a buffer overflow when interacting with
WebAudio buffers. An attacker could potentially exploit this to cause
a denial of service via application crash or execute arbitrary code
with the privileges of the user invoking Firefox. (CVE-2014-1549)

Atte Kettunen discovered a use-after-free in WebAudio. An attacker
could potentially exploit this to cause a denial of service via
application crash or execute arbitrary code with the privileges of the
user invoking Firefox. (CVE-2014-1550)

David Chan and Gijs Kruitbosch discovered that web content could spoof
UI customization events in some circumstances, resulting in a limited
ability to move UI icons. (CVE-2014-1561)

Jethro Beekman discovered a use-after-free when the FireOnStateChange
event is triggered in some circumstances. An attacker could
potentially exploit this to cause a denial of service via application
crash or execute arbitrary code with the priviliges of the user
invoking Firefox. (CVE-2014-1555)

Patrick Cozzi discovered a crash when using the Cesium JS library to
generate WebGL content. An attacker could potentially exploit this to
execute arbitrary code with the privilges of the user invoking
Firefox. (CVE-2014-1556)

Tyson Smith and Jesse Schwartzentruber discovered a use-after-free in
CERT_DestroyCertificate. An attacker could potentially exploit this to
cause a denial of service via application crash or execute arbitrary
code with the privileges of the user invoking Firefox. (CVE-2014-1544)

A crash was discovered in Skia when scaling an image, if the scaling
operation takes too long. An attacker could potentially exploit this
to execute arbitrary code with the privileges of the user invoking
Firefox. (CVE-2014-1557)

Christian Holler discovered several issues when parsing certificates
with non-standard character encoding, resulting in the inability to
use valid SSL certificates in some circumstances. (CVE-2014-1558,
CVE-2014-1559, CVE-2014-1560)

Boris Zbarsky discovered that network redirects could cause an iframe
to escape the confinements defined by its sandbox attribute in some
circumstances. An attacker could potentially exploit this to conduct
cross-site scripting attacks. (CVE-2014-1552).

Solution :

Update the affected firefox package.

Risk factor :

High

Ubuntu Security Notice (C) 2014 Canonical, Inc. / NASL script (C) 2014 Tenable Network Security, Inc.

Ubuntu 10.04 LTS / 12.04 LTS / 14.04 : libtasn1-3, libtasn1-6 vulnerabilities (USN-2294-1)


Synopsis:

The remote Ubuntu host is missing one or more security-related patches.

Description:

It was discovered that Libtasn1 incorrectly handled certain ASN.1 data
structures. An attacker could exploit this with specially crafted
ASN.1 data and cause applications using Libtasn1 to crash, resulting
in a denial of service. (CVE-2014-3467)

It was discovered that Libtasn1 incorrectly handled negative bit
lengths. An attacker could exploit this with specially crafted ASN.1
data and cause applications using Libtasn1 to crash, resulting in a
denial of service, or possibly execute arbitrary code. (CVE-2014-3468)

It was discovered that Libtasn1 incorrectly handled certain ASN.1
data. An attacker could exploit this with specially crafted ASN.1 data
and cause applications using Libtasn1 to crash, resulting in a denial
of service. (CVE-2014-3469).

Solution :

Update the affected libtasn1-3 and / or libtasn1-6 packages.

Risk factor :

Medium / CVSS Base Score : 6.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 5.9
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

Ubuntu Security Notice (C) 2014 Canonical, Inc. / NASL script (C) 2014 Tenable Network Security, Inc.

Scientific Linux Security Update : thunderbird on SL5.x, SL6.x i386/x86_64


Synopsis:

The remote Scientific Linux host is missing one or more security
updates.

Description:

Several flaws were found in the processing of malformed web content. A
web page containing malicious content could cause Thunderbird to crash
or, potentially, execute arbitrary code with the privileges of the
user running Thunderbird. (CVE-2014-1547, CVE-2014-1555,
CVE-2014-1556, CVE-2014-1557)

Note: All of the above issues cannot be exploited by a specially
crafted HTML mail message as JavaScript is disabled by default for
mail messages. They could be exploited another way in Thunderbird, for
example, when viewing the full remote content of an RSS feed.

7.0, which corrects these issues. After installing the update,
Thunderbird must be restarted for the changes to take effect.

See also :

http://www.nessus.org/u?0f56fe3e

Solution :

Update the affected thunderbird and / or thunderbird-debuginfo
packages.

Risk factor :

High

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Scientific Linux Security Update : nss and nspr on SL6.x i386/x86_64


Synopsis:

The remote Scientific Linux host is missing one or more security
updates.

Description:

A race condition was found in the way NSS verified certain
certificates. A remote attacker could use this flaw to crash an
application using NSS or, possibly, execute arbitrary code with the
privileges of the user running that application. (CVE-2014-1544)

A flaw was found in the way TLS False Start was implemented in NSS. An
attacker could use this flaw to potentially return unencrypted
information from the server. (CVE-2013-1740)

A race condition was found in the way NSS implemented session ticket
handling as specified by RFC 5077. An attacker could use this flaw to
crash an application using NSS or, in rare cases, execute arbitrary
code with the privileges of the user running that application.
(CVE-2014-1490)

It was found that NSS accepted weak Diffie-Hellman Key exchange (DHKE)
parameters. This could possibly lead to weak encryption being used in
communication between the client and the server. (CVE-2014-1491)

An out-of-bounds write flaw was found in NSPR. A remote attacker could
potentially use this flaw to crash an application using NSPR or,
possibly, execute arbitrary code with the privileges of the user
running that application. This NSPR flaw was not exposed to web
content in any shipped version of Firefox. (CVE-2014-1545)

It was found that the implementation of Internationalizing Domain
Names in Applications (IDNA) hostname matching in NSS did not follow
the RFC 6125 recommendations. This could lead to certain invalid
certificates with international characters to be accepted as valid.
(CVE-2014-1492)

In addition, the nss package has been upgraded to upstream version
3.16.1, and the nspr package has been upgraded to upstream version
4.10.6. These updated packages provide a number of bug fixes and
enhancements over the previous versions.

After installing this update, applications using NSS or NSPR must be
restarted for this update to take effect.

See also :

http://www.nessus.org/u?374842c8

Solution :

Update the affected packages.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Scientific Linux Security Update : nss and nspr on SL5.x i386/x86_64


Synopsis:

The remote Scientific Linux host is missing one or more security
updates.

Description:

A race condition was found in the way NSS verified certain
certificates. A remote attacker could use this flaw to crash an
application using NSS or, possibly, execute arbitrary code with the
privileges of the user running that application. (CVE-2014-1544)

After installing this update, applications using NSS or NSPR must be
restarted for this update to take effect.

See also :

http://www.nessus.org/u?e43abd8c

Solution :

Update the affected packages.

Risk factor :

High

This script is Copyright (C) 2014 Tenable Network Security, Inc.

RHEL 5 / 6 : firefox (RHSA-2014:0919)


Synopsis:

The remote Red Hat host is missing one or more security updates.

Description:

Updated firefox packages that fix several security issues are now
available for Red Hat Enterprise Linux 5, 6, and 7.

The Red Hat Security Response Team has rated this update as having
Critical security impact. Common Vulnerability Scoring System (CVSS)
base scores, which give detailed severity ratings, are available for
each vulnerability from the CVE links in the References section.

Mozilla Firefox is an open source web browser. XULRunner provides the
XUL Runtime environment for Mozilla Firefox.

Several flaws were found in the processing of malformed web content. A
web page containing malicious content could cause Firefox to crash or,
potentially, execute arbitrary code with the privileges of the user
running Firefox. (CVE-2014-1547, CVE-2014-1555, CVE-2014-1556,
CVE-2014-1557)

Red Hat would like to thank the Mozilla project for reporting these
issues. Upstream acknowledges Christian Holler, David Keeler, Byron
Campen, Jethro Beekman, Patrick Cozzi, and Mozilla community member
John as the original reporters of these issues.

For technical details regarding these flaws, refer to the Mozilla
security advisories for Firefox 24.7.0 ESR. You can find a link to the
Mozilla advisories in the References section of this erratum.

All Firefox users should upgrade to these updated packages, which
contain Firefox version 24.7.0 ESR, which corrects these issues. After
installing the update, Firefox must be restarted for the changes to
take effect.

See also :

https://www.redhat.com/security/data/cve/CVE-2014-1547.html
https://www.redhat.com/security/data/cve/CVE-2014-1555.html
https://www.redhat.com/security/data/cve/CVE-2014-1556.html
https://www.redhat.com/security/data/cve/CVE-2014-1557.html
http://www.nessus.org/u?1436f2f7
http://rhn.redhat.com/errata/RHSA-2014-0919.html

Solution :

Update the affected firefox and / or firefox-debuginfo packages.

Risk factor :

Medium / CVSS Base Score : 6.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)

This script is Copyright (C) 2014 Tenable Network Security, Inc.

RHEL 5 / 6 : thunderbird (RHSA-2014:0918)


Synopsis:

The remote Red Hat host is missing one or more security updates.

Description:

An updated thunderbird package that fixes several security issues is
now available for Red Hat Enterprise Linux 5 and 6.

The Red Hat Security Response Team has rated this update as having
Important security impact. Common Vulnerability Scoring System (CVSS)
base scores, which give detailed severity ratings, are available for
each vulnerability from the CVE links in the References section.

Mozilla Thunderbird is a standalone mail and newsgroup client.

