Newest Plugins

FreeBSD : bugzilla -- Social Engineering (60bfa396-c702-11e3-848c-20cf30e32f6d)


Synopsis:

The remote FreeBSD host is missing one or more security-related
updates.

Description:

A Bugzilla Security Advisory reports : Dangerous control characters
can be inserted into Bugzilla, notably into bug comments. If the text,
which may look safe, is copied into a terminal such as xterm or
gnome-terminal, then unexpected commands could be executed on the
local machine.

See also :

https://bugzilla.mozilla.org/show_bug.cgi?id=968576
http://www.nessus.org/u?bcaa0a24

Solution :

Update the affected packages.

Risk factor :

High

This script is Copyright (C) 2014 Tenable Network Security, Inc.

FreeBSD : bugzilla -- Cross-Site Request Forgery (608ed765-c700-11e3-848c-20cf30e32f6d)


Synopsis:

The remote FreeBSD host is missing one or more security-related
updates.

Description:

A Bugzilla Security Advisory reports : The login form had no CSRF
protection, meaning that an attacker could force the victim to log in
using the attacker's credentials. If the victim then reports a new
security sensitive bug, the attacker would get immediate access to
this bug.

Due to changes involved in the Bugzilla API, this fix is not
backported to the 4.0 and 4.2 branches, meaning that Bugzilla 4.0.12
and older, and 4.2.8 and older, will remain vulnerable to this issue.

See also :

https://bugzilla.mozilla.org/show_bug.cgi?id=713926
http://www.nessus.org/u?05b01261

Solution :

Update the affected packages.

Risk factor :

High

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Fedora 20 : rsync-3.1.0-3.fc20 (2014-5315)


Synopsis:

The remote Fedora host is missing a security update.

Description:

This update fixes CVE-2014-2855 and temporary reverts compilation with
system provided zlib(BZ#1043965).

See also :

https://bugzilla.redhat.com/show_bug.cgi?id=1087841
http://www.nessus.org/u?912603d5

Solution :

Update the affected rsync package.

Risk factor :

High

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Fedora 20 : java-1.7.0-openjdk-1.7.0.60-2.4.7.0.fc20 (2014-5280)


Synopsis:

The remote Fedora host is missing a security update.

Description:

Security update :

http://blog.fuseyism.com/index.php/2014/04/16/security-icedtea-2-4-7-f
or-openjdk-7-released/

for

http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.h
tml

See also :

http://www.nessus.org/u?caae303e
http://www.nessus.org/u?ef1fc2a6
http://www.nessus.org/u?9e85e8bb

Solution :

Update the affected java-1.7.0-openjdk package.

Risk factor :

High

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Fedora 19 : java-1.7.0-openjdk-1.7.0.60-2.4.7.0.fc19 (2014-5277)


Synopsis:

The remote Fedora host is missing a security update.

Description:

Security update :

http://blog.fuseyism.com/index.php/2014/04/16/security-icedtea-2-4-7-f
or-openjdk-7-released/

for

http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.h
tml

See also :

http://www.nessus.org/u?caae303e
http://www.nessus.org/u?ef1fc2a6
http://www.nessus.org/u?a4e99ebf

Solution :

Update the affected java-1.7.0-openjdk package.

Risk factor :

High

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Fedora 20 : kernel-3.13.10-200.fc20 (2014-5235)


Synopsis:

The remote Fedora host is missing a security update.

Description:

The 3.13.10 stable update contains a number of important fixes across
the tree.

See also :

https://bugzilla.redhat.com/show_bug.cgi?id=1081589
https://bugzilla.redhat.com/show_bug.cgi?id=1086730
http://www.nessus.org/u?361199bb

Solution :

Update the affected kernel package.

Risk factor :

Medium / CVSS Base Score : 6.9
(CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C)

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Fedora 20 : elfutils-0.158-3.fc20 (2014-5015)


Synopsis:

The remote Fedora host is missing a security update.

Description:

Fix CVE-2014-0172 elfutils: integer overflow, leading to a heap-based
buffer overflow in libdw. Update to 0.158. Support for aarch64.
Unwinder support for i386, x86_64, s390, s390x, ppc and ppc64. Add
eu-stack.

See also :

https://bugzilla.redhat.com/show_bug.cgi?id=1085663
http://www.nessus.org/u?804a0ebe

Solution :

Update the affected elfutils package.

Risk factor :

Medium / CVSS Base Score : 6.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Debian DSA-2910-1 : qemu-kvm - security update


Synopsis:

The remote Debian host is missing a security-related update.

Description:

Michael S. Tsirkin of Red Hat discovered a buffer overflow flaw in the
way qemu processed MAC addresses table update requests from the guest.

A privileged guest user could use this flaw to corrupt qemu process
memory on the host, which could potentially result in arbitrary code
execution on the host with the privileges of the qemu process.

See also :

http://www.debian.org/security/2014/dsa-2910

Solution :

Upgrade the qemu-kvm packages.

