Newest Plugins

IBM WebSphere Application Server 8.5 < Fix Pack 8.5.5.3 Multiple Vulnerabilities


Synopsis:

The remote application server may be affected by multiple
vulnerabilities.

Description:

The remote host appears to be running IBM WebSphere Application Server
8.5 prior to Fix Pack 8.5.5.3. It is, therefore, affected by the
following vulnerabilities :

- A flaw exists in the Elliptic Curve Digital Signature
Algorithm implementation which could allow a malicious
process to recover ECDSA nonces.
(CVE-2014-0076, PI19700)

- A denial of service flaw exists in the 'mod_log_config'
when logging a cookie with an unassigned value. A remote
attacker, using a specially crafted request, can cause
the program to crash. (CVE-2014-0098, PI13028)

- A denial of service flaw exists within the IBM Security
Access Manager for Web with the Reverse Proxy component.
This could allow a remote attacker, using specially
crafted TLS traffic, to cause the application on the
system to become unresponsive. (CVE-2014-0963, PI17025)

- An information disclosure flaw exists when handling SOAP
responses. This could allow a remote attacker to
potentially gain access to sensitive information.
(CVE-2014-0965, PI11434)

- An information disclosure flaw exists. A remote
attacker, using a specially crafted URL, could gain
access to potentially sensitive information.
(CVE-2014-3022, PI09594)

- A flaw exists within the 'addFileRegistryAccount'
Virtual Member Manager SPI Admin Task, which creates
improper accounts. This could allow a remote attacker
to bypass security checks. (CVE-2014-3070, PI16765)

- An unspecified information disclosure flaw exists. This
could allow a remote attacker access to gain sensitive
information. (CVE-2014-3083, PI17768)

- An information disclosure flaw exists within the
'share/classes/sun/security/rsa/RSACore.java' class
related to 'RSA blinding' caused during operations using
private keys and measuring timing differences. This
could allow a remote attacker to gain information about
used keys. (CVE-2014-4244)

- A flaw exists within the 'validateDHPublicKey' function
in the 'share/classes/sun/security/util/KeyUtil.java'
class which is triggered during the validation of
Diffie-Hellman public key parameters. This could allow a
remote attacker to recover a key. (CVE-2014-4263)

- A flaw exists within the Load Balancer for IPv4
Dispatcher component. This could allow a remote attacker
to crash the Load Balancer. (CVE-2014-4764, PI21189)

- A flaw exists within the Liberty Repository when
installing features. This could allow an authenticated
remote attacker to install and execute arbitrary code.
(CVE-2014-4767, PI21284)

See also :

http://www-01.ibm.com/support/docview.wss?uid=swg24038133
http://www-01.ibm.com/support/docview.wss?uid=swg27036319#8553
https://www-304.ibm.com/support/docview.wss?uid=swg21681249
https://www-304.ibm.com/support/docview.wss?uid=swg21680418

Solution :

Apply Fix Pack 8.5.5.3 for version 8.5 (8.5.0.0) or later.

Risk factor :

High / CVSS Base Score : 7.1
(CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C)
CVSS Temporal Score : 6.2
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Kaspersky Internet Security Heartbeat Information Disclosure (Heartbleed)


Synopsis:

The remote host has software installed that is affected by an
information disclosure vulnerability.

Description:

The remote host has a version of Kaspersky Internet Security (KIS)
installed that is missing a vendor patch. It is, therefore, affected
by an information disclosure vulnerability.

An out-of-bounds read error, known as the 'Heartbleed Bug', exists
related to handling TLS heartbeat extensions that could allow an
attacker to obtain sensitive information such as primary key material,
secondary key material, and other protected content.

See also :

http://support.kaspersky.com/10235#block1
http://support.kaspersky.com/us/8049#patches
http://www.heartbleed.com

Solution :

Upgrade to Kaspersky Internet Security 13.0.1.4190 Patch K /
14.0.0.4651 Patch G or later.

In the case of other versions, please contact the vendor for guidance.

Risk factor :

High / CVSS Base Score : 9.4
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:N)
CVSS Temporal Score : 8.2
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Ubuntu 10.04 LTS / 12.04 LTS / 14.04 : eglibc vulnerability (USN-2328-1)


Synopsis:

The remote Ubuntu host is missing a security-related patch.

Description:

Tavis Ormandy and John Haxby discovered that the GNU C Library
contained an off-by-one error when performing transliteration module
loading. A local attacker could exploit this to gain administrative
privileges. (CVE-2014-5119)

USN-2306-1 fixed vulnerabilities in the GNU C Library. On Ubuntu 10.04
LTS and Ubuntu 12.04 LTS the security update for CVE-2014-0475 caused
a regression with localplt on PowerPC. This update fixes the problem.
We apologize for the inconvenience.

Solution :

Update the affected libc6 package.

Risk factor :

Medium / CVSS Base Score : 6.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)

Ubuntu Security Notice (C) 2014 Canonical, Inc. / NASL script (C) 2014 Tenable Network Security, Inc.

SuSE 11.3 Security Update : MySQL (SAT Patch Number 9624)


Synopsis:

The remote SuSE 11 host is missing one or more security updates.