Several flaws were found in the processing of malformed web content. A
web page containing malicious content could cause Thunderbird to crash
or, potentially, execute arbitrary code with the privileges of the
user running Thunderbird. (CVE-2014-1547, CVE-2014-1555,
CVE-2014-1556, CVE-2014-1557)

Red Hat would like to thank the Mozilla project for reporting these
issues. Upstream acknowledges Christian Holler, David Keeler, Byron
Campen, Jethro Beekman, Patrick Cozzi, and Mozilla community member
John as the original reporters of these issues.

Note: All of the above issues cannot be exploited by a specially
crafted HTML mail message as JavaScript is disabled by default for
mail messages. They could be exploited another way in Thunderbird, for
example, when viewing the full remote content of an RSS feed.

For technical details regarding these flaws, refer to the Mozilla
security advisories for Thunderbird 24.7.0. You can find a link to the
Mozilla advisories in the References section of this erratum.

All Thunderbird users should upgrade to this updated package, which
contains Thunderbird version 24.7.0, which corrects these issues.
After installing the update, Thunderbird must be restarted for the
changes to take effect.

See also :

https://www.redhat.com/security/data/cve/CVE-2014-1547.html
https://www.redhat.com/security/data/cve/CVE-2014-1555.html
https://www.redhat.com/security/data/cve/CVE-2014-1556.html
https://www.redhat.com/security/data/cve/CVE-2014-1557.html
http://www.nessus.org/u?333aa168
http://rhn.redhat.com/errata/RHSA-2014-0918.html

Solution :

Update the affected thunderbird and / or thunderbird-debuginfo
packages.

Risk factor :

Medium / CVSS Base Score : 6.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)

This script is Copyright (C) 2014 Tenable Network Security, Inc.

RHEL 6 : nss and nspr (RHSA-2014:0917)


Synopsis:

The remote Red Hat host is missing one or more security updates.

Description:

Updated nss and nspr packages that fix multiple security issues,
several bugs, and add various enhancements are now available for Red
Hat Enterprise Linux 6.

The Red Hat Security Response Team has rated this update as having
Critical security impact. Common Vulnerability Scoring System (CVSS)
base scores, which give detailed severity ratings, are available for
each vulnerability from the CVE links in the References section.

Network Security Services (NSS) is a set of libraries designed to
support the cross-platform development of security-enabled client and
server applications. Netscape Portable Runtime (NSPR) provides
platform independence for non-GUI operating system facilities.

A race condition was found in the way NSS verified certain
certificates. A remote attacker could use this flaw to crash an
application using NSS or, possibly, execute arbitrary code with the
privileges of the user running that application. (CVE-2014-1544)

A flaw was found in the way TLS False Start was implemented in NSS. An
attacker could use this flaw to potentially return unencrypted
information from the server. (CVE-2013-1740)

A race condition was found in the way NSS implemented session ticket
handling as specified by RFC 5077. An attacker could use this flaw to
crash an application using NSS or, in rare cases, execute arbitrary
code with the privileges of the user running that application.
(CVE-2014-1490)

It was found that NSS accepted weak Diffie-Hellman Key exchange (DHKE)
parameters. This could possibly lead to weak encryption being used in
communication between the client and the server. (CVE-2014-1491)

An out-of-bounds write flaw was found in NSPR. A remote attacker could
potentially use this flaw to crash an application using NSPR or,
possibly, execute arbitrary code with the privileges of the user
running that application. This NSPR flaw was not exposed to web
content in any shipped version of Firefox. (CVE-2014-1545)

It was found that the implementation of Internationalizing Domain
Names in Applications (IDNA) hostname matching in NSS did not follow
the RFC 6125 recommendations. This could lead to certain invalid
certificates with international characters to be accepted as valid.
(CVE-2014-1492)

Red Hat would like to thank the Mozilla project for reporting the
CVE-2014-1544, CVE-2014-1490, CVE-2014-1491, and CVE-2014-1545 issues.
Upstream acknowledges Tyson Smith and Jesse Schwartzentruber as the
original reporters of CVE-2014-1544, Brian Smith as the original
reporter of CVE-2014-1490, Antoine Delignat-Lavaud and Karthikeyan
Bhargavan as the original reporters of CVE-2014-1491, and Abhishek
Arya as the original reporter of CVE-2014-1545.

In addition, the nss package has been upgraded to upstream version
3.16.1, and the nspr package has been upgraded to upstream version
4.10.6. These updated packages provide a number of bug fixes and
enhancements over the previous versions. (BZ#1112136, BZ#1112135)

Users of NSS and NSPR are advised to upgrade to these updated
packages, which correct these issues and add these enhancements. After
installing this update, applications using NSS or NSPR must be
restarted for this update to take effect.

See also :

https://www.redhat.com/security/data/cve/CVE-2013-1740.html
https://www.redhat.com/security/data/cve/CVE-2014-1490.html
https://www.redhat.com/security/data/cve/CVE-2014-1491.html
https://www.redhat.com/security/data/cve/CVE-2014-1492.html
https://www.redhat.com/security/data/cve/CVE-2014-1544.html
https://www.redhat.com/security/data/cve/CVE-2014-1545.html
http://rhn.redhat.com/errata/RHSA-2014-0917.html

Solution :

Update the affected packages.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 8.7
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

This script is Copyright (C) 2014 Tenable Network Security, Inc.

RHEL 5 : nss and nspr (RHSA-2014:0916)


Synopsis:

The remote Red Hat host is missing one or more security updates.

Description:

Updated nss and nspr packages that fix one security issue are now
available for Red Hat Enterprise Linux 5 and 7.

The Red Hat Security Response Team has rated this update as having
Critical security impact. A Common Vulnerability Scoring System (CVSS)
base score, which gives a detailed severity rating, is available from
the CVE link in the References section.

Network Security Services (NSS) is a set of libraries designed to
support the cross-platform development of security-enabled client and
server applications. Netscape Portable Runtime (NSPR) provides
platform independence for non-GUI operating system facilities.

A race condition was found in the way NSS verified certain
certificates. A remote attacker could use this flaw to crash an
application using NSS or, possibly, execute arbitrary code with the
privileges of the user running that application. (CVE-2014-1544)

Red Hat would like to thank the Mozilla project for reporting
CVE-2014-1544. Upstream acknowledges Tyson Smith and Jesse
Schwartzentruber as the original reporters.

Users of NSS and NSPR are advised to upgrade to these updated
packages, which correct this issue. After installing this update,
applications using NSS or NSPR must be restarted for this update to
take effect.

See also :

https://www.redhat.com/security/data/cve/CVE-2014-1544.html
http://rhn.redhat.com/errata/RHSA-2014-0916.html

Solution :

Update the affected packages.

Risk factor :

Medium / CVSS Base Score : 5.1
(CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P)

This script is Copyright (C) 2014 Tenable Network Security, Inc.

RHEL 6 : kernel-rt (RHSA-2014:0913)


Synopsis:

The remote Red Hat host is missing one or more security updates.

Description:

Updated kernel-rt packages that fix multiple security issues are now
available for Red Hat Enterprise MRG 2.5.

The Red Hat Security Response Team has rated this update as having
Important security impact. Common Vulnerability Scoring System (CVSS)
base scores, which give detailed severity ratings, are available for
each vulnerability from the CVE links in the References section.

The kernel-rt packages contain the Linux kernel, the core of any Linux
operating system.

* A flaw was found in the way the Linux kernel's futex subsystem
handled the requeuing of certain Priority Inheritance (PI) futexes. A
local, unprivileged user could use this flaw to escalate their
privileges on the system. (CVE-2014-3153, Important)

* It was found that the Linux kernel's ptrace subsystem allowed a
traced process' instruction pointer to be set to a non-canonical
memory address without forcing the non-sysret code path when returning
to user space. A local, unprivileged user could use this flaw to crash
the system or, potentially, escalate their privileges on the system.
(CVE-2014-4699, Important)

Note: The CVE-2014-4699 issue only affected systems using an Intel
CPU.

* It was found that the permission checks performed by the Linux
kernel when a netlink message was received were not sufficient. A
local, unprivileged user could potentially bypass these restrictions
by passing a netlink socket as stdout or stderr to a more privileged
process and altering the output of this process. (CVE-2014-0181,
Moderate)

* It was found that the aio_read_events_ring() function of the Linux
kernel's Asynchronous I/O (AIO) subsystem did not properly sanitize
the AIO ring head received from user space. A local, unprivileged user
could use this flaw to disclose random parts of the (physical) memory
belonging to the kernel and/or other processes. (CVE-2014-0206,
Moderate)

* An out-of-bounds memory access flaw was found in the Netlink
Attribute extension of the Berkeley Packet Filter (BPF) interpreter
functionality in the Linux kernel's networking implementation. A
local, unprivileged user could use this flaw to crash the system or
leak kernel memory to user space via a specially crafted socket
filter. (CVE-2014-3144, CVE-2014-3145, Moderate)

* An out-of-bounds memory access flaw was found in the Linux kernel's
system call auditing implementation. On a system with existing audit
rules defined, a local, unprivileged user could use this flaw to leak
kernel memory to user space or, potentially, crash the system.
(CVE-2014-3917, Moderate)

* A flaw was found in the way Linux kernel's Transparent Huge Pages
(THP) implementation handled non-huge page migration. A local,
unprivileged user could use this flaw to crash the kernel by migrating
transparent hugepages. (CVE-2014-3940, Moderate)

* An integer underflow flaw was found in the way the Linux kernel's
Stream Control Transmission Protocol (SCTP) implementation processed
certain COOKIE_ECHO packets. By sending a specially crafted SCTP
packet, a remote attacker could use this flaw to prevent legitimate
connections to a particular SCTP server socket to be made.
(CVE-2014-4667, Moderate)

* An information leak flaw was found in the RAM Disks Memory Copy
(rd_mcp) backend driver of the iSCSI Target subsystem of the Linux
kernel. A privileged user could use this flaw to leak the contents of
kernel memory to an iSCSI initiator remote client. (CVE-2014-4027,
Low)

Red Hat would like to thank Kees Cook of Google for reporting
CVE-2014-3153, Andy Lutomirski for reporting CVE-2014-4699 and
CVE-2014-0181, and Gopal Reddy Kodudula of Nokia Siemens Networks for
reporting CVE-2014-4667. Google acknowledges Pinkie Pie as the
original reporter of CVE-2014-3153. The CVE-2014-0206 issue was
discovered by Mateusz Guzik of Red Hat.

