Newest Plugins

phpMyAdmin 4.0.x < 4.0.10.6 / 4.1.x < 4.1.14.7 / 4.2.x < 4.2.12 Multiple Vulnerabilities (PMASA-2014-13 - PMASA-2014-16)


Synopsis:

The remote web server hosts a PHP application that is affected by
multiple vulnerabilities.

Description:

According to its self-reported version number, the phpMyAdmin
application hosted on the remote web server is 4.0.x prior to
4.0.10.6, 4.1.x prior to 4.1.14.7, or 4.2.x prior to 4.2.12. It is,
therefore, affected by the following vulnerabilities :

- A cross-site scripting vulnerability in the zoom search
page due to improper validation of input when handling
an ENUM value before returning it to the user. A remote
attacker, with a specially crafted request, could
potentially execute arbitrary script code within the
browser / server trust relationship. (CVE-2014-8958)

- A cross-site scripting vulnerability in the home page
due to improper validation of input when handling a font
size before returning it to the user. A remote attacker,
with a specially crafted request, could potentially
execute arbitrary script code within the browser /
server trust relationship. (CVE-2014-8958)

- A cross-site scripting vulnerability in the print view
page due to improper validation of input when handling
an ENUM value before returning it to the user. A remote
attacker, with a specially crafted request, could
potentially execute arbitrary script code within the
browser / server trust relationship. (CVE-2014-8958)

- A cross-site scripting vulnerability in the table browse
page due to improper validation of input when handling
database, table, and column names before returning them
to the user. A remote attacker, with a specially crafted
request, could potentially execute arbitrary script code
within the browser / server trust relationship.
(CVE-2014-8958)

- A local file inclusion vulnerability in the GIS editor
feature due to improperly validation of a parameter used
to specify the geometry type. This could allow a remote,
authenticated attacker to include arbitrary files from
the host, allowing disclosure of the file contents or
the execution of scripts on the host. (CVE-2014-8959)

- A cross-site scripting vulnerability in the error
reporting page due to improper validation of filenames
before returning them to the user. This could allow a
remote attacker, with a specially crafted request, to
potentially execute arbitrary script code within the
browser / server trust relationship. (CVE-2014-8960)

- An information disclosure vulnerability in the error
reporting feature due to improper validation of
user-supplied input. This could allow a remote,
authenticated attacker to determine a file's line count.
(CVE-2014-8961)

Note that Nessus has not tested for these issues but has instead
relied only on the application's self-reported version number.

See also :

http://www.phpmyadmin.net/home_page/security/PMASA-2014-13.php
http://www.nessus.org/u?dfe5cc06
http://www.nessus.org/u?94943b40
http://www.nessus.org/u?866d3a60
http://www.nessus.org/u?7c5e2e33
http://www.phpmyadmin.net/home_page/security/PMASA-2014-14.php
http://www.nessus.org/u?b978eb70
http://www.nessus.org/u?ab0ccaa0
http://www.nessus.org/u?515d6830
http://www.phpmyadmin.net/home_page/security/PMASA-2014-15.php
http://www.nessus.org/u?4d2af6a3
http://www.nessus.org/u?a0200565
http://www.phpmyadmin.net/home_page/security/PMASA-2014-16.php
http://www.nessus.org/u?41a9e040
http://www.nessus.org/u?9193c577

Solution :

Upgrade to phpMyAdmin 4.0.10.6 / 4.1.14.7 / 4.2.12 or later, or apply
the patches referenced in the vendor advisory.

Risk factor :

Medium / CVSS Base Score : 4.9
(CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:N)
CVSS Temporal Score : 4.3
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Ubuntu 12.04 LTS / 14.04 / 14.10 : clamav vulnerabilities (USN-2423-1)


Synopsis:

The remote Ubuntu host is missing a security-related patch.

Description:

Kurt Seifried discovered that ClamAV incorrectly handled certain
JavaScript files. An attacker could possibly use this issue to cause
ClamAV to crash, resulting in a denial of service, or possibly execute
arbitrary code. (CVE-2013-6497)

Damien Millescamp discovered that ClamAV incorrectly handled certain
PE files. An attacker could possibly use this issue to cause ClamAV to
crash, resulting in a denial of service, or possibly execute arbitrary
code. (CVE-2014-9050).

Solution :

Update the affected clamav package.

Risk factor :

High

Ubuntu Security Notice (C) 2014 Canonical, Inc. / NASL script (C) 2014 Tenable Network Security, Inc.

RHEL 5 / 6 : flash-plugin (RHSA-2014:1915)


Synopsis:

The remote Red Hat host is missing a security update.

Description:

An updated Adobe Flash Player package that fixes one security issue is
now available for Red Hat Enterprise Linux 5 and 6 Supplementary.

Red Hat Product Security has rated this update as having Critical
security impact. A Common Vulnerability Scoring System (CVSS) base
score, which gives a detailed severity rating, is available from the
CVE link in the References section.

