Newest Plugins

FortiOS < 4.3.16 / 5.x < 5.0.8 Multiple Vulnerabilities (FG-IR-14-006)


Synopsis:

The remote host is affected by multiple vulnerabilities.

Description:

The remote host is running FortiOS prior to 4.3.16 or 5.x prior to
5.0.8. It is, therefore, affected by the following vulnerabilities :

- A flaw exists within the FortiManager service when
handling incoming requests. Using a specially crafted
request, a remote attacker can exploit this to cause a
denial of service or possibly execute arbitrary code.
(CVE-2014-2216)

- A flaw exists within the FortiManager communications
protocol that allows a man-in-the-middle attacker,
using an anonymous cipher suite, to acquire sensitive
information or otherwise impact host communications.
(CVE-2014-0351)

See also :

http://www.fortiguard.com/advisory/FG-IR-14-006/

Solution :

Upgrade to FortiOS 4.3.16 / 5.0.8 / 5.2.0 or later.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 6.5
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Cisco Unified Communications Manager 'CTIManager' Vulnerability


Synopsis:

The remote host is affected by an arbitrary command execution
vulnerability.

Description:

The remote Cisco Unified Communications Manager (CUCM) host has a flaw
in the 'CTIManager' module that allows a remote, authenticated
attacker to execute arbitrary commands with elevated privileges by
using a specially crafted SSO token.

See also :

http://www.nessus.org/u?e7ab717a

Solution :

Upgrade to a fixed CUCM version listed in the vendor's advisory.

Risk factor :

High / CVSS Base Score : 8.5
(CVSS2#AV:N/AC:M/Au:S/C:C/I:C/A:C)
CVSS Temporal Score : 8.5
(CVSS2#E:ND/RL:U/RC:C)
Public Exploit Available : true

This script is Copyright (C) 2014 Tenable Network Security, Inc.

GNU Bash Environment Variable Handling Code Injection via ProFTPD (Shellshock)


Synopsis:

The remote FTP server is affected by a remote code execution
vulnerability.

Description:

The remote FTP server is affected by a remote code execution
vulnerability due to an error in the Bash shell running on the remote
host. A remote, unauthenticated attacker can execute arbitrary code on
the remote host by sending a specially crafted request via the USER
FTP command. The 'mod_exec' module exports the attacker-supplied
username as an environment variable, which is then evaluated by Bash
as code.

See also :

http://www.proftpd.org/docs/contrib/mod_exec.html#ExecEnviron
http://seclists.org/oss-sec/2014/q3/650
http://www.nessus.org/u?dacf7829
https://www.invisiblethreat.ca/2014/09/cve-2014-6271/

Solution :

Apply the referenced patch.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 10.0
(CVSS2#E:ND/RL:U/RC:ND)
Public Exploit Available : true

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Squid 3.x < 3.3.13 / 3.4.7 Request Processing DoS


Synopsis:

The remote proxy server is affected by a denial of service
vulnerability.

Description:

According to its banner, the version of Squid running on the remote
host is 3.x prior to 3.3.13 or 3.4.7. It is, therefore, affected by a
denial of service vulnerability.

The flaw exists due to user-supplied input not being properly
validated in request parsing. This allows a remote attacker to
specially craft a request with Range headers with unidentifiable
byte-range values to crash the application.

Note that Nessus has relied only on the version in the proxy server's
banner. The patch released to address the issue does not update the
version in the banner. If the patch has been applied properly, and the
service has been restarted, consider this to be a false positive.

See also :

http://www.squid-cache.org/Advisories/SQUID-2014_2.txt
http://www.nessus.org/u?b9a745a4
http://www.nessus.org/u?e2b5e3b7

Solution :

Upgrade to Squid version 3.3.13 / 3.4.7 or later, or apply the
vendor-supplied patch.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVSS Temporal Score : 4.3
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Cisco IOS Software Network Address Translation (NAT) ALG Module DoS (cisco-sa-20140924-nat)


Synopsis:

The remote device is missing a vendor-supplied security patch.

Description:

According to its self-reported version, the version of Cisco IOS
running on the remote host is affected by a denial of service
vulnerability in the Network Address Translation (NAT)
application-layer gateway (ALG) module. This issue exists due to
improper handling of multipart Session Description Protocol (SDP) in
Session Initiation Protocol (SIP) messages. A remote attacker can
exploit this issue by sending specially crafted SIP messages.

Note that the affected configuration is not enabled by default.

See also :

http://www.nessus.org/u?5116047a
http://tools.cisco.com/security/center/viewAlert.x?alertId=35610
https://tools.cisco.com/bugsearch/bug/CSCun54071

Solution :

Apply the relevant patch referenced in Cisco Security Advisory
cisco-sa-20140924-nat.

Risk factor :

High / CVSS Base Score : 7.1
(CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C)
CVSS Temporal Score : 6.2
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Moodle Multiple XSS


Synopsis:

The remote web server hosts a PHP script that is affected by multiple
cross-site scripting vulnerabilities.

Description:

The version of Moodle installed on the remote host is affected by
multiple cross-site scripting vulnerabilities due to the application
failing to properly sanitize user-supplied input to multiple
parameters. An attacker can leverage these vulnerabilities to inject
arbitrary HTML and script code into a user's browser to be executed
within the security context of the affected site.

Note that Nessus has not tested for each issue, but has checked for
patched JavaScript files to verify a patched version is running.

See also :

https://moodle.org/mod/forum/discuss.php?d=264270
https://moodle.org/mod/forum/discuss.php?d=264273

Solution :

Upgrade to version 2.4.11 / 2.5.7 / 2.6.4 / 2.7.1 or later

Risk factor :

Medium / CVSS Base Score : 4.3
(CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N)
CVSS Temporal Score : 3.7
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Ubuntu 12.04 LTS / 14.04 : libvncserver vulnerabilities (USN-2365-1)


Synopsis:

The remote Ubuntu host is missing a security-related patch.