Users are advised to upgrade to these updated packages, which upgrade
the kernel-rt kernel to version kernel-rt-3.10.33-rt32.43 and correct
these issues. The system must be rebooted for this update to take
effect.

See also :

https://www.redhat.com/security/data/cve/CVE-2014-0181.html
https://www.redhat.com/security/data/cve/CVE-2014-0206.html
https://www.redhat.com/security/data/cve/CVE-2014-3144.html
https://www.redhat.com/security/data/cve/CVE-2014-3145.html
https://www.redhat.com/security/data/cve/CVE-2014-3153.html
https://www.redhat.com/security/data/cve/CVE-2014-3917.html
https://www.redhat.com/security/data/cve/CVE-2014-3940.html
https://www.redhat.com/security/data/cve/CVE-2014-4027.html
https://www.redhat.com/security/data/cve/CVE-2014-4667.html
https://www.redhat.com/security/data/cve/CVE-2014-4699.html
http://rhn.redhat.com/errata/RHSA-2014-0913.html

Solution :

Update the affected packages.

Risk factor :

High / CVSS Base Score : 7.2
(CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 6.3
(CVSS2#E:ND/RL:OF/RC:ND)
Public Exploit Available : false

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Oracle Linux 6 : thunderbird (ELSA-2014-0918)


Synopsis:

The remote Oracle Linux host is missing a security update.

Description:

From Red Hat Security Advisory 2014:0918 :

An updated thunderbird package that fixes several security issues is
now available for Red Hat Enterprise Linux 5 and 6.

The Red Hat Security Response Team has rated this update as having
Important security impact. Common Vulnerability Scoring System (CVSS)
base scores, which give detailed severity ratings, are available for
each vulnerability from the CVE links in the References section.

Mozilla Thunderbird is a standalone mail and newsgroup client.

Several flaws were found in the processing of malformed web content. A
web page containing malicious content could cause Thunderbird to crash
or, potentially, execute arbitrary code with the privileges of the
user running Thunderbird. (CVE-2014-1547, CVE-2014-1555,
CVE-2014-1556, CVE-2014-1557)

Red Hat would like to thank the Mozilla project for reporting these
issues. Upstream acknowledges Christian Holler, David Keeler, Byron
Campen, Jethro Beekman, Patrick Cozzi, and Mozilla community member
John as the original reporters of these issues.

Note: All of the above issues cannot be exploited by a specially
crafted HTML mail message as JavaScript is disabled by default for
mail messages. They could be exploited another way in Thunderbird, for
example, when viewing the full remote content of an RSS feed.

For technical details regarding these flaws, refer to the Mozilla
security advisories for Thunderbird 24.7.0. You can find a link to the
Mozilla advisories in the References section of this erratum.

All Thunderbird users should upgrade to this updated package, which
contains Thunderbird version 24.7.0, which corrects these issues.
After installing the update, Thunderbird must be restarted for the
changes to take effect.

See also :

https://oss.oracle.com/pipermail/el-errata/2014-July/004240.html

Solution :

Update the affected thunderbird package.

Risk factor :

High

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Oracle Linux 6 : nspr / nss (ELSA-2014-0917)


Synopsis:

The remote Oracle Linux host is missing one or more security updates.

Description:

From Red Hat Security Advisory 2014:0917 :

Updated nss and nspr packages that fix multiple security issues,
several bugs, and add various enhancements are now available for Red
Hat Enterprise Linux 6.

The Red Hat Security Response Team has rated this update as having
Critical security impact. Common Vulnerability Scoring System (CVSS)
base scores, which give detailed severity ratings, are available for
each vulnerability from the CVE links in the References section.

Network Security Services (NSS) is a set of libraries designed to
support the cross-platform development of security-enabled client and
server applications. Netscape Portable Runtime (NSPR) provides
platform independence for non-GUI operating system facilities.

A race condition was found in the way NSS verified certain
certificates. A remote attacker could use this flaw to crash an
application using NSS or, possibly, execute arbitrary code with the
privileges of the user running that application. (CVE-2014-1544)

A flaw was found in the way TLS False Start was implemented in NSS. An
attacker could use this flaw to potentially return unencrypted
information from the server. (CVE-2013-1740)

A race condition was found in the way NSS implemented session ticket
handling as specified by RFC 5077. An attacker could use this flaw to
crash an application using NSS or, in rare cases, execute arbitrary
code with the privileges of the user running that application.
(CVE-2014-1490)

It was found that NSS accepted weak Diffie-Hellman Key exchange (DHKE)
parameters. This could possibly lead to weak encryption being used in
communication between the client and the server. (CVE-2014-1491)

An out-of-bounds write flaw was found in NSPR. A remote attacker could
potentially use this flaw to crash an application using NSPR or,
possibly, execute arbitrary code with the privileges of the user
running that application. This NSPR flaw was not exposed to web
content in any shipped version of Firefox. (CVE-2014-1545)

It was found that the implementation of Internationalizing Domain
Names in Applications (IDNA) hostname matching in NSS did not follow
the RFC 6125 recommendations. This could lead to certain invalid
certificates with international characters to be accepted as valid.
(CVE-2014-1492)

Red Hat would like to thank the Mozilla project for reporting the
CVE-2014-1544, CVE-2014-1490, CVE-2014-1491, and CVE-2014-1545 issues.
Upstream acknowledges Tyson Smith and Jesse Schwartzentruber as the
original reporters of CVE-2014-1544, Brian Smith as the original
reporter of CVE-2014-1490, Antoine Delignat-Lavaud and Karthikeyan
Bhargavan as the original reporters of CVE-2014-1491, and Abhishek
Arya as the original reporter of CVE-2014-1545.

In addition, the nss package has been upgraded to upstream version
3.16.1, and the nspr package has been upgraded to upstream version
4.10.6. These updated packages provide a number of bug fixes and
enhancements over the previous versions. (BZ#1112136, BZ#1112135)

Users of NSS and NSPR are advised to upgrade to these updated
packages, which correct these issues and add these enhancements. After
installing this update, applications using NSS or NSPR must be
restarted for this update to take effect.

See also :

https://oss.oracle.com/pipermail/el-errata/2014-July/004239.html

Solution :

Update the affected nspr and / or nss packages.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 8.7
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Fedora 19 : libXfont-1.4.8-1.fc19 (2014-8223)


Synopsis:

The remote Fedora host is missing a security update.

Description:

- libXfont 1.4.8 (rhbz#1100441)

- Fixes: CVE-2014-0209, CVE-2014-0210, CVE-2014-0211
(rhbz#1097397)

See also :

https://bugzilla.redhat.com/show_bug.cgi?id=1096593
https://bugzilla.redhat.com/show_bug.cgi?id=1096597
https://bugzilla.redhat.com/show_bug.cgi?id=1096601
http://www.nessus.org/u?7251792d

Solution :

Update the affected libXfont package.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Fedora 19 : python-simplejson-3.5.3-1.fc19 (2014-7716)


Synopsis:

The remote Fedora host is missing a security update.

Description:

Fixes a potential security issue
https://github.com/simplejson/simplejson/issues/98

See also :

https://bugzilla.redhat.com/show_bug.cgi?id=1093685
https://github.com/simplejson/simplejson/issues/98
http://www.nessus.org/u?58f2c9b8

Solution :

Update the affected python-simplejson package.

Risk factor :

High

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Fedora 20 : readline-6.2-10.fc20 (2014-7523)


Synopsis:

The remote Fedora host is missing a security update.

Description:

readline in Fedora is very slow when rl_event_hook is used, this
update fix it. Security patch for debug functions

See also :

https://bugzilla.redhat.com/show_bug.cgi?id=1077026
https://bugzilla.redhat.com/show_bug.cgi?id=1109946
http://www.nessus.org/u?f09b9369

Solution :

Update the affected readline package.

Risk factor :

High

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Debian DSA-2985-1 : mysql-5.5 - security update


Synopsis:

The remote Debian host is missing a security-related update.

Description:

Several issues have been discovered in the MySQL database server. The
vulnerabilities are addressed by upgrading MySQL to the new upstream
version 5.5.38. Please see the MySQL 5.5 Release Notes and Oracle's
Critical Patch Update advisory for further details :

-
http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-
38.html
-
http://www.oracle.com/technetwork/topics/security/cpujul
2014-1972956.html

See also :

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=754941
http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-38.html
http://www.nessus.org/u?7de2f8eb
http://www.debian.org/security/2014/dsa-2985

Solution :

Upgrade the mysql-5.5 packages.

For the stable distribution (wheezy), these problems have been fixed
in version 5.5.38-0+wheezy1.

