Newest Plugins

Junos Pulse Secure Access IVE OS Clickjacking (JSA10647)


Synopsis:

The remote device is missing a vendor-supplied security patch.

Description:

According to its self-reported version, the version of IVE running on
the remote host is affected by a clickjacking vulnerability.

See also :

https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10647

Solution :

Upgrade to Juniper Junos IVE OS version 7.1r18 / 7.4r5 / 8.0r1 or
later.

Risk factor :

Medium / CVSS Base Score : 4.3
(CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N)
CVSS Temporal Score : 3.7
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Junos Pulse Secure Access IVE OS XSS (JSA10646)


Synopsis:

The remote device is missing a vendor-supplied security patch.

Description:

According to its self-reported version, the version of IVE running on
the remote host is affected by a cross site scripting vulnerability
due to incorrect user input validation on the SSL VPN web server. Note
that this issue exists within a web page that is only accessible by an
authenticated user session.

See also :

https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10646

Solution :

Upgrade to Juniper Junos IVE OS version 7.1r20 / 7.4r13 / 8.0r6. or
later.

Risk factor :

Medium / CVSS Base Score : 6.4
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N)
CVSS Temporal Score : 5.6
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Junos Pulse Secure Access IVE / UAC OS XSS (JSA10645)


Synopsis:

The remote device is missing a vendor-supplied security patch.

Description:

According to its self-reported version, the version of IVE / UAC OS
running on the remote host is affected by a cross site scripting
vulnerability due to incorrect user input validation on the SSL VPN /
UAC web server. Note that this issue exists within a web page that is
only accessible by an authenticated administrator session.

See also :

https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10645

Solution :

Upgrade to Juniper Junos IVE OS version 7.1r18 / 7.3r10 / 7.4r8 /
8.0r1 or later or UAC OS version 4.1r8 / 4.4r8 / 5.0r1 or later.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 8.1
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Juniper Junos Pulse Client Privilege Escalation (JSA10644)


Synopsis:

The remote host has a VPN Client installed that is affected by a
privilege escalation vulnerability.

Description:

According to its self-reported version, the installation of Junos
Pulse Client on the remote Windows host is version 4.0 prior to 4.0r6
or a version prior to 3.1r8. It is, therefore, affected by a privilege
escalation vulnerability that allows a local attacker to gain
administrative privileges via unspecified vectors.

See also :

https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10644
http://kb.juniper.net/KB29453

Solution :

Upgrade to Junos Pulse Client 7.4r6 or later

Risk factor :

High / CVSS Base Score : 7.2
(CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 6.3
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Juniper Installer Service 7.4 < 7.4r6 Privilege Escalation (JSA10644)


Synopsis:

The remote host has a software management application installed that
is affected by a privilege escalation vulnerability.

Description:

According to its self-reported version, the installation of Juniper
Installer Service on the remote Windows host is version 7.4 prior to
7.4r6. It is, therefore, affected by a privilege escalation
vulnerability that allows a local user to gain administrative
privileges.

See also :

https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10644
http://kb.juniper.net/KB29453
http://kb.juniper.net/KB29453

Solution :

Upgrade to Juniper Installer Service 7.4r6 or later

Risk factor :

High / CVSS Base Score : 7.2
(CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 6.3
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Juniper Junos Pulse Client Detection


Synopsis:

A VPN client is installed.

Description:

Junos Pulse Client, a VPN client, is installed on the remote host.

See also :

http://www.juniper.net/us/en/products-services/security/junos-pulse/

Solution :

n/a

Risk factor :

None

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Juniper Installer Service Detection


Synopsis:

A software management application is installed.

Description:

Juniper Installer Service, a software management application, is
installed on the remote host.

See also :

http://www.nessus.org/u?f5a6ee2e

Solution :

n/a

Risk factor :

None

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Riverbed SteelApp (Stingray) Traffic Manager < 9.7 XSS


Synopsis:

The remote host is affected by a cross-site scripting vulnerability.

Description:

The remote host is a Riverbed SteelApp (formerly known as Stingray)
Traffic Manager running a version of the web user interface prior to
9.7. It is, therefore, affected by a cross-site scripting
vulnerability because the 'locallog.cgi' script fails to validate the
'logfile' parameter input prior to using it to generate HTML content.

See also :

http://www.nessus.org/u?d1bf742b

Solution :

Upgrade to Riverbed SteelApp (Stingray) version 9.7.

Risk factor :

Medium / CVSS Base Score : 4.3
(CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N)
CVSS Temporal Score : 3.7
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Riverbed SteelApp (Stingray) Traffic Manager Web UI Detection


Synopsis:

The remote host is running the web based user interface for Riverbed
SteelApp (formerly known as Stingray) Traffic Manager.

Description:

The remote host is a Riverbed SteelApp (formerly known as Stingray)
Traffic Manager appliance running a web based user interface. It is
possible to read the web UI version from a standard request.