Description:

This MySQL update provides the following :

- upgrade to version 5.5.39, [bnc#887580]

- CVE's fixed: (CVE-2014-2484 / CVE-2014-4258 /
CVE-2014-4260 / CVE-2014-2494 / CVE-2014-4238 /
CVE-2014-4207 / CVE-2014-4233 / CVE-2014-4240 /
CVE-2014-4214 / CVE-2014-4243) See also:
http://www.oracle.com/technetwork/topics/security/cpujul
2014-1972956.html

See also :

https://bugzilla.novell.com/show_bug.cgi?id=887580
http://support.novell.com/security/cve/CVE-2014-2484.html
http://support.novell.com/security/cve/CVE-2014-2494.html
http://support.novell.com/security/cve/CVE-2014-4207.html
http://support.novell.com/security/cve/CVE-2014-4214.html
http://support.novell.com/security/cve/CVE-2014-4233.html
http://support.novell.com/security/cve/CVE-2014-4238.html
http://support.novell.com/security/cve/CVE-2014-4240.html
http://support.novell.com/security/cve/CVE-2014-4243.html
http://support.novell.com/security/cve/CVE-2014-4258.html
http://support.novell.com/security/cve/CVE-2014-4260.html

Solution :

Apply SAT patch number 9624.

Risk factor :

Medium / CVSS Base Score : 6.5
(CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P)

This script is Copyright (C) 2014 Tenable Network Security, Inc.

SuSE 11.3 Security Update : MySQL (SAT Patch Number 9624)


Synopsis:

The remote SuSE 11 host is missing one or more security updates.

Description:

This MySQL update provides the following :

- upgrade to version 5.5.39, [bnc#887580]

- CVE's fixed: (CVE-2014-2484 / CVE-2014-4258 /
CVE-2014-4260 / CVE-2014-2494 / CVE-2014-4238 /
CVE-2014-4207 / CVE-2014-4233 / CVE-2014-4240 /
CVE-2014-4214 / CVE-2014-4243) See also:
http://www.oracle.com/technetwork/topics/security/cpujul
2014-1972956.html

See also :

https://bugzilla.novell.com/show_bug.cgi?id=887580
http://support.novell.com/security/cve/CVE-2014-2484.html
http://support.novell.com/security/cve/CVE-2014-2494.html
http://support.novell.com/security/cve/CVE-2014-4207.html
http://support.novell.com/security/cve/CVE-2014-4214.html
http://support.novell.com/security/cve/CVE-2014-4233.html
http://support.novell.com/security/cve/CVE-2014-4238.html
http://support.novell.com/security/cve/CVE-2014-4240.html
http://support.novell.com/security/cve/CVE-2014-4243.html
http://support.novell.com/security/cve/CVE-2014-4258.html
http://support.novell.com/security/cve/CVE-2014-4260.html

Solution :

Apply SAT patch number 9624.

Risk factor :

Medium / CVSS Base Score : 6.5
(CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P)

This script is Copyright (C) 2014 Tenable Network Security, Inc.

SuSE 11.3 Security Update : gpgme (SAT Patch Number 9644)


Synopsis:

The remote SuSE 11 host is missing one or more security updates.

Description:

This gpgme update fixes the following security issue :

- Fix possible overflow in gpgsm and uiserver engines
(CVE-2014-3564). (bnc#890123)

See also :

https://bugzilla.novell.com/show_bug.cgi?id=890123
http://support.novell.com/security/cve/CVE-2014-3564.html

Solution :

Apply SAT patch number 9644.

Risk factor :

High

This script is Copyright (C) 2014 Tenable Network Security, Inc.

openSUSE Security Update : phpMyAdmin (openSUSE-SU-2014:1069-1)


Synopsis:

The remote openSUSE host is missing a security update.

Description:

This phpMyAdmin update addresses several security and non security
issues :

- This is a phpMyAdmin version upgrade (bnc#892401): (From
4.1.14.3) :

- sf#4501 [security] XSS in table browse page
(CVE-2014-5273)

- sf#4502 [security] Self-XSS in enum value editor
(CVE-2014-5273)

- sf#4503 [security] Self-XSSes in monitor (CVE-2014-5273)

- sf#4505 [security] XSS in view operations page
(CVE-2014-5274)

- sf#4504 [security] Self-XSS in query
charts
(CVE-2014-5273)

- sf#4517 [security] XSS in relation view (CVE-2014-5273)
(From 4.1.14.2) :

- sf#4488 [security] XSS injection due to unescaped table
name (triggers)(CVE-2014-4955)

- sf#4492 [security] XSS in AJAX confirmation messages
(CVE-2014-4986)

- sf#4491 [security] Missing validation for accessing User
groups feature (CVE-2014-4987) (From 4.1.14.1) :

- sf#4464 [security] XSS injection due to unescaped
db/table name in navigation hiding (CVE-2014-4349) (From
4.1.14.0 through 4.1.9.0) :

- Numerous non-security bugfixes are listed at
https://github.com/phpmyadmin/phpmyadmin/blob/MAINT_4_1_
14/ChangeLog

See also :

http://lists.opensuse.org/opensuse-updates/2014-08/msg00045.html
https://bugzilla.novell.com/show_bug.cgi?id=892401
https://github.com/phpmyadmin/phpmyadmin/blob/MAINT_4_1_14/ChangeLog

Solution :

Update the affected phpMyAdmin package.

Risk factor :

Medium / CVSS Base Score : 4.0
(CVSS2#AV:N/AC:L/Au:S/C:P/I:N/A:N)

This script is Copyright (C) 2014 Tenable Network Security, Inc.

openSUSE Security Update : python3 (openSUSE-SU-2014:1070-1)


Synopsis:

The remote openSUSE host is missing a security update.

