Newest Plugins

Google Chrome < 37.0.2062.94 Multiple Vulnerabilities (Mac OS X)


Synopsis:

The remote Mac OS X host contains a web browser that is affected by
multiple vulnerabilities.

Description:

The version of Google Chrome installed on the remote Mac OS X host is
a version prior to 37.0.2062.94. It is, therefore, affected by the
following vulnerabilities :

- Blink contains a use-after-free vulnerability in its SVG
implementation. By using a specially crafted web page, a
remote attacker can cause a denial of service or execute
arbitrary code. (CVE-2014-3168)

- Blink contains a use-after-free vulnerability in its DOM
implementation. By using a specially crafted web page, a
remote attacker can cause a denial of service or execute
arbitrary code. (CVE-2014-3169)

- A flaw exists in the 'url_pattern.cc' file that does not
prevent the use of NULL characters '\0' in a host name.
A remote attacker can use this to spoof the extension
permission dialogue by relying on truncation after this
character. (CVE-2014-3170)

- Blink contains a use-after-free vulnerability in its V8
bindings. By using improper HashMap add operations, a
remote attacker can cause a denial of service or execute
arbitrary code. (CVE-2014-3171)

- The Debugger extension API does not properly a validate
a tab's URL before attaching. A remote attacker can
therefore bypass access limitations by means of an
extension that uses a restricted URL. (CVE-2014-3172)

- A flaw exists in the WebGL implementation where clear
calls do not interact properly with the draw buffer. By
using a specially crafted CANVAS element, a remote
attacker can cause a denial of service. (CVE-2014-3173)

- A flaw exists in the Blink Web Audio API implementation
in how it updates biquad filter coefficients when there
are concurrent threads. By using specially crafted API
calls, a remote attacker can cause a denial of service.
(CVE-2014-3174)

- Flaws exist in the 'load_truetype_glyph' function and
other unspecified functions which can be exploited by a
remote attacker to cause a denial of service or other
impact. (CVE-2014-3175)

- Flaws exist related to the interaction of the IPC, Sync
API, and V8 extensions. A remote attacker can exploit
these to bypass the sandbox and execute arbitrary code.
(CVE-2014-3176, CVE-2014-3177)

See also :

http://www.nessus.org/u?bc0adbf3

Solution :

Upgrade to Google Chrome 37.0.2062.94 or later.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 8.7
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Google Chrome < 37.0.2062.94 Multiple Vulnerabilities


Synopsis:

The remote host contains a web browser that is affected by multiple
vulnerabilities.

Description:

The version of Google Chrome installed on the remote host is a version
prior to 37.0.2062.94. It is, therefore, affected by the following
vulnerabilities :

- Blink contains a use-after-free vulnerability in its SVG
implementation. By using a specially crafted web page, a
remote attacker can cause a denial of service or execute
arbitrary code. (CVE-2014-3168)

- Blink contains a use-after-free vulnerability in its DOM
implementation. By using a specially crafted web page, a
remote attacker can cause a denial of service or execute
arbitrary code. (CVE-2014-3169)

- A flaw exists in the 'url_pattern.cc' file that does not
prevent the use of NULL characters '\0' in a host name.
A remote attacker can use this to spoof the extension
permission dialogue by relying on truncation after this
character. (CVE-2014-3170)

- Blink contains a use-after-free vulnerability in its V8
bindings. By using improper HashMap add operations, a
remote attacker can cause a denial of service or execute
arbitrary code. (CVE-2014-3171)

- The Debugger extension API does not properly a validate
a tab's URL before attaching. A remote attacker can
therefore bypass access limitations by means of an
extension that uses a restricted URL. (CVE-2014-3172)

- A flaw exists in the WebGL implementation where clear
calls do not interact properly with the draw buffer. By
using a specially crafted CANVAS element, a remote
attacker can cause a denial of service. (CVE-2014-3173)

- A flaw exists in the Blink Web Audio API implementation
in how it updates biquad filter coefficients when there
are concurrent threads. By using specially crafted API
calls, a remote attacker can cause a denial of service.
(CVE-2014-3174)

- Flaws exist in the 'load_truetype_glyph' function and
other unspecified functions which can be exploited by a
remote attacker to cause a denial of service or other
impact. (CVE-2014-3175)

- Flaws exist related to the interaction of the IPC, Sync
API, and V8 extensions. A remote attacker can exploit
these to bypass the sandbox and execute arbitrary code.
(CVE-2014-3176, CVE-2014-3177)

See also :

http://www.nessus.org/u?bc0adbf3

Solution :

Upgrade to Google Chrome 37.0.2062.94 or later.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 8.7
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Apache OpenOffice < 4.1.1 Multiple Vulnerabilities


Synopsis:

The remote Windows host has an application installed that is affected
by multiple vulnerabilities.