See also :

http://www.riverbed.com/products/application-delivery-performance/

Solution :

n/a

Risk factor :

None

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Cisco Prime Data Center Network Manager 6.x XSS (credentialed check)


Synopsis:

A network management system on the remote host is affected by a
cross-site scripting vulnerability.

Description:

According to its self-reported version number, the version of Cisco
Prime Data Center Network Manager installed on the remote host is
affected by a cross-site scripting vulnerability due to insufficient
validation of input parameters by its web server component. Using a
specially crafted URL, a remote attacker could inject arbitrary script
or HTML code.

See also :

http://www.nessus.org/u?188ffbab

Solution :

Apply the vendor patch referenced in Cisco bug CSCum86620.

Risk factor :

Medium / CVSS Base Score : 4.3
(CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N)
CVSS Temporal Score : 3.7
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Cisco Prime Data Center Network Manager 6.x XSS (uncredentialed check)


Synopsis:

A network management system on the remote host is affected by a
cross-site scripting vulnerability.

Description:

According to its self-reported version number, the version of Cisco
Prime Data Center Network Manager installed on the remote host is
affected by a cross-site scripting vulnerability due to insufficient
validation of input parameters by its web server component. Using a
specially crafted URL, a remote attacker could inject arbitrary script
or HTML code.

This plugin determines if DCNM is vulnerable by checking the version
number displayed in the web interface. The web interface is not
available in older versions of DCNM.

See also :

http://www.nessus.org/u?188ffbab

Solution :

Apply the vendor patch referenced in Cisco bug CSCum86620.

Risk factor :

Medium / CVSS Base Score : 4.3
(CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N)
CVSS Temporal Score : 3.7
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Solaris 10 (sparc) : 150817-03


Synopsis:

The remote host is missing Sun Security Patch number 150817-03

Description:

VM Server for SPARC 3.1: ldmd patch.
Date this patch was last updated by Sun : Sep/13/14

See also :

https://getupdates.oracle.com/readme/150817-03

Solution :

You should install this patch for your system to be up-to-date.

Risk factor :

Medium

This script is Copyright (C) 2014 Tenable Network Security, Inc.

FreeBSD : phpMyAdmin -- XSRF/CSRF due to DOM based XSS in the micro history feature (cc627e6c-3b89-11e4-b629-6805ca0b3d42)


Synopsis:

The remote FreeBSD host is missing a security-related update.

Description:

The phpMyAdmin development team reports :

XSRF/CSRF due to DOM based XSS in the micro history feature.

By deceiving a logged-in user to click on a crafted URL, it is
possible to perform remote code execution and in some cases, create a
root account due to a DOM based XSS vulnerability in the micro history
feature.

See also :

http://www.phpmyadmin.net/home_page/security/PMASA-2014-10.php
http://www.nessus.org/u?c091bed0

Solution :

Update the affected package.

Risk factor :

High

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Fedora 19 : GraphicsMagick-1.3.20-3.fc19 (2014-9624)


Synopsis:

The remote Fedora host is missing a security update.

Description:

New stable upstream release, patched for CVE-2014-1947. See also:
http://www.graphicsmagick.org/NEWS.html#august-16-2014

See also :

http://www.graphicsmagick.org/NEWS.html#august-16-2014
https://bugzilla.redhat.com/show_bug.cgi?id=1064098
http://www.nessus.org/u?cd013851

Solution :

Update the affected GraphicsMagick package.

Risk factor :

High

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Fedora 20 : curl-7.32.0-13.fc20 (2014-10741)


Synopsis:

The remote Fedora host is missing a security update.

Description:

- use only full matches for hosts used as IP address in
cookies (CVE-2014-3613)

- reject incoming cookies set for top level domains
(CVE-2014-3620)

See also :

https://bugzilla.redhat.com/show_bug.cgi?id=1136154
https://bugzilla.redhat.com/show_bug.cgi?id=1138846
http://www.nessus.org/u?fc05897f

Solution :

Update the affected curl package.

Risk factor :

High

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Fedora 20 : libreoffice-4.2.6.3-3.fc20 (2014-10732)


Synopsis:

The remote Fedora host is missing a security update.

Description:

CVE-2014-3575 arbitrary file preview disclosure via ole2 objects

The vulnerability allows an attacker to send a document which when
opened will trigger the prompt to 'Update Links' but if the user
cancels that prompt may still generate and insert into the document an
OLE2 preview image of a file on the victims filesystem, Data exposure
is possible if the updated document is then distributed to other
parties.

Also contains an enhancement to create a master document template type
to allow putting master documents in the template manager new bugfix
release

See also :

https://bugzilla.redhat.com/show_bug.cgi?id=1139592
http://www.nessus.org/u?7aba9d6c

Solution :

Update the affected libreoffice package.