Risk factor :

Medium / CVSS Base Score : 6.5
(CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P)
CVSS Temporal Score : 5.7
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Debian DSA-2980-1 : openjdk-6 - security update


Synopsis:

The remote Debian host is missing a security-related update.

Description:

Several vulnerabilities have been discovered in OpenJDK, an
implementation of the Oracle Java platform, resulting in the execution
of arbitrary code, breakouts of the Java sandbox, information
disclosure or denial of service.

See also :

http://www.debian.org/security/2014/dsa-2980

Solution :

Upgrade the openjdk-6 packages.

For the stable distribution (wheezy), these problems have been fixed
in version 6b32-1.13.4-1~deb7u1.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 8.1
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

This script is Copyright (C) 2014 Tenable Network Security, Inc.

CentOS 5 / 6 / 7 : firefox / xulrunner (CESA-2014:0919)


Synopsis:

The remote CentOS host is missing one or more security updates.

Description:

Updated firefox packages that fix several security issues are now
available for Red Hat Enterprise Linux 5, 6, and 7.

The Red Hat Security Response Team has rated this update as having
Critical security impact. Common Vulnerability Scoring System (CVSS)
base scores, which give detailed severity ratings, are available for
each vulnerability from the CVE links in the References section.

Mozilla Firefox is an open source web browser. XULRunner provides the
XUL Runtime environment for Mozilla Firefox.

Several flaws were found in the processing of malformed web content. A
web page containing malicious content could cause Firefox to crash or,
potentially, execute arbitrary code with the privileges of the user
running Firefox. (CVE-2014-1547, CVE-2014-1555, CVE-2014-1556,
CVE-2014-1557)

Red Hat would like to thank the Mozilla project for reporting these
issues. Upstream acknowledges Christian Holler, David Keeler, Byron
Campen, Jethro Beekman, Patrick Cozzi, and Mozilla community member
John as the original reporters of these issues.

For technical details regarding these flaws, refer to the Mozilla
security advisories for Firefox 24.7.0 ESR. You can find a link to the
Mozilla advisories in the References section of this erratum.

All Firefox users should upgrade to these updated packages, which
contain Firefox version 24.7.0 ESR, which corrects these issues. After
installing the update, Firefox must be restarted for the changes to
take effect.

See also :

http://www.nessus.org/u?8b4a166e
http://www.nessus.org/u?7f8f9f03
http://www.nessus.org/u?2ff143fe

Solution :

Update the affected firefox and / or xulrunner packages.

Risk factor :

High

This script is Copyright (C) 2014 Tenable Network Security, Inc.

CentOS 5 / 6 : thunderbird (CESA-2014:0918)


Synopsis:

The remote CentOS host is missing a security update.

Description:

An updated thunderbird package that fixes several security issues is
now available for Red Hat Enterprise Linux 5 and 6.

The Red Hat Security Response Team has rated this update as having
Important security impact. Common Vulnerability Scoring System (CVSS)
base scores, which give detailed severity ratings, are available for
each vulnerability from the CVE links in the References section.

Mozilla Thunderbird is a standalone mail and newsgroup client.

Several flaws were found in the processing of malformed web content. A
web page containing malicious content could cause Thunderbird to crash
or, potentially, execute arbitrary code with the privileges of the
user running Thunderbird. (CVE-2014-1547, CVE-2014-1555,
CVE-2014-1556, CVE-2014-1557)

Red Hat would like to thank the Mozilla project for reporting these
issues. Upstream acknowledges Christian Holler, David Keeler, Byron
Campen, Jethro Beekman, Patrick Cozzi, and Mozilla community member
John as the original reporters of these issues.

Note: All of the above issues cannot be exploited by a specially
crafted HTML mail message as JavaScript is disabled by default for
mail messages. They could be exploited another way in Thunderbird, for
example, when viewing the full remote content of an RSS feed.

For technical details regarding these flaws, refer to the Mozilla
security advisories for Thunderbird 24.7.0. You can find a link to the
Mozilla advisories in the References section of this erratum.

All Thunderbird users should upgrade to this updated package, which
contains Thunderbird version 24.7.0, which corrects these issues.
After installing the update, Thunderbird must be restarted for the
changes to take effect.

See also :

http://www.nessus.org/u?c4c4176e
http://www.nessus.org/u?3f3dcd31

Solution :

Update the affected thunderbird package.

Risk factor :

High

This script is Copyright (C) 2014 Tenable Network Security, Inc.

CentOS 6 : nspr / nss / nss-util (CESA-2014:0917)


Synopsis:

The remote CentOS host is missing one or more security updates.

Description:

Updated nss and nspr packages that fix multiple security issues,
several bugs, and add various enhancements are now available for Red
Hat Enterprise Linux 6.

The Red Hat Security Response Team has rated this update as having
Critical security impact. Common Vulnerability Scoring System (CVSS)
base scores, which give detailed severity ratings, are available for
each vulnerability from the CVE links in the References section.

Network Security Services (NSS) is a set of libraries designed to
support the cross-platform development of security-enabled client and
server applications. Netscape Portable Runtime (NSPR) provides
platform independence for non-GUI operating system facilities.

A race condition was found in the way NSS verified certain
certificates. A remote attacker could use this flaw to crash an
application using NSS or, possibly, execute arbitrary code with the
privileges of the user running that application. (CVE-2014-1544)

A flaw was found in the way TLS False Start was implemented in NSS. An
attacker could use this flaw to potentially return unencrypted
information from the server. (CVE-2013-1740)

A race condition was found in the way NSS implemented session ticket
handling as specified by RFC 5077. An attacker could use this flaw to
crash an application using NSS or, in rare cases, execute arbitrary
code with the privileges of the user running that application.
(CVE-2014-1490)

It was found that NSS accepted weak Diffie-Hellman Key exchange (DHKE)
parameters. This could possibly lead to weak encryption being used in
communication between the client and the server. (CVE-2014-1491)

An out-of-bounds write flaw was found in NSPR. A remote attacker could
potentially use this flaw to crash an application using NSPR or,
possibly, execute arbitrary code with the privileges of the user
running that application. This NSPR flaw was not exposed to web
content in any shipped version of Firefox. (CVE-2014-1545)

It was found that the implementation of Internationalizing Domain
Names in Applications (IDNA) hostname matching in NSS did not follow
the RFC 6125 recommendations. This could lead to certain invalid
certificates with international characters to be accepted as valid.
(CVE-2014-1492)

Red Hat would like to thank the Mozilla project for reporting the
CVE-2014-1544, CVE-2014-1490, CVE-2014-1491, and CVE-2014-1545 issues.
Upstream acknowledges Tyson Smith and Jesse Schwartzentruber as the
original reporters of CVE-2014-1544, Brian Smith as the original
reporter of CVE-2014-1490, Antoine Delignat-Lavaud and Karthikeyan
Bhargavan as the original reporters of CVE-2014-1491, and Abhishek
Arya as the original reporter of CVE-2014-1545.

In addition, the nss package has been upgraded to upstream version
3.16.1, and the nspr package has been upgraded to upstream version
4.10.6. These updated packages provide a number of bug fixes and
enhancements over the previous versions. (BZ#1112136, BZ#1112135)

Users of NSS and NSPR are advised to upgrade to these updated
packages, which correct these issues and add these enhancements. After
installing this update, applications using NSS or NSPR must be
restarted for this update to take effect.

See also :

http://www.nessus.org/u?f629cef6
http://www.nessus.org/u?90dee5fb
http://www.nessus.org/u?beff70e8

Solution :

Update the affected nspr, nss and / or nss-util packages.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 8.7
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

This script is Copyright (C) 2014 Tenable Network Security, Inc.

CentOS 5 / 7 : nspr / nss (CESA-2014:0916)


Synopsis:

The remote CentOS host is missing one or more security updates.

Description:

Updated nss and nspr packages that fix one security issue are now
available for Red Hat Enterprise Linux 5 and 7.

The Red Hat Security Response Team has rated this update as having
Critical security impact. A Common Vulnerability Scoring System (CVSS)
base score, which gives a detailed severity rating, is available from
the CVE link in the References section.

Network Security Services (NSS) is a set of libraries designed to
support the cross-platform development of security-enabled client and
server applications. Netscape Portable Runtime (NSPR) provides
platform independence for non-GUI operating system facilities.

A race condition was found in the way NSS verified certain
certificates. A remote attacker could use this flaw to crash an
application using NSS or, possibly, execute arbitrary code with the
privileges of the user running that application. (CVE-2014-1544)

Red Hat would like to thank the Mozilla project for reporting
CVE-2014-1544. Upstream acknowledges Tyson Smith and Jesse
Schwartzentruber as the original reporters.

Users of NSS and NSPR are advised to upgrade to these updated
packages, which correct this issue. After installing this update,
applications using NSS or NSPR must be restarted for this update to
take effect.

See also :

http://www.nessus.org/u?c105131d
http://www.nessus.org/u?1b568bed
http://www.nessus.org/u?0055d163

Solution :

Update the affected nspr and / or nss packages.

Risk factor :

High

This script is Copyright (C) 2014 Tenable Network Security, Inc.

CentOS 7 : libvirt (CESA-2014:0914)


Synopsis:

The remote CentOS host is missing one or more security updates.

Description:

The remote CentOS host is missing a security update which has been
documented in Red Hat advisory RHSA-2014:0914.

See also :

http://www.nessus.org/u?cd0373e7

Solution :

Update the affected libvirt packages.