Description:

The version of Apache OpenOffice installed on the remote host is a
version prior to 4.1.1. It is, therefore, affected by the following
vulnerabilities :

- An unspecified flaw allows remote attackers to execute
arbitrary commands via a specially crafted Calc
spreadsheet. (CVE-2014-3524)

- A flaw in the OLE preview generation allows a remote
attacker to embed arbitrary data into documents via
specially crafted OLE objects. (CVE-2014-3575)

See also :

https://www.openoffice.org/security/cves/CVE-2014-3524.html
https://www.openoffice.org/security/cves/CVE-2014-3575.html

Solution :

Upgrade to Apache OpenOffice version 4.1.1 or later.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 8.1
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Symantec Encryption Desktop 10.x < 10.3.2 MP3 DoS


Synopsis:

The remote Mac OS X host has a data encryption application installed
that is affected by a denial of service vulnerability.

Description:

The version of Symantec Encryption Desktop installed on the remote Mac
OS X host is version 10.x prior to 10.3.2 MP3. It is, therefore,
affected by a denial of service vulnerability. The flaw is due to a
failure to properly limit decompressed file size during the decryption
process of a specially crafted encrypted email. Decryption of an
excessively large compressed message could cause high memory and CPU
usage resulting in a denial of service as the system becomes
unresponsive during the decompression attempt.

See also :

http://www.nessus.org/u?8e650426

Solution :

Upgrade to Symantec Encryption Desktop 10.3.2 MP3 or later.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVSS Temporal Score : 4.3
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Symantec Encryption Desktop 10.x < 10.3.2 MP3 DoS


Synopsis:

The remote host has a data encryption application installed that is
affected by a denial of service vulnerability.

Description:

The version of Symantec Encryption Desktop installed on the remote
host is version 10.x prior to 10.3.2 MP3. It is, therefore, affected
by a denial of service vulnerability. The flaw is due to a failure to
properly limit decompressed file size during the decryption process of
a specially crafted encrypted email. Decryption of an excessively
large compressed message could cause high memory and CPU usage
resulting in a denial of service as the system becomes unresponsive
during the decompression attempt.

See also :

http://www.nessus.org/u?8e650426

Solution :

Upgrade to Symantec Encryption Desktop 10.3.2 MP3 or later.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVSS Temporal Score : 4.3
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Symantec Encryption Desktop Installed


Synopsis:

A data encryption application is installed on the remote Mac OS X
host.

Description:

Symantec Encryption Desktop, formerly known as PGP Desktop, is
installed on the remote MacOSX host.

See also :

http://www.symantec.com/encryption-desktop-pro

Solution :

n/a

Risk factor :

None

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Symantec Encryption Desktop Installed


Synopsis:

A data encryption application is installed on the remote host.

Description:

Symantec Encryption Desktop, formerly known as PGP Desktop, is
installed on the remote Windows host.

See also :

http://www.symantec.com/encryption-desktop-pro

Solution :

n/a

Risk factor :

None

This script is Copyright (C) 2014 Tenable Network Security, Inc.

PHP 5.5.x < 5.5.16 Multiple Vulnerabilities


Synopsis:

The remote web server uses a version of PHP that is affected by
multiple vulnerabilities.

Description:

According to its banner, the remote web server is running a version of
PHP 5.5.x prior to 5.5.16. It is, therefore, affected by the following
vulnerabilities :

- LibGD contains a NULL pointer dereference flaw in its
'gdImageCreateFromXpm' function in the 'gdxpm.c' file.
By using a specially crafted color mapping, a remote
attacker could cause a denial of service.
(CVE-2014-2497)

- The original upstream patch for CVE-2013-7345 did not
provide a complete solution. It is, therefore, still
possible for a remote attacker to deploy a specially
crafted input file to cause excessive resources to be
used when trying to detect the file type using awk
regular expression rules. This can cause a denial of
service. (CVE-2014-3538)

- An integer overflow flaw exists in the 'cdf.c' file. By
using a specially crafted CDF file, a remote attacker
could cause a denial of service. (CVE-2014-3587)

- There are multiple buffer overflow flaws in the 'dns.c'
file related to the 'dns_get_record' and 'dn_expand'
functions. By using a specially crafted DNS record,
a remote attacker could exploit these to cause a denial
of service or execute arbitrary code. (CVE-2014-3597)

- There exist multiple flaws in the GD component within
the 'gd_ctx.c' file where user-supplied input is not
properly validated to ensure that pathnames lack %00
sequences. By using specially crafted input, a remote
attacker could overwrite arbitrary files.
(CVE-2014-5120)

Note that Nessus has not attempted to exploit these issues, but has
instead relied only on the application's self-reported version number.