Description:

Nicolas Ruff discovered that LibVNCServer incorrectly handled memory
when being advertised large screen sizes by the server. If a user were
tricked into connecting to a malicious server, an attacker could use
this issue to cause a denial of service, or possibly execute arbitrary
code. (CVE-2014-6051, CVE-2014-6052)

Nicolas Ruff discovered that LibVNCServer incorrectly handled large
ClientCutText messages. A remote attacker could use this issue to
cause a server to crash, resulting in a denial of service.
(CVE-2014-6053)

Nicolas Ruff discovered that LibVNCServer incorrectly handled zero
scaling factor values. A remote attacker could use this issue to cause
a server to crash, resulting in a denial of service. (CVE-2014-6054)

Nicolas Ruff discovered that LibVNCServer incorrectly handled memory
in the file transfer feature. A remote attacker could use this issue
to cause a server to crash, resulting in a denial of service, or
possibly execute arbitrary code. (CVE-2014-6055).

Solution :

Update the affected libvncserver0 package.

Risk factor :

High

Ubuntu Security Notice (C) 2014 Canonical, Inc. / NASL script (C) 2014 Tenable Network Security, Inc.

Scientific Linux Security Update : xerces-j2 on SL6.x i386/x86_64


Synopsis:

The remote Scientific Linux host is missing one or more security
updates.

Description:

A resource consumption issue was found in the way Xerces-J handled XML
declarations. A remote attacker could use an XML document with a
specially crafted declaration using a long pseudo-attribute name that,
when parsed by an application using Xerces-J, would cause that
application to use an excessive amount of CPU. (CVE-2013-4002)

Applications using the Xerces-J must be restarted for this update to
take effect.

See also :

http://www.nessus.org/u?323e659a

Solution :

Update the affected packages.

Risk factor :

High / CVSS Base Score : 7.1
(CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C)

This script is Copyright (C) 2014 Tenable Network Security, Inc.

RHEL 5 / 6 : php53 and php (RHSA-2014:1326)


Synopsis:

The remote Red Hat host is missing one or more security updates.

Description:

Updated php53 and php packages that fix multiple security issues are
now available for Red Hat Enterprise Linux 5 and 6 respectively.

Red Hat Product Security has rated this update as having Moderate
security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.

PHP is an HTML-embedded scripting language commonly used with the
Apache HTTP Server. PHP's fileinfo module provides functions used to
identify a particular file according to the type of data contained by
the file.

It was found that the fix for CVE-2012-1571 was incomplete
the File
Information (fileinfo) extension did not correctly parse certain
Composite Document Format (CDF) files. A remote attacker could use
this flaw to crash a PHP application using fileinfo via a specially
crafted CDF file. (CVE-2014-3587)

A NULL pointer dereference flaw was found in the
gdImageCreateFromXpm() function of PHP's gd extension. A remote
attacker could use this flaw to crash a PHP application using gd via a
specially crafted X PixMap (XPM) file. (CVE-2014-2497)

Multiple buffer over-read flaws were found in the php_parserr()
function of PHP. A malicious DNS server or a man-in-the-middle
attacker could possibly use this flaw to execute arbitrary code as the
PHP interpreter if a PHP application used the dns_get_record()
function to perform a DNS query. (CVE-2014-3597)

Two use-after-free flaws were found in the way PHP handled certain
Standard PHP Library (SPL) Iterators and ArrayIterators. A malicious
script author could possibly use either of these flaws to disclose
certain portions of server memory. (CVE-2014-4670, CVE-2014-4698)

The CVE-2014-3597 issue was discovered by David Kutálek of the Red
Hat BaseOS QE.

All php53 and php users are advised to upgrade to these updated
packages, which contain backported patches to correct these issues.
After installing the updated packages, the httpd daemon must be
restarted for the update to take effect.

See also :

https://www.redhat.com/security/data/cve/CVE-2014-2497.html
https://www.redhat.com/security/data/cve/CVE-2014-3587.html
https://www.redhat.com/security/data/cve/CVE-2014-3597.html
https://www.redhat.com/security/data/cve/CVE-2014-4670.html
https://www.redhat.com/security/data/cve/CVE-2014-4698.html
http://rhn.redhat.com/errata/RHSA-2014-1326.html

Solution :

Update the affected packages.

Risk factor :

Medium / CVSS Base Score : 6.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)

This script is Copyright (C) 2014 Tenable Network Security, Inc.

RHEL 6 / 7 : xerces-j2 (RHSA-2014:1319)


Synopsis:

The remote Red Hat host is missing one or more security updates.

Description:

Updated xerces-j2 packages that fix one security issue are now
available for Red Hat Enterprise Linux 6 and 7.

Red Hat Product Security has rated this update as having Moderate
security impact. A Common Vulnerability Scoring System (CVSS) base
score, which gives a detailed severity rating, is available from the
CVE link in the References section.

Apache Xerces for Java (Xerces-J) is a high performance, standards
compliant, validating XML parser written in Java. The xerces-j2
packages provide Xerces-J version 2.

A resource consumption issue was found in the way Xerces-J handled XML
declarations. A remote attacker could use an XML document with a
specially crafted declaration using a long pseudo-attribute name that,
when parsed by an application using Xerces-J, would cause that
application to use an excessive amount of CPU. (CVE-2013-4002)

All xerces-j2 users are advised to upgrade to these updated packages,
which contain a backported patch to correct this issue. Applications
using the Xerces-J must be restarted for this update to take effect.