Risk factor :

Medium

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Oracle JRockit R27 < R27.7.2.5 / R28 < R28.2.3.13 Multiple Vulnerabilities (April 2012 CPU)


Synopsis:

The remote Windows host contains a programming platform that is
affected by multiple vulnerabilities.

Description:

The remote host has a version of Oracle JRockit that is affected by
multiple vulnerabilities that could allow a remote attacker to
compromise system confidentiality and integrity via unspecified
vectors.

See also :

http://www.nessus.org/u?9865fa8a

Solution :

Upgrade to version R27.7.2.5 / R28.2.3.13 or later.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 7.8
(CVSS2#E:POC/RL:OF/RC:C)
Public Exploit Available : true

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Ubuntu 10.04 LTS / 12.04 LTS / 14.04 : cups vulnerability (USN-2293-1)


Synopsis:

The remote Ubuntu host is missing a security-related patch.

Description:

Francisco Alonso discovered that the CUPS web interface incorrectly
validated permissions on rss files. A local attacker could possibly
use this issue to bypass file permissions and read arbitrary files,
possibly leading to a privilege escalation.

Solution :

Update the affected cups package.

Risk factor :

High

Ubuntu Security Notice (C) 2014 Canonical, Inc. / NASL script (C) 2014 Tenable Network Security, Inc.

Scientific Linux Security Update : java-1.6.0-openjdk on SL5.x, SL6.x i386/srpm/x86_64


Synopsis:

The remote Scientific Linux host is missing one or more security
updates.

Description:

It was discovered that the Hotspot component in OpenJDK did not
properly verify bytecode from the class files. An untrusted Java
application or applet could possibly use these flaws to bypass Java
sandbox restrictions. (CVE-2014-4216, CVE-2014-4219)

A format string flaw was discovered in the Hotspot component event
logger in OpenJDK. An untrusted Java application or applet could use
this flaw to crash the Java Virtual Machine or, potentially, execute
arbitrary code with the privileges of the Java Virtual Machine.
(CVE-2014-2490)

An improper permission check issue was discovered in the Libraries
component in OpenJDK. An untrusted Java application or applet could
use this flaw to bypass Java sandbox restrictions. (CVE-2014-4262)

Multiple flaws were discovered in the JMX, Libraries, Security, and
Serviceability components in OpenJDK. An untrusted Java application or
applet could use these flaws to bypass certain Java sandbox
restrictions. (CVE-2014-4209, CVE-2014-4218, CVE-2014-4252,
CVE-2014-4266)

It was discovered that the RSA algorithm in the Security component in
OpenJDK did not sufficiently perform blinding while performing
operations that were using private keys. An attacker able to measure
timing differences of those operations could possibly leak information
about the used keys. (CVE-2014-4244)

The Diffie-Hellman (DH) key exchange algorithm implementation in the
Security component in OpenJDK failed to validate public DH parameters
properly. This could cause OpenJDK to accept and use weak parameters,
allowing an attacker to recover the negotiated key. (CVE-2014-4263)

This update also fixes the following bug :

- Prior to this update, an application accessing an
unsynchronized HashMap could potentially enter an
infinite loop and consume an excessive amount of CPU
resources. This update resolves this issue.

All running instances of OpenJDK Java must be restarted for the update
to take effect.

See also :

http://www.nessus.org/u?24575feb

Solution :

Update the affected packages.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)

This script is Copyright (C) 2014 Tenable Network Security, Inc.

RHEL 5 / 6 : java-1.6.0-openjdk (RHSA-2014:0907)


Synopsis:

The remote Red Hat host is missing one or more security updates.

Description:

Updated java-1.6.0-openjdk packages that fix multiple security issues
and one bug are now available for Red Hat Enterprise Linux 5, 6, and
7.

The Red Hat Security Response Team has rated this update as having
Important security impact. Common Vulnerability Scoring System (CVSS)
base scores, which give detailed severity ratings, are available for
each vulnerability from the CVE links in the References section.

The java-1.6.0-openjdk packages provide the OpenJDK 6 Java Runtime
Environment and the OpenJDK 6 Java Software Development Kit.

It was discovered that the Hotspot component in OpenJDK did not
properly verify bytecode from the class files. An untrusted Java
application or applet could possibly use these flaws to bypass Java
sandbox restrictions. (CVE-2014-4216, CVE-2014-4219)

A format string flaw was discovered in the Hotspot component event
logger in OpenJDK. An untrusted Java application or applet could use
this flaw to crash the Java Virtual Machine or, potentially, execute
arbitrary code with the privileges of the Java Virtual Machine.
(CVE-2014-2490)

An improper permission check issue was discovered in the Libraries
component in OpenJDK. An untrusted Java application or applet could
use this flaw to bypass Java sandbox restrictions. (CVE-2014-4262)

Multiple flaws were discovered in the JMX, Libraries, Security, and
Serviceability components in OpenJDK. An untrusted Java application or
applet could use these flaws to bypass certain Java sandbox
restrictions. (CVE-2014-4209, CVE-2014-4218, CVE-2014-4252,
CVE-2014-4266)

It was discovered that the RSA algorithm in the Security component in
OpenJDK did not sufficiently perform blinding while performing
operations that were using private keys. An attacker able to measure
timing differences of those operations could possibly leak information
about the used keys. (CVE-2014-4244)

The Diffie-Hellman (DH) key exchange algorithm implementation in the
Security component in OpenJDK failed to validate public DH parameters
properly. This could cause OpenJDK to accept and use weak parameters,
allowing an attacker to recover the negotiated key. (CVE-2014-4263)

The CVE-2014-4262 issue was discovered by Florian Weimer of Red Hat
Product Security.

This update also fixes the following bug :

* Prior to this update, an application accessing an unsynchronized
HashMap could potentially enter an infinite loop and consume an
excessive amount of CPU resources. This update resolves this issue.
(BZ#1115580)

All users of java-1.6.0-openjdk are advised to upgrade to these
updated packages, which resolve these issues. All running instances of
OpenJDK Java must be restarted for the update to take effect.

See also :

https://www.redhat.com/security/data/cve/CVE-2014-2490.html
https://www.redhat.com/security/data/cve/CVE-2014-4209.html
https://www.redhat.com/security/data/cve/CVE-2014-4216.html
https://www.redhat.com/security/data/cve/CVE-2014-4218.html
https://www.redhat.com/security/data/cve/CVE-2014-4219.html
https://www.redhat.com/security/data/cve/CVE-2014-4244.html
https://www.redhat.com/security/data/cve/CVE-2014-4252.html
https://www.redhat.com/security/data/cve/CVE-2014-4262.html
https://www.redhat.com/security/data/cve/CVE-2014-4263.html
https://www.redhat.com/security/data/cve/CVE-2014-4266.html
http://rhn.redhat.com/errata/RHSA-2014-0907.html

Solution :

Update the affected packages.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)

This script is Copyright (C) 2014 Tenable Network Security, Inc.

RHEL 5 : MRG (RHSA-2014:0859)


Synopsis:

The remote Red Hat host is missing a security update.

Description:

An updated cumin package that fixes two security issues is now
available for Red Hat Enterprise MRG 2.5 for Red Hat Enterprise Linux
5.

The Red Hat Security Response Team has rated this update as having
Moderate security impact. Common Vulnerability Scoring System (CVSS)
base scores, which give detailed severity ratings, are available for
each vulnerability from the CVE links in the References section.

Red Hat Enterprise MRG (Messaging, Realtime, and Grid) is a
next-generation IT infrastructure for enterprise computing. MRG offers
increased performance, reliability, interoperability, and faster
computing for enterprise customers.

It was found that if Cumin were asked to display a link name
containing non-ASCII characters, the request would terminate with an
error. If data containing non-ASCII characters were added to the
database (such as via Cumin or Wallaby), requests to load said data
would terminate and the requested page would not be displayed until an
administrator cleans the database. (CVE-2012-2682)

It was found that Cumin did not set the HttpOnly flag on session
cookies. This could allow a malicious script to access the session
cookie. (CVE-2014-0174)

These issues were discovered by Stanislav Graf of Red Hat.

All users of cumin with Red Hat Enterprise MRG 2.5 for Red Hat
Enterprise Linux 5 are advised to upgrade to this updated package,
which corrects these issues.

See also :

https://www.redhat.com/security/data/cve/CVE-2012-2682.html
https://www.redhat.com/security/data/cve/CVE-2014-0174.html
http://rhn.redhat.com/errata/RHSA-2014-0859.html

Solution :

Update the affected cumin package.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)

This script is Copyright (C) 2014 Tenable Network Security, Inc.

RHEL 6 : MRG (RHSA-2014:0858)


Synopsis:

The remote Red Hat host is missing a security update.

Description:

An updated cumin package that fixes two security issues is now
available for Red Hat Enterprise MRG 2.5 for Red Hat Enterprise Linux
6.

The Red Hat Security Response Team has rated this update as having
Moderate security impact. Common Vulnerability Scoring System (CVSS)
base scores, which give detailed severity ratings, are available for
each vulnerability from the CVE links in the References section.

Red Hat Enterprise MRG (Messaging, Realtime, and Grid) is a
next-generation IT infrastructure for enterprise computing. MRG offers
increased performance, reliability, interoperability, and faster
computing for enterprise customers.

It was found that if Cumin were asked to display a link name
containing non-ASCII characters, the request would terminate with an
error. If data containing non-ASCII characters were added to the
database (such as via Cumin or Wallaby), requests to load said data
would terminate and the requested page would not be displayed until an
administrator cleans the database. (CVE-2012-2682)

It was found that Cumin did not set the HttpOnly flag on session
cookies. This could allow a malicious script to access the session
cookie. (CVE-2014-0174)

These issues were discovered by Stanislav Graf of Red Hat.