The flash-plugin package contains a Mozilla Firefox compatible Adobe
Flash Player web browser plug-in.

This update fixes one vulnerability in Adobe Flash Player. This
vulnerability is detailed in the Adobe Security Bulletin APSB14-26,
listed in the References section.

A flaw was found in the way flash-plugin displayed certain SWF
content. An attacker could use this flaw to create a specially crafted
SWF file that would cause flash-plugin to crash or, potentially,
execute arbitrary code when the victim loaded a page containing the
malicious SWF content. (CVE-2014-8439)

All users of Adobe Flash Player should install this updated package,
which upgrades Flash Player to version 11.2.202.424.

See also :

https://www.redhat.com/security/data/cve/CVE-2014-8439.html
https://helpx.adobe.com/security/products/flash-player/apsb14-26.html
http://rhn.redhat.com/errata/RHSA-2014-1915.html

Solution :

Update the affected flash-plugin package.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)

This script is Copyright (C) 2014 Tenable Network Security, Inc.

RHEL 7 : ruby (RHSA-2014:1912)


Synopsis:

The remote Red Hat host is missing one or more security updates.

Description:

Updated ruby packages that fix three security issues are now available
for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having Moderate
security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.

Ruby is an extensible, interpreted, object-oriented, scripting
language. It has features to process text files and to perform system
management tasks.

Multiple denial of service flaws were found in the way the Ruby REXML
XML parser performed expansion of parameter entities. A specially
crafted XML document could cause REXML to use an excessive amount of
CPU and memory. (CVE-2014-8080, CVE-2014-8090)

A stack-based buffer overflow was found in the implementation of the
Ruby Array pack() method. When performing base64 encoding, a single
byte could be written past the end of the buffer, possibly causing
Ruby to crash. (CVE-2014-4975)

The CVE-2014-8090 issue was discovered by Red Hat Product Security.

All ruby users are advised to upgrade to these updated packages, which
contain backported patches to correct these issues. All running
instances of Ruby need to be restarted for this update to take effect.

See also :

https://www.redhat.com/security/data/cve/CVE-2014-4975.html
https://www.redhat.com/security/data/cve/CVE-2014-8080.html
https://www.redhat.com/security/data/cve/CVE-2014-8090.html
http://rhn.redhat.com/errata/RHSA-2014-1912.html

Solution :

Update the affected packages.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)

This script is Copyright (C) 2014 Tenable Network Security, Inc.

RHEL 6 : ruby (RHSA-2014:1911)


Synopsis:

The remote Red Hat host is missing one or more security updates.

Description:

Updated ruby packages that fix two security issues are now available
for Red Hat Enterprise Linux 6.

Red Hat Product Security has rated this update as having Moderate
security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.

Ruby is an extensible, interpreted, object-oriented, scripting
language. It has features to process text files and to perform system
management tasks.

Multiple denial of service flaws were found in the way the Ruby REXML
XML parser performed expansion of parameter entities. A specially
crafted XML document could cause REXML to use an excessive amount of
CPU and memory. (CVE-2014-8080, CVE-2014-8090)

The CVE-2014-8090 issue was discovered by Red Hat Product Security.

All ruby users are advised to upgrade to these updated packages, which
contain backported patches to correct these issues. All running
instances of Ruby need to be restarted for this update to take effect.

See also :

https://www.redhat.com/security/data/cve/CVE-2014-8080.html
https://www.redhat.com/security/data/cve/CVE-2014-8090.html
http://rhn.redhat.com/errata/RHSA-2014-1911.html

Solution :

Update the affected packages.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Oracle Linux 7 : ruby (ELSA-2014-1912)


Synopsis:

The remote Oracle Linux host is missing one or more security updates.

Description:

From Red Hat Security Advisory 2014:1912 :

Updated ruby packages that fix three security issues are now available
for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having Moderate
security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.

Ruby is an extensible, interpreted, object-oriented, scripting
language. It has features to process text files and to perform system
management tasks.

Multiple denial of service flaws were found in the way the Ruby REXML
XML parser performed expansion of parameter entities. A specially
crafted XML document could cause REXML to use an excessive amount of
CPU and memory. (CVE-2014-8080, CVE-2014-8090)

A stack-based buffer overflow was found in the implementation of the
Ruby Array pack() method. When performing base64 encoding, a single
byte could be written past the end of the buffer, possibly causing
Ruby to crash. (CVE-2014-4975)

The CVE-2014-8090 issue was discovered by Red Hat Product Security.

All ruby users are advised to upgrade to these updated packages, which
contain backported patches to correct these issues. All running
instances of Ruby need to be restarted for this update to take effect.

See also :

https://oss.oracle.com/pipermail/el-errata/2014-November/004674.html

Solution :

Update the affected ruby packages.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Oracle Linux 6 : ruby (ELSA-2014-1911)


Synopsis:

The remote Oracle Linux host is missing one or more security updates.

Description:

From Red Hat Security Advisory 2014:1911 :

Updated ruby packages that fix two security issues are now available
for Red Hat Enterprise Linux 6.