Risk factor :

Medium / CVSS Base Score : 4.3
(CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N)

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Fedora 20 : procmail-3.22-36.fc20 (2014-10357)


Synopsis:

The remote Fedora host is missing a security update.

Description:

This is an update fixing CVE-2014-3618.

See also :

https://bugzilla.redhat.com/show_bug.cgi?id=1137581
http://www.nessus.org/u?2f5d454e

Solution :

Update the affected procmail package.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)

This script is Copyright (C) 2014 Tenable Network Security, Inc.

SuSE 11.3 Security Update : kdelibs4 (SAT Patch Number 9676)


Synopsis:

The remote SuSE 11 host is missing one or more security updates.

Description:

This update of the kdelibs4 KSSL interface makes it select a set of
default ciphers that is recommended for current usage. This update is
needed for Konqueror to restrict its cipher set when using https.

See also :

https://bugzilla.novell.com/show_bug.cgi?id=865241

Solution :

Apply SAT patch number 9676.

Risk factor :

High

This script is Copyright (C) 2014 Tenable Network Security, Inc.

SuSE 11.3 Security Update : glibc (SAT Patch Number 9669)


Synopsis:

The remote SuSE 11 host is missing one or more security updates.

Description:

This glibc update fixes a critical privilege escalation problem and
two non-security issues :

- An off-by-one error leading to a heap-based buffer
overflow was found in __gconv_translit_find(). An
exploit that targets the problem is publicly available.
(CVE-2014-5119). (bnc#892073)

- setenv-alloca.patch: Avoid unbound alloca in setenv.
(bnc#892065)

- printf-multibyte-format.patch: Don't parse %s format
argument as multi-byte string. (bnc#888347)

See also :

https://bugzilla.novell.com/show_bug.cgi?id=888347
https://bugzilla.novell.com/show_bug.cgi?id=892065
https://bugzilla.novell.com/show_bug.cgi?id=892073
http://support.novell.com/security/cve/CVE-2014-5119.html

Solution :

Apply SAT patch number 9669.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)

This script is Copyright (C) 2014 Tenable Network Security, Inc.

SuSE 11.3 Security Update : flash-player (SAT Patch Number 9704)


Synopsis:

The remote SuSE 11 host is missing one or more security updates.

Description:

Adobe Flash Player has been updated to 11.2.202.406 which fixes
various security issues.

These updates :

- resolve a memory leakage vulnerability that could have
been used to bypass memory address randomization.
(CVE-2014-0557)

- resolve a security bypass vulnerability. (CVE-2014-0554)

- resolve a use-after-free vulnerability that could have
lead to code execution. (CVE-2014-0553)

- resolve memory corruption vulnerabilities that could
have lead to code execution. (CVE-2014-0547 /
CVE-2014-0549 / CVE-2014-0550 / CVE-2014-0551 /
CVE-2014-0552 / CVE-2014-0555)

- resolve a vulnerability that could have been used to
bypass the same origin policy. (CVE-2014-0548)

- resolve a heap buffer overflow vulnerability that could
have lead to code execution (CVE-2014-0556 /
CVE-2014-0559). More information can be found on
http://helpx.adobe.com/security/products/flash-player/ap
sb14-21.html

See also :

https://bugzilla.novell.com/show_bug.cgi?id=895856
http://support.novell.com/security/cve/CVE-2014-0547.html
http://support.novell.com/security/cve/CVE-2014-0548.html
http://support.novell.com/security/cve/CVE-2014-0549.html
http://support.novell.com/security/cve/CVE-2014-0550.html
http://support.novell.com/security/cve/CVE-2014-0551.html
http://support.novell.com/security/cve/CVE-2014-0552.html
http://support.novell.com/security/cve/CVE-2014-0553.html
http://support.novell.com/security/cve/CVE-2014-0554.html
http://support.novell.com/security/cve/CVE-2014-0555.html
http://support.novell.com/security/cve/CVE-2014-0556.html
http://support.novell.com/security/cve/CVE-2014-0557.html
http://support.novell.com/security/cve/CVE-2014-0559.html

Solution :

Apply SAT patch number 9704.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Debian DSA-3024-1 : gnupg - security update


Synopsis:

The remote Debian host is missing a security-related update.

Description:

Genkin, Pipman and Tromer discovered a side-channel attack on Elgamal
encryption subkeys (CVE-2014-5270 ).

In addition, this update hardens GnuPG's behaviour when treating
keyserver responses
GnuPG now filters keyserver responses to only
accepts those keyid's actually requested by the user.

See also :

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=725411
https://security-tracker.debian.org/tracker/CVE-2014-5270
http://www.debian.org/security/2014/dsa-3024

Solution :

Upgrade the gnupg packages.

For the stable distribution (wheezy), this problem has been fixed in
version 1.4.12-7+deb7u6.