All users of cumin with Red Hat Enterprise MRG 2.5 for Red Hat
Enterprise Linux 6 are advised to upgrade to this updated package,
which corrects these issues.

See also :

https://www.redhat.com/security/data/cve/CVE-2012-2682.html
https://www.redhat.com/security/data/cve/CVE-2014-0174.html
http://rhn.redhat.com/errata/RHSA-2014-0858.html

Solution :

Update the affected cumin package.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)

This script is Copyright (C) 2014 Tenable Network Security, Inc.

RHEL 6 : MRG (RHSA-2014:0557)


Synopsis:

The remote Red Hat host is missing one or more security updates.

Description:

Updated kernel-rt packages that fix multiple security issues are now
available for Red Hat Enterprise MRG 2.5.

The Red Hat Security Response Team has rated this update as having
Important security impact. Common Vulnerability Scoring System (CVSS)
base scores, which give detailed severity ratings, are available for
each vulnerability from the CVE links in the References section.

The kernel-rt packages contain the Linux kernel, the core of any Linux
operating system.

* A race condition leading to a use-after-free flaw was found in the
way the Linux kernel's TCP/IP protocol suite implementation handled
the addition of fragments to the LRU (Last-Recently Used) list under
certain conditions. A remote attacker could use this flaw to crash the
system or, potentially, escalate their privileges on the system by
sending a large amount of specially crafted fragmented packets to that
system. (CVE-2014-0100, Important)

* A race condition flaw, leading to heap-based buffer overflows, was
found in the way the Linux kernel's N_TTY line discipline (LDISC)
implementation handled concurrent processing of echo output and TTY
write operations originating from user space when the underlying TTY
driver was PTY. An unprivileged, local user could use this flaw to
crash the system or, potentially, escalate their privileges on the
system. (CVE-2014-0196, Important)

* A flaw was found in the way the Linux kernel's floppy driver handled
user space provided data in certain error code paths while processing
FDRAWCMD IOCTL commands. A local user with write access to /dev/fdX
could use this flaw to free (using the kfree() function) arbitrary
kernel memory. (CVE-2014-1737, Important)

* It was found that the Linux kernel's floppy driver leaked internal
kernel memory addresses to user space during the processing of the
FDRAWCMD IOCTL command. A local user with write access to /dev/fdX
could use this flaw to obtain information about the kernel heap
arrangement. (CVE-2014-1738, Low)

Note: A local user with write access to /dev/fdX could use these two
flaws (CVE-2014-1737 in combination with CVE-2014-1738) to escalate
their privileges on the system.

* A use-after-free flaw was found in the way the ping_init_sock()
function of the Linux kernel handled the group_info reference counter.
A local, unprivileged user could use this flaw to crash the system or,
potentially, escalate their privileges on the system. (CVE-2014-2851,
Important)

* It was found that a remote attacker could use a race condition flaw
in the ath_tx_aggr_sleep() function to crash the system by creating
large network traffic on the system's Atheros 9k wireless network
adapter. (CVE-2014-2672, Moderate)

* A NULL pointer dereference flaw was found in the
rds_iw_laddr_check() function in the Linux kernel's implementation of
Reliable Datagram Sockets (RDS). A local, unprivileged user could use
this flaw to crash the system. (CVE-2014-2678, Moderate)

* A race condition flaw was found in the way the Linux kernel's
mac80211 subsystem implementation handled synchronization between TX
and STA wake-up code paths. A remote attacker could use this flaw to
crash the system. (CVE-2014-2706, Moderate)

* It was found that the try_to_unmap_cluster() function in the Linux
kernel's Memory Managment subsystem did not properly handle page
locking in certain cases, which could potentially trigger the BUG_ON()
macro in the mlock_vma_page() function. A local, unprivileged user
could use this flaw to crash the system. (CVE-2014-3122, Moderate)

Red Hat would like to thank Matthew Daley for reporting CVE-2014-1737
and CVE-2014-1738. The CVE-2014-0100 issue was discovered by Nikolay
Aleksandrov of Red Hat.

Users are advised to upgrade to these updated packages, which upgrade
the kernel-rt kernel to version kernel-rt-3.10.33-rt32.34 and correct
these issues. The system must be rebooted for this update to take
effect.

See also :

https://www.redhat.com/security/data/cve/CVE-2014-0100.html
https://www.redhat.com/security/data/cve/CVE-2014-0196.html
https://www.redhat.com/security/data/cve/CVE-2014-1737.html
https://www.redhat.com/security/data/cve/CVE-2014-1738.html
https://www.redhat.com/security/data/cve/CVE-2014-2672.html
https://www.redhat.com/security/data/cve/CVE-2014-2678.html
https://www.redhat.com/security/data/cve/CVE-2014-2706.html
https://www.redhat.com/security/data/cve/CVE-2014-2851.html
https://www.redhat.com/security/data/cve/CVE-2014-3122.html
http://rhn.redhat.com/errata/RHSA-2014-0557.html

Solution :

Update the affected packages.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 8.1
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

This script is Copyright (C) 2014 Tenable Network Security, Inc.

RHEL 5 : MRG (RHSA-2014:0441)


Synopsis:

The remote Red Hat host is missing one or more security updates.

Description:

Updated Messaging component packages that fix one security issue,
several bugs, and add various enhancements are now available for Red
Hat Enterprise MRG 2.5 for Red Hat Enterprise Linux 5.

The Red Hat Security Response Team has rated this update as having
Moderate security impact. A Common Vulnerability Scoring System (CVSS)
base score, which gives a detailed severity rating, is available from
the CVE link in the References section.

Red Hat Enterprise MRG (Messaging, Realtime, and Grid) is a
next-generation IT infrastructure for enterprise computing. MRG offers
increased performance, reliability, interoperability, and faster
computing for enterprise customers.

MRG Messaging is a high-speed reliable messaging distribution for
Linux based on AMQP (Advanced Message Queuing Protocol), an open
protocol standard for enterprise messaging that is designed to make
mission critical messaging widely available as a standard service, and
to make enterprise messaging interoperable across platforms,
programming languages, and vendors. MRG Messaging includes an AMQP
0-10 messaging broker
AMQP 0-10 client libraries for C++, Java JMS,
and Python
as well as persistence libraries and management tools.

It was found that MRG Management Console (cumin) used the crypt(3)
DES-based hash function to hash passwords. DES-based hashing has known
weaknesses that allow an attacker to more easily recover plain text
passwords from hashes via brute-force guessing. An attacker able to
compromise a cumin user database could potentially use this flaw to
recover plain text passwords from the password hashes stored in that
database. (CVE-2013-6445)

Note: In deployments where user account information is stored in a
database managed by cumin, it is recommended that users change their
passwords after this update is applied.

This issue was discovered by Tomáš Nováčik of the Red Hat MRG
Quality Engineering team.

This update also fixes several bugs and adds enhancements.
Documentation for these changes will be available shortly from the
Technical Notes document linked to in the References section.

All users of the Messaging capabilities of Red Hat Enterprise MRG are
advised to upgrade to these updated packages, which resolve these
issues and add these enhancements. After installing the updated
packages, stop the cluster by either running 'service qpidd stop' on
all nodes, or 'qpid-cluster --all-stop' on any one of the cluster
nodes. Once stopped, restart the cluster with 'service qpidd start' on
all nodes for the update to take effect.

See also :

https://www.redhat.com/security/data/cve/CVE-2013-6445.html
http://www.nessus.org/u?ae491241
http://rhn.redhat.com/errata/RHSA-2014-0441.html

Solution :

Update the affected cumin and / or mrg-release packages.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)
CVSS Temporal Score : 4.3
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

This script is Copyright (C) 2014 Tenable Network Security, Inc.

RHEL 6 : MRG (RHSA-2014:0440)


Synopsis:

The remote Red Hat host is missing one or more security updates.

Description:

Updated Grid component packages that fix two security issues, multiple
bugs, and provide several enhancements are now available for Red Hat
Enterprise MRG 2.5 for Red Hat Enterprise Linux 6.

The Red Hat Security Response Team has rated this update as having
Moderate security impact. Common Vulnerability Scoring System (CVSS)
base scores, which give detailed severity ratings, are available for
each vulnerability from the CVE links in the References section.

Red Hat Enterprise MRG (Messaging, Realtime, and Grid) is a
next-generation IT infrastructure for enterprise computing. MRG offers
increased performance, reliability, interoperability, and faster
computing for enterprise customers.

MRG Grid provides high-throughput computing and enables enterprises to
achieve higher peak computing capacity as well as improved
infrastructure utilization by leveraging their existing technology to
build high performance grids. MRG Grid provides a job-queueing
mechanism, scheduling policy, and a priority scheme, as well as
resource monitoring and resource management. Users submit their jobs
to MRG Grid, where they are placed into a queue. MRG Grid then chooses
when and where to run the jobs based upon a policy, carefully monitors
their progress, and ultimately informs the user upon completion.

A buffer over-read flaw was found in the way MongoDB handled BSON
data. A database user permitted to insert BSON data into a MongoDB
server could use this flaw to read server memory, potentially
disclosing sensitive data. (CVE-2012-6619)

Note: This update addresses CVE-2012-6619 by enabling the '--objcheck'
option in the /etc/mongodb.conf file. If you have edited this file,
the updated version will be stored as /etc/mongodb.conf.rpmnew, and
you will need to merge the changes into /etc/mongodb.conf manually.