See also :

http://www.php.net/ChangeLog-5.php#5.5.16
https://bugs.php.net/bug.php?id=67730
https://bugs.php.net/bug.php?id=67705
https://bugs.php.net/bug.php?id=67717
https://bugs.php.net/bug.php?id=66901
https://bugs.php.net/bug.php?id=67716

Solution :

Upgrade to PHP version 5.5.16 or later.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 6.5
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

This script is Copyright (C) 2014 Tenable Network Security, Inc.

PHP 5.4.x < 5.4.32 Multiple Vulnerabilities


Synopsis:

The remote web server uses a version of PHP that is affected by
multiple vulnerabilities.

Description:

According to its banner, the remote web server is running a version of
PHP 5.4.x prior to 5.4.32. It is, therefore, affected by the following
vulnerabilities :

- LibGD contains a NULL pointer dereference flaw in its
'gdImageCreateFromXpm' function in the 'gdxpm.c' file.
By using a specially crafted color mapping, a remote
attacker could cause a denial of service.
(CVE-2014-2497)

- The original upstream patch for CVE-2013-7345 did not
provide a complete solution. It is, therefore, still
possible for a remote attacker to deploy a specially
crafted input file to cause excessive resources to be
used when trying to detect the file type using awk
regular expression rules. This can cause a denial of
service. (CVE-2014-3538)

- An integer overflow flaw exists in the 'cdf.c' file. By
using a specially crafted CDF file, a remote attacker
could cause a denial of service. (CVE-2014-3587)

- There are multiple buffer overflow flaws in the 'dns.c'
file related to the 'dns_get_record' and 'dn_expand'
functions. By using a specially crafted DNS record,
a remote attacker could exploit these to cause a denial
of service or execute arbitrary code. (CVE-2014-3597)

- A flaw exists in the 'spl_dllist.c' file that may lead
to a use-after-free condition in the SPL component when
iterating over an object. An attacker could utilize this
to cause a denial of service. (CVE-2014-4670)

- A flaw exists in the 'spl_array.c' file that may lead to
a use-after-free condition in the SPL component when
handling the modification of objects while sorting. An
attacker could utilize this to cause a denial of
service. (CVE-2014-4698)

- There exist multiple flaws in the GD component within
the 'gd_ctx.c' file where user-supplied input is not
properly validated to ensure that pathnames lack %00
sequences. By using specially crafted input, a remote
attacker could overwrite arbitrary files.
(CVE-2014-5120)

Note that Nessus has not attempted to exploit these issues, but has
instead relied only on the application's self-reported version number.

See also :

http://www.php.net/ChangeLog-5.php#5.4.32
https://bugs.php.net/bug.php?id=67730
https://bugs.php.net/bug.php?id=67538
https://bugs.php.net/bug.php?id=67539
https://bugs.php.net/bug.php?id=67717
https://bugs.php.net/bug.php?id=67705
https://bugs.php.net/bug.php?id=67716
https://bugs.php.net/bug.php?id=66901
https://bugs.php.net/bug.php?id=67715

Solution :

Upgrade to PHP version 5.4.32 or later.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 6.5
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

This script is Copyright (C) 2014 Tenable Network Security, Inc.

FreeBSD : chromium -- multiple vulnerabilities (fd5f305d-2d3d-11e4-aa3d-00262d5ed8ee)


Synopsis:

The remote FreeBSD host is missing a security-related update.

Description:

Google Chrome Releases reports :

50 security fixes in this release, including :

- [386988] Critical CVE-2014-3176, CVE-2014-3177: A special reward to
lokihardt@asrt for a combination of bugs in V8, IPC, sync, and
extensions that can lead to remote code execution outside of the
sandbox.

- [369860] High CVE-2014-3168: Use-after-free in SVG. Credit to
cloudfuzzer.

- [387389] High CVE-2014-3169: Use-after-free in DOM. Credit to
Andrzej Dyjak.

- [390624] High CVE-2014-3170: Extension permission dialog spoofing.
Credit to Rob Wu.

- [390928] High CVE-2014-3171: Use-after-free in bindings. Credit to
cloudfuzzer.

- [367567] Medium CVE-2014-3172: Issue related to extension debugging.
Credit to Eli Grey.

- [376951] Medium CVE-2014-3173: Uninitialized memory read in WebGL.
Credit to jmuizelaar.

- [389219] Medium CVE-2014-3174: Uninitialized memory read in Web
Audio. Credit to Atte Kettunen from OUSPG.

- [406143] CVE-2014-3175: Various fixes from internal audits, fuzzing
and other initiatives (Chrome 37).

See also :

http://googlechromereleases.blogspot.nl/
http://www.nessus.org/u?cfd714dc

Solution :

Update the affected package.