Description:

This python3 update fixes the following security and non security
issues :

- CGIHTTPServer filedisclosure and directory traversal
through URL-encoded characters (CVE-2014-4650,
bnc#885882)

- DoS on ssl.match_hostname via a crafted certificate with
too many wildcards (CVE-2013-2099, bnc#886001)

- fix import_failed hook file names

See also :

http://lists.opensuse.org/opensuse-updates/2014-08/msg00046.html
https://bugzilla.novell.com/show_bug.cgi?id=885882
https://bugzilla.novell.com/show_bug.cgi?id=886001

Solution :

Update the affected python3 packages.

Risk factor :

Medium / CVSS Base Score : 4.3
(CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P)

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Fedora 20 : glibc-2.18-14.fc20 (2014-9824)


Synopsis:

The remote Fedora host is missing a security update.

Description:

- Locale names, including those obtained from environment
variables (LANG and the LC_* variables), are more
tightly checked for proper syntax. setlocale will now
fail (with EINVAL) for locale names that are overly
long, contain slashes without starting with a slash, or
contain '..' path components. (CVE-2014-0475)
Previously, some valid locale names were silently
replaced with the 'C' locale when running in AT_SECURE
mode (e.g., in a SUID program). This is no longer
necessary because of the additional checks.

- Support for loadable gconv transliteration modules has
been removed because it did not work at all. Regular
gconv conversion modules are still supported.
(CVE-2014-5119)

See also :

https://bugzilla.redhat.com/show_bug.cgi?id=1102353
https://bugzilla.redhat.com/show_bug.cgi?id=1129743
http://www.nessus.org/u?cbef587b

Solution :

Update the affected glibc package.

Risk factor :

Medium / CVSS Base Score : 6.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Fedora 20 : gtk3-3.10.9-2.fc20 (2014-9794)


Synopsis:

The remote Fedora host is missing a security update.

Description:

This update fixes an issue that could lead to opening a cascade of
menus on top of menus when holding down the menu key.

See also :

https://bugzilla.redhat.com/show_bug.cgi?id=1064695
http://www.nessus.org/u?b19a633e

Solution :

Update the affected gtk3 package.

Risk factor :

High

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Fedora 20 : subversion-1.8.10-1.fc20 (2014-9636)


Synopsis:

The remote Fedora host is missing a security update.

Description:

This update includes the latest stable release of **Apache
Subversion**, version **1.8.10**.

**Client-side bugfixes:**

- guard against md5 hash collisions when finding cached
credentials

- ra_serf: properly match wildcards in SSL certs.

- ra_serf: ignore the CommonName in SSL certs where
there are Subject Alt Names

- ra_serf: fix a URI escaping bug that prevented
deleting locked paths

- rm: Display the proper URL when deleting a URL in the
commit log editor

- log: Fix another instance of broken pipe error

- copy: Properly handle props not present or excluded on
cross wc copy

- copy: Fix copying parents of locally deleted nodes
between wcs

- externals: Properly delete ancestor directories of
externals when removing the external by changing
svn:externals.

- ra_serf: fix memory lifetime of some hash values

**Server-side bugfixes:**

- fsfs: omit config file when creating pre-1.5 format
repos

**Bindings:**

- ruby: removing warning about Ruby 1.9 support being new.

- python: fix notify_func callbacks

See also :

https://bugzilla.redhat.com/show_bug.cgi?id=1125800
https://bugzilla.redhat.com/show_bug.cgi?id=1128884
https://bugzilla.redhat.com/show_bug.cgi?id=1129100
http://www.nessus.org/u?ede7be2c

Solution :

Update the affected subversion package.

Risk factor :

Medium / CVSS Base Score : 4.0
(CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:N)

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Fedora 20 : GraphicsMagick-1.3.20-1.fc20 (2014-9596)


Synopsis:

The remote Fedora host is missing a security update.

Description:

New stable upstream release, patched for CVE-2014-1947. See also:
http://www.graphicsmagick.org/NEWS.html#august-16-2014

See also :

http://www.graphicsmagick.org/NEWS.html#august-16-2014
https://bugzilla.redhat.com/show_bug.cgi?id=1064098
http://www.nessus.org/u?a96d0e01

Solution :

Update the affected GraphicsMagick package.

Risk factor :

High

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Fedora 19 : perl-Plack-1.0031-1.fc19 (2014-9544)


Synopsis:

The remote Fedora host is missing a security update.

Description:

----------------------------------------------------------------------
---------- ChangeLog :

- Fri Aug 8 2014 Ralf CorsÃ
©
pius fedoraproject.org> - 1.0031-1

- Upstream update.

- Thu Jan 16 2014 Ralf CorsÃ
©
pius at fedoraproject.org> - 1.0030-3

- Move misplaced %exclude-line from base-package to
*-Test.

- Wed Jan 15 2014 Ralf CorsÃ
©
pius at fedoraproject.org> - 1.0030-2

- Split out perl-Plack-Test to avoid dependency on
Test::More (RHBZ #1052859).

- Mon Dec 30 2013 Ralf CorsÃ
©
pius at fedoraproject.org> - 1.0030-1

- Upstream update.

- Wed Sep 18 2013 Ralf CorsÃ
©
pius at fedoraproject.org> - 1.0029-1

- Upstream update.

- Update BRs.

- Modernize spec.