It was found that MRG Management Console (cumin) used the crypt(3)
DES-based hash function to hash passwords. DES-based hashing has known
weaknesses that allow an attacker to recover plain text passwords from
hashes. An attacker able to compromise a cumin user database could
potentially use this flaw to recover plain text passwords from the
password hashes stored in that database. (CVE-2013-6445)

Note: In deployments where user account information is stored in a
database managed by cumin, it is recommended that users change their
passwords after this update is applied.

The CVE-2013-6445 issue was discovered by Tomáš Nováčik of the Red
Hat MRG Quality Engineering team.

These updated packages for Red Hat Enterprise Linux 6 also provide
numerous bug fixes and enhancements for the Grid component of Red Hat
Enterprise MRG. Space precludes documenting all of these changes in
this advisory. Refer to the Red Hat Enterprise MRG 2 Technical Notes
document, available shortly from the link in the References section,
for information on these changes.

All users of the Grid capabilities of Red Hat Enterprise MRG are
advised to upgrade to these updated packages, which correct these
issues and add these enhancements.

See also :

https://www.redhat.com/security/data/cve/CVE-2012-6619.html
https://www.redhat.com/security/data/cve/CVE-2013-6445.html
http://www.nessus.org/u?ae491241
http://rhn.redhat.com/errata/RHSA-2014-0440.html

Solution :

Update the affected packages.

Risk factor :

Medium / CVSS Base Score : 6.4
(CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P)
CVSS Temporal Score : 5.6
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

This script is Copyright (C) 2014 Tenable Network Security, Inc.

RHEL 6 : MRG (RHSA-2014:0439)


Synopsis:

The remote Red Hat host is missing one or more security updates.

Description:

Updated kernel-rt packages that fix multiple security issues, several
bugs, and add various enhancements are now available for Red Hat
Enterprise MRG 2.5.

The Red Hat Security Response Team has rated this update as having
Important security impact. Common Vulnerability Scoring System (CVSS)
base scores, which give detailed severity ratings, are available for
each vulnerability from the CVE links in the References section.

The kernel-rt packages contain the Linux kernel, the core of any Linux
operating system.

* A denial of service flaw was found in the way the Linux kernel's
IPv6 implementation processed IPv6 router advertisement (RA) packets.
An attacker able to send a large number of RA packets to a target
system could potentially use this flaw to crash the target system.
(CVE-2014-2309, Important)

* A flaw was found in the way the Linux kernel's netfilter connection
tracking implementation for Datagram Congestion Control Protocol
(DCCP) packets used the skb_header_pointer() function. A remote
attacker could use this flaw to send a specially crafted DCCP packet
to crash the system or, potentially, escalate their privileges on the
system. (CVE-2014-2523, Important)

* A flaw was found in the way the Linux kernel's CIFS implementation
handled uncached write operations with specially crafted iovec
structures. An unprivileged local user with access to a CIFS share
could use this flaw to crash the system, leak kernel memory, or,
potentially, escalate their privileges on the system. (CVE-2014-0069,
Moderate)

* A flaw was found in the way the Linux kernel handled pending
Floating Pointer Unit (FPU) exceptions during the switching of tasks.
A local attacker could use this flaw to terminate arbitrary processes
on the system, causing a denial of service, or, potentially, escalate
their privileges on the system. Note that this flaw only affected
systems using AMD CPUs on both 32-bit and 64-bit architectures.
(CVE-2014-1438, Moderate)

* It was found that certain protocol handlers in the Linux kernel's
networking implementation could set the addr_len value without
initializing the associated data structure. A local, unprivileged user
could use this flaw to leak kernel stack memory to user space using
the recvmsg, recvfrom, and recvmmsg system calls. (CVE-2013-7263,
CVE-2013-7265, Low)

* An information leak flaw was found in the Linux kernel's netfilter
connection tracking IRC NAT helper implementation that could allow a
remote attacker to disclose portions of kernel stack memory during IRC
DCC (Direct Client-to-Client) communication over NAT. (CVE-2014-1690,
Low)

* A denial of service flaw was discovered in the way the Linux
kernel's SELinux implementation handled files with an empty SELinux
security context. A local user who has the CAP_MAC_ADMIN capability
could use this flaw to crash the system. (CVE-2014-1874, Low)

Red Hat would like to thank Al Viro for reporting CVE-2014-0069. The
CVE-2014-1690 issue was discovered by Daniel Borkmann of Red Hat.

This update also fixes several bugs and adds multiple enhancements.
Documentation for these changes will be available shortly from the
Technical Notes document linked to in the References section.

Users are advised to upgrade to these updated packages, which upgrade
the kernel-rt kernel to version kernel-rt-3.10.33-rt32.33, correct
these issues, and fix the bugs and add the enhancements noted in the
Red Hat Enterprise MRG 2 Technical Notes. The system must be rebooted
for this update to take effect.

See also :

https://www.redhat.com/security/data/cve/CVE-2013-4483.html
https://www.redhat.com/security/data/cve/CVE-2013-7263.html
https://www.redhat.com/security/data/cve/CVE-2013-7265.html
https://www.redhat.com/security/data/cve/CVE-2013-7339.html
https://www.redhat.com/security/data/cve/CVE-2014-0069.html
https://www.redhat.com/security/data/cve/CVE-2014-1438.html
https://www.redhat.com/security/data/cve/CVE-2014-1690.html
https://www.redhat.com/security/data/cve/CVE-2014-1874.html
https://www.redhat.com/security/data/cve/CVE-2014-2309.html
https://www.redhat.com/security/data/cve/CVE-2014-2523.html
http://www.nessus.org/u?ae491241
http://rhn.redhat.com/errata/RHSA-2014-0439.html

Solution :

Update the affected packages.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 8.7
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

This script is Copyright (C) 2014 Tenable Network Security, Inc.

RHEL 5 : MRG (RHSA-2014:0261)


Synopsis:

The remote Red Hat host is missing a security update.

Description:

This is the one-month notification for the retirement of Red Hat
Enterprise MRG Version 1 for Red Hat Enterprise Linux 5. This
notification applies only to those customers with subscriptions for
Red Hat Enterprise MRG Version 1 for Red Hat Enterprise Linux 5.

In accordance with the Red Hat Enterprise MRG Life Cycle policy, the
Red Hat Enterprise MRG product, which includes MRG-Messaging,
MRG-Realtime, and MRG-Grid, Version 1 offering for Red Hat Enterprise
Linux 5 will be retired as of March 31, 2014, and support will no
longer be provided.

Accordingly, Red Hat will no longer provide updated packages,
including critical impact security patches or urgent priority bug
fixes, for MRG-Messaging, MRG-Realtime, and MRG-Grid Version 1 on Red
Hat Enterprise Linux 5 after that date. In addition, technical support
through Red Hat's Global Support Services will no longer be provided
for Red Hat Enterprise MRG Version 1 on Red Hat Enterprise Linux 5
after March 31, 2014.

We encourage customers to plan their migration from Red Hat Enterprise
MRG Version 1 for Red Hat Enterprise Linux 5 to Red Hat Enterprise MRG
Version 2 on either Red Hat Enterprise Linux 5 or Red Hat Enterprise
Linux 6. As a benefit of the Red Hat subscription model, customers can
use their active Red Hat Enterprise MRG subscriptions to entitle any
system on a currently supported version of those products.

Details of the Red Hat Enterprise MRG life cycle can be found here:
https://access.redhat.com/site/support/policy/updates/mrg/

See also :

https://access.redhat.com/site/support/policy/updates/mrg/
http://rhn.redhat.com/errata/RHSA-2014-0261.html

Solution :

Update the affected mrg-release package.

Risk factor :

High

This script is Copyright (C) 2014 Tenable Network Security, Inc.

RHEL 6 : MRG (RHSA-2014:0100)


Synopsis:

The remote Red Hat host is missing one or more security updates.

Description:

Updated kernel-rt packages that fix multiple security issues and
several bugs are now available for Red Hat Enterprise MRG 2.4.

The Red Hat Security Response Team has rated this update as having
important security impact. Common Vulnerability Scoring System (CVSS)
base scores, which give detailed severity ratings, are available for
each vulnerability from the CVE links in the References section.

The kernel-rt packages contain the Linux kernel, the core of any Linux
operating system.

* A flaw was found in the way the Linux kernel's TCP/IP protocol suite
implementation handled sending of certain UDP packets over sockets
that used the UDP_CORK option when the UDP Fragmentation Offload (UFO)
feature was enabled on the output device. A local, unprivileged user
could use this flaw to cause a denial of service or, potentially,
escalate their privileges on the system. (CVE-2013-4470, Important)

* A flaw was found in the way the perf_trace_event_perm() function in
the Linux kernel checked permissions for the function tracer
functionality. An unprivileged local user could use this flaw to
enable function tracing and cause a denial of service on the system.
(CVE-2013-2930, Moderate)

* A flaw was found in the way the net_ctl_permissions() function in
the Linux kernel checked access permissions. A local, unprivileged
user could potentially use this flaw to access certain files in
/proc/sys/net regardless of the underlying file system permissions.
(CVE-2013-4270, Moderate)

* A flaw was found in the way the Linux kernel's Adaptec RAID
controller (aacraid) checked permissions of compat IOCTLs. A local
attacker could use this flaw to bypass intended security restrictions.
(CVE-2013-6383, Moderate)

* A flaw was found in the way the get_dumpable() function return value
was interpreted in the ptrace subsystem of the Linux kernel. When
'fs.suid_dumpable' was set to 2, a local, unprivileged local user
could use this flaw to bypass intended ptrace restrictions and obtain
potentially sensitive information. (CVE-2013-2929, Low)

* An invalid pointer dereference flaw was found in the Marvell 8xxx
Libertas WLAN (libertas) driver in the Linux kernel. A local user able
to write to a file that is provided by the libertas driver and located
on the debug file system (debugfs) could use this flaw to crash the
system. Note: The debugfs file system must be mounted locally to
exploit this issue. It is not mounted by default. (CVE-2013-6378, Low)

* A NULL pointer dereference flaw was found in the Linux kernel's IPv6
source address-based routing implementation. A local attacker who has
the CAP_NET_ADMIN capability could use this flaw to crash the system.
(CVE-2013-6431, Low)

Red Hat would like to thank Hannes Frederic Sowa for reporting
CVE-2013-4470. The CVE-2013-4270 issue was discovered by Miroslav
Vadkerti of Red Hat.