Red Hat Product Security has rated this update as having Moderate
security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.

Ruby is an extensible, interpreted, object-oriented, scripting
language. It has features to process text files and to perform system
management tasks.

Multiple denial of service flaws were found in the way the Ruby REXML
XML parser performed expansion of parameter entities. A specially
crafted XML document could cause REXML to use an excessive amount of
CPU and memory. (CVE-2014-8080, CVE-2014-8090)

The CVE-2014-8090 issue was discovered by Red Hat Product Security.

All ruby users are advised to upgrade to these updated packages, which
contain backported patches to correct these issues. All running
instances of Ruby need to be restarted for this update to take effect.

See also :

https://oss.oracle.com/pipermail/el-errata/2014-November/004673.html

Solution :

Update the affected ruby packages.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)

This script is Copyright (C) 2014 Tenable Network Security, Inc.

openSUSE Security Update : wireshark (openSUSE-SU-2014:1503-1)


Synopsis:

The remote openSUSE host is missing a security update.

Description:

wireshark was updated to fix five security issues.
These security
issues were fixed :

- SigComp UDVM buffer overflow (CVE-2014-8710).

- AMQP crash (CVE-2014-8711).

- NCP crashes (CVE-2014-8712, CVE-2014-8713).

- TN5250 infinite loops (CVE-2014-8714).

For openSUSE 12.3 and 13.1 further bug fixes and updated protocol
support are described in:
https://www.wireshark.org/docs/relnotes/wireshark-1.10.11.html

For openSUSE 13.2 further bug fixes and updated protocol support are
described in:
https://www.wireshark.org/docs/relnotes/wireshark-1.12.2.html

See also :

http://lists.opensuse.org/opensuse-updates/2014-11/msg00104.html
https://bugzilla.opensuse.org/show_bug.cgi?id=905245
https://bugzilla.opensuse.org/show_bug.cgi?id=905246
https://bugzilla.opensuse.org/show_bug.cgi?id=905247
https://bugzilla.opensuse.org/show_bug.cgi?id=905248
https://www.wireshark.org/docs/relnotes/wireshark-1.10.11.html
https://www.wireshark.org/docs/relnotes/wireshark-1.12.2.html

Solution :

Update the affected wireshark packages.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)

This script is Copyright (C) 2014 Tenable Network Security, Inc.

openSUSE Security Update : rubygem-sprockets-2_1 (openSUSE-SU-2014:1502-1)


Synopsis:

The remote openSUSE host is missing a security update.

Description:

rubygem-sprockets-2_1 was updated to fix one security issue.

This security issue was fixed :

- Arbitrary file existence disclosure (CVE-2014-7819).

See also :

http://lists.opensuse.org/opensuse-updates/2014-11/msg00103.html
https://bugzilla.opensuse.org/show_bug.cgi?id=903658

Solution :

Update the affected rubygem-sprockets-2_1 package.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)

This script is Copyright (C) 2014 Tenable Network Security, Inc.

openSUSE Security Update : rubygem-sprockets-2_2 (openSUSE-SU-2014:1504-1)


Synopsis:

The remote openSUSE host is missing a security update.

Description:

rubygem-sprockets-2_2 was updated to fix one security issue.

This security issue was fixed :

- Arbitrary file existence disclosure (CVE-2014-7819).

See also :

http://lists.opensuse.org/opensuse-updates/2014-11/msg00105.html
https://bugzilla.opensuse.org/show_bug.cgi?id=903658

Solution :

Update the affected rubygem-sprockets-2_2 package.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Mandriva Linux Security Advisory : libvncserver (MDVSA-2014:229)


Synopsis:

The remote Mandriva Linux host is missing one or more security
updates.

Description:

Updated libvncserver packages fix security vulnerabilities :

A malicious VNC server can trigger incorrect memory management
handling by advertising a large screen size parameter to the VNC
client. This would result in multiple memory corruptions and could
allow remote code execution on the VNC client (CVE-2014-6051,
CVE-2014-6052).

A malicious VNC client can trigger multiple DoS conditions on the VNC
server by advertising a large screen size, ClientCutText message
length and/or a zero scaling factor parameter (CVE-2014-6053,
CVE-2014-6054).

A malicious VNC client can trigger multiple stack-based buffer
overflows by passing a long file and directory names and/or attributes
(FileTime) when using the file transfer message feature
(CVE-2014-6055).

Additionally libvncserver has been built against the new system
minilzo library which is also being provided with this advisory.

See also :

http://advisories.mageia.org/MGASA-2014-0397.html

Solution :

Update the affected packages.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 6.5
(CVSS2#E:ND/RL:OF/RC:ND)
Public Exploit Available : true

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Mandriva Linux Security Advisory : phpmyadmin (MDVSA-2014:228)


Synopsis:

The remote Mandriva Linux host is missing a security update.