See also :

https://www.redhat.com/security/data/cve/CVE-2013-4002.html
http://rhn.redhat.com/errata/RHSA-2014-1319.html

Solution :

Update the affected packages.

Risk factor :

High / CVSS Base Score : 7.1
(CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C)

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Oracle Linux 6 / 7 : xerces-j2 (ELSA-2014-1319)


Synopsis:

The remote Oracle Linux host is missing one or more security updates.

Description:

From Red Hat Security Advisory 2014:1319 :

Updated xerces-j2 packages that fix one security issue are now
available for Red Hat Enterprise Linux 6 and 7.

Red Hat Product Security has rated this update as having Moderate
security impact. A Common Vulnerability Scoring System (CVSS) base
score, which gives a detailed severity rating, is available from the
CVE link in the References section.

Apache Xerces for Java (Xerces-J) is a high performance, standards
compliant, validating XML parser written in Java. The xerces-j2
packages provide Xerces-J version 2.

A resource consumption issue was found in the way Xerces-J handled XML
declarations. A remote attacker could use an XML document with a
specially crafted declaration using a long pseudo-attribute name that,
when parsed by an application using Xerces-J, would cause that
application to use an excessive amount of CPU. (CVE-2013-4002)

All xerces-j2 users are advised to upgrade to these updated packages,
which contain a backported patch to correct this issue. Applications
using the Xerces-J must be restarted for this update to take effect.

See also :

https://oss.oracle.com/pipermail/el-errata/2014-September/004494.html
https://oss.oracle.com/pipermail/el-errata/2014-September/004495.html

Solution :

Update the affected xerces-j2 packages.

Risk factor :

High / CVSS Base Score : 7.1
(CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C)

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Mandriva Linux Security Advisory : perl-XML-DT (MDVSA-2014:191)


Synopsis:

The remote Mandriva Linux host is missing a security update.

Description:

Updated perl-XML-DT package fixes security vulnerability :

The mkxmltype and mkdtskel scripts provided in perl-XML-DT allow local
users to overwrite arbitrary files via a symlink attack on a
/tmp/_xml_##### temporary file (CVE-2014-5260).

See also :

http://advisories.mageia.org/MGASA-2014-0390.html

Solution :

Update the affected perl-XML-DT package.

Risk factor :

Medium / CVSS Base Score : 6.3
(CVSS2#AV:L/AC:M/Au:N/C:N/I:C/A:C)

This script is Copyright (C) 2014 Tenable Network Security, Inc.

FreeBSD : fish -- local privilege escalation and remote code execution (6c083cf8-4830-11e4-ae2c-c80aa9043978)


Synopsis:

The remote FreeBSD host is missing a security-related update.

Description:

Fish developer David Adam reports :

This release fixes a number of local privilege escalation
vulnerability and one remote code execution vulnerability.

See also :

http://www.openwall.com/lists/oss-security/2014/09/28/8
https://github.com/fish-shell/fish-shell/issues/1436
https://github.com/fish-shell/fish-shell/issues/1437
https://github.com/fish-shell/fish-shell/issues/1438
https://github.com/fish-shell/fish-shell/issues/1440
http://www.nessus.org/u?3510b212

Solution :

Update the affected package.

Risk factor :

Medium / CVSS Base Score : 6.9
(CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C)

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Fedora 21 : nginx-1.6.2-2.fc21 (2014-11251)


Synopsis:

The remote Fedora host is missing a security update.

Description:

- Security fix for CVE-2014-3616

- Create nginx-filesystem subpackage

See also :

https://bugzilla.redhat.com/show_bug.cgi?id=1142573
http://www.nessus.org/u?3eceff73

Solution :

Update the affected nginx package.

Risk factor :

High

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Fedora 19 : kernel-3.14.19-100.fc19 (2014-11008)


Synopsis:

The remote Fedora host is missing a security update.

Description:

The 3.14.19 stable update contains a number of important fixes across
the tree. The 3.14.18 stable update contains a number of important
fixes across the tree.

See also :

https://bugzilla.redhat.com/show_bug.cgi?id=1134099
https://bugzilla.redhat.com/show_bug.cgi?id=1141173
https://bugzilla.redhat.com/show_bug.cgi?id=1141407
https://bugzilla.redhat.com/show_bug.cgi?id=1141809
http://www.nessus.org/u?318b5645

Solution :

Update the affected kernel package.

Risk factor :

Medium / CVSS Base Score : 6.9
(CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C)

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Debian DSA-3039-1 : chromium-browser - security update


Synopsis:

The remote Debian host is missing a security-related update.

Description:

Several vulnerabilities were discovered in the chromium web browser.

- CVE-2014-3160
Christian Schneider discovered a same origin bypass
issue in SVG file resource fetching.

- CVE-2014-3162
The Google Chrome development team addressed multiple
issues with potential security impact for chromium
36.0.1985.125.

- CVE-2014-3165
Colin Payne discovered a use-after-free issue in the Web
Sockets implementation.

- CVE-2014-3166
Antoine Delignat-Lavaud discovered an information leak
in the SPDY protocol implementation.

- CVE-2014-3167
The Google Chrome development team addressed multiple
issues with potential security impact for chromium
36.0.1985.143.

- CVE-2014-3168
cloudfuzzer discovered a use-after-free issue in SVG
image file handling.

- CVE-2014-3169
Andrzej Dyjak discovered a use-after-free issue in the
Webkit/Blink Document Object Model implementation.

- CVE-2014-3170
Rob Wu discovered a way to spoof the url of chromium
extensions.

- CVE-2014-3171
cloudfuzzer discovered a use-after-free issue in
chromium's v8 bindings.