For the oldstable distribution (squeeze), this problem has been fixed
in version 0.12.5+dfsg-5+squeeze11.

For the stable distribution (wheezy), this problem has been fixed in
version 1.1.2+dfsg-6+deb7u1.

Risk factor :

Medium / CVSS Base Score : 5.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N)
CVSS Temporal Score : 5.0
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Debian DSA-2909-1 : qemu - security update


Synopsis:

The remote Debian host is missing a security-related update.

Description:

Michael S. Tsirkin of Red Hat discovered a buffer overflow flaw in the
way qemu processed MAC addresses table update requests from the guest.

A privileged guest user could use this flaw to corrupt qemu process
memory on the host, which could potentially result in arbitrary code
execution on the host with the privileges of the qemu process.

See also :

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=744221
http://www.debian.org/security/2014/dsa-2909

Solution :

Upgrade the qemu packages.

For the oldstable distribution (squeeze), this problem has been fixed
in version 0.12.5+dfsg-3squeeze4.

For the stable distribution (wheezy), this problem has been fixed in
version 1.1.2+dfsg-6a+deb7u1.

Risk factor :

Medium / CVSS Base Score : 5.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N)
CVSS Temporal Score : 5.0
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Atmail Webmail 6.x / 7.x < 7.2.0 Multiple Vulnerabilities


Synopsis:

The remote web server contains an application that is affected by
multiple vulnerabilities.

Description:

According to its version, the Atmail Webmail install on the remote
host is 6.x or 7.x prior to 7.2.0. It is, therefore, potentially
affected by the following vulnerabilities :

- An input-validation error exists related to email
handling that could allow persistent cross-site
scripting attacks (XSS). (CVE-2013-6017)

- An input-validation error exists related to
administration functions that could allow cross-site
request forgery attacks (XSRF). (CVE-2013-6028)

See also :

http://atmail.com/changelog/

Solution :

Upgrade to Atmail Webmail 7.2.0 or later.

Risk factor :

Medium / CVSS Base Score : 6.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 5.9
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Atmail Webmail 6.x < 6.6.4 / 7.x < 7.1.2 Multiple Vulnerabilities


Synopsis:

The remote web server contains an application that is affected by
multiple vulnerabilities.

Description:

According to its version, the Atmail Webmail install on the remote
host is version 6.x prior to 6.6.4 or 7.x prior to 7.1.2. It is,
therefore potentially affected by numerous, unspecified errors having
unspecified impacts via unspecified vectors.

See also :

http://atmail.com/changelog/

Solution :

Upgrade to Atmail Webmail 6.6.4, 7.1.2 or later.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 8.7
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Atmail Webmail 6.6.x < 6.6.3 / 7.x < 7.0.3 File Name Parameter XSS


Synopsis:

The remote web server contains an application that is affected by a
cross-site scripting vulnerability.

Description:

According to its version, the Atmail Webmail install on the remote
host is version 6.6.x prior to 6.6.3 or 7.x prior to 7.0.3. It is,
therefore, potentially affected by an input-validation error related
to the script
'/index.php/mail/viewmessage/getattachment/folder/INBOX/uniqueId/' and
the 'File Name' parameter that could allow cross-site scripting
attacks.

See also :

http://blog.atmail.com/2013/atmail-7-0-3-security-hotfix-now-available/
http://atmail.com/changelog/

Solution :

Upgrade to Atmail Webmail 6.6.3, 7.0.3 or later.

Risk factor :

Medium / CVSS Base Score : 4.3
(CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N)
CVSS Temporal Score : 3.6
(CVSS2#E:F/RL:OF/RC:C)
Public Exploit Available : true

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Atmail Webmail < 6.6.2 Exim Buffer Overflow


Synopsis:

The remote web server contains an application that is affected by a
buffer overflow vulnerability.

Description:

According to its version, the Atmail Webmail install on the remote
host is a version prior to 6.6.2. It is, therefore, potentially
affected by an error in the included Exim component related to the
'dkim_exim_query_dns_txt' function and DNS record parsing that could
allow a buffer overflow and possibly arbitrary code execution.

See also :

http://atmail.com/changelog/
https://lists.exim.org/lurker/message/20121026.080330.74b9147b.en.html

Solution :

Upgrade to Atmail Webmail 6.6.2 or later.

Risk factor :

Medium / CVSS Base Score : 6.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 5.9
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Atmail Webmail < 6.5.0 'DOM processor' Cross-Site Scripting


Synopsis:

The remote web server contains an application that is affected by a
cross-site scripting vulnerability.

Description:

According to its version, the Atmail Webmail install on the remote
host is a version prior to 6.5.0. It is, therefore, potentially
affected by an input-validation error related to the 'DOM processor'
and 'script' tags that could allow cross-site scripting attacks.

See also :

http://atmail.com/changelog/

Solution :

Upgrade to Atmail Webmail 6.5.0 or later.

Risk factor :

Medium / CVSS Base Score : 4.3
(CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N)

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Atmail Webmail < 6.3.5 Multiple Cross-Site Scripting Vulnerabilities


Synopsis:

The remote web server contains an application that is affected by
multiple cross-site scripting vulnerabilities.