Risk factor :

High

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Fedora 20 : mediawiki-1.23.2-1.fc20 (2014-9583)


Synopsis:

The remote Fedora host is missing a security update.

Description:

This is a major update from the 1.21 branch to the 1.23 long term
support branch.

- (bug 68187) SECURITY: Prepend jsonp callback with
comment. - CVE-2014-5241

- (bug 66608) SECURITY: Fix for XSS issue in bug 66608:
Generate the URL used for loading a new page in
JavaScript,instead of relying on the URL in the link
that has been clicked. - CVE-2014-5242

- (bug 65778) SECURITY: Copy prevent-clickjacking
between OutputPage and ParserOutput. - CVE-2014-5243

See also :

https://bugzilla.redhat.com/show_bug.cgi?id=1125111
http://www.nessus.org/u?23df0420

Solution :

Update the affected mediawiki package.

Risk factor :

Medium / CVSS Base Score : 6.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Fedora 20 : jakarta-commons-httpclient-3.1-15.fc20 (2014-9581)


Synopsis:

The remote Fedora host is missing a security update.

Description:

Security fix for CVE-2014-3577, CVE-2012-6153

See also :

https://bugzilla.redhat.com/show_bug.cgi?id=1129074
https://bugzilla.redhat.com/show_bug.cgi?id=1129916
http://www.nessus.org/u?0b64edb4

Solution :

Update the affected jakarta-commons-httpclient package.

Risk factor :

Medium / CVSS Base Score : 5.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N)

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Fedora 19 : mediawiki-1.23.2-1.fc19 (2014-9548)


Synopsis:

The remote Fedora host is missing a security update.

Description:

This is a major update from the 1.21 branch to the 1.23 long term
support branch.

- (bug 68187) SECURITY: Prepend jsonp callback with
comment. - CVE-2014-5241

- (bug 66608) SECURITY: Fix for XSS issue in bug 66608:
Generate the URL used for loading a new page in
JavaScript,instead of relying on the URL in the link
that has been clicked. - CVE-2014-5242

- (bug 65778) SECURITY: Copy prevent-clickjacking
between OutputPage and ParserOutput. - CVE-2014-5243

See also :

https://bugzilla.redhat.com/show_bug.cgi?id=1125111
http://www.nessus.org/u?8c3be14b

Solution :

Update the affected mediawiki package.

Risk factor :

Medium / CVSS Base Score : 6.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Fedora 20 : python-pillow-2.2.1-5.fc20 (2014-9540)


Synopsis:

The remote Fedora host is missing a security update.

Description:

Security fix for CVE-2014-3589

See also :

https://bugzilla.redhat.com/show_bug.cgi?id=1130711
http://www.nessus.org/u?78aae90f

Solution :

Update the affected python-pillow package.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Fedora 19 : jakarta-commons-httpclient-3.1-15.fc19 (2014-9539)


Synopsis:

The remote Fedora host is missing a security update.

Description:

Security fix for CVE-2014-3577, CVE-2012-6153

See also :

https://bugzilla.redhat.com/show_bug.cgi?id=1129074
https://bugzilla.redhat.com/show_bug.cgi?id=1129916
http://www.nessus.org/u?6746a847

Solution :

Update the affected jakarta-commons-httpclient package.

Risk factor :

Medium / CVSS Base Score : 5.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N)

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Fedora 19 : python-pillow-2.0.0-14.gitd1c6db8.fc19 (2014-9536)


Synopsis:

The remote Fedora host is missing a security update.

Description:

Security fix for CVE-2014-3589

See also :

https://bugzilla.redhat.com/show_bug.cgi?id=1130711
http://www.nessus.org/u?440bd8b9

Solution :

Update the affected python-pillow package.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Fedora 19 : sks-1.1.5-2.fc19 (2014-9350)


Synopsis:

The remote Fedora host is missing a security update.

Description:

Upgrade to 1.1.5

See also :

https://bugzilla.redhat.com/show_bug.cgi?id=1093562
http://www.nessus.org/u?37bc9757

Solution :

Update the affected sks package.

Risk factor :

Medium / CVSS Base Score : 4.3
(CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N)

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Fedora 20 : sks-1.1.5-2.fc20 (2014-9344)


Synopsis:

The remote Fedora host is missing a security update.

Description:

Upgrade to 1.1.5

See also :

https://bugzilla.redhat.com/show_bug.cgi?id=1093562
http://www.nessus.org/u?e2ff95fd

Solution :

Update the affected sks package.

Risk factor :

Medium / CVSS Base Score : 4.3
(CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N)

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Fedora 19 : krb5-1.11.3-25.fc19 (2014-9305)


Synopsis:

The remote Fedora host is missing a security update.

Description:

This update incorporates the upstream fix for a possible buffer
overrun in kadmind when the LDAP kdb backend is in use
(CVE-2014-4345).