Description:

Multiple vulnerabilities has been discovered and corrected in
phpmyadmin :

- Multiple XSS vulnerabilities (CVE-2014-8958).

- Local file inclusion vulnerability (CVE-2014-8959).

- XSS vulnerability in error reporting functionality
(CVE-2014-8960).

- Leakage of line count of an arbitrary file
(CVE-2014-8961).

This upgrade provides the latest phpmyadmin version (4.2.12) to
address these vulnerabilities.

See also :

http://sourceforge.net/p/phpmyadmin/news/
http://www.phpmyadmin.net/home_page/security/PMASA-2014-13.php
http://www.phpmyadmin.net/home_page/security/PMASA-2014-14.php
http://www.phpmyadmin.net/home_page/security/PMASA-2014-15.php
http://www.phpmyadmin.net/home_page/security/PMASA-2014-16.php

Solution :

Update the affected phpmyadmin package.

Risk factor :

Medium / CVSS Base Score : 6.5
(CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P)
CVSS Temporal Score : 5.7
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

This script is Copyright (C) 2014 Tenable Network Security, Inc.

F5 Networks BIG-IP : bzip2 vulnerability (SOL15878)


Synopsis:

The remote device is missing a vendor-supplied security patch.

Description:

Integer overflow in the BZ2_decompress function in decompress.c in
bzip2 and libbzip2 before 1.0.6 allows context-dependent attackers to
cause a denial of service (application crash) or possibly execute
arbitrary code via a crafted compressed file.

See also :

http://www.nessus.org/u?5dc02df2

Solution :

Upgrade to one of the non-vulnerable versions listed in the F5
Solution SOL15878.

Risk factor :

Medium / CVSS Base Score : 5.1
(CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 3.8
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Debian DSA-3077-1 : openjdk-6 - security update


Synopsis:

The remote Debian host is missing a security-related update.

Description:

Several vulnerabilities have been discovered in OpenJDK, an
implementation of the Oracle Java platform, resulting in the execution
of arbitrary code, information disclosure or denial of service.

See also :

http://www.debian.org/security/2014/dsa-3077

Solution :

Upgrade the openjdk-6 packages.

For the stable distribution (wheezy), these problems have been fixed
in version 6b33-1.13.5-2~deb7u1.

Risk factor :

Medium / CVSS Base Score : 6.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 5.9
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Cisco TelePresence Conductor Default Credentials (Web UI)


Synopsis:

The remote web application uses default credentials.

Description:

It is possible to log into the remote Cisco TelePresence Conductor
installation by providing the default credentials. A remote,
unauthenticated attacker can exploit this to gain administrative
control.

Solution :

Secure any default accounts with a strong password.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 7.5
(CVSS2#E:H/RL:ND/RC:ND)
Public Exploit Available : true

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Cisco TelePresence Conductor Bash Remote Code Execution (Shellshock)


Synopsis:

The remote Cisco TelePresence Conductor device is affected by a
command injection vulnerability.

Description:

According to its self-reported version number, remote Cisco
TelePresence Conductor device is affected by a command injection
vulnerability in GNU Bash known as Shellshock. The vulnerability is
due to the processing of trailing strings after function definitions
in the values of environment variables. This allows a remote attacker
to execute arbitrary code via environment variable manipulation
depending on the configuration of the system.

Note that an attacker must be authenticated before the device is
exposed to this exploit.

See also :

https://tools.cisco.com/bugsearch/bug/CSCur02103
http://www.nessus.org/u?7269978d
http://seclists.org/oss-sec/2014/q3/650
http://www.nessus.org/u?dacf7829
https://www.invisiblethreat.ca/2014/09/cve-2014-6271/

Solution :

Upgrade to version 2.3.1 / 2.4.1 / 3.0 or later.

Risk factor :

High / CVSS Base Score : 9.0
(CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C)
CVSS Temporal Score : 7.8
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Default Password (TANDBERG) for 'root' Account


Synopsis:

The remote system can be accessed with a default account.

Description:

The account 'root' on the remote host has the password 'TANDBERG'.

An attacker may leverage this issue to gain administrative access to
the affected system.

Note that Cisco TelePresence Conductor virtual appliances are known to
use these credentials to provide complete, administrative access to
the appliance.

Solution :

Set a strong password for this account or use ACLs to restrict access
to the host.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
Public Exploit Available : true

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Cisco TelePresence Conductor WebUI Detection


Synopsis:

The login page for a Cisco TelePresence Conductor video conferencing
device was detected on the remote web server.

Description:

The login page for a Cisco TelePresence Conductor video conferencing
device was detected on the remote web server. With valid credentials it is
possible to extract version information from the API.

See also :

http://www.nessus.org/u?55fcb1a9

Solution :

n/a

Risk factor :

None

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Cisco TelePresence Conductor Detection


Synopsis:

Nessus detected a remote video conferencing device.

Description:

Nessus determined that the remote host is a Cisco TelePresence
Conductor video teleconferencing device.