Description:

According to its version, the Atmail Webmail install on the remote
host is a version prior to 6.3.5. It is, therefore, potentially
affected by the following vulnerabilities :

- An input-validation error exists related to log search
functionality and the 'range' and 'index' parameters.
(OSVDB 78239)

- An input-validation error exists in the script
'index.php/admin/users/create' related to the
'UserFirstName' and 'UserLastName' parameters.
(OSVDB 78240)

- An input-validation error exists in the script
'index.php/admin/users/update' related to the
'UserFirstName' and 'UserLastName' parameters.
(OSVDB 78241)

See also :

http://atmail.com/changelog/#16
http://securitytracker.com/id?1026486

Solution :

Upgrade to Atmail Webmail 6.3.5 or later.

Risk factor :

Medium / CVSS Base Score : 4.3
(CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N)

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Atmail Webmail < 5.4.2 (5.42) Multiple Information Disclosure Vulnerabilities


Synopsis:

The remote web server contains an application that is affected by
multiple information disclosure vulnerabilities.

Description:

According to its version, the Atmail Webmail install on the remote
host is a version prior to 5.4.2 (5.42). It is, therefore, potentially
affected by the following vulnerabilities :

- A weak permissions error exists related to the files
'webmail/libs/Atmail/Config.php' and
'webmail/webadmin/.htpasswd' that could allow
disclosure of sensitive information. (CVE-2008-3395)

- An authentication bypass error exists related to the
script 'build-plesk-upgrade.php' that could allow
disclosure of sensitive information. (CVE-2008-3579)

See also :

http://freecode.com/projects/atmail/releases/282536
http://archives.neohapsis.com/archives/vuln-dev/2008-q3/0002.html

Solution :

Upgrade to Atmail Webmail 5.4.2 (5.42) or later.

Risk factor :

High / CVSS Base Score : 7.8
(CVSS2#AV:N/AC:L/Au:N/C:C/I:N/A:N)
CVSS Temporal Score : 7.0
(CVSS2#E:F/RL:W/RC:ND)
Public Exploit Available : true

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Atmail Webmail 4.5.1 (4.51) / 5.x < 5.0.3 (5.03) util.pl Cross-Site Request Forgery


Synopsis:

The remote web server contains an application that is affected by a
cross-site request forgery vulnerability.

Description:

According to its version, the Atmail Webmail install on the remote
host is 4.5.1 (4.51) or 5.x prior to 5.0.3 (5.03). It is, therefore,
potentially affected by an input-validate error in the file 'util.pl'
that could allow cross-site request forgery (XSRF) attacks.

See also :

http://archives.neohapsis.com/archives/bugtraq/2007-01/0587.html

Solution :

Upgrade to Atmail Webmail 5.0.3 (5.03) or later.

Risk factor :

Medium / CVSS Base Score : 6.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Atmail Webmail 4.x < 4.6.1 (4.61) 'Global.pm' Cross-site Scripting


Synopsis:

The remote web server contains an application that is affected by a
cross-site scripting vulnerability.

Description:

According to its version, the Atmail Webmail install on the remote
host is 4.x prior to 4.6.1 (4.61). It is, therefore, potentially
affected by an input-validate error in the file 'Global.pm' that could
allow cross-site scripting (XSS) attacks.

See also :

http://freecode.com/projects/atmail/releases/244195
http://www.netragard.com/research/ATMAIL-XSS-NETRAGARD-20061206.txt

Solution :

Upgrade to Atmail Webmail 4.6.1 (4.61) or later.

Risk factor :

Medium / CVSS Base Score : 4.3
(CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N)

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Atmail Webmail 3.x < 3.6.4 (3.64) Multiple Vulnerabilities


Synopsis:

The remote web server contains an application that is affected by
multiple vulnerabilities.

Description:

According to its version, the Atmail Webmail install on the remote
host is 3.x prior to 3.6.4 (3.64). It is, therefore, potentially
affected by the following vulnerabilities :

- An input-validation error exists related to the script
'showmail.pl' and the 'Folder' parameter that could
allow unauthorized access to user mailboxes, or possibly
SQL injection attacks and cross-site scripting attacks.

- Input-validation errors exist in the scripts
'atmail.pl', 'search.pl', and 'reademail.pl' that could
allow SQL injection attacks.

- An error exists related to the handling of session
cookies that could allow authorized access to user
mailboxes.

See also :

http://www.s-quadra.com/advisories/Adv-20031209.txt

Solution :

Upgrade to Atmail Webmail 3.6.4 (3.64) or later.

Risk factor :

Medium / CVSS Base Score : 6.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Oracle Access Manager Unspecified WebGate Webserver Plugin Vulnerability


Synopsis:

The remote host is affected by an unspecified vulnerability.

Description:

The WebGate Webserver Plugin component in the remote Oracle Access
Manager install is affected by an unspecified vulnerability that
allows authenticated attackers to affect availability.