- CVE-2014-3172
Eli Grey discovered a way to bypass access restrictions
using chromium's Debugger extension API.

- CVE-2014-3173
jmuizelaar discovered an uninitialized read issue in
WebGL.

- CVE-2014-3174
Atte Kettunen discovered an uninitialized read issue in
Web Audio.

- CVE-2014-3175
The Google Chrome development team addressed multiple
issues with potential security impact for chromium
37.0.2062.94.

- CVE-2014-3176
lokihardt@asrt discovered a combination of flaws that
can lead to remote code execution outside of chromium's
sandbox.

- CVE-2014-3177
lokihardt@asrt discovered a combination of flaws that
can lead to remote code execution outside of chromium's
sandbox.

- CVE-2014-3178
miaubiz discovered a use-after-free issue in the
Document Object Model implementation in Blink/Webkit.

- CVE-2014-3179
The Google Chrome development team addressed multiple
issues with potential security impact for chromium
37.0.2062.120.

See also :

https://security-tracker.debian.org/tracker/CVE-2014-3160
https://security-tracker.debian.org/tracker/CVE-2014-3162
https://security-tracker.debian.org/tracker/CVE-2014-3165
https://security-tracker.debian.org/tracker/CVE-2014-3166
https://security-tracker.debian.org/tracker/CVE-2014-3167
https://security-tracker.debian.org/tracker/CVE-2014-3168
https://security-tracker.debian.org/tracker/CVE-2014-3169
https://security-tracker.debian.org/tracker/CVE-2014-3170
https://security-tracker.debian.org/tracker/CVE-2014-3171
https://security-tracker.debian.org/tracker/CVE-2014-3172
https://security-tracker.debian.org/tracker/CVE-2014-3173
https://security-tracker.debian.org/tracker/CVE-2014-3174
https://security-tracker.debian.org/tracker/CVE-2014-3175
https://security-tracker.debian.org/tracker/CVE-2014-3176
https://security-tracker.debian.org/tracker/CVE-2014-3177
https://security-tracker.debian.org/tracker/CVE-2014-3178
https://security-tracker.debian.org/tracker/CVE-2014-3179
http://www.debian.org/security/2014/dsa-3039

Solution :

Upgrade the chromium-browser packages.

For the stable distribution (wheezy), these problems have been fixed
in version 37.0.2062.120-1~deb7u1.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Slackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / current : bash (SSA:2014-272-01)


Synopsis:

The remote Slackware host is missing a security update.

Description:

New bash packages are available for Slackware 13.0, 13.1, 13.37,
14.0, 14.1, and -current to fix a security issue.

See also :

http://www.nessus.org/u?383db1f7

Solution :

Update the affected bash package.

Risk factor :

High

This script is Copyright (C) 2014 Tenable Network Security, Inc.

GNU Bash Local Environment Variable Handling Command Injection (Shellshock) (Mac OS X)


Synopsis:

The remote host is is affected by a remote code execution
vulnerability, commonly referred to as Shellshock.

Description:

The remote Mac OS X host has a version of Bash prior to
3.2.53(1)-release installed. It is, therefore, affected by a command
injection vulnerability via environment variable manipulation.
Depending on the configuration of the system, an attacker could
remotely execute arbitrary code.

See also :

http://support.apple.com/kb/HT6495
https://lists.apple.com/archives/security-announce/2014/Sep/msg00001.html
http://support.apple.com/kb/DL1767
http://support.apple.com/kb/DL1768
http://support.apple.com/kb/DL1769
http://seclists.org/oss-sec/2014/q3/650
http://www.nessus.org/u?dacf7829
https://www.invisiblethreat.ca/2014/09/cve-2014-6271/

Solution :

Apply the vendor-supplied patch.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 10.0
(CVSS2#E:ND/RL:U/RC:ND)
Public Exploit Available : true

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Qmail Remote Command Execution via Shellshock


Synopsis:

The remote mail server allows remote command execution via Shellshock.

Description:

The remote host appears to be running Qmail. A remote attacker can
exploit Qmail to execute commands via a specially crafted MAIL FROM
header if the remote host has a vulnerable version of Bash. This is
due to the fact that Qmail does not properly sanitize input before
setting environmental variables.

A negative result from this plugin does not prove conclusively that
the remote system is not affected by Shellshock, only that Qmail could
not be used to exploit the Shellshock flaw.

See also :

http://seclists.org/oss-sec/2014/q3/650
http://www.nessus.org/u?dacf7829
https://www.invisiblethreat.ca/2014/09/cve-2014-6271/

Solution :

Apply the referenced Bash patch.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 10.0
(CVSS2#E:ND/RL:U/RC:ND)
Public Exploit Available : true

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Postfix Script Remote Command Execution via Shellshock


Synopsis:

The remote mail server uses scripts that allow remote command
execution via Shellshock.

Description:

The remote host appears to be running Postfix. Postfix itself is not
vulnerable to Shellshock
however, any bash script Postfix runs for
filtering or other tasks could potentially be affected if the script
exports an environmental variable from the content or headers of a
message.

A negative result from this plugin does not prove conclusively that
the remote system is not affected by Shellshock, only that any scripts
Postfix may be running do not create the conditions that are
exploitable via the Shellshock flaw.

See also :

http://seclists.org/oss-sec/2014/q3/650
http://www.nessus.org/u?dacf7829
https://www.invisiblethreat.ca/2014/09/cve-2014-6271/

Solution :

Apply the referenced Bash patch or remove the Postfix scripts.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 10.0
(CVSS2#E:ND/RL:U/RC:ND)
Public Exploit Available : true

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Cisco Unified Communications Manager Multiple Arbitrary File Manipulation Vulnerabilities


Synopsis:

The remote host is affected by multiple file manipulation
vulnerabilities.