See also :

http://www.nessus.org/u?55fcb1a9

Solution :

n/a

Risk factor :

None

This script is Copyright (C) 2014 Tenable Network Security, Inc.

CUPS < 2.0.1 SSLv3 Legacy Encryption Vulnerability (POODLE)


Synopsis:

The remote printer service is potentially affected by an information
disclosure vulnerability.

Description:

According to its banner, the CUPS printer service installed on the
remote host is a version prior to 2.0.1. It is, therefore, potentially
affected by a man-in-the-middle (MitM) information disclosure
vulnerability known as POODLE. The vulnerability is due to the way SSL
3.0 handles padding bytes when decrypting messages encrypted using
block ciphers in cipher block chaining (CBC) mode. MitM attackers can
decrypt a selected byte of a cipher text in as few as 256 tries if
they are able to force a victim application to repeatedly send the
same data over newly created SSL 3.0 connections.

Note that Nessus has not tested for this issue but has instead relied
only on the application's self-reported version number.

See also :

https://cups.org/blog.php?L734
https://cups.org/str.php?L4476
https://www.imperialviolet.org/2014/10/14/poodle.html
https://www.openssl.org/~bodo/ssl-poodle.pdf
https://tools.ietf.org/html/draft-ietf-tls-downgrade-scsv-00

Solution :

Either upgrade to CUPS version 2.0.1 or later, or apply the vendor
patch.

Risk factor :

Medium / CVSS Base Score : 4.3
(CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N)
CVSS Temporal Score : 3.7
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Google Chrome < 39.0.2171.71 Flash Player Remote Code Execution (Mac OS X)


Synopsis:

The remote Mac OS X host contains a web browser that is affected by a
remote code execution vulnerability.

Description:

The version of Google Chrome installed on the remote Mac OS X host is
prior to 39.0.2171.71. It is, therefore, affected by a remote code
execution vulnerability in the included Flash Player plugin, which is
due to the processing of a dereferenced memory pointer.

See also :

http://www.nessus.org/u?4bb46c17

Solution :

Upgrade to Google Chrome 39.0.2171.71 or later.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 8.1
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Google Chrome < 39.0.2171.71 Flash Player Remote Code Execution


Synopsis:

The remote Windows host contains a web browser that is affected by a
remote code execution vulnerability.

Description:

The version of Google Chrome installed on the remote Windows host is
prior to 39.0.2171.71. It is, therefore, affected by a remote code
execution vulnerability in the included Flash Player plugin, which is
due to the processing of a dereferenced memory pointer.

See also :

http://www.nessus.org/u?4bb46c17

Solution :

Upgrade to Google Chrome 39.0.2171.71 or later.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 8.1
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Cisco IOS XR DHCPv6 DoS


Synopsis:

The remote device is missing vendor-supplied security patches.

Description:

The remote Cisco device is running a version of Cisco IOS XR software
that is affected by a denial of service vulnerability related to the
incorrect handling of malformed DHCPv6 packets.

See also :

http://www.nessus.org/u?3262dc10
http://tools.cisco.com/security/center/viewAlert.x?alertId=35651

Solution :

Apply the relevant patches referenced in Cisco bug ID CSCuo59052.

Risk factor :

Medium / CVSS Base Score : 4.3
(CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P)
CVSS Temporal Score : 3.7
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

This script is (C) 2014 Tenable Network Security, Inc.

Ubuntu 14.04 / 14.10 : squid3 vulnerabilities (USN-2422-1)


Synopsis:

The remote Ubuntu host is missing a security-related patch.

Description:

Sebastian Krahmer discovered that the Squid pinger incorrectly handled
certain malformed ICMP packets. A remote attacker could possibly use
this issue to cause Squid to crash, resulting in a denial of service.

Solution :

Update the affected squid3 package.

Risk factor :

Medium / CVSS Base Score : 6.4
(CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P)
CVSS Temporal Score : 5.6
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

Ubuntu Security Notice (C) 2014 Canonical, Inc. / NASL script (C) 2014 Tenable Network Security, Inc.

openSUSE Security Update : zeromq (openSUSE-SU-2014:1493-1)


Synopsis:

The remote openSUSE host is missing a security update.

Description:

zeromq was updated to version 4.0.5 to fix two security issues and
various other bugs.

These security issues were fixed :

- Did not validate the other party's security handshake
properly, allowing a man-in-the-middle downgrade attack
(CVE-2014-7202).

- Did not implement a uniqueness check on connection
nonces, and the CurveZMQ RFC was ambiguous about nonce
validation. This allowed replay attacks (CVE-2014-7203).

Other issues fixed in this update :

- CURVE mechanism does not verify short term nonces.

- stream_engine is vulnerable to downgrade attacks.

- assertion failure for WSAENOTSOCK on Windows.

- race condition while connecting inproc sockets.

- bump so library number to 4.0.0

- assertion failed: !more (fq.cpp:99) after many ZAP
requests.

- lost first part of message over inproc://.