See also :

http://www.nessus.org/u?ef1fc2a6

Solution :

Apply the appropriate patches per the vendor's advisory.

Risk factor :

Medium / CVSS Base Score : 4.0
(CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P)

This script is Copyright (C) 2014 Tenable Network Security, Inc.

WinSCP Heartbeat Information Disclosure (Heartbleed)


Synopsis:

The remote Windows host has an application that may be affected by
multiple vulnerabilities.

Description:

The WinSCP program installed on the remote host is version 4.x later
than 4.3.7, 5.x later than 5.0.6 and prior to 5.5.3, and thus is
potentially affected by the following vulnerabilities :

- An out-of-bounds read error, known as the 'Heartbleed
Bug', exists related to handling TLS heartbeat
extensions that could allow an attacker to obtain
sensitive information such as primary key material,
secondary key material, and other protected content.
(CVE-2014-0160)

- An error exists related to X.509 certificates, FTP
with TLS, and host validation that could allow an
attacker to spoof a server and obtain sensitive
information. (CVE-2014-2735)

See also :

http://seclists.org/bugtraq/2014/Apr/90
http://winscp.net/tracker/show_bug.cgi?id=1151
http://winscp.net/tracker/show_bug.cgi?id=1152
http://heartbleed.com/
http://eprint.iacr.org/2014/140
http://winscp.net/eng/docs/history#5.5.3

Solution :

Upgrade to WinSCP version 5.5.3 or later.

Risk factor :

High / CVSS Base Score : 9.4
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:N)
CVSS Temporal Score : 8.2
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Oracle JRockit R27 < R27.8.2 / R28 < R28.3.2 Multiple Vulnerabilities (April 2014 CPU)


Synopsis:

The remote Windows host contains a programming platform that is
potentially affected by multiple vulnerabilities.

Description:

The remote host has a version of Oracle JRockit that is reportedly
affected by vulnerabilities in the following components :

- 2D
- AWT
- Javadoc
- JNDI
- Libraries
- Security

See also :

http://www.nessus.org/u?ef1fc2a6

Solution :

Upgrade to version R27.8.2 / R28.3.2

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 8.7
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

This script is Copyright (C) 2014 Tenable Network Security, Inc.

CommonSpot < 7.0.2 / 8.0.3 / 9.0.0 Multiple Vulnerabilities


Synopsis:

The remote web server contains a ColdFusion-based application that is
affected by multiple vulnerabilities.

Description:

According to its version number, the CommonSpot install hosted on the
remote web server is affected by multiple vulnerabilities :

- An access restriction bypass via a direct request.
(CVE-2014-2859)

- Multiple cross-site scripting (XSS) vulnerabilities.
(CVE-2014-2860, CVE-2014-2861)

- Improper authorization checks in unspecified requests
can allow a remote, unauthenticated attacker to perform
unauthorized actions. (CVE-2014-2862)

- Multiple path traversal vulnerabilities allow remote,
unauthenticated attackers to request full pathnames in
parameters. (CVE-2014-2863)

- Multiple directory traversal vulnerabilities.
(CVE-2014-2864)

- The application fails to restrict the use of a NULL
byte, which can be used to bypass access restrictions.
(CVE-2014-2865)

- The application uses client JavaScript code for access
restrictions, which can be bypassed with attacker-
controlled JavaScript. (CVE-2014-2866)

- Unrestricted file uploads could allow for dangerous
file types to be added to the server. (CVE-2014-2867)

- Multiple pages allow a remote attacker to override
ColdFusion variables via HTTP GET requests.
(CVE-2014-2868)

- Multiple pages allow for information disclosure.
(CVE-2014-2869)

- The application stores credentials in cleartext in the
underlying application database by default.
(CVE-2014-2870)

- The application transmits credentials in cleartext via
HTTP. (CVE-2014-2871)

- Multiple directory listings allow for potential access
to sensitive information. (CVE-2014-2872)

- The application allows unauthenticated access to log
files allowing for information disclosure.
(CVE-2014-2873)

- The application allows remote, unauthenticated attackers
to execute arbitrary commands with arbitrary parameters.
(CVE-2014-2874)

Note that Nessus has not tested for these issues, but instead has
relied only on the application's self-reported version number.

See also :