See also :

https://bugzilla.redhat.com/show_bug.cgi?id=1128978
http://www.nessus.org/u?7a9ed73f

Solution :

Update the affected perl-Plack package.

Risk factor :

High

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Fedora 20 : perl-Plack-1.0031-1.fc20 (2014-9542)


Synopsis:

The remote Fedora host is missing a security update.

Description:

----------------------------------------------------------------------
---------- ChangeLog :

- Fri Aug 8 2014 Ralf CorsÃ
©
pius fedoraproject.org> - 1.0031-1

- Upstream update.

- Thu Jan 16 2014 Ralf CorsÃ
©
pius at fedoraproject.org> - 1.0030-3

- Move misplaced %exclude-line from base-package to
*-Test.

- Wed Jan 15 2014 Ralf CorsÃ
©
pius at fedoraproject.org> - 1.0030-2

- Split out perl-Plack-Test to avoid dependency on
Test::More (RHBZ #1052859).

- Mon Dec 30 2013 Ralf CorsÃ
©
pius at fedoraproject.org> - 1.0030-1

- Upstream update.

See also :

https://bugzilla.redhat.com/show_bug.cgi?id=1128978
http://www.nessus.org/u?8d502033

Solution :

Update the affected perl-Plack package.

Risk factor :

High

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Fedora 19 : phpMyAdmin-4.2.7.1-1.fc19 (2014-9534)


Synopsis:

The remote Fedora host is missing a security update.

Description:

phpMyAdmin 4.2.7.1 (2014-08-17) ===============================

- [security] XSS in table browse page

- [security] Self-XSS in enum value editor

- [security] Self-XSSes in monitor

- [security] Self-XSS in query charts

- [security] XSS in view operations page

- [security] XSS in relation view

See also :

https://bugzilla.redhat.com/show_bug.cgi?id=1130865
https://bugzilla.redhat.com/show_bug.cgi?id=1130866
http://www.nessus.org/u?e78ccb41

Solution :

Update the affected phpMyAdmin package.

Risk factor :

Low / CVSS Base Score : 3.5
(CVSS2#AV:N/AC:M/Au:S/C:N/I:P/A:N)

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Fedora 19 : subversion-1.7.18-1.fc19 (2014-9521)


Synopsis:

The remote Fedora host is missing a security update.

Description:

This update includes the latest stable release of **Apache
Subversion** 1.7, version **1.7.18**, fixing a minor security issue.

**Client-side bugfixes:**

- guard against md5 hash collisions when finding cached
credentials (CVE-2014-3528). See :

http://subversion.apache.org/security/CVE-2014-3528-advisory.txt

**Developer-visible changes** **General:**

- fix ocassional failure in checkout_tests.py test 12.

See also :

http://subversion.apache.org/security/CVE-2014-3528-advisory.txt
https://bugzilla.redhat.com/show_bug.cgi?id=1125799
http://www.nessus.org/u?832d8f20

Solution :

Update the affected subversion package.

Risk factor :

Medium / CVSS Base Score : 4.0
(CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:N)

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Debian DSA-3014-1 : squid3 - security update


Synopsis:

The remote Debian host is missing a security-related update.

Description:

Matthew Daley discovered that Squid3, a fully featured web proxy
cache, did not properly perform input validation in request parsing. A
remote attacker could use this flaw to mount a denial of service by
sending crafted Range requests.

See also :

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=759509
http://www.debian.org/security/2014/dsa-3014

Solution :

Upgrade the squid3 packages.

For the stable distribution (wheezy), this problem has been fixed in
version 3.1.20-2.2+deb7u2.

Risk factor :

High

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Oracle Access Manager Unspecified Vulnerability (credentialed check, April 2014 CPU)


Synopsis:

The remote host is affected by an unspecified vulnerability that
allows authenticated attackers to affect confidentiality.

Description:

The remote Oracle Access Manager install has one more more domains
that need configuration changes to protect against an unspecified
vulnerability affecting confidentiality.

See also :

http://www.nessus.org/u?ef1fc2a6

Solution :

Apply recommended configuration workaround provided by the vendor.

Risk factor :

Medium / CVSS Base Score : 4.0
(CVSS2#AV:N/AC:L/Au:S/C:P/I:N/A:N)
CVSS Temporal Score : 3.5
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Ubuntu 12.04 LTS / 14.04 : squid3 vulnerability (USN-2327-1)


Synopsis:

The remote Ubuntu host is missing a security-related patch.

Description:

Matthew Daley discovered that Squid 3 did not properly perform input
validation in request parsing. A remote attacker could send crafted
Range requests to cause a denial of service.

Solution :

Update the affected squid3 package.

Risk factor :

High

Ubuntu Security Notice (C) 2014 Canonical, Inc. / NASL script (C) 2014 Tenable Network Security, Inc.

Debian DSA-3013-1 : s3ql - security update


Synopsis:

The remote Debian host is missing a security-related update.

Description:

Nikolaus Rath discovered that s3ql, a file system for online data
storage, used the pickle functionality of the Python programming
language in an unsafe way. As a result, a malicious storage backend or
man-in-the-middle attacker was able execute arbitrary code.

See also :

http://www.debian.org/security/2014/dsa-3013

Solution :

Upgrade the s3ql packages.

For the stable distribution (wheezy), this problem has been fixed in
version 1.11.1-3+deb7u1.