Risk factor :

Low / CVSS Base Score : 2.1
(CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N)
CVSS Temporal Score : 1.8
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

This script is Copyright (C) 2014 Tenable Network Security, Inc.

MySQL 5.6.x < 5.6.20 Multiple Vulnerabilities


Synopsis:

The remote database server is affected by multiple vulnerabilities.

Description:

The version of MySQL 5.6.x installed on the remote host is prior to
5.6.20. It is, therefore, affected by the following vulnerabilities :

- A flaw exists in the linked OpenSSL library that may
cause a client or server to use weak keying material
due to an issue with the processing of ChangeCipherSpec
messages. A remote attacker could leverage this to
conduct a man-in-the-middle attack. The Oracle-produced
MySQL Community build is not affected.(CVE-2014-0224)

- A flaw exists in 'InnoDB' when performing a DELETE
operation on a table with full-text search indexes. An
authenticated attacker could use this flaw to cause
the application to crash.

- A flaw exists in the 'Replication' component when a
slave worker thread executes a statement that is too
large. An authenticated attacker could cause the
application to crash.

- An overflow flaw exists in 'mysqldump' due to improper
validation of user-supplied input when large arguments
are passed. A local attacker could cause a buffer
overflow, resulting in a denial of service.

- An information disclosure flaw exists in 'mysqladmin
password' due to the new password not being masked on
the command line after a password change.

- An overflow flaw in yaSSL exists due to improper
validation of user-supplied input during certificate
decoding. A remote attacker, with a specially crafted
certificate, could cause a denial of service or execute
arbitrary code.

- An unspecified flaw related to MyISAM temporary files
could allow a local attacker to gain elevated
privileges. (CVE-2014-4274)

See also :

https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-20.html

Solution :

Upgrade to MySQL 5.6.20 or later.

Risk factor :

Medium / CVSS Base Score : 6.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 5.9
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

This script is Copyright (C) 2014 Tenable Network Security, Inc.

MySQL 5.5.x < 5.5.39 Multiple Vulnerabilities


Synopsis:

The remote database server is affected by multiple vulnerabilities.

Description:

The version of MySQL 5.5.x installed on the remote host is prior to
5.5.39. It is, therefore, affected by the following vulnerabilities :

- An overflow flaw exists in 'mysqldump' due to improper
validation of user-supplied input when large arguments
are passed. A local attacker could cause a buffer
overflow, resulting in a denial of service.

- An information disclosure flaw exists in 'mysqladmin
password' due to the new password not being masked on
the command line after a password change.

- An overflow flaw in yaSSL exists due to improper
validation of user-supplied input during certificate
decoding. A remote attacker, with a specially crafted
certificate, could cause a denial of service or execute
arbitrary code.

- An unspecified flaw related to MyISAM temporary files
could allow a local attacker to gain elevated
privileges. (CVE-2014-4274)

See also :

http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-39.html

Solution :

Upgrade to MySQL 5.5.39 or later.

Risk factor :

Medium / CVSS Base Score : 6.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 5.9
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Windows Prefetch Folder


Synopsis:

Nessus was able to retrieve the Windows prefetch folder file list.

Description:

Nessus was able to retrieve and display the contents of the Windows
prefetch folder (%systemroot%\prefetch\*). This information shows
programs that have run with the prefetch and superfetch mechanisms
enabled.

See also :

http://www.nessus.org/u?0ab4c9af
http://www.nessus.org/u?d6b15983
http://www.forensicswiki.org/wiki/Prefetch

Solution :

n/a

Risk factor :

None

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Oracle Policy Automation (Oracle Web Determinations) Unspecified Remote Security Vulnerability (July 2013 CPU)


Synopsis:

The remote host is affected by an unspecified remote vulnerability.

Description:

The version of Oracle Policy Automation installed on the remote host
is 10.2.x prior to 10.2.0.124, 10.3.x prior to 10.3.1.61, or 10.4.x
prior to 10.4.3. It is, therefore, affected by an unspecified remote
vulnerability that can be exploited by remote authenticated users to
disclose sensitive information.

See also :

http://www.nessus.org/u?d601a70e

Solution :

Apply the appropriate patch according to the July 2013 Oracle Critical
Patch Update advisory.

Risk factor :

Medium / CVSS Base Score : 4.0
(CVSS2#AV:N/AC:L/Au:S/C:P/I:N/A:N)
CVSS Temporal Score : 3.0
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Oracle Web Determinations Detection


Synopsis:

The remote web server hosts a web-based interactive assessment system.

Description:

The remote web server hosts Oracle Web Determinations, a web-based
interactive assessment system that is a component of Oracle Policy
Automation.

See also :

http://www.nessus.org/u?325ac65d

Solution :

n/a

Risk factor :

None

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Novell GroupWise Client 8.x < 8.0.3 Hot Patch 4 / 2012 < 2012 SP3 / 2014 < 2014 SP1 Multiple Dereference Vulnerabilities


Synopsis:

The remote Windows host contains an email application that is affected
by multiple untrusted pointer dereference vulnerabilities.