http://www.zerodaylab.com/vulnerabilities/CVE-2014/CVE-2014-2859.html
http://www.zerodaylab.com/vulnerabilities/CVE-2014/CVE-2014-2860.html
http://www.zerodaylab.com/vulnerabilities/CVE-2014/CVE-2014-2861.html
http://www.zerodaylab.com/vulnerabilities/CVE-2014/CVE-2014-2862.html
http://www.zerodaylab.com/vulnerabilities/CVE-2014/CVE-2014-2863.html
http://www.zerodaylab.com/vulnerabilities/CVE-2014/CVE-2014-2864.html
http://www.zerodaylab.com/vulnerabilities/CVE-2014/CVE-2014-2865.html
http://www.zerodaylab.com/vulnerabilities/CVE-2014/CVE-2014-2866.html
http://www.zerodaylab.com/vulnerabilities/CVE-2014/CVE-2014-2867.html
http://www.zerodaylab.com/vulnerabilities/CVE-2014/CVE-2014-2868.html
http://www.zerodaylab.com/vulnerabilities/CVE-2014/CVE-2014-2869.html
http://www.zerodaylab.com/vulnerabilities/CVE-2014/CVE-2014-2870.html
http://www.zerodaylab.com/vulnerabilities/CVE-2014/CVE-2014-2871.html
http://www.zerodaylab.com/vulnerabilities/CVE-2014/CVE-2014-2872.html
http://www.zerodaylab.com/vulnerabilities/CVE-2014/CVE-2014-2873.html
http://www.zerodaylab.com/vulnerabilities/CVE-2014/CVE-2014-2874.html
http://www.paperthin.com/support/tech-specs.cfm

Solution :

Upgrade to CommonSpot version 7.0.2 / 8.0.3 / 9.0.0 or later.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 10.0
(CVSS2#E:ND/RL:U/RC:C)
Public Exploit Available : true

This script is Copyright (C) 2014 Tenable Network Security, Inc.

CommonSpot Detection


Synopsis:

A content management application was detected on the remote host.

Description:

CommonSpot, a ColdFusion-based web content management system from
PaperThin, was detected on the remote host.

See also :

http://www.paperthin.com/

Solution :

n/a

Risk factor :

None

This script is Copyright (C) 2014 Tenable Network Security, Inc.

SuSE 11.3 Security Update : jakarta-commons-fileupload (SAT Patch Number 9087)


Synopsis:

The remote SuSE 11 host is missing one or more security updates.

Description:

This update fixes a security issue with jakarta-commons-fileupload :

- denial of service due to too-small buffer size used
(CVE-2014-0050). (bnc#862781)

See also :

https://bugzilla.novell.com/show_bug.cgi?id=862781
http://support.novell.com/security/cve/CVE-2014-0050.html

Solution :

Apply SAT patch number 9087.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
Public Exploit Available : true

This script is Copyright (C) 2014 Tenable Network Security, Inc.

RHEL 5 / 6 : java-1.7.0-oracle (RHSA-2014:0412)


Synopsis:

The remote Red Hat host is missing one or more security updates.

Description:

Updated java-1.7.0-oracle packages that fix several security issues
are now available for Red Hat Enterprise Linux 5 and 6 Supplementary.

The Red Hat Security Response Team has rated this update as having
Critical security impact. Common Vulnerability Scoring System (CVSS)
base scores, which give detailed severity ratings, are available for
each vulnerability from the CVE links in the References section.

Oracle Java SE version 7 includes the Oracle Java Runtime Environment
and the Oracle Java Software Development Kit.

This update fixes several vulnerabilities in the Oracle Java Runtime
Environment and the Oracle Java Software Development Kit. Further
information about these flaws can be found on the Oracle Java SE
Critical Patch Update Advisory page, listed in the References section.
(CVE-2013-6629, CVE-2013-6954, CVE-2014-0429, CVE-2014-0432,
CVE-2014-0446, CVE-2014-0448, CVE-2014-0449, CVE-2014-0451,
CVE-2014-0452, CVE-2014-0453, CVE-2014-0454, CVE-2014-0455,
CVE-2014-0456, CVE-2014-0457, CVE-2014-0458, CVE-2014-0459,
CVE-2014-0460, CVE-2014-0461, CVE-2014-1876, CVE-2014-2397,
CVE-2014-2398, CVE-2014-2401, CVE-2014-2402, CVE-2014-2403,
CVE-2014-2409, CVE-2014-2412, CVE-2014-2413, CVE-2014-2414,
CVE-2014-2420, CVE-2014-2421, CVE-2014-2422, CVE-2014-2423,
CVE-2014-2427, CVE-2014-2428)

All users of java-1.7.0-oracle are advised to upgrade to these updated
packages, which provide Oracle Java 7 Update 55 and resolve these
issues. All running instances of Oracle Java must be restarted for the
update to take effect.

See also :