See also :

https://bugzilla.redhat.com/show_bug.cgi?id=1128157
http://www.nessus.org/u?7b4aad56

Solution :

Update the affected krb5 package.

Risk factor :

High / CVSS Base Score : 8.5
(CVSS2#AV:N/AC:M/Au:S/C:C/I:C/A:C)

This script is Copyright (C) 2014 Tenable Network Security, Inc.

SSH Username Information Disclosure Vulnerability in Huawei Campus Series Switches


Synopsis:

The remote device is affected by an information disclosure
vulnerability.

Description:

The remote Huawei switch device is affected by an information
disclosure vulnerability. By examining its SSH server response when
attempting a login, a remote attacker can verify whether a guessed
username exists on the device.

See also :

http://www.nessus.org/u?30364a09

Solution :

Apply the appropriate firmware patch.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)
CVSS Temporal Score : 4.3
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Computrace Detection


Synopsis:

An anti-theft application is installed and running on the remote host.

Description:

Computrace, an anti-theft application, is installed and running on the
remote host.

Computrace has been shown to be installed on systems without the
owner's knowledge and could allow possible attacks that can take
control over the machine when it is not properly configured.

See also :

http://www.nessus.org/u?4dfd63e9
http://www.nessus.org/u?fa79cebc
http://www.nessus.org/u?8226d296

Solution :

Determine if Computrace is acceptable software for your organization.

Risk factor :

None

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Pivotal Web Server 5.x < 5.4.1 Multiple OpenSSL Vulnerabilities


Synopsis:

The remote web server has an application installed that is affected by
multiple vulnerabilities.

Description:

The version of Pivotal Web Server (formerly VMware vFabric Web Server)
installed on the remote host is version 5.x prior to 5.4.1. It is,
therefore, affected by multiple vulnerabilities in the bundled version
of OpenSSL :

- An error exists in the 'ssl3_read_bytes' function
that permits data to be injected into other sessions
or allows denial of service attacks. Note that this
issue is exploitable only if SSL_MODE_RELEASE_BUFFERS
is enabled. (CVE-2010-5298)

- An error exists in the 'do_ssl3_write' function that
permits a null pointer to be dereferenced, which could
allow denial of service attacks. Note that this issue
is exploitable only if SSL_MODE_RELEASE_BUFFERS is
enabled. (CVE-2014-0198)

- An error exists in the processing of ChangeCipherSpec
messages that allows the usage of weak keying material.
This permits simplified man-in-the-middle attacks to be
done. (CVE-2014-0224)

- An error exists in the 'dtls1_get_message_fragment'
function related to anonymous ECDH cipher suites. This
could allow denial of service attacks. Note that this
issue only affects OpenSSL TLS clients. (CVE-2014-3470)

Note that Nessus did not actually test for these issues, but has
instead relied on the version in the server's banner.

See also :

http://www.vmware.com/security/advisories/VMSA-2014-0006.html
http://www.nessus.org/u?80b8e207
http://www.pivotal.io/security/CVE-2014-0224
http://download.gopivotal.com/webserver/5.x_patch/index2.html
http://www.openssl.org/news/secadv_20140605.txt

Solution :

Upgrade to version 5.4.1, 6.0 or later.

Alternatively, apply the vendor patch and restart the service.

Risk factor :

Medium / CVSS Base Score : 6.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 5.9
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Pivotal Web Server Version Detection


Synopsis:

The version of Pivotal Web Server can be identified.

Description:

The version of Pivotal Web Server (formerly VMware vFabric Web Server)
could be extracted from the web server's banner.

See also :

http://www.pivotal.io/
https://communities.vmware.com/docs/DOC-25672

Solution :

n/a

Risk factor :

None

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Ubuntu 14.04 : openjdk-7 regression (USN-2319-2)


Synopsis:

The remote Ubuntu host is missing one or more security-related patches.

Description:

USN-2319-1 fixed vulnerabilities in OpenJDK 7. Due to an upstream
regression, verifying of the init method call would fail when it was
done from inside a branch when stack frames are activated. This update
fixes the problem.

We apologize for the inconvenience.

Several vulnerabilities were discovered in the OpenJDK JRE related to
information disclosure, data integrity and availability. An attacker
could exploit these to cause a denial of service or expose sensitive
data over the network. (CVE-2014-2483, CVE-2014-2490, CVE-2014-4216,
CVE-2014-4219, CVE-2014-4223, CVE-2014-4262)

Several vulnerabilities were discovered in the OpenJDK JRE
related to information disclosure and data integrity. An
attacker could exploit these to expose sensitive data over
the network. (CVE-2014-4209, CVE-2014-4244, CVE-2014-4263)

Two vulnerabilities were discovered in the OpenJDK JRE
related to data integrity. (CVE-2014-4218, CVE-2014-4266)

A vulnerability was discovered in the OpenJDK JRE related to
availability. An attacker could exploit this to cause a
denial of service. (CVE-2014-4264)

Several vulnerabilities were discovered in the OpenJDK JRE
related to information disclosure. An attacker could exploit
these to expose sensitive data over the network.
(CVE-2014-4221, CVE-2014-4252, CVE-2014-4268).