Risk factor :

High

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Debian DSA-3012-1 : eglibc - security update


Synopsis:

The remote Debian host is missing a security-related update.

Description:

Tavis Ormandy discovered a heap-based buffer overflow in the
transliteration module loading code in eglibc, Debian's version of the
GNU C Library. As a result, an attacker who can supply a crafted
destination character set argument to iconv-related character
conversation functions could achieve arbitrary code execution.

This update removes support of loadable gconv transliteration modules.
Besides the security vulnerability, the module loading code had
functionality defects which prevented it from working for the intended
purpose.

See also :

http://www.debian.org/security/2014/dsa-3012

Solution :

Upgrade the eglibc packages.

For the stable distribution (wheezy), this problem has been fixed in
version 2.13-38+deb7u4.

Risk factor :

High

This script is Copyright (C) 2014 Tenable Network Security, Inc.

AIX 6.1 TL 7 : bos.rte.odm (U865807)


Synopsis:

The remote AIX host is missing a vendor-supplied security patch.

Description:

The remote host is missing AIX PTF U865807, which is related to the
security of the package bos.rte.odm.

AIX could allow a arbitrary file overwrite symlink vulnerability due
to libodm.a bug.

See also :

http://www-01.ibm.com/support/docview.wss?uid=isg1IV60313

Solution :

Install the appropriate missing security-related fix.

Risk factor :

Medium / CVSS Base Score : 6.9
(CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C)

This script is Copyright (C) 2014 Tenable Network Security, Inc.

AIX 6.1 TL 8 : bos.rte.odm (U865667)


Synopsis:

The remote AIX host is missing a vendor-supplied security patch.

Description:

The remote host is missing AIX PTF U865667, which is related to the
security of the package bos.rte.odm.

AIX could allow a arbitrary file overwrite symlink vulnerability due
to libodm.a bug.

See also :

http://www-01.ibm.com/support/docview.wss?uid=isg1IV60311

Solution :

Install the appropriate missing security-related fix.

Risk factor :

Medium / CVSS Base Score : 6.9
(CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C)

This script is Copyright (C) 2014 Tenable Network Security, Inc.

AIX 6.1 TL 7 : X11.base.rte (U865621)


Synopsis:

The remote AIX host is missing a vendor-supplied security patch.

Description:

The remote host is missing AIX PTF U865621, which is related to the
security of the package X11.base.rte.

Use-after-free vulnerability in the doImageText function in
dix/dixfonts.c in the xorg-server module before 1.14.4 in X.Org X11
allows remote authenticated users to cause a denial of service (daemon
crash) or possibly execute arbitrary code via a crafted ImageText
request that triggers memory-allocation failure.

See also :

http://www-01.ibm.com/support/docview.wss?uid=isg1IV52181

Solution :

Install the appropriate missing security-related fix.

Risk factor :

High

This script is Copyright (C) 2014 Tenable Network Security, Inc.

AIX 6.1 TL 8 : X11.base.rte (U865364)


Synopsis:

The remote AIX host is missing a vendor-supplied security patch.

Description:

The remote host is missing AIX PTF U865364, which is related to the
security of the package X11.base.rte.

Use-after-free vulnerability in the doImageText function in
dix/dixfonts.c in the xorg-server module before 1.14.4 in X.Org X11
allows remote authenticated users to cause a denial of service (daemon
crash) or possibly execute arbitrary code via a crafted ImageText
request that triggers memory-allocation failure.

See also :

http://www-01.ibm.com/support/docview.wss?uid=isg1IV52184

Solution :

Install the appropriate missing security-related fix.

Risk factor :

High

This script is Copyright (C) 2014 Tenable Network Security, Inc.

AIX 6.1 TL 8 : bos.mp64 (U862133)


Synopsis:

The remote AIX host is missing a vendor-supplied security patch.

Description:

The remote host is missing AIX PTF U862133, which is related to the
security of the package bos.mp64.

IBM AIX is vulnerable to a denial of service, caused by an error in
the ptrace() function. A local attacker could exploit this
vulnerability to cause a system crash.

See also :

http://www-01.ibm.com/support/docview.wss?uid=isg1IV58948

Solution :

Install the appropriate missing security-related fix.

Risk factor :

Medium / CVSS Base Score : 4.7
(CVSS2#AV:L/AC:M/Au:N/C:N/I:N/A:C)

This script is Copyright (C) 2014 Tenable Network Security, Inc.

AIX 6.1 TL 7 : bos.mp64 (U861576)


Synopsis:

The remote AIX host is missing a vendor-supplied security patch.

Description:

The remote host is missing AIX PTF U861576, which is related to the
security of the package bos.mp64.

IBM AIX is vulnerable to a denial of service, caused by an error in
the ptrace() function. A local attacker could exploit this
vulnerability to cause a system crash.

See also :

http://www-01.ibm.com/support/docview.wss?uid=isg1IV59045

Solution :

Install the appropriate missing security-related fix.

Risk factor :

Medium / CVSS Base Score : 4.7
(CVSS2#AV:L/AC:M/Au:N/C:N/I:N/A:C)

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Cisco ASA WebVPN CIFS Share Enumeration DoS (CSCuj83344)


Synopsis:

The remote device is missing a vendor-supplied security patch.

Description:

According to its banner, the version of the remote Cisco ASA device is
affected by a denial of service vulnerability in the WebVPN CIFS
(Common Internet File System) access function due to missing bounds
checks on received responses when enumerating large amounts of shares
on a CIFS server. A remote, authenticated attacker can exploit this
issue by attempting to list the shares of a CIFS server with a large
amount of shares.