https://www.redhat.com/security/data/cve/CVE-2013-6629.html
https://www.redhat.com/security/data/cve/CVE-2013-6954.html
https://www.redhat.com/security/data/cve/CVE-2014-0429.html
https://www.redhat.com/security/data/cve/CVE-2014-0432.html
https://www.redhat.com/security/data/cve/CVE-2014-0446.html
https://www.redhat.com/security/data/cve/CVE-2014-0448.html
https://www.redhat.com/security/data/cve/CVE-2014-0449.html
https://www.redhat.com/security/data/cve/CVE-2014-0451.html
https://www.redhat.com/security/data/cve/CVE-2014-0452.html
https://www.redhat.com/security/data/cve/CVE-2014-0453.html
https://www.redhat.com/security/data/cve/CVE-2014-0454.html
https://www.redhat.com/security/data/cve/CVE-2014-0455.html
https://www.redhat.com/security/data/cve/CVE-2014-0456.html
https://www.redhat.com/security/data/cve/CVE-2014-0457.html
https://www.redhat.com/security/data/cve/CVE-2014-0458.html
https://www.redhat.com/security/data/cve/CVE-2014-0459.html
https://www.redhat.com/security/data/cve/CVE-2014-0460.html
https://www.redhat.com/security/data/cve/CVE-2014-0461.html
https://www.redhat.com/security/data/cve/CVE-2014-1876.html
https://www.redhat.com/security/data/cve/CVE-2014-2397.html
https://www.redhat.com/security/data/cve/CVE-2014-2398.html
https://www.redhat.com/security/data/cve/CVE-2014-2401.html
https://www.redhat.com/security/data/cve/CVE-2014-2402.html
https://www.redhat.com/security/data/cve/CVE-2014-2403.html
https://www.redhat.com/security/data/cve/CVE-2014-2409.html
https://www.redhat.com/security/data/cve/CVE-2014-2412.html
https://www.redhat.com/security/data/cve/CVE-2014-2413.html
https://www.redhat.com/security/data/cve/CVE-2014-2414.html
https://www.redhat.com/security/data/cve/CVE-2014-2420.html
https://www.redhat.com/security/data/cve/CVE-2014-2421.html
https://www.redhat.com/security/data/cve/CVE-2014-2422.html
https://www.redhat.com/security/data/cve/CVE-2014-2423.html
https://www.redhat.com/security/data/cve/CVE-2014-2427.html
https://www.redhat.com/security/data/cve/CVE-2014-2428.html
http://www.nessus.org/u?ef1fc2a6
http://rhn.redhat.com/errata/RHSA-2014-0412.html

Solution :

Update the affected packages.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2014-3019)


Synopsis:

The remote Oracle Linux host is missing one or more security updates.

Description:

Description of changes:

[2.6.39-400.214.5.el5uek]
- net: ipv4: current group_info should be put after using. (Wang,
Xiaoming) [Orabug: 18603524] {CVE-2014-2851}

See also :

https://oss.oracle.com/pipermail/el-errata/2014-April/004077.html
https://oss.oracle.com/pipermail/el-errata/2014-April/004076.html

Solution :

Update the affected unbreakable enterprise kernel packages.

Risk factor :

Medium / CVSS Base Score : 6.9
(CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 6.0
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Oracle Linux 6 : Unbreakable Enterprise kernel (ELSA-2014-3018)


Synopsis:

The remote Oracle Linux host is missing one or more security updates.

Description:

Description of changes:

[3.8.13-26.2.3.el6uek]
- net: ipv4: current group_info should be put after using. (Wang,
Xiaoming) [Orabug: 18603523] {CVE-2014-2851}

See also :

https://oss.oracle.com/pipermail/el-errata/2014-April/004075.html

Solution :

Update the affected unbreakable enterprise kernel packages.

Risk factor :

Medium / CVSS Base Score : 6.9
(CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 6.0
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Oracle Linux 5 : java-1.7.0-openjdk (ELSA-2014-0407)


Synopsis:

The remote Oracle Linux host is missing one or more security updates.

Description:

From Red Hat Security Advisory 2014:0407 :

Updated java-1.7.0-openjdk packages that fix various security issues
are now available for Red Hat Enterprise Linux 5.

The Red Hat Security Response Team has rated this update as having
Important security impact. Common Vulnerability Scoring System (CVSS)
base scores, which give detailed severity ratings, are available for
each vulnerability from the CVE links in the References section.

The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime
Environment and the OpenJDK 7 Java Software Development Kit.

An input validation flaw was discovered in the medialib library in the
2D component. A specially crafted image could trigger Java Virtual
Machine memory corruption when processed. A remote attacker, or an
untrusted Java application or applet, could possibly use this flaw to
execute arbitrary code with the privileges of the user running the
Java Virtual Machine. (CVE-2014-0429)

Multiple flaws were discovered in the Hotspot and 2D components in
OpenJDK. An untrusted Java application or applet could use these flaws
to trigger Java Virtual Machine memory corruption and possibly bypass
Java sandbox restrictions. (CVE-2014-0456, CVE-2014-2397,
CVE-2014-2421)

Multiple improper permission check issues were discovered in the
Libraries component in OpenJDK. An untrusted Java application or
applet could use these flaws to bypass Java sandbox restrictions.
(CVE-2014-0457, CVE-2014-0455, CVE-2014-0461)

Multiple improper permission check issues were discovered in the AWT,
JAX-WS, JAXB, Libraries, Security, Sound, and 2D components in
OpenJDK. An untrusted Java application or applet could use these flaws
to bypass certain Java sandbox restrictions. (CVE-2014-2412,
CVE-2014-0451, CVE-2014-0458, CVE-2014-2423, CVE-2014-0452,
CVE-2014-2414, CVE-2014-2402, CVE-2014-0446, CVE-2014-2413,
CVE-2014-0454, CVE-2014-2427, CVE-2014-0459)