Description:

The version of the remote Cisco Unified Communications Manager (CUCM)
is affected by multiple vulnerabilities that can allow a remote,
authenticated attacker to read or delete arbitrary files by using a
specially crafted HTTP request.

See also :

http://www.nessus.org/u?31d6f89d

Solution :

Contact Cisco support in order to obtain a fixed version.

Risk factor :

Medium / CVSS Base Score : 5.5
(CVSS2#AV:N/AC:L/Au:S/C:P/I:N/A:P)
CVSS Temporal Score : 4.8
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

This script is Copyright (C) 2014 Tenable Network Security, Inc.

openSUSE Security Update : bash (openSUSE-SU-2014:1242-1)


Synopsis:

The remote openSUSE host is missing a security update.

Description:

The command-line shell 'bash' evaluates environment variables, which
allows the injection of characters and might be used to access files
on the system in some circumstances (CVE-2014-7169).

Please note that this issue is different from a previously fixed
vulnerability tracked under CVE-2014-6271 and it is less serious due
to the special, non-default system configuration that is needed to
create an exploitable situation.

To remove further exploitation potential we now limit the
function-in-environment variable to variables prefixed with BASH_FUNC_
. This hardening feature is work in progress and might be improved in
later updates.

Additionaly two more security issues were fixed in bash:
CVE-2014-7186: Nested HERE documents could lead to a crash of bash.

CVE-2014-7187: Nesting of for loops could lead to a crash of bash.

See also :

http://lists.opensuse.org/opensuse-updates/2014-09/msg00052.html
https://bugzilla.novell.com/show_bug.cgi?id=898346
https://bugzilla.novell.com/show_bug.cgi?id=898603
https://bugzilla.novell.com/show_bug.cgi?id=898604

Solution :

Update the affected bash packages.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
Public Exploit Available : true

This script is Copyright (C) 2014 Tenable Network Security, Inc.

openSUSE Security Update : bash (openSUSE-SU-2014:1229-1)


Synopsis:

The remote openSUSE host is missing a security update.

Description:

The command-line shell 'bash' evaluates environment variables, which
allows the injection of characters and might be used to access files
on the system in some circumstances (CVE-2014-7169).

Please note that this issue is different from a previously fixed
vulnerability tracked under CVE-2014-6271 and it is less serious due
to the special, non-default system configuration that is needed to
create an exploitable situation.

To remove further exploitation potential we now limit the
function-in-environment variable to variables prefixed with BASH_FUNC_
. This hardening feature is work in progress and might be improved in
later updates.

Additionaly two more security issues were fixed in bash:
CVE-2014-7186: Nested HERE documents could lead to a crash of bash.

CVE-2014-7187: Nesting of for loops could lead to a crash of bash.

See also :

http://lists.opensuse.org/opensuse-updates/2014-09/msg00039.html
https://bugzilla.novell.com/show_bug.cgi?id=898346
https://bugzilla.novell.com/show_bug.cgi?id=898603
https://bugzilla.novell.com/show_bug.cgi?id=898604

Solution :

Update the affected bash packages.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
Public Exploit Available : true

This script is Copyright (C) 2014 Tenable Network Security, Inc.

openSUSE Security Update : mozilla-nss (openSUSE-SU-2014:1232-1)


Synopsis:

The remote openSUSE host is missing a security update.

Description:

Mozilla NSS is vulnerable to a variant of a signature forgery attack
previously published by Daniel Bleichenbacher. This is due to lenient
parsing of ASN.1 values involved in a signature and could lead to the
forging of RSA certificates.

See also :

http://lists.opensuse.org/opensuse-updates/2014-09/msg00042.html
https://bugzilla.mozilla.org/show_bug.cgi?id=1064636
https://bugzilla.mozilla.org/show_bug.cgi?id=1069405
https://bugzilla.novell.com/show_bug.cgi?id=897890

Solution :

Update the affected mozilla-nss packages.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Ecava IntegraXor < 4.2.4458 Multiple Vulnerabilities


Synopsis:

The remote Windows host contains a SCADA application that is affected
by multiple vulnerabilities.

Description:

The version of Ecava IntegraXor installed on the remote host is a
version prior to 4.2 Build 4458. It is, therefore, affected by
multiple vulnerabilities :

- A flaw related to IntegraXor's privilege management
allows the unprivileged guest user account to execute
arbitrary SQL statements and potentially upload
malicious files. (CVE-2014-0786)

- A flaw in the way that IntegraXor exports report files
allows a remote, unauthenticated attacker to read and
write any file or cause a denial of service by writing
extremely large files. (CVE-2014-2375)

- A SQL injection flaw allows a remote attacker to modify
and read database entries that are normally restricted,
including configuration entries. (CVE-2014-2376)

- A flaw exists in IntegraXor's built-in application tags
that discloses path name information, which can be used
in conjunction with other vulnerabilities to increase
the likelihood of a successful attack. (CVE-2014-2377)

Solution :

Upgrade to version 4.2.4458 or later.

Risk factor :

High / CVSS Base Score : 8.3
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:C)
CVSS Temporal Score : 7.2
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

This script is Copyright (C) 2014 Tenable Network Security, Inc.

VMware NSX Unspecified Information Disclosure Vulnerability (VMSA-2014-0009)


Synopsis:

The remote host is affected by an unspecified information disclosure
vulnerability.

Description:

The version of VMware NSX installed on the remote host is 6.0.x prior
to 6.0.6. It is, therefore, affected by an unspecified information
disclosure vulnerability.

See also :

http://www.vmware.com/security/advisories/VMSA-2014-0009

Solution :

Upgrade to VMware NSX 6.0.6 or later.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)
CVSS Temporal Score : 4.3
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

This script is Copyright (C) 2014 Tenable Network Security, Inc.