See also :

http://www.nessus.org/u?4711f07a
http://tools.cisco.com/security/center/viewAlert.x?alertId=34921

Solution :

Apply the relevant patch referenced in Cisco bug ID CSCuj83344.

Risk factor :

Medium / CVSS Base Score : 6.8
(CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:C)
CVSS Temporal Score : 5.9
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Google Chrome < 37.0.2062.94 Multiple Vulnerabilities (Mac OS X)


Synopsis:

The remote Mac OS X host contains a web browser that is affected by
multiple vulnerabilities.

Description:

The version of Google Chrome installed on the remote Mac OS X host is
a version prior to 37.0.2062.94. It is, therefore, affected by the
following vulnerabilities :

- Blink contains a use-after-free vulnerability in its SVG
implementation. By using a specially crafted web page, a
remote attacker can cause a denial of service or execute
arbitrary code. (CVE-2014-3168)

- Blink contains a use-after-free vulnerability in its DOM
implementation. By using a specially crafted web page, a
remote attacker can cause a denial of service or execute
arbitrary code. (CVE-2014-3169)

- A flaw exists in the 'url_pattern.cc' file that does not
prevent the use of NULL characters '\0' in a host name.
A remote attacker can use this to spoof the extension
permission dialogue by relying on truncation after this
character. (CVE-2014-3170)

- Blink contains a use-after-free vulnerability in its V8
bindings. By using improper HashMap add operations, a
remote attacker can cause a denial of service or execute
arbitrary code. (CVE-2014-3171)

- The Debugger extension API does not properly a validate
a tab's URL before attaching. A remote attacker can
therefore bypass access limitations by means of an
extension that uses a restricted URL. (CVE-2014-3172)

- A flaw exists in the WebGL implementation where clear
calls do not interact properly with the draw buffer. By
using a specially crafted CANVAS element, a remote
attacker can cause a denial of service. (CVE-2014-3173)

- A flaw exists in the Blink Web Audio API implementation
in how it updates biquad filter coefficients when there
are concurrent threads. By using specially crafted API
calls, a remote attacker can cause a denial of service.
(CVE-2014-3174)

- Flaws exist in the 'load_truetype_glyph' function and
other unspecified functions which can be exploited by a
remote attacker to cause a denial of service or other
impact. (CVE-2014-3175)

- Flaws exist related to the interaction of the IPC, Sync
API, and V8 extensions. A remote attacker can exploit
these to bypass the sandbox and execute arbitrary code.
(CVE-2014-3176, CVE-2014-3177)

See also :

http://www.nessus.org/u?bc0adbf3

Solution :

Upgrade to Google Chrome 37.0.2062.94 or later.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 8.7
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Google Chrome < 37.0.2062.94 Multiple Vulnerabilities


Synopsis:

The remote host contains a web browser that is affected by multiple
vulnerabilities.

Description:

The version of Google Chrome installed on the remote host is a version
prior to 37.0.2062.94. It is, therefore, affected by the following
vulnerabilities :

- Blink contains a use-after-free vulnerability in its SVG
implementation. By using a specially crafted web page, a
remote attacker can cause a denial of service or execute
arbitrary code. (CVE-2014-3168)

- Blink contains a use-after-free vulnerability in its DOM
implementation. By using a specially crafted web page, a
remote attacker can cause a denial of service or execute
arbitrary code. (CVE-2014-3169)

- A flaw exists in the 'url_pattern.cc' file that does not
prevent the use of NULL characters '\0' in a host name.
A remote attacker can use this to spoof the extension
permission dialogue by relying on truncation after this
character. (CVE-2014-3170)

- Blink contains a use-after-free vulnerability in its V8
bindings. By using improper HashMap add operations, a
remote attacker can cause a denial of service or execute
arbitrary code. (CVE-2014-3171)

- The Debugger extension API does not properly a validate
a tab's URL before attaching. A remote attacker can
therefore bypass access limitations by means of an
extension that uses a restricted URL. (CVE-2014-3172)

- A flaw exists in the WebGL implementation where clear
calls do not interact properly with the draw buffer. By
using a specially crafted CANVAS element, a remote
attacker can cause a denial of service. (CVE-2014-3173)

- A flaw exists in the Blink Web Audio API implementation
in how it updates biquad filter coefficients when there
are concurrent threads. By using specially crafted API
calls, a remote attacker can cause a denial of service.
(CVE-2014-3174)

- Flaws exist in the 'load_truetype_glyph' function and
other unspecified functions which can be exploited by a
remote attacker to cause a denial of service or other
impact. (CVE-2014-3175)

- Flaws exist related to the interaction of the IPC, Sync
API, and V8 extensions. A remote attacker can exploit
these to bypass the sandbox and execute arbitrary code.
(CVE-2014-3176, CVE-2014-3177)

See also :

http://www.nessus.org/u?bc0adbf3

Solution :

Upgrade to Google Chrome 37.0.2062.94 or later.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 8.7
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Apache OpenOffice < 4.1.1 Multiple Vulnerabilities


Synopsis:

The remote Windows host has an application installed that is affected
by multiple vulnerabilities.