See also :

http://lists.opensuse.org/opensuse-updates/2014-11/msg00101.html
https://bugzilla.opensuse.org/show_bug.cgi?id=898917

Solution :

Update the affected zeromq packages.

Risk factor :

Medium / CVSS Base Score : 4.3
(CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N)

This script is Copyright (C) 2014 Tenable Network Security, Inc.

openSUSE Security Update : ImageMagick (openSUSE-SU-2014:1492-1)


Synopsis:

The remote openSUSE host is missing a security update.

Description:

ImageMagick was updated to fix one security issue.

This security issue was fixed :

- Crafted jpeg file could lead to DOS (CVE-2014-8716).

See also :

http://lists.opensuse.org/opensuse-updates/2014-11/msg00100.html
https://bugzilla.opensuse.org/show_bug.cgi?id=905260

Solution :

Update the affected ImageMagick packages.

Risk factor :

Medium

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Mandriva Linux Security Advisory : ffmpeg (MDVSA-2014:227)


Synopsis:

The remote Mandriva Linux host is missing one or more security
updates.

Description:

Multiple vulnerabilities has been discovered and corrected in ffmpeg :

The decode_init function in libavcodec/huffyuv.c in FFmpeg before 1.1
allows remote attackers to have an unspecified impact via a crafted
width in huffyuv data with the predictor set to median and the
colorspace set to YUV422P, which triggers an out-of-bounds array
access (CVE-2013-0848).

The parse_picture_segment function in libavcodec/pgssubdec.c in FFmpeg
before 1.1 allows remote attackers to have an unspecified impact via
crafted RLE data, which triggers an out-of-bounds array access
(CVE-2013-0852).

The ff_er_frame_end function in libavcodec/error_resilience.c in
FFmpeg before 1.0.4 and 1.1.x before 1.1.1 does not properly verify
that a frame is fully initialized, which allows remote attackers to
trigger a NULL pointer dereference via crafted picture data
(CVE-2013-0860).

The mm_decode_inter function in mmvideo.c in libavcodec in FFmpeg
before 1.2.1 does not validate the relationship between a horizontal
coordinate and a width value, which allows remote attackers to cause a
denial of service (out-of-bounds array access and application crash)
via crafted American Laser Games (ALG) MM Video data (CVE-2013-3672).

The cdg_decode_frame function in cdgraphics.c in libavcodec in FFmpeg
before 1.2.1 does not validate the presence of non-header data in a
buffer, which allows remote attackers to cause a denial of service
(out-of-bounds array access and application crash) via crafted CD
Graphics Video data (CVE-2013-3674).

The read_header function in libavcodec/ffv1dec.c in FFmpeg before 2.1
does not properly enforce certain bit-count and colorspace
constraints, which allows remote attackers to cause a denial of
service (out-of-bounds array access) or possibly have unspecified
other impact via crafted FFV1 data (CVE-2013-7020).

The updated packages have been upgraded to the 0.10.15 version which
is not vulnerable to these issues.

See also :

https://www.ffmpeg.org/security.html

Solution :

Update the affected packages.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 8.1
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Mandriva Linux Security Advisory : imagemagick (MDVSA-2014:226)


Synopsis:

The remote Mandriva Linux host is missing one or more security
updates.

Description:

Updated imagemagick packages fix security vulnerabilities :

ImageMagick is vulnerable to a denial of service due to out-of-bounds
memory accesses in the resize code (CVE-2014-8354), PCX parser
(CVE-2014-8355), DCM decoder (CVE-2014-8562), and JPEG decoder
(CVE-2014-8716).

See also :

http://advisories.mageia.org/MGASA-2014-0482.html

Solution :

Update the affected packages.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVSS Temporal Score : 4.3
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Mandriva Linux Security Advisory : ruby (MDVSA-2014:225)


Synopsis:

The remote Mandriva Linux host is missing one or more security
updates.

Description:

Updated ruby packages fix security vulnerabilities :

Will Wood discovered that Ruby incorrectly handled the encodes()
function. An attacker could possibly use this issue to cause Ruby to
crash, resulting in a denial of service, or possibly execute arbitrary
code. The default compiler options for affected releases should reduce
the vulnerability to a denial of service (CVE-2014-4975).

Due to an incomplete fix for CVE-2014-8080, 100% CPU utilization can
occur as a result of recursive expansion with an empty String. When
reading text nodes from an XML document, the REXML parser in Ruby can
be coerced into allocating extremely large string objects which can
consume all of the memory on a machine, causing a denial of service
(CVE-2014-8090).

Additionally ruby has been upgraded to patch level 374.

See also :

http://advisories.mageia.org/MGASA-2014-0472.html

Solution :

Update the affected packages.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)
CVSS Temporal Score : 4.3
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

This script is Copyright (C) 2014 Tenable Network Security, Inc.

HP-UX PHCO_43875 : s700_800 11.31 libpam_updbe patch


Synopsis:

The remote HP-UX host is missing a security-related patch.