Description:

The Novell GroupWise Client installed on the remote Windows host is
version 8.x prior to 8.0.3 Hot Patch 4 (8.0.3.36955), version 2012
prior to 2012 SP3 (12.0.3.26810), or version 2014 prior to 2014 SP1
(14.0.1.27118). It is, therefore, affected by multiple untrusted
pointer dereference vulnerabilities.

See also :

http://www.novell.com/support/kb/doc.php?id=7015565

Solution :

Upgrade to Novell GroupWise Client 8.0.3 Hot Patch 4 (8.0.3.36955) /
2012 SP3 (12.0.3.26810) / 2014 SP1 (14.0.1.27118) or later.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 8.7
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Ubuntu 12.04 LTS / 14.04 : thunderbird vulnerabilities (USN-2330-1)


Synopsis:

The remote Ubuntu host is missing a security-related patch.

Description:

Jan de Mooij, Christian Holler, Karl Tomlinson, Randell Jesup, Gary
Kwong, Jesse Ruderman and JW Wang discovered multiple memory safety
issues in Thunderbird. If a user were tricked in to opening a
specially crafted message with scripting enabled, an attacker could
potentially exploit these to cause a denial of service via application
crash, or execute arbitrary code with the privileges of the user
invoking Thunderbird. (CVE-2014-1553, CVE-2014-1562)

Abhishek Arya discovered a use-after-free during DOM interactions with
SVG. If a user were tricked in to opening a specially crafted message
with scripting enabled, an attacker could potentially exploit this to
cause a denial of service via application crash or execute arbitrary
code with the privileges of the user invoking Thunderbird.
(CVE-2014-1563)

Michal Zalewski discovered that memory is not initialized properly
during GIF rendering in some circumstances. If a user were tricked in
to opening a specially crafted message, an attacker could potentially
exploit this to steal confidential information. (CVE-2014-1564)

Holger Fuhrmannek discovered an out-of-bounds read in Web Audio. If a
user were tricked in to opening a specially crafted message with
scripting enabled, an attacker could potentially exploit this to cause
a denial of service via application crash or steal confidential
information. (CVE-2014-1565)

A use-after-free was discovered during text layout in some
circumstances. If a user were tricked in to opening a specially
crafted message with scripting enabled, an attacker could potentially
exploit this to cause a denial of service via application crash or
execute arbitrary code with the privileges of the user invoking
Thunderbird. (CVE-2014-1567).

Solution :

Update the affected thunderbird package.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 8.7
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

Ubuntu Security Notice (C) 2014 Canonical, Inc. / NASL script (C) 2014 Tenable Network Security, Inc.

SuSE 11.3 Security Update : LibreOffice (SAT Patch Number 9677)


Synopsis:

The remote SuSE 11 host is missing one or more security updates.

Description:

LibreOffice was updated to version 4.0.3.3.26. (SUSE 4.0-patch26, tag
suse-4.0-26, based on upstream 4.0.3.3).

Two security issues have been fixed :

- DOCM memory corruption vulnerability. (CVE-2013-4156,
bnc#831578)

- Data exposure using crafted OLE objects. (CVE-2014-3575,
bnc#893141) The following non-security issues have been
fixed :

- chart shown flipped. (bnc#834722)

- chart missing dataset. (bnc#839727)

- import new line in text. (bnc#828390)

- lines running off screens. (bnc#819614)

- add set-all language menu. (bnc#863021)

- text rotation. (bnc#783433, bnc#862510)

- page border shadow testcase. (bnc#817956)

- one more clickable field fix. (bnc#802888)

- multilevel labels are rotated. (bnc#820273)

- incorrect nested table margins. (bnc#816593)

- use BitmapURL only if its valid. (bnc#821567)

- import gradfill for text colors. (bnc#870234)

- fix undo of paragraph attributes. (bnc#828598)

- stop-gap solution to avoid crash. (bnc#830205)

- import images with duotone filter. (bnc#820077)

- missing drop downs for autofilter. (bnc#834705)

- typos in first page style creation. (bnc#820836)

- labels wrongly interpreted as dates. (bnc#834720)

- RTF import of fFilled shape property. (bnc#825305)

- placeholders text size is not correct. (bnc#831457)

- cells value formatted with wrong output. (bnc#821795)

- RTF import of freeform shape coordinates. (bnc#823655)

- styles (rename &
) copy to different decks.
(bnc#757432)

- XLSX Chart import with internal data table. (bnc#819822)

- handle M.d.yyyy date format in DOCX import. (bnc#820509)

- paragraph style in empty first page header. (bnc#823651)

- copying slides having same master page name.
(bnc#753460)

- printing handouts using the default, 'Order'.
(bnc#835985)