Multiple flaws were identified in the Java Naming and Directory
Interface (JNDI) DNS client. These flaws could make it easier for a
remote attacker to perform DNS spoofing attacks. (CVE-2014-0460)

It was discovered that the JAXP component did not properly prevent
access to arbitrary files when a SecurityManager was present. This
flaw could cause a Java application using JAXP to leak sensitive
information, or affect application availability. (CVE-2014-2403)

It was discovered that the Security component in OpenJDK could leak
some timing information when performing PKCS#1 unpadding. This could
possibly lead to the disclosure of some information that was meant to
be protected by encryption. (CVE-2014-0453)

It was discovered that the fix for CVE-2013-5797 did not properly
resolve input sanitization flaws in javadoc. When javadoc
documentation was generated from an untrusted Java source code and
hosted on a domain not controlled by the code author, these issues
could make it easier to perform cross-site scripting (XSS) attacks.
(CVE-2014-2398)

An insecure temporary file use flaw was found in the way the unpack200
utility created log files. A local attacker could possibly use this
flaw to perform a symbolic link attack and overwrite arbitrary files
with the privileges of the user running unpack200. (CVE-2014-1876)

All users of java-1.7.0-openjdk are advised to upgrade to these
updated packages, which resolve these issues. All running instances of
OpenJDK Java must be restarted for the update to take effect.

See also :

https://oss.oracle.com/pipermail/el-errata/2014-April/004074.html

Solution :

Update the affected java-1.7.0-openjdk packages.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Mandriva Linux Security Advisory : json-c (MDVSA-2014:079)


Synopsis:

The remote Mandriva Linux host is missing one or more security
updates.

Description:

Updated json-c packages fix security vulnerabilities :

Florian Weimer reported that the printbuf APIs used in the json-c
library used ints for counting buffer lengths, which is inappropriate
for 32bit architectures. These functions need to be changed to using
size_t if possible for sizes, or to be hardened against negative
values if not. This could be used to cause a denial of service in an
application linked to the json-c library (CVE-2013-6370).

Florian Weimer reported that the hash function in the json-c library
was weak, and that parsing smallish JSON strings showed quadratic
timing behaviour. This could cause an application linked to the json-c
library, and that processes some specially-crafted JSON data, to use
excessive amounts of CPU (CVE-2013-6371).

See also :

http://advisories.mageia.org/MGASA-2014-0175.html

Solution :

Update the affected lib64json-devel and / or lib64json2 packages.

Risk factor :

High

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Fedora 20 : json-c-0.11-6.fc20 (2014-5006)


Synopsis:

The remote Fedora host is missing a security update.

Description:

Address CVE-2013-6370 and CVE-2013-6371.

See also :

https://bugzilla.redhat.com/show_bug.cgi?id=1032311
https://bugzilla.redhat.com/show_bug.cgi?id=1032322
http://www.nessus.org/u?38d401b2

Solution :

Update the affected json-c package.

Risk factor :

High

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Fedora 19 : cacti-0.8.8b-5.fc19 (2014-4928)


Synopsis:

The remote Fedora host is missing a security update.

Description:

Patches for four CVEs. This update fixes SQL injection, shell escaping
issues, a stored XSS attack, and use of exec-like function calls
without safety checks allowing arbitrary command execution.

See also :

https://bugzilla.redhat.com/show_bug.cgi?id=1082122
https://bugzilla.redhat.com/show_bug.cgi?id=1084258
http://www.nessus.org/u?1696b2e6

Solution :

Update the affected cacti package.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 6.5
(CVSS2#E:ND/RL:OF/RC:ND)
Public Exploit Available : true

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Fedora 20 : openstack-keystone-2013.2.3-2.fc20 (2014-4903)


Synopsis:

The remote Fedora host is missing a security update.

Description:

updated to stable havana 2013.2.3 release

See also :

https://bugzilla.redhat.com/show_bug.cgi?id=1071434
http://www.nessus.org/u?94994376

Solution :

Update the affected openstack-keystone package.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)
CVSS Temporal Score : 4.3
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Fedora 20 : cacti-0.8.8b-5.fc20 (2014-4892)


Synopsis:

The remote Fedora host is missing a security update.

Description:

Patches for four CVEs. This update fixes SQL injection, shell escaping
issues, a stored XSS attack, and use of exec-like function calls
without safety checks allowing arbitrary command execution.

See also :

https://bugzilla.redhat.com/show_bug.cgi?id=1082122
https://bugzilla.redhat.com/show_bug.cgi?id=1084258
http://www.nessus.org/u?6d455ef4

Solution :

Update the affected cacti package.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 6.5
(CVSS2#E:ND/RL:OF/RC:ND)
Public Exploit Available : true

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Debian DSA-2908-1 : openssl - security update


Synopsis:

The remote Debian host is missing a security-related update.