VMware NSX Installed


Synopsis:

The remote host has a network virtualization application installed.

Description:

VMware NSX, a network virtualization application, is installed on the
remote host.

See also :

http://www.vmware.com/products/nsx

Solution :

n/a

Risk factor :

None

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Ubuntu 10.04 LTS / 12.04 LTS / 14.04 : bash vulnerabilities (USN-2364-1)


Synopsis:

The remote Ubuntu host is missing a security-related patch.

Description:

Florian Weimer and Todd Sabin discovered that the Bash parser
incorrectly handled memory. An attacker could possibly use this issue
to bypass certain environment restrictions and execute arbitrary code.
(CVE-2014-7186, CVE-2014-7187)

In addition, this update introduces a hardening measure which adds
prefixes and suffixes around environment variable names which contain
shell functions.

Solution :

Update the affected bash package.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

Ubuntu Security Notice (C) 2014 Canonical, Inc. / NASL script (C) 2014 Tenable Network Security, Inc.

SuSE 11.3 Security Update : wireshark (SAT Patch Number 9745)


Synopsis:

The remote SuSE 11 host is missing a security update.

Description:

The wireshark package was upgraded to 1.10.10 from 1.8.x as 1.8 was
discontinued.

This update fixes vulnerabilities that could allow an attacker to
crash Wireshark or make it become unresponsive by sending specific
packets onto the network or have them loaded via a capture file while
the dissectors are running. It also contains a number of other bug
fixes.

- RTP dissector crash. (wnpa-sec-2014-12 CVE-2014-6421 /
CVE-2014-6422)

- MEGACO dissector infinite loop. (wnpa-sec-2014-13
CVE-2014-6423)

- Netflow dissector crash. (wnpa-sec-2014-14
CVE-2014-6424)

- RTSP dissector crash. (wnpa-sec-2014-17 CVE-2014-6427)

- SES dissector crash. (wnpa-sec-2014-18 CVE-2014-6428)

- Sniffer file parser crash. (wnpa-sec-2014-19
CVE-2014-6429 / CVE-2014-6430 / CVE-2014-6431 /
CVE-2014-6432)

- The Catapult DCT2000 and IrDA dissectors could underrun
a buffer. (wnpa-sec-2014-08 CVE-2014-5161 /
CVE-2014-5162, bnc#889901)

- The GSM Management dissector could crash.
(wnpa-sec-2014-09 CVE-2014-5163, bnc#889906)

- The RLC dissector could crash. (wnpa-sec-2014-10
CVE-2014-5164, bnc#889900)

- The ASN.1 BER dissector could crash. (wnpa-sec-2014-11
CVE-2014-5165, bnc#889899) Further bug fixes as listed
in:
https://www.wireshark.org/docs/relnotes/wireshark-1.10.1
0.html and
https://www.wireshark.org/docs/relnotes/wireshark-1.10.9
.html .

See also :

https://bugzilla.novell.com/show_bug.cgi?id=889854
https://bugzilla.novell.com/show_bug.cgi?id=889899
https://bugzilla.novell.com/show_bug.cgi?id=889900
https://bugzilla.novell.com/show_bug.cgi?id=889901
https://bugzilla.novell.com/show_bug.cgi?id=889906
https://bugzilla.novell.com/show_bug.cgi?id=897055
http://support.novell.com/security/cve/CVE-2014-5161.html
http://support.novell.com/security/cve/CVE-2014-5162.html
http://support.novell.com/security/cve/CVE-2014-5163.html
http://support.novell.com/security/cve/CVE-2014-5164.html
http://support.novell.com/security/cve/CVE-2014-5165.html
http://support.novell.com/security/cve/CVE-2014-6421.html
http://support.novell.com/security/cve/CVE-2014-6422.html
http://support.novell.com/security/cve/CVE-2014-6423.html
http://support.novell.com/security/cve/CVE-2014-6424.html
http://support.novell.com/security/cve/CVE-2014-6427.html
http://support.novell.com/security/cve/CVE-2014-6428.html
http://support.novell.com/security/cve/CVE-2014-6429.html
http://support.novell.com/security/cve/CVE-2014-6430.html
http://support.novell.com/security/cve/CVE-2014-6431.html
http://support.novell.com/security/cve/CVE-2014-6432.html

Solution :

Apply SAT patch number 9745.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)

This script is Copyright (C) 2014 Tenable Network Security, Inc.

SuSE 11.3 Security Update : mozilla-nss (SAT Patch Number 9777)


Synopsis:

The remote SuSE 11 host is missing one or more security updates.

Description:

Mozilla NSS was updated to version 3.16.5 to fix a RSA certificate
forgery issue.

- Antoine Delignat-Lavaud, security researcher at Inria
Paris in team Prosecco, reported an issue in Network
Security Services (NSS) libraries affecting all
versions. He discovered that NSS is vulnerable to a
variant of a signature forgery attack previously
published by Daniel Bleichenbacher. This is due to
lenient parsing of ASN.1 values involved in a signature
and could lead to the forging of RSA certificates. (MFSA
2014-73 / CVE-2014-1568)

The Advanced Threat Research team at Intel Security also independently
discovered and reported this issue.

See also :

http://www.mozilla.org/security/announce/2014/mfsa2014-73.html
https://bugzilla.novell.com/show_bug.cgi?id=897890
http://support.novell.com/security/cve/CVE-2014-1568.html

Solution :

Apply SAT patch number 9777.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)

This script is Copyright (C) 2014 Tenable Network Security, Inc.

SuSE 11.3 Security Update : bash (SAT Patch Number 9780)


Synopsis:

The remote SuSE 11 host is missing one or more security updates.