Solution :

Update the affected packages.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 8.1
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

Ubuntu Security Notice (C) 2014 Canonical, Inc. / NASL script (C) 2014 Tenable Network Security, Inc.

RHEL 7 : mod_wsgi (RHSA-2014:1091)


Synopsis:

The remote Red Hat host is missing one or more security updates.

Description:

An updated mod_wsgi package that fixes one security issue is now
available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having Important
security impact. A Common Vulnerability Scoring System (CVSS) base
score, which gives a detailed severity rating, is available from the
CVE link in the References section.

The mod_wsgi adapter is an Apache module that provides a
WSGI-compliant interface for hosting Python-based web applications
within Apache.

It was found that mod_wsgi did not properly drop privileges if the
call to setuid() failed. If mod_wsgi was set up to allow unprivileged
users to run WSGI applications, a local user able to run a WSGI
application could possibly use this flaw to escalate their privileges
on the system. (CVE-2014-0240)

Note: mod_wsgi is not intended to provide privilege separation for
WSGI applications. Systems relying on mod_wsgi to limit or sandbox the
privileges of mod_wsgi applications should migrate to a different
solution with proper privilege separation.

Red Hat would like to thank Graham Dumpleton for reporting this issue.
Upstream acknowledges Róbert Kisteleki as the original reporter.

All mod_wsgi users are advised to upgrade to this updated package,
which contains a backported patch to correct this issue.

See also :

https://www.redhat.com/security/data/cve/CVE-2014-0240.html
http://rhn.redhat.com/errata/RHSA-2014-1091.html

Solution :

Update the affected mod_wsgi and / or mod_wsgi-debuginfo packages.

Risk factor :

Medium / CVSS Base Score : 6.2
(CVSS2#AV:L/AC:H/Au:N/C:C/I:C/A:C)

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Oracle Linux 7 : mod_wsgi (ELSA-2014-1091)


Synopsis:

The remote Oracle Linux host is missing a security update.

Description:

From Red Hat Security Advisory 2014:1091 :

An updated mod_wsgi package that fixes one security issue is now
available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having Important
security impact. A Common Vulnerability Scoring System (CVSS) base
score, which gives a detailed severity rating, is available from the
CVE link in the References section.

The mod_wsgi adapter is an Apache module that provides a
WSGI-compliant interface for hosting Python-based web applications
within Apache.

It was found that mod_wsgi did not properly drop privileges if the
call to setuid() failed. If mod_wsgi was set up to allow unprivileged
users to run WSGI applications, a local user able to run a WSGI
application could possibly use this flaw to escalate their privileges
on the system. (CVE-2014-0240)

Note: mod_wsgi is not intended to provide privilege separation for
WSGI applications. Systems relying on mod_wsgi to limit or sandbox the
privileges of mod_wsgi applications should migrate to a different
solution with proper privilege separation.

Red Hat would like to thank Graham Dumpleton for reporting this issue.
Upstream acknowledges Róbert Kisteleki as the original reporter.

All mod_wsgi users are advised to upgrade to this updated package,
which contains a backported patch to correct this issue.

See also :

https://oss.oracle.com/pipermail/el-errata/2014-August/004381.html

Solution :

Update the affected mod_wsgi package.

Risk factor :

Medium / CVSS Base Score : 6.2
(CVSS2#AV:L/AC:H/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 5.4
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

This script is Copyright (C) 2014 Tenable Network Security, Inc.

CentOS 7 : mod_wsgi (CESA-2014:1091)


Synopsis:

The remote CentOS host is missing a security update.

Description:

An updated mod_wsgi package that fixes one security issue is now
available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having Important
security impact. A Common Vulnerability Scoring System (CVSS) base
score, which gives a detailed severity rating, is available from the
CVE link in the References section.

The mod_wsgi adapter is an Apache module that provides a
WSGI-compliant interface for hosting Python-based web applications
within Apache.

It was found that mod_wsgi did not properly drop privileges if the
call to setuid() failed. If mod_wsgi was set up to allow unprivileged
users to run WSGI applications, a local user able to run a WSGI
application could possibly use this flaw to escalate their privileges
on the system. (CVE-2014-0240)

Note: mod_wsgi is not intended to provide privilege separation for
WSGI applications. Systems relying on mod_wsgi to limit or sandbox the
privileges of mod_wsgi applications should migrate to a different
solution with proper privilege separation.