Description:

Multiple vulnerabilities have been discovered in OpenSSL. The
following Common Vulnerabilities and Exposures project ids identify
them :

- CVE-2010-5298
A read buffer can be freed even when it still contains
data that is used later on, leading to a use-after-free.
Given a race condition in a multi-threaded application
it may permit an attacker to inject data from one
connection into another or cause denial of service.

- CVE-2014-0076
ECDSA nonces can be recovered through the Yarom/Benger
FLUSH+RELOAD cache side-channel attack.

A third issue, with no CVE id, is the missing detection of
the'critical' flag for the TSA extended key usage under certain cases.

Additionally, this update checks for more services that might need to
be restarted after upgrades of libssl, corrects the detection of
apache2 and postgresql, and adds support for the
'libraries/restart-without-asking' debconf configuration. This allows
services to be restarted on upgrade without prompting.

The oldstable distribution (squeeze) is not affected by CVE-2010-5298
and it might be updated at a later time to address the remaining
vulnerabilities.

See also :

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=742923
https://security-tracker.debian.org/tracker/CVE-2010-5298
https://security-tracker.debian.org/tracker/CVE-2014-0076
https://security-tracker.debian.org/tracker/CVE-2010-5298
http://www.debian.org/security/2014/dsa-2908

Solution :

Upgrade the openssl packages.

For the stable distribution (wheezy), these problems have been fixed
in version 1.0.1e-2+deb7u7.

Risk factor :

Medium / CVSS Base Score : 4.3
(CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N)
CVSS Temporal Score : 3.7
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Unsupported Brocade Fabric OS


Synopsis:

The remote host is running an obsolete operating system.

Description:

According to its version, the remote Fabric OS install is obsolete and
is no longer maintained by Brocade.

Lack of support implies that no new security patches will be released
for it.

See also :

http://www.nessus.org/u?7aac565c

Solution :

Upgrade to a supported version of Fabric OS.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Oracle WebCenter Portal People Connection Subcomponent Unspecified Information Disclosure (April 2014 CPU)


Synopsis:

The remote host is affected by an information disclosure
vulnerability.

Description:

The remote host has a version of Oracle WebCenter Portal that is
affected by a remote security vulnerability that could allow an
attacker the ability to gain access to sensitive information.

See also :

http://www.nessus.org/u?ef1fc2a6

Solution :

Apply Oracle's April 2014 CPU update.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)
CVSS Temporal Score : 4.3
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Oracle Secure Global Desktop Multiple Vulnerabilities (April 2014 CPU)


Synopsis:

The remote host has a version of Oracle Secure Global Desktop that is
affected by multiple vulnerabilities.

Description:

The remote host has a version of Oracle Secure Global Desktop that is
version 4.63, 4.71, 5.0 or 5.1. It is, therefore, affected by the
following vulnerabilities :

- A buffer overflow flaw exists in the 'bdfReadCharacters'
function within 'bitmap/bdfread.c' of the included X.Org
libXfont. This could allow a remote attacker to cause a
denial of service attack or possibly execute arbitrary
code. (CVE-2013-6462)

- A flaw exists with the Workspace Web Application. This
could allow a remote attacker to impact the integrity of
the application. Note this only affects versions
5.0 and 5.1 of Oracle Secure Global Desktop.
(CVE-2014-2439)

- A flaw exists with the Workspace Web Application. This
could allow a remote attacker to impact the
confidentiality and integrity of the application.
(CVE-2014-2463)

Note that Nessus has not tested for these issues, but has instead
relied only on the application's self-reported patch information.

See also :

http://www.nessus.org/u?23999f63

Solution :

Apply the April 2014 CPU.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 8.1
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

This script is Copyright (C) 2014 Tenable Network Security, Inc.

VMware vSphere Client Multiple Vulnerabilities (VMSA-2014-0003)


Synopsis:

The remote host has a virtualization client application installed that
is potentially affected by multiple vulnerabilities.

Description:

The version of vSphere Client installed on the remote Windows host is
potentially affected by the following vulnerabilities :

- An error exists related to the vSphere Client that
could allow an updated vSphere Client to be downloaded
from an untrusted source. (CVE-2014-1209)

- An error exists related to the vSphere Client and
server certificate validation that could allow an
attacker to spoof a vCenter server. Note that this
issue only affects vSphere Client version 5.0 and 5.1.
(CVE-2014-1210)

See also :

http://www.vmware.com/security/advisories/VMSA-2014-0003.html

Solution :

Upgrade to vSphere Client 5.0 Update 3 / 5.1 Update 2 or later.

In the case of vSphere Client 4.x, refer to the vendor's advisory.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 8.1
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Solaris 9 (x86) : 149074-01


Synopsis:

The remote host is missing Sun Security Patch number 149074-01

Description:

SunOS 5.9_x86: psutils patch.
Date this patch was last updated by Sun : Mar/10/14

See also :

https://getupdates.oracle.com/readme/149074-01

Solution :

You should install this patch for your system to be up-to-date.

Risk factor :

Medium / CVSS Base Score : 4.6
(CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P)

This script is Copyright (C) 2014 Tenable Network Security, Inc.