Description:

s700_800 11.31 libpam_updbe patch :

A potential security vulnerability has been identified in the HP-UX
running PAM using libpam_updbe in pam.conf(4). This vulnerability
could allow remote users to bypass certain authentication
restrictions. References: CVE-2014-7879 (SSRT101489).

See also :

http://www.nessus.org/u?462a1237

Solution :

Install patch PHCO_43875 or subsequent.

Risk factor :

High / CVSS Base Score : 9.0
(CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C)
CVSS Temporal Score : 7.8
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

This script is Copyright (C) 2014 Tenable Network Security, Inc.

HP-UX PHCO_43874 : s700_800 11.23 libpam_updbe cumulative patch


Synopsis:

The remote HP-UX host is missing a security-related patch.

Description:

s700_800 11.23 libpam_updbe cumulative patch :

A potential security vulnerability has been identified in the HP-UX
running PAM using libpam_updbe in pam.conf(4). This vulnerability
could allow remote users to bypass certain authentication
restrictions. References: CVE-2014-7879 (SSRT101489).

See also :

http://www.nessus.org/u?462a1237

Solution :

Install patch PHCO_43874 or subsequent.

Risk factor :

High / CVSS Base Score : 9.0
(CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C)
CVSS Temporal Score : 7.8
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

This script is Copyright (C) 2014 Tenable Network Security, Inc.

HP-UX PHCO_43873 : s700_800 11.11 libpam_updbe patch


Synopsis:

The remote HP-UX host is missing a security-related patch.

Description:

s700_800 11.11 libpam_updbe patch :

A potential security vulnerability has been identified in the HP-UX
running PAM using libpam_updbe in pam.conf(4). This vulnerability
could allow remote users to bypass certain authentication
restrictions. References: CVE-2014-7879 (SSRT101489).

See also :

http://www.nessus.org/u?462a1237

Solution :

Install patch PHCO_43873 or subsequent.

Risk factor :

High / CVSS Base Score : 9.0
(CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C)
CVSS Temporal Score : 7.8
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

This script is Copyright (C) 2014 Tenable Network Security, Inc.

FreeBSD : flac -- Multiple vulnerabilities (a33addf6-74e6-11e4-a615-f8b156b6dcc8)


Synopsis:

The remote FreeBSD host is missing a security-related update.

Description:

Erik de Castro Lopo reports :

Google Security Team member, Michele Spagnuolo, recently found two
potential problems in the FLAC code base. They are :

- CVE-2014-9028: Heap buffer write overflow.

- CVE-2014-8962: Heap buffer read overflow.

See also :

http://www.nessus.org/u?32a2259e
http://www.nessus.org/u?42f6725d
http://www.nessus.org/u?6800f311

Solution :

Update the affected package.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Fedora 20 : kde-runtime-4.14.3-2.fc20 (2014-15532)


Synopsis:

The remote Fedora host is missing a security update.

Description:

New security fix release, insufficient Input Validation By IO Slaves,
see also https://www.kde.org/info/security/advisory-20141113-1.txt

See also :

https://bugzilla.redhat.com/show_bug.cgi?id=1164293
https://www.kde.org/info/security/advisory-20141113-1.txt
http://www.nessus.org/u?11237040

Solution :

Update the affected kde-runtime package.

Risk factor :

High

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Fedora 20 : moodle-2.5.9-1.fc20 (2014-15102)


Synopsis:

The remote Fedora host is missing a security update.

Description:

Fix for security issues.

https://moodle.org/mod/forum/discuss.php?d=274730

See also :

https://bugzilla.redhat.com/show_bug.cgi?id=1164072
https://bugzilla.redhat.com/show_bug.cgi?id=1164073
https://moodle.org/mod/forum/discuss.php?d=274730
http://www.nessus.org/u?e191a298

Solution :

Update the affected moodle package.

Risk factor :

Medium / CVSS Base Score : 6.4
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N)
CVSS Temporal Score : 5.6
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Debian DSA-3076-1 : wireshark - security update


Synopsis:

The remote Debian host is missing a security-related update.

Description:

Multiple vulnerabilities were discovered in the dissectors/parsers for
SigComp UDVM, AMQP, NCP and TN5250, which could result in denial of
service.

See also :

http://www.debian.org/security/2014/dsa-3076

Solution :

Upgrade the wireshark packages.

For the stable distribution (wheezy), these problems have been fixed
in version 1.8.2-5wheezy13.

For the upcoming stable distribution (jessie), these problems have
been fixed in version 1.12.1+g01b65bf-2.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVSS Temporal Score : 4.3
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

This script is Copyright (C) 2014 Tenable Network Security, Inc.

CentOS 5 : libXfont (CESA-2014:1893)


Synopsis:

The remote CentOS host is missing one or more security updates.

Description:

Updated libXfont packages that fix three security issues are now
available for Red Hat Enterprise Linux 5.

Red Hat Product Security has rated this update as having Important
security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.

The libXfont packages provide the X.Org libXfont runtime library.
X.Org is an open source implementation of the X Window System.