- wrap polygon was based on dest size of picture.
(bnc#820800)

- added common flags support for SEQ field import.
(bnc#825976)

- hyperlinks of illustration index in DOCX export.
(bnc#834035)

- allow insertion of redlines with an empty author.
(bnc#837302)

- handle drawinglayer rectangle inset in VML import.
(bnc#779642)

- don't apply complex font size to non-complex font.
(bnc#820819)

- issue with negative seeks in win32 shell extension.
(bnc#829017)

- slide appears quite garbled when imported from PPTX.
(bnc#593612)

- initial MCE support in writerfilter ooxml tokenizer.
(bnc#820503)

- MSWord uses \xb for linebreaks in DB fields, take 2.
(bnc#878854)

- try harder to convert floating tables to text frames.
(bnc#779620)

- itemstate in parent style incorrectly reported as set.
(bnc#819865)

- default color hidden by Default style in writerfilter.
(bnc#820504)

- DOCX document crashes when using internal OOXML filter.
(bnc#382137)

- ugly workaround for external leading with symbol fonts.
(bnc#823626)

- followup fix for exported xlsx causes errors for
mso2007. (bnc#823935)

- we only support simple labels in the
InternalDataProvider. (bnc#864396)

- RTF import: fix import of numbering bullet associated
font. (bnc#823675)

- page specific footer extended to every pages in DOCX
export. (bnc#654230)

- v:textbox mso-fit-shape-to-text style property in VML
import. (bnc#820788)

- w:spacing in a paragraph should also apply to as-char
objects. (bnc#780044)

- compatibility setting for MS Word wrapping text in less
space. (bnc#822908)

- fix SwWrtShell::SelAll() to work with empty table at doc
start (bnc#825891)

See also :

https://bugzilla.novell.com/show_bug.cgi?id=382137
https://bugzilla.novell.com/show_bug.cgi?id=593612
https://bugzilla.novell.com/show_bug.cgi?id=654230
https://bugzilla.novell.com/show_bug.cgi?id=753460
https://bugzilla.novell.com/show_bug.cgi?id=757432
https://bugzilla.novell.com/show_bug.cgi?id=779620
https://bugzilla.novell.com/show_bug.cgi?id=779642
https://bugzilla.novell.com/show_bug.cgi?id=780044
https://bugzilla.novell.com/show_bug.cgi?id=783433
https://bugzilla.novell.com/show_bug.cgi?id=802888
https://bugzilla.novell.com/show_bug.cgi?id=816593
https://bugzilla.novell.com/show_bug.cgi?id=817956
https://bugzilla.novell.com/show_bug.cgi?id=819614
https://bugzilla.novell.com/show_bug.cgi?id=819822
https://bugzilla.novell.com/show_bug.cgi?id=819865
https://bugzilla.novell.com/show_bug.cgi?id=820077
https://bugzilla.novell.com/show_bug.cgi?id=820273
https://bugzilla.novell.com/show_bug.cgi?id=820503
https://bugzilla.novell.com/show_bug.cgi?id=820504
https://bugzilla.novell.com/show_bug.cgi?id=820509
https://bugzilla.novell.com/show_bug.cgi?id=820788
https://bugzilla.novell.com/show_bug.cgi?id=820800
https://bugzilla.novell.com/show_bug.cgi?id=820819
https://bugzilla.novell.com/show_bug.cgi?id=820836
https://bugzilla.novell.com/show_bug.cgi?id=821567
https://bugzilla.novell.com/show_bug.cgi?id=821795
https://bugzilla.novell.com/show_bug.cgi?id=822908
https://bugzilla.novell.com/show_bug.cgi?id=823626
https://bugzilla.novell.com/show_bug.cgi?id=823651
https://bugzilla.novell.com/show_bug.cgi?id=823655
https://bugzilla.novell.com/show_bug.cgi?id=823675
https://bugzilla.novell.com/show_bug.cgi?id=823935
https://bugzilla.novell.com/show_bug.cgi?id=825305
https://bugzilla.novell.com/show_bug.cgi?id=825891
https://bugzilla.novell.com/show_bug.cgi?id=825976
https://bugzilla.novell.com/show_bug.cgi?id=828390
https://bugzilla.novell.com/show_bug.cgi?id=828598
https://bugzilla.novell.com/show_bug.cgi?id=829017
https://bugzilla.novell.com/show_bug.cgi?id=830205
https://bugzilla.novell.com/show_bug.cgi?id=831457
https://bugzilla.novell.com/show_bug.cgi?id=831578
https://bugzilla.novell.com/show_bug.cgi?id=834035
https://bugzilla.novell.com/show_bug.cgi?id=834705
https://bugzilla.novell.com/show_bug.cgi?id=834720
https://bugzilla.novell.com/show_bug.cgi?id=834722
https://bugzilla.novell.com/show_bug.cgi?id=835985
https://bugzilla.novell.com/show_bug.cgi?id=837302
https://bugzilla.novell.com/show_bug.cgi?id=839727
https://bugzilla.novell.com/show_bug.cgi?id=862510
https://bugzilla.novell.com/show_bug.cgi?id=863021
https://bugzilla.novell.com/show_bug.cgi?id=864396
https://bugzilla.novell.com/show_bug.cgi?id=870234
https://bugzilla.novell.com/show_bug.cgi?id=878854
https://bugzilla.novell.com/show_bug.cgi?id=893141
http://support.novell.com/security/cve/CVE-2013-4156.html
http://support.novell.com/security/cve/CVE-2014-3575.html

Solution :

Apply SAT patch number 9677.