Red Hat would like to thank Graham Dumpleton for reporting this issue.
Upstream acknowledges Róbert Kisteleki as the original reporter.

All mod_wsgi users are advised to upgrade to this updated package,
which contains a backported patch to correct this issue.

See also :

http://www.nessus.org/u?19b68bc8

Solution :

Update the affected mod_wsgi package.

Risk factor :

Medium / CVSS Base Score : 6.2
(CVSS2#AV:L/AC:H/Au:N/C:C/I:C/A:C)

This script is Copyright (C) 2014 Tenable Network Security, Inc.

AIX 7.1 TL 2 : bos.rte.odm (U865302)


Synopsis:

The remote AIX host is missing a vendor-supplied security patch.

Description:

The remote host is missing AIX PTF U865302, which is related to the
security of the package bos.rte.odm.

AIX could allow a arbitrary file overwrite symlink vulnerability due
to libodm.a bug.

See also :

http://www-01.ibm.com/support/docview.wss?uid=isg1IV60314

Solution :

Install the appropriate missing security-related fix.

Risk factor :

Medium / CVSS Base Score : 6.9
(CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C)

This script is Copyright (C) 2014 Tenable Network Security, Inc.

AIX 7.1 TL 2 : X11.base.rte (U862346)


Synopsis:

The remote AIX host is missing a vendor-supplied security patch.

Description:

The remote host is missing AIX PTF U862346, which is related to the
security of the package X11.base.rte.

Use-after-free vulnerability in the doImageText function in
dix/dixfonts.c in the xorg-server module before 1.14.4 in X.Org X11
allows remote authenticated users to cause a denial of service (daemon
crash) or possibly execute arbitrary code via a crafted ImageText
request that triggers memory-allocation failure.

See also :

http://www-01.ibm.com/support/docview.wss?uid=isg1IV52186

Solution :

Install the appropriate missing security-related fix.

Risk factor :

High

This script is Copyright (C) 2014 Tenable Network Security, Inc.

AIX 7.1 TL 1 : bos.mp64 (U861815)


Synopsis:

The remote AIX host is missing a vendor-supplied security patch.

Description:

The remote host is missing AIX PTF U861815, which is related to the
security of the package bos.mp64.

IBM AIX is vulnerable to a denial of service, caused by an error in
the ptrace() function. A local attacker could exploit this
vulnerability to cause a system crash.

See also :

http://www-01.ibm.com/support/docview.wss?uid=isg1IV58888

Solution :

Install the appropriate missing security-related fix.

Risk factor :

Medium / CVSS Base Score : 4.7
(CVSS2#AV:L/AC:M/Au:N/C:N/I:N/A:C)

This script is Copyright (C) 2014 Tenable Network Security, Inc.

AIX 7.1 TL 1 : bos.rte.odm (U860787)


Synopsis:

The remote AIX host is missing a vendor-supplied security patch.

Description:

The remote host is missing AIX PTF U860787, which is related to the
security of the package bos.rte.odm.

AIX could allow a arbitrary file overwrite symlink vulnerability due
to libodm.a bug.

See also :

http://www-01.ibm.com/support/docview.wss?uid=isg1IV60312

Solution :

Install the appropriate missing security-related fix.

Risk factor :

Medium / CVSS Base Score : 6.9
(CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C)

This script is Copyright (C) 2014 Tenable Network Security, Inc.

AIX 7.1 TL 1 : X11.base.rte (U860766)


Synopsis:

The remote AIX host is missing a vendor-supplied security patch.

Description:

The remote host is missing AIX PTF U860766, which is related to the
security of the package X11.base.rte.

Use-after-free vulnerability in the doImageText function in
dix/dixfonts.c in the xorg-server module before 1.14.4 in X.Org X11
allows remote authenticated users to cause a denial of service (daemon
crash) or possibly execute arbitrary code via a crafted ImageText
request that triggers memory-allocation failure.

See also :

http://www-01.ibm.com/support/docview.wss?uid=isg1IV52185

Solution :

Install the appropriate missing security-related fix.

Risk factor :

High

This script is Copyright (C) 2014 Tenable Network Security, Inc.

AIX 7.1 TL 2 : bos.mp64 (U859634)


Synopsis:

The remote AIX host is missing a vendor-supplied security patch.

Description:

The remote host is missing AIX PTF U859634, which is related to the
security of the package bos.mp64.

IBM AIX is vulnerable to a denial of service, caused by an error in
the ptrace() function. A local attacker could exploit this
vulnerability to cause a system crash.

See also :

http://www-01.ibm.com/support/docview.wss?uid=isg1IV58861

Solution :

Install the appropriate missing security-related fix.