A use-after-free flaw was found in the way libXfont processed certain
font files when attempting to add a new directory to the font path. A
malicious, local user could exploit this issue to potentially execute
arbitrary code with the privileges of the X.Org server.
(CVE-2014-0209)

Multiple out-of-bounds write flaws were found in the way libXfont
parsed replies received from an X.org font server. A malicious X.org
server could cause an X client to crash or, possibly, execute
arbitrary code with the privileges of the X.Org server.
(CVE-2014-0210, CVE-2014-0211)

Red Hat would like to thank the X.org project for reporting these
issues. Upstream acknowledges Ilja van Sprundel as the original
reporter.

Users of libXfont should upgrade to these updated packages, which
contain a backported patch to resolve this issue. All running X.Org
server instances must be restarted for the update to take effect.

See also :

http://www.nessus.org/u?66531efe

Solution :

Update the affected libxfont packages.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 6.5
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Amazon Linux AMI : docker (ALAS-2014-454)


Synopsis:

The remote Amazon Linux AMI host is missing a security update.

Description:

Docker versions 1.3.0 through 1.3.1 allowed security options to be
applied to images, allowing images to modify the default run profile
of containers executing these images. This vulnerability could allow a
malicious image creator to loosen the restrictions applied to a
container's processes, potentially facilitating a break-out.
(CVE-2014-6408)

The Docker engine, up to and including version 1.3.1, was vulnerable
to extracting files to arbitrary paths on the host during 'docker
pull' and 'docker load' operations. This was caused by symlink and
hardlink traversals present in Docker's image extraction. This
vulnerability could be leveraged to perform remote code execution and
privilege escalation. (CVE-2014-6407)

See also :

http://www.nessus.org/u?57ab0637

Solution :

Run 'yum update docker' to update your system.

Risk factor :

High

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Amazon Linux AMI : file (ALAS-2014-453)


Synopsis:

The remote Amazon Linux AMI host is missing a security update.

Description:

An out-of-bounds read flaw was found in the way the File Information
(fileinfo) extension parsed Executable and Linkable Format (ELF)
files. A remote attacker could use this flaw to crash a PHP
application using fileinfo via a specially crafted ELF file.

See also :

http://www.nessus.org/u?c19ead16

Solution :

Run 'yum update file' to update your system.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Amazon Linux AMI : libX11 / libXcursor,libXfixes,libXi,libXrandr,libXrender,libXres,libXt,libXv,libXvMC,libXxf86dga,libXxf86vm,libdmx,xorg-x11-proto-devel (ALAS-2014-452)


Synopsis:

The remote Amazon Linux AMI host is missing a security update.

Description:

Multiple integer overflow flaws, leading to heap-based buffer
overflows, were found in the way various X11 client libraries handled
certain protocol data. An attacker able to submit invalid protocol
data to an X11 server via a malicious X11 client could use either of
these flaws to potentially escalate their privileges on the system.
(CVE-2013-1981 , CVE-2013-1982 , CVE-2013-1983 , CVE-2013-1984 ,
CVE-2013-1985 , CVE-2013-1986 , CVE-2013-1987 , CVE-2013-1988 ,
CVE-2013-1989 , CVE-2013-1990 , CVE-2013-1991 , CVE-2013-2003 ,
CVE-2013-2062 , CVE-2013-2064)

Multiple array index errors, leading to heap-based buffer
out-of-bounds write flaws, were found in the way various X11 client
libraries handled data returned from an X11 server. A malicious X11
server could possibly use this flaw to execute arbitrary code with the
privileges of the user running an X11 client. (CVE-2013-1997 ,
CVE-2013-1998 , CVE-2013-1999 , CVE-2013-2000 , CVE-2013-2001 ,
CVE-2013-2002 , CVE-2013-2066)

A buffer overflow flaw was found in the way the XListInputDevices()
function of X.Org X11's libXi runtime library handled signed numbers.
A malicious X11 server could possibly use this flaw to execute
arbitrary code with the privileges of the user running an X11 client.
(CVE-2013-1995)

A flaw was found in the way the X.Org X11 libXt runtime library used
uninitialized pointers. A malicious X11 server could possibly use this
flaw to execute arbitrary code with the privileges of the user running
an X11 client. (CVE-2013-2005)

Two stack-based buffer overflow flaws were found in the way libX11,
the Core X11 protocol client library, processed certain user-specified
files. A malicious X11 server could possibly use this flaw to crash an
X11 client via a specially crafted file. (CVE-2013-2004)

See also :

http://www.nessus.org/u?abc79afa

Solution :

Run 'yum update libX11 libXcursor libXfixes libXi libXrandr libXrender
libXres libXt libXv libXvMC libXxf86dga libXxf86vm libdmx
xorg-x11-proto-devel' to update your system.

Risk factor :

Medium / CVSS Base Score : 6.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)

This script is Copyright (C) 2014 Tenable Network Security, Inc.