Risk factor :

Medium / CVSS Base Score : 6.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)

This script is Copyright (C) 2014 Tenable Network Security, Inc.

SuSE 11.3 Security Update : libqt4 (SAT Patch Number 9683)


Synopsis:

The remote SuSE 11 host is missing one or more security updates.

Description:

This update of the QT4 QSSL interface makes it select a set of default
ciphers that is recommended for current usage. This update is needed
for Konqueror to restrict its cipher set when using https.

See also :

https://bugzilla.novell.com/show_bug.cgi?id=865241

Solution :

Apply SAT patch number 9683.

Risk factor :

High

This script is Copyright (C) 2014 Tenable Network Security, Inc.

RHEL 6 : katello-configure (RHSA-2014:1186)


Synopsis:

The remote Red Hat host is missing a security update.

Description:

An updated katello-configure package that fixes one security issue is
now available for Red Hat Subscription Asset Manager.

Red Hat Product Security has rated this update as having Important
security impact. A Common Vulnerability Scoring System (CVSS) base
score, which gives a detailed severity rating, is available from the
CVE link in the References section.

The katello-configure package provides the katello-configure script,
which configures the Katello installation, and the katello-upgrade
script, which handles upgrades between versions.

It was discovered that the default configuration of Elasticsearch
enabled dynamic scripting, allowing a remote attacker to execute
arbitrary MVEL expressions and Java code via the source parameter
passed to _search. (CVE-2014-3120)

All Subscription Asset Manager users are advised to upgrade to this
updated package. The update provides a script that modifies the
elasticsearch.yml configuration file to disable dynamic scripting.
After updating, run the 'katello-configure' command. This will update
the elasticsearch.yml configuration file and restart the elasticsearch
service.

See also :

https://www.redhat.com/security/data/cve/CVE-2014-3120.html
http://rhn.redhat.com/errata/RHSA-2014-1186.html

Solution :

Update the affected katello-configure package.

Risk factor :

Medium / CVSS Base Score : 6.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 5.9
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

This script is Copyright (C) 2014 Tenable Network Security, Inc.

openSUSE Security Update : procmail (openSUSE-SU-2014:1114-1)


Synopsis:

The remote openSUSE host is missing a security update.

Description:

procmail was updated to fix a heap-overflow in procmail's formail
utility when processing specially crafted email headers (bnc#894999,
CVE-2014-3618)

See also :

http://lists.opensuse.org/opensuse-updates/2014-09/msg00016.html
https://bugzilla.novell.com/show_bug.cgi?id=894999

Solution :

Update the affected procmail packages.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 6.5
(CVSS2#E:ND/RL:OF/RC:ND)
Public Exploit Available : true

This script is Copyright (C) 2014 Tenable Network Security, Inc.

openSUSE Security Update : glibc (openSUSE-SU-2014:1115-1)


Synopsis:

The remote openSUSE host is missing a security update.

Description:

glibc was updated to fix three security issues :

- A directory traversal in locale environment handling was
fixed (CVE-2014-0475, bnc#887022, GLIBC BZ #17137)

- Disable gconv transliteration module loading which could
be used for code execution (CVE-2014-5119, bnc#892073,
GLIBC BZ #17187)

- Fix crashes on invalid input in IBM gconv modules
(CVE-2014-6040, bnc#894553, BZ #17325)

See also :

http://lists.opensuse.org/opensuse-updates/2014-09/msg00017.html
https://bugzilla.novell.com/show_bug.cgi?id=887022
https://bugzilla.novell.com/show_bug.cgi?id=892073
https://bugzilla.novell.com/show_bug.cgi?id=894553

Solution :

Update the affected glibc packages.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 6.5
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Mandriva Linux Security Advisory : python-django (MDVSA-2014:179)


Synopsis:

The remote Mandriva Linux host is missing a security update.

Description:

Updated python-django packages fix security vulnerabilities :

These releases address an issue with reverse() generating external
URLs (CVE-2014-0480)
a denial of service involving file uploads
(CVE-2014-0481)
a potential session hijacking issue in the
remote-user middleware (CVE-2014-0482)
and a data leak in the
administrative interface (CVE-2014-0483).