Risk factor :

Medium / CVSS Base Score : 4.7
(CVSS2#AV:L/AC:M/Au:N/C:N/I:N/A:C)

This script is Copyright (C) 2014 Tenable Network Security, Inc.

CODESYS WAGO WebVisu Password Information Disclosure Vulnerability


Synopsis:

The remote host is affected by an information disclosure
vulnerability.

Description:

The remote host is running a vulnerable version of CODESYS WebVisu on
a WAGO Application controller. By sending a specially crafted request,
it is possible to extract password information for users on the
device.

See also :

http://www.nessus.org/u?a5a0dfdc

Solution :

The vendor has not yet provided a solution. As a workaround, delete
the 'webvisu.jar' file in the plc directory.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)
CVSS Temporal Score : 5.0
(CVSS2#E:ND/RL:U/RC:C)
Public Exploit Available : false

This script is Copyright (C) 2014 Tenable Network Security, Inc.

CODESYS WAGO WebVisu Detection


Synopsis:

The remote host is running a SCADA web based visualization system.

Description:

The remote host is running CODESYS WebVisu on a WAGO application
controller, a web based SCADA visualization system.

See also :

http://www.codesys.com/products/codesys-visualization/webvisu.html

Solution :

n/a

Risk factor :

None

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Honeywell FALCON XLWeb Controller Multiple Vulnerabilities


Synopsis:

The remote host is affected by multiple vulnerabilities.

Description:

The remote host is a Honeywell FALCON XLWeb SCADA controller that is
running a firmware version affected by the following vulnerabilities :

- The change password page can be accessed without
authentication to determine users' password hashes,
which can allow a remote attacker to gain administrative
access. (CVE-2014-2717)

- The web server on the device is affected by multiple
cross-site scripting vulnerabilities. (CVE-2014-3110)

See also :

https://ics-cert.us-cert.gov/advisories/ICSA-14-175-01

Solution :

Contact the vendor for the latest available updates.

Risk factor :

High / CVSS Base Score : 7.6
(CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 6.6
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Honeywell FALCON XLWeb Controller Detection


Synopsis:

The remote host is a web-based SCADA controller.

Description:

The remote host is a Honeywell FALCON XLWeb SCADA controller.

See also :

https://products.ecc.emea.honeywell.com/europe/ecatdata/pg_xl1000.html

Solution :

n/a

Risk factor :

None

This script is Copyright (C) 2014 Tenable Network Security, Inc.

WP Source Control Plugin for WordPress Directory Traversal


Synopsis:

The remote web server contains a PHP script that is affected by a
directory traversal vulnerability.

Description:

The WP Source Control Plugin for WordPress installed on the remote
host is affected by a directory traversal vulnerability due to a
failure to properly sanitize user-supplied input to the 'path'
parameter of the 'downloadfiles/download.php' script. Therefore, a
remote, unauthenticated attacker could read arbitrary files by using a
specially crafted request containing directory traversal sequences.

See also :

http://seclists.org/oss-sec/2014/q3/407

Solution :

Unknown at this time.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)
CVSS Temporal Score : 5.0
(CVSS2#E:ND/RL:U/RC:ND)
Public Exploit Available : true

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Autodesk SketchBook Pro < 6.2.6 Multiple Overflow Vulnerabilities


Synopsis:

The remote host has a graphics editing application installed that is
affected by multiple overflow vulnerabilities.

Description:

The version of Autodesk SketchBook Pro installed on the remote Mac OS
X host is prior to 6.2.6. It is, therefore, affected by integer and
heap-based buffer overflow vulnerabilities. Using a specially crafted
PSD or PXD file, an attacker could cause a denial of service or
execute arbitrary code.

See also :

http://www.nessus.org/u?63a1d7df

Solution :

Upgrade to SketchBook Pro 6.2.6 or later.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 8.1
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Autodesk SketchBook Pro < 6.2.5 / SketchBook Copic Edition < 2.0.2 Heap Buffer Overflow


Synopsis:

The remote host has a graphics editing application installed that is
affected by a heap-based buffer overflow vulnerability.

Description:

The version of Autodesk SketchBook installed on the remote Mac OS X
host is Pro prior to 6.2.5 or Copic Edition prior to 2.0.2. It is,
therefore, affected by a heap-based buffer overflow vulnerability. The
flaw exists when decompressing RLE-compressed channel data in PSD
files, since user-supplied input is not correctly validated. Using a
specially crafted PSD file, an attacker could cause a denial of
service or execute arbitrary code.

See also :

http://www.nessus.org/u?63a1d7df

Solution :

Upgrade to SketchBook Pro 6.2.5 / Copic Edition 2.0.2 or later.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 8.1
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

This script is Copyright (C) 2014 Tenable Network Security, Inc.