Description:

The command-line shell 'bash' evaluates environment variables, which
allows the injection of characters and might be used to access files
on the system in some circumstances. (CVE-2014-7169)

Please note that this issue is different from a previously fixed
vulnerability tracked under CVE-2014-6271 and is less serious due to
the special, non-default system configuration that is needed to create
an exploitable situation.

To remove further exploitation potential we now limit the
function-in-environment variable to variables prefixed with
BASH_FUNC_. This hardening feature is work in progress and might be
improved in later updates.

Additionally, two other security issues have been fixed :

- Nested HERE documents could lead to a crash of bash.
(CVE-2014-7186)

- Nesting of for loops could lead to a crash of bash.
(CVE-2014-7187)

See also :

https://bugzilla.novell.com/show_bug.cgi?id=898346
https://bugzilla.novell.com/show_bug.cgi?id=898603
https://bugzilla.novell.com/show_bug.cgi?id=898604
http://support.novell.com/security/cve/CVE-2014-6271.html
http://support.novell.com/security/cve/CVE-2014-7169.html
http://support.novell.com/security/cve/CVE-2014-7186.html
http://support.novell.com/security/cve/CVE-2014-7187.html

Solution :

Apply SAT patch number 9780.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
Public Exploit Available : true

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Scientific Linux Security Update : nss on SL5.x, SL6.x i386/x86_64


Synopsis:

The remote Scientific Linux host is missing one or more security
updates.

Description:

A flaw was found in the way NSS parsed ASN.1 (Abstract Syntax Notation
One) input from certain RSA signatures. A remote attacker could use
this flaw to forge RSA certificates by providing a specially crafted
signature to an application using NSS. (CVE-2014-1568)

After installing this update, applications using NSS must be restarted
for this update to take effect.

See also :

http://www.nessus.org/u?97c75a6c

Solution :

Update the affected packages.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Scientific Linux Security Update : bash on SL5.x, SL6.x i386/x86_64


Synopsis:

The remote Scientific Linux host is missing one or more security
updates.

Description:

It was found that the fix for CVE-2014-6271 was incomplete, and Bash
still allowed certain characters to be injected into other
environments via specially crafted environment variables. An attacker
could potentially use this flaw to override or bypass environment
restrictions to execute shell commands. Certain services and
applications allow remote unauthenticated attackers to provide
environment variables, allowing them to exploit this issue.
(CVE-2014-7169)

Applications which directly create bash functions as environment
variables need to be made aware of changes to the way names are
handled by this update.

Note: Docker users are advised to use 'yum update' within their
containers, and to commit the resulting changes.

For additional information on CVE-2014-6271 and CVE-2014-7169, refer
to https://securityblog.redhat.com/2014/09/24/bash-specially
crafted-environment-variables-code-injection-attack/

See also :

http://www.nessus.org/u?5a9483a0

Solution :

Update the affected bash, bash-debuginfo and / or bash-doc packages.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
Public Exploit Available : true

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Scientific Linux Security Update : nss and nspr on SL5.x i386/x86_64


Synopsis:

The remote Scientific Linux host is missing one or more security
updates.

Description:

A flaw was found in the way TLS False Start was implemented in NSS. An
attacker could use this flaw to potentially return unencrypted
information from the server. (CVE-2013-1740)

A race condition was found in the way NSS implemented session ticket
handling as specified by RFC 5077. An attacker could use this flaw to
crash an application using NSS or, in rare cases, execute arbitrary
code with the privileges of the user running that application.
(CVE-2014-1490)

It was found that NSS accepted weak Diffie-Hellman Key exchange (DHKE)
parameters. This could possibly lead to weak encryption being used in
communication between the client and the server. (CVE-2014-1491)

An out-of-bounds write flaw was found in NSPR. A remote attacker could
potentially use this flaw to crash an application using NSPR or,
possibly, execute arbitrary code with the privileges of the user
running that application. This NSPR flaw was not exposed to web
content in any shipped version of Firefox. (CVE-2014-1545)

It was found that the implementation of Internationalizing Domain
Names in Applications (IDNA) hostname matching in NSS did not follow
the RFC 6125 recommendations. This could lead to certain invalid
certificates with international characters to be accepted as valid.
(CVE-2014-1492)

The nss and nspr packages have been upgraded to upstream version
3.16.1 and 4.10.6 respectively, which provide a number of bug fixes
and enhancements over the previous versions.

This update also fixes the following bugs :

- Previously, when the output.log file was not present on
the system, the shell in the Network Security Services
(NSS) specification handled test failures incorrectly as
false positive test results. Consequently, certain
utilities, such as 'grep', could not handle failures
properly. This update improves error detection in the
specification file, and 'grep' and other utilities now
handle missing files or crashes as intended.

- Prior to this update, a subordinate Certificate
Authority (CA) of the ANSSI agency incorrectly issued an
intermediate certificate installed on a network
monitoring device. As a consequence, the monitoring
device was enabled to act as an MITM (Man in the Middle)
proxy performing traffic management of domain names or
IP addresses that the certificate holder did not own or
control. The trust in the intermediate certificate to
issue the certificate for an MITM device has been
revoked, and such a device can no longer be used for
MITM attacks.

- Due to a regression, MD5 certificates were rejected by
default because Network Security Services (NSS) did not
trust MD5 certificates. With this update, MD5
certificates are supported in Scientific Linux 5.

See also :

http://www.nessus.org/u?efdd4387

Solution :

Update the affected packages.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Scientific Linux Security Update : automake on SL5.x (noarch)


Synopsis:

The remote Scientific Linux host is missing a security update.