Description:

The version of Apache OpenOffice installed on the remote host is a
version prior to 4.1.1. It is, therefore, affected by the following
vulnerabilities :

- An unspecified flaw allows remote attackers to execute
arbitrary commands via a specially crafted Calc
spreadsheet. (CVE-2014-3524)

- A flaw in the OLE preview generation allows a remote
attacker to embed arbitrary data into documents via
specially crafted OLE objects. (CVE-2014-3575)

See also :

https://www.openoffice.org/security/cves/CVE-2014-3524.html
https://www.openoffice.org/security/cves/CVE-2014-3575.html

Solution :

Upgrade to Apache OpenOffice version 4.1.1 or later.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 8.1
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Symantec Encryption Desktop 10.x < 10.3.2 MP3 DoS


Synopsis:

The remote Mac OS X host has a data encryption application installed
that is affected by a denial of service vulnerability.

Description:

The version of Symantec Encryption Desktop installed on the remote Mac
OS X host is version 10.x prior to 10.3.2 MP3. It is, therefore,
affected by a denial of service vulnerability. The flaw is due to a
failure to properly limit decompressed file size during the decryption
process of a specially crafted encrypted email. Decryption of an
excessively large compressed message could cause high memory and CPU
usage resulting in a denial of service as the system becomes
unresponsive during the decompression attempt.

See also :

http://www.nessus.org/u?8e650426

Solution :

Upgrade to Symantec Encryption Desktop 10.3.2 MP3 or later.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVSS Temporal Score : 4.3
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Symantec Encryption Desktop 10.x < 10.3.2 MP3 DoS


Synopsis:

The remote host has a data encryption application installed that is
affected by a denial of service vulnerability.

Description:

The version of Symantec Encryption Desktop installed on the remote
host is version 10.x prior to 10.3.2 MP3. It is, therefore, affected
by a denial of service vulnerability. The flaw is due to a failure to
properly limit decompressed file size during the decryption process of
a specially crafted encrypted email. Decryption of an excessively
large compressed message could cause high memory and CPU usage
resulting in a denial of service as the system becomes unresponsive
during the decompression attempt.

See also :

http://www.nessus.org/u?8e650426

Solution :

Upgrade to Symantec Encryption Desktop 10.3.2 MP3 or later.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVSS Temporal Score : 4.3
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Symantec Encryption Desktop Installed


Synopsis:

A data encryption application is installed on the remote Mac OS X
host.

Description:

Symantec Encryption Desktop, formerly known as PGP Desktop, is
installed on the remote MacOSX host.

See also :

http://www.symantec.com/encryption-desktop-pro

Solution :

n/a

Risk factor :

None

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Symantec Encryption Desktop Installed


Synopsis:

A data encryption application is installed on the remote host.

Description:

Symantec Encryption Desktop, formerly known as PGP Desktop, is
installed on the remote Windows host.

See also :

http://www.symantec.com/encryption-desktop-pro

Solution :

n/a

Risk factor :

None

This script is Copyright (C) 2014 Tenable Network Security, Inc.

PHP 5.5.x < 5.5.16 Multiple Vulnerabilities


Synopsis:

The remote web server uses a version of PHP that is affected by
multiple vulnerabilities.

Description:

According to its banner, the remote web server is running a version of
PHP 5.5.x prior to 5.5.16. It is, therefore, affected by the following
vulnerabilities :

- LibGD contains a NULL pointer dereference flaw in its
'gdImageCreateFromXpm' function in the 'gdxpm.c' file.
By using a specially crafted color mapping, a remote
attacker could cause a denial of service.
(CVE-2014-2497)

- The original upstream patch for CVE-2013-7345 did not
provide a complete solution. It is, therefore, still
possible for a remote attacker to deploy a specially
crafted input file to cause excessive resources to be
used when trying to detect the file type using awk
regular expression rules. This can cause a denial of
service. (CVE-2014-3538)

- An integer overflow flaw exists in the 'cdf.c' file. By
using a specially crafted CDF file, a remote attacker
could cause a denial of service. (CVE-2014-3587)

- There are multiple buffer overflow flaws in the 'dns.c'
file related to the 'dns_get_record' and 'dn_expand'
functions. By using a specially crafted DNS record,
a remote attacker could exploit these to cause a denial
of service or execute arbitrary code. (CVE-2014-3597)

- There exist multiple flaws in the GD component within
the 'gd_ctx.c' file where user-supplied input is not
properly validated to ensure that pathnames lack %00
sequences. By using specially crafted input, a remote
attacker could overwrite arbitrary files.
(CVE-2014-5120)

Note that Nessus has not attempted to exploit these issues, but has
instead relied only on the application's self-reported version number.

See also :

http://www.php.net/ChangeLog-5.php#5.5.16
https://bugs.php.net/bug.php?id=67730
https://bugs.php.net/bug.php?id=67705
https://bugs.php.net/bug.php?id=67717
https://bugs.php.net/bug.php?id=66901
https://bugs.php.net/bug.php?id=67716

Solution :

Upgrade to PHP version 5.5.16 or later.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 6.5
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

This script is Copyright (C) 2014 Tenable Network Security, Inc.

PHP 5.4.x < 5.4.32 Multiple Vulnerabilities


Synopsis:

The remote web server uses a version of PHP that is affected by
multiple vulnerabilities.