See also :

http://advisories.mageia.org/MGASA-2014-0366.html

Solution :

Update the affected python-django package.

Risk factor :

Medium / CVSS Base Score : 6.0
(CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:P)
CVSS Temporal Score : 5.2
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Mandriva Linux Security Advisory : ppp (MDVSA-2014:178)


Synopsis:

The remote Mandriva Linux host is missing one or more security
updates.

Description:

Updated ppp packages fix security vulnerability :

A vulnerability in ppp before 2.4.7 may enable an unprivileged
attacker to access privileged options (CVE-2014-3158).

See also :

http://advisories.mageia.org/MGASA-2014-0368.html

Solution :

Update the affected packages.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 6.5
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Mandriva Linux Security Advisory : squid (MDVSA-2014:177)


Synopsis:

The remote Mandriva Linux host is missing one or more security
updates.

Description:

Updated squid packages fix security vulnerability :

Matthew Daley discovered that Squid 3 did not properly perform input
validation in request parsing. A remote attacker could send crafted
Range requests to cause a denial of service (CVE-2014-3609).

See also :

http://advisories.mageia.org/MGASA-2014-0369.html

Solution :

Update the affected squid and / or squid-cachemgr packages.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVSS Temporal Score : 4.3
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Mandriva Linux Security Advisory : libgcrypt (MDVSA-2014:176)


Synopsis:

The remote Mandriva Linux host is missing one or more security
updates.

Description:

Updated libgcrypt packages fix security vulnerability :

The libgcrypt library before version 1.5.4 is vulnerable to an ELGAMAL
side-channel attack (CVE-2014-5270).

See also :

http://advisories.mageia.org/MGASA-2014-0365.html

Solution :

Update the affected lib64gcrypt-devel and / or lib64gcrypt11 packages.

Risk factor :

Low / CVSS Base Score : 2.1
(CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N)
CVSS Temporal Score : 1.8
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Mandriva Linux Security Advisory : glibc (MDVSA-2014:175)


Synopsis:

The remote Mandriva Linux host is missing one or more security
updates.

Description:

Multiple vulnerabilities has been found and corrected in glibc :

When converting IBM930 code with iconv(), if IBM930 code which
includes invalid multibyte character 0xffff is specified, then iconv()
segfaults (CVE-2012-6656).

Off-by-one error in the __gconv_translit_find function in
gconv_trans.c in GNU C Library (aka glibc) allows context-dependent
attackers to cause a denial of service (crash) or execute arbitrary
code via vectors related to the CHARSET environment variable and gconv
transliteration modules (CVE-2014-5119).

Crashes were reported in the IBM code page decoding functions (IBM933,
IBM935, IBM937, IBM939, IBM1364) (CVE-2014-6040).

The updated packages have been patched to correct these issues.

See also :

http://seclists.org/oss-sec/2014/q3/485
https://bugzilla.redhat.com/show_bug.cgi?id=1135841
https://rhn.redhat.com/errata/RHSA-2014-1110.html
https://sourceware.org/bugzilla/show_bug.cgi?id=14134
https://sourceware.org/bugzilla/show_bug.cgi?id=17325

Solution :

Update the affected packages.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 6.5
(CVSS2#E:ND/RL:OF/RC:ND)
Public Exploit Available : true

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Mandriva Linux Security Advisory : apache (MDVSA-2014:174)


Synopsis:

The remote Mandriva Linux host is missing one or more security
updates.

Description:

A vulnerability has been found and corrected in apache (ASF HTTPD) :

The mod_headers module in the Apache HTTP Server 2.2.22 allows remote
attackers to bypass RequestHeader unset directives by placing a header
in the trailer portion of data sent with chunked transfer coding.
NOTE: the vendor states this is not a security issue in httpd as such.
(CVE-2013-5704).

The updated packages have been upgraded to the latest 2.2.29 version
which is not vulnerable to this issue.

See also :

http://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x/CHANGES
https://httpd.apache.org/security/vulnerabilities_24.html

Solution :

Update the affected packages.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)
CVSS Temporal Score : 4.3
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Mandriva Linux Security Advisory : busybox (MDVSA-2014:173)


Synopsis:

The remote Mandriva Linux host is missing one or more security
updates.

Description:

Updated busybox packages fix security vulnerability :

An integer overflow in liblzo before 2.07 allows attackers to cause a
denial of service or possibly code execution in applications using
performing LZO decompression on a compressed payload from the attacker
(CVE-2014-4607).

Busybox bundles part of the liblzo code, containing the
lzo1x_decompress_safe function, which is affected by this issue.

See also :

http://advisories.mageia.org/MGASA-2014-0351.html

Solution :

Update the affected busybox and / or busybox-static packages.

Risk factor :

Medium / CVSS Base Score : 5.1
(CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 4.4
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

This script is Copyright (C) 2014 Tenable Network Security, Inc.