Description:

It was found that the distcheck rule in Automake-generated Makefiles
made a directory world-writable when preparing source archives. If a
malicious, local user could access this directory, they could execute
arbitrary code with the privileges of the user running 'make
distcheck'. (CVE-2012-3386)

See also :

http://www.nessus.org/u?645fb402

Solution :

Update the affected automake package.

Risk factor :

Medium / CVSS Base Score : 4.4
(CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:P)

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Oracle Linux 4 : bash (ELSA-2014-3079)


Synopsis:

The remote Oracle Linux host is missing a security update.

Description:

Description of changes:

[3.0-27.0.3]
- Rework env function definition for safety (Florian Weimer) [CVE-2014-7169]

See also :

https://oss.oracle.com/pipermail/el-errata/2014-September/004493.html

Solution :

Update the affected bash package.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Oracle Linux 5 / 6 / 7 : nss (ELSA-2014-1307)


Synopsis:

The remote Oracle Linux host is missing one or more security updates.

Description:

From Red Hat Security Advisory 2014:1307 :

Updated nss packages that fix one security issue are now available for
Red Hat Enterprise Linux 5, 6, and 7.

Red Hat Product Security has rated this update as having Important
security impact. A Common Vulnerability Scoring System (CVSS) base
score, which gives a detailed severity rating, is available from the
CVE link in the References section.

Network Security Services (NSS) is a set of libraries designed to
support the cross-platform development of security-enabled client and
server applications. Netscape Portable Runtime (NSPR) provides
platform independence for non-GUI operating system facilities.

A flaw was found in the way NSS parsed ASN.1 (Abstract Syntax Notation
One) input from certain RSA signatures. A remote attacker could use
this flaw to forge RSA certificates by providing a specially crafted
signature to an application using NSS. (CVE-2014-1568)

Red Hat would like to thank the Mozilla project for reporting this
issue. Upstream acknowledges Antoine Delignat-Lavaud and Intel Product
Security Incident Response Team as the original reporters.

All NSS users are advised to upgrade to these updated packages, which
contain a backported patch to correct this issue. After installing
this update, applications using NSS must be restarted for this update
to take effect.

See also :

https://oss.oracle.com/pipermail/el-errata/2014-September/004490.html
https://oss.oracle.com/pipermail/el-errata/2014-September/004491.html
https://oss.oracle.com/pipermail/el-errata/2014-September/004487.html

Solution :

Update the affected nss packages.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Oracle Linux 5 / 6 / 7 : bash (ELSA-2014-1306)


Synopsis:

The remote Oracle Linux host is missing one or more security updates.

Description:

From Red Hat Security Advisory 2014:1306 :

Updated bash packages that fix one security issue are now available
for Red Hat Enterprise Linux 5, 6, and 7.

Red Hat Product Security has rated this update as having Important
security impact. A Common Vulnerability Scoring System (CVSS) base
score, which gives a detailed severity rating, is available from the
CVE link in the References section.

The GNU Bourne Again shell (Bash) is a shell and command language
interpreter compatible with the Bourne shell (sh). Bash is the default
shell for Red Hat Enterprise Linux.

It was found that the fix for CVE-2014-6271 was incomplete, and Bash
still allowed certain characters to be injected into other
environments via specially crafted environment variables. An attacker
could potentially use this flaw to override or bypass environment
restrictions to execute shell commands. Certain services and
applications allow remote unauthenticated attackers to provide
environment variables, allowing them to exploit this issue.
(CVE-2014-7169)

Applications which directly create bash functions as environment
variables need to be made aware of changes to the way names are
handled by this update. For more information see the Knowledgebase
article at https://access.redhat.com/articles/1200223

Note: Docker users are advised to use 'yum update' within their
containers, and to commit the resulting changes.

For additional information on CVE-2014-6271 and CVE-2014-7169, refer
to the aforementioned Knowledgebase article.

All bash users are advised to upgrade to these updated packages, which
contain a backported patch to correct this issue.

See also :

https://oss.oracle.com/pipermail/el-errata/2014-September/004486.html
https://oss.oracle.com/pipermail/el-errata/2014-September/004484.html
https://oss.oracle.com/pipermail/el-errata/2014-September/004485.html

Solution :

Update the affected bash packages.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 9.0
(CVSS2#E:POC/RL:U/RC:ND)
Public Exploit Available : true

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Mandriva Linux Security Advisory : bash (MDVSA-2014:190)


Synopsis:

The remote Mandriva Linux host is missing one or more security
updates.

Description:

It was found that the fix for CVE-2014-6271 was incomplete, and Bash
still allowed certain characters to be injected into other
environments via specially crafted environment variables. An attacker
could potentially use this flaw to override or bypass environment
restrictions to execute shell commands. Certain services and
applications allow remote unauthenticated attackers to provide
environment variables, allowing them to exploit this issue
(CVE-2014-7169).

Additionally bash has been updated from patch level 37 to 48 using the
upstream patches at ftp://ftp.gnu.org/gnu/bash/bash-4.2-patches/ which
resolves various bugs.

See also :

https://rhn.redhat.com/errata/RHSA-2014-1306.html

Solution :

Update the affected bash and / or bash-doc packages.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 9.0
(CVSS2#E:POC/RL:U/RC:ND)
Public Exploit Available : true

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Fedora 20 : rubygem-activerecord-4.0.0-5.fc20 (2014-9706)


Synopsis:

The remote Fedora host is missing a security update.

Description:

Fix CVE-2014-3514: vulnerability in the create_with

See also :

https://bugzilla.redhat.com/show_bug.cgi?id=1131240
http://www.nessus.org/u?af3aa5b2

Solution :

Update the affected rubygem-activerecord package.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 6.5
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

This script is Copyright (C) 2014 Tenable Network Security, Inc.