Description:

According to its banner, the remote web server is running a version of
PHP 5.4.x prior to 5.4.32. It is, therefore, affected by the following
vulnerabilities :

- LibGD contains a NULL pointer dereference flaw in its
'gdImageCreateFromXpm' function in the 'gdxpm.c' file.
By using a specially crafted color mapping, a remote
attacker could cause a denial of service.
(CVE-2014-2497)

- The original upstream patch for CVE-2013-7345 did not
provide a complete solution. It is, therefore, still
possible for a remote attacker to deploy a specially
crafted input file to cause excessive resources to be
used when trying to detect the file type using awk
regular expression rules. This can cause a denial of
service. (CVE-2014-3538)

- An integer overflow flaw exists in the 'cdf.c' file. By
using a specially crafted CDF file, a remote attacker
could cause a denial of service. (CVE-2014-3587)

- There are multiple buffer overflow flaws in the 'dns.c'
file related to the 'dns_get_record' and 'dn_expand'
functions. By using a specially crafted DNS record,
a remote attacker could exploit these to cause a denial
of service or execute arbitrary code. (CVE-2014-3597)

- A flaw exists in the 'spl_dllist.c' file that may lead
to a use-after-free condition in the SPL component when
iterating over an object. An attacker could utilize this
to cause a denial of service. (CVE-2014-4670)

- A flaw exists in the 'spl_array.c' file that may lead to
a use-after-free condition in the SPL component when
handling the modification of objects while sorting. An
attacker could utilize this to cause a denial of
service. (CVE-2014-4698)

- There exist multiple flaws in the GD component within
the 'gd_ctx.c' file where user-supplied input is not
properly validated to ensure that pathnames lack %00
sequences. By using specially crafted input, a remote
attacker could overwrite arbitrary files.
(CVE-2014-5120)

Note that Nessus has not attempted to exploit these issues, but has
instead relied only on the application's self-reported version number.

See also :

http://www.php.net/ChangeLog-5.php#5.4.32
https://bugs.php.net/bug.php?id=67730
https://bugs.php.net/bug.php?id=67538
https://bugs.php.net/bug.php?id=67539
https://bugs.php.net/bug.php?id=67717
https://bugs.php.net/bug.php?id=67705
https://bugs.php.net/bug.php?id=67716
https://bugs.php.net/bug.php?id=66901
https://bugs.php.net/bug.php?id=67715

Solution :

Upgrade to PHP version 5.4.32 or later.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 6.5
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

This script is Copyright (C) 2014 Tenable Network Security, Inc.

FreeBSD : chromium -- multiple vulnerabilities (fd5f305d-2d3d-11e4-aa3d-00262d5ed8ee)


Synopsis:

The remote FreeBSD host is missing a security-related update.

Description:

Google Chrome Releases reports :

50 security fixes in this release, including :

- [386988] Critical CVE-2014-3176, CVE-2014-3177: A special reward to
lokihardt@asrt for a combination of bugs in V8, IPC, sync, and
extensions that can lead to remote code execution outside of the
sandbox.

- [369860] High CVE-2014-3168: Use-after-free in SVG. Credit to
cloudfuzzer.

- [387389] High CVE-2014-3169: Use-after-free in DOM. Credit to
Andrzej Dyjak.

- [390624] High CVE-2014-3170: Extension permission dialog spoofing.
Credit to Rob Wu.

- [390928] High CVE-2014-3171: Use-after-free in bindings. Credit to
cloudfuzzer.

- [367567] Medium CVE-2014-3172: Issue related to extension debugging.
Credit to Eli Grey.

- [376951] Medium CVE-2014-3173: Uninitialized memory read in WebGL.
Credit to jmuizelaar.

- [389219] Medium CVE-2014-3174: Uninitialized memory read in Web
Audio. Credit to Atte Kettunen from OUSPG.

- [406143] CVE-2014-3175: Various fixes from internal audits, fuzzing
and other initiatives (Chrome 37).

See also :

http://googlechromereleases.blogspot.nl/
http://www.nessus.org/u?cfd714dc

Solution :

Update the affected package.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Fedora 20 : mediawiki-1.23.2-1.fc20 (2014-9583)


Synopsis:

The remote Fedora host is missing a security update.

Description:

This is a major update from the 1.21 branch to the 1.23 long term
support branch.

- (bug 68187) SECURITY: Prepend jsonp callback with
comment. - CVE-2014-5241

- (bug 66608) SECURITY: Fix for XSS issue in bug 66608:
Generate the URL used for loading a new page in
JavaScript,instead of relying on the URL in the link
that has been clicked. - CVE-2014-5242

- (bug 65778) SECURITY: Copy prevent-clickjacking
between OutputPage and ParserOutput. - CVE-2014-5243

See also :

https://bugzilla.redhat.com/show_bug.cgi?id=1125111
http://www.nessus.org/u?23df0420

Solution :

Update the affected mediawiki package.

Risk factor :

Medium / CVSS Base Score : 6.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 5.9
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Fedora 20 : jakarta-commons-httpclient-3.1-15.fc20 (2014-9581)


Synopsis:

The remote Fedora host is missing a security update.

Description:

Security fix for CVE-2014-3577, CVE-2012-6153

See also :

https://bugzilla.redhat.com/show_bug.cgi?id=1129074
https://bugzilla.redhat.com/show_bug.cgi?id=1129916
http://www.nessus.org/u?0b64edb4

Solution :

Update the affected jakarta-commons-httpclient package.

Risk factor :

Medium / CVSS Base Score : 5.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N)
CVSS Temporal Score : 5.0
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

This script is Copyright (C) 2014 Tenable Network Security, Inc.