This update also fixes multiple bugs. Documentation for these changes
will be available shortly from the Technical Notes document linked to
in the References section.

Users should upgrade to these updated packages, which upgrade the
kernel-rt kernel to version kernel-rt-3.8.13-rt27, correct these
issues, and fix the bugs noted in the Red Hat Enterprise MRG 2
Technical Notes. The system must be rebooted for this update to take
effect.

See also :

https://www.redhat.com/security/data/cve/CVE-2013-2929.html
https://www.redhat.com/security/data/cve/CVE-2013-2930.html
https://www.redhat.com/security/data/cve/CVE-2013-4270.html
https://www.redhat.com/security/data/cve/CVE-2013-4470.html
https://www.redhat.com/security/data/cve/CVE-2013-6378.html
https://www.redhat.com/security/data/cve/CVE-2013-6383.html
https://www.redhat.com/security/data/cve/CVE-2013-6431.html
http://www.nessus.org/u?ae491241
http://rhn.redhat.com/errata/RHSA-2014-0100.html

Solution :

Update the affected packages.

Risk factor :

Medium / CVSS Base Score : 6.9
(CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 6.0
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

This script is Copyright (C) 2014 Tenable Network Security, Inc.

RHEL 6 : MRG (RHSA-2013:1852)


Synopsis:

The remote Red Hat host is missing one or more security updates.

Description:

Updated Grid component packages that fix multiple security issues are
now available for Red Hat Enterprise MRG 2.4 for Red Hat Enterprise
Linux 6.

The Red Hat Security Response Team has rated this update as having
moderate security impact. Common Vulnerability Scoring System (CVSS)
base scores, which give detailed severity ratings, are available for
each vulnerability from the CVE links in the References section.

Red Hat Enterprise MRG (Messaging, Realtime, and Grid) is a
next-generation IT infrastructure for enterprise computing. MRG offers
increased performance, reliability, interoperability, and faster
computing for enterprise customers.

MRG Grid provides high-throughput computing and enables enterprises to
achieve higher peak computing capacity as well as improved
infrastructure utilization by leveraging their existing technology to
build high performance grids. MRG Grid provides a job-queueing
mechanism, scheduling policy, and a priority scheme, as well as
resource monitoring and resource management. Users submit their jobs
to MRG Grid, where they are placed into a queue. MRG Grid then chooses
when and where to run the jobs based upon a policy, carefully monitors
their progress, and ultimately informs the user upon completion.

It was found that, when using RubyGems, the connection could be
redirected from HTTPS to HTTP. This could lead to a user believing
they are installing a gem via HTTPS, when the connection may have been
silently downgraded to HTTP. (CVE-2012-2125)

It was found that RubyGems did not verify SSL connections. This could
lead to man-in-the-middle attacks. (CVE-2012-2126)

It was discovered that the rubygems API validated version strings
using an unsafe regular expression. An application making use of this
API to process a version string from an untrusted source could be
vulnerable to a denial of service attack through CPU exhaustion.
(CVE-2013-4287)

A flaw was found in the way cumin enforced user roles, allowing an
unprivileged cumin user to access a range of resources without having
the appropriate role. A remote, authenticated attacker could use this
flaw to access privileged information, and perform a variety of
privileged operations. (CVE-2013-4404)

It was found that multiple forms in the cumin web interface did not
protect against Cross-Site Request Forgery (CSRF) attacks. If a remote
attacker could trick a user, who is logged into the cumin web
interface, into visiting a specially crafted URL, the attacker could
perform actions in the context of the logged in user. (CVE-2013-4405)

It was found that cumin did not properly escape input from the 'Max
allowance' field in the 'Set limit' form of the cumin web interface. A
remote attacker could use this flaw to perform cross-site scripting
(XSS) attacks against victims by tricking them into visiting a
specially crafted URL. (CVE-2013-4414)

A flaw was found in the way cumin parsed POST request data. A remote
attacker could potentially use this flaw to perform SQL injection
attacks on cumin's database. (CVE-2013-4461)

Red Hat would like to thank Rubygems upstream for reporting
CVE-2013-4287. Upstream acknowledges Damir Sharipov as the original
reporter of CVE-2013-4287. The CVE-2013-4404, CVE-2013-4405,
CVE-2013-4414, and CVE-2013-4461 issues were discovered by Tomáš
Nováčik of the Red Hat MRG Quality Engineering team.

All users of the Grid capabilities of Red Hat Enterprise MRG are
advised to upgrade to these updated packages, which correct these
issues.

See also :

https://www.redhat.com/security/data/cve/CVE-2012-2125.html
https://www.redhat.com/security/data/cve/CVE-2012-2126.html
https://www.redhat.com/security/data/cve/CVE-2013-4287.html
https://www.redhat.com/security/data/cve/CVE-2013-4404.html
https://www.redhat.com/security/data/cve/CVE-2013-4405.html
https://www.redhat.com/security/data/cve/CVE-2013-4414.html
https://www.redhat.com/security/data/cve/CVE-2013-4461.html
http://rhn.redhat.com/errata/RHSA-2013-1852.html

Solution :

Update the affected cumin and / or rubygems packages.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 6.5
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

This script is Copyright (C) 2014 Tenable Network Security, Inc.

RHEL 5 : MRG (RHSA-2013:1851)


Synopsis:

The remote Red Hat host is missing a security update.

Description:

An updated Grid component package that fixes multiple security issues
is now available for Red Hat Enterprise MRG 2.4 for Red Hat Enterprise
Linux 5.

The Red Hat Security Response Team has rated this update as having
moderate security impact. Common Vulnerability Scoring System (CVSS)
base scores, which give detailed severity ratings, are available for
each vulnerability from the CVE links in the References section.

[Updated 17 December 2013] This erratum previously incorrectly listed
RubyGems issues CVE-2012-2125, CVE-2012-2126 and CVE-2013-4287 as
addressed by this update. However, the rubygems component is not
included as part of Red Hat Enterprise MRG 2.4 for Red Hat Enterprise
Linux 5 and is only included as part of Red Hat Enterprise MRG 2.4 for
Red Hat Enterprise Linux 6. These issues were corrected there via
RHSA-2013:1852.

Red Hat Enterprise MRG (Messaging, Realtime, and Grid) is a
next-generation IT infrastructure for enterprise computing. MRG offers
increased performance, reliability, interoperability, and faster
computing for enterprise customers.

MRG Grid provides high-throughput computing and enables enterprises to
achieve higher peak computing capacity as well as improved
infrastructure utilization by leveraging their existing technology to
build high performance grids. MRG Grid provides a job-queueing
mechanism, scheduling policy, and a priority scheme, as well as
resource monitoring and resource management. Users submit their jobs
to MRG Grid, where they are placed into a queue. MRG Grid then chooses
when and where to run the jobs based upon a policy, carefully monitors
their progress, and ultimately informs the user upon completion.

A flaw was found in the way cumin enforced user roles, allowing an
unprivileged cumin user to access a range of resources without having
the appropriate role. A remote, authenticated attacker could use this
flaw to access privileged information, and perform a variety of
privileged operations. (CVE-2013-4404)

It was found that multiple forms in the cumin web interface did not
protect against Cross-Site Request Forgery (CSRF) attacks. If a remote
attacker could trick a user, who is logged into the cumin web
interface, into visiting a specially crafted URL, the attacker could
perform actions in the context of the logged in user. (CVE-2013-4405)

It was found that cumin did not properly escape input from the 'Max
allowance' field in the 'Set limit' form of the cumin web interface. A
remote attacker could use this flaw to perform cross-site scripting
(XSS) attacks against victims by tricking them into visiting a
specially crafted URL. (CVE-2013-4414)

A flaw was found in the way cumin parsed POST request data. A remote
attacker could potentially use this flaw to perform SQL injection
attacks on cumin's database. (CVE-2013-4461)

The CVE-2013-4404, CVE-2013-4405, CVE-2013-4414, and CVE-2013-4461
issues were discovered by Tomáš Nováčik of the Red Hat MRG Quality
Engineering team.

All users of the Grid capabilities of Red Hat Enterprise MRG are
advised to upgrade to this updated package, which corrects these
issues.

See also :

https://www.redhat.com/security/data/cve/CVE-2013-4404.html
https://www.redhat.com/security/data/cve/CVE-2013-4405.html
https://www.redhat.com/security/data/cve/CVE-2013-4414.html
https://www.redhat.com/security/data/cve/CVE-2013-4461.html
http://rhn.redhat.com/errata/RHSA-2013-1851.html

Solution :

Update the affected cumin package.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 6.5
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

This script is Copyright (C) 2014 Tenable Network Security, Inc.