Newest Plugins

Apple QuickTime < 7.7.8 Multiple Arbitrary Code Vulnerabilities (Windows)


Synopsis:

The remote Windows host contains an application that is affected by
multiple arbitrary code execution vulnerabilities.

Description:

The version of Apple QuickTime installed on the remote Windows host is
prior to 7.7.8. It is, therefore, affected by multiple arbitrary code
execution vulnerabilities :

- A memory corruption issue exists due to improper
validation of user-supplied input when handling URL atom
sizes. A remote attacker can exploit this issue by
convincing a user to open a specially crafted file,
resulting in the execution of arbitrary code in the
context of the current user. (CVE-2015-3788)

- A memory corruption issue exists due to improper
validation of user-supplied input when handling 3GPP
STSD sample description entry sizes. A remote attacker
can exploit this issue by convincing a user to open a
specially crafted file, resulting in the execution of
arbitrary code in the context of the current user.
(CVE-2015-3789)

- A memory corruption issue exists due to improper
validation of user-supplied input when handling MVHD
atom sizes. A remote attacker can exploit this issue by
convincing a user to open a specially crafted file,
resulting in the execution of arbitrary code in the
context of the current user. (CVE-2015-3790)

- A memory corruption issue exists due to improper
validation of user-supplied input when handling
mismatching ESDS atom descriptor type lengths. A remote
attacker can exploit this issue by convincing a user to
open a specially crafted file, resulting in the
execution of arbitrary code in the context of the
current user. (CVE-2015-3791)

- A memory corruption issue exists due to improper
validation of user-supplied input when handling
MDAT sections. A remote attacker can exploit this issue
by convincing a user to open a specially crafted file,
resulting in the execution of arbitrary code in the
context of the current user. (CVE-2015-3792)

- An unspecified memory corruption issue exists due to
improper validation of user-supplied input. A remote
attacker can exploit this issue by convincing a user to
open a specially crafted file, resulting in the
execution of arbitrary code in the context of the
current user. (CVE-2015-5751)

- An unspecified memory corruption issue exists due to
improper validation of user-supplied input. A remote
attacker can exploit this issue by convincing a user to
open a specially crafted file, resulting in the
execution of arbitrary code in the context of the
current user. (CVE-2015-5779)

- An unspecified memory corruption issue exists due to
improper validation of user-supplied input. A remote
attacker can exploit this issue by convincing a user to
open a specially crafted file, resulting in the
execution of arbitrary code in the context of the
current user. (CVE-2015-5785)

- An unspecified memory corruption issue exists due to
improper validation of user-supplied input. A remote
attacker can exploit this issue by convincing a user to
open a specially crafted file, resulting in the
execution of arbitrary code in the context of the
current user. (CVE-2015-5786)

See also :

https://support.apple.com/en-us/HT205046

Solution :

Upgrade to Apple QuickTime 7.7.8 or later.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)

This script is Copyright (C) 2015 Tenable Network Security, Inc.

Citrix XenServer QEMU RTL8139 Guest Network Device Information Disclosure (CTX201717)


Synopsis:

The remote host is affected by an information disclosure
vulnerability.

Description:

The version of Citrix XenServer running on the remote host is affected
by an information disclosure vulnerability due to improper validation
of user-supplied input in the C+ mode offload emulation of the RTL8139
network card device model in QEMU. A remote attacker can exploit this
to read process heap memory, resulting in the disclosure of sensitive
information.

See also :

http://support.citrix.com/article/CTX201717

Solution :

Apply the relevant hotfix referenced in the vendor advisory.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)

This script is Copyright (C) 2015 Tenable Network Security, Inc.

Ubuntu 12.04 LTS / 14.04 / 15.04 : gdk-pixbuf vulnerability (USN-2722-1)


Synopsis:

The remote Ubuntu host is missing a security-related patch.

Description:

Gustavo Grieco discovered that GDK-PixBuf incorrectly handled scaling
bitmap images. If a user or automated system were tricked into opening
a BMP image file, a remote attacker could use this flaw to cause
GDK-PixBuf to crash, resulting in a denial of service, or possibly
execute arbitrary code.

Solution :

Update the affected libgdk-pixbuf2.0-0 package.

Risk factor :

Medium / CVSS Base Score : 6.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)

This script is Copyright (C) 2015 Tenable Network Security, Inc.

Fedora 21 : mariadb-10.0.21-1.fc21 (2015-13482)


Synopsis:

The remote Fedora host is missing a security update.

Description:

Update to 10.0.21

See also :

http://www.nessus.org/u?8af5dd24

Solution :

Update the affected mariadb package.

Risk factor :

High

This script is Copyright (C) 2015 Tenable Network Security, Inc.

F5 Networks BIG-IP : Java vulnerability (SOL17170)


Synopsis:

The remote device is missing a vendor-supplied security patch.

Description:

Unspecified vulnerability in Oracle Java SE 7u80 and 8u45 allows
remote attackers to affect confidentiality, integrity, and
availability via unknown vectors related to Deployment.

See also :

http://www.nessus.org/u?a2bd4bb5

Solution :

Upgrade to one of the non-vulnerable versions listed in the F5
Solution SOL17170.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 8.1
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

This script is Copyright (C) 2015 Tenable Network Security, Inc.

Debian DSA-3343-1 : twig - security update


Synopsis:

The remote Debian host is missing a security-related update.

Description:

James Kettle, Alain Tiemblo, Christophe Coevoet and Fabien Potencier
discovered that twig, a templating engine for PHP, did not correctly
process its input. End users allowed to submit twig templates could
use specially crafted code to trigger remote code execution, even in
sandboxed templates.

See also :

https://packages.debian.org/source/jessie/twig
http://www.debian.org/security/2015/dsa-3343

Solution :

Upgrade the twig packages.

For the stable distribution (jessie), this problem has been fixed in
version 1.16.2-1+deb8u1.

Risk factor :

High

This script is Copyright (C) 2015 Tenable Network Security, Inc.

Debian DLA-301-1 : python-django security update


Synopsis:

The remote Debian host is missing a security update.

Description:

denial of service possibility in logout() view by filling session
store

Previously, a session could be created when anonymously accessing the
django.contrib.auth.views.logout view (provided it wasn't decorated
with django.contrib.auth.decorators.login_required as done in the
admin). This could allow an attacker to easily create many new session
records by sending repeated requests, potentially filling up the
session store or causing other users' session records to be evicted.

The django.contrib.sessions.middleware.SessionMiddleware has been
modified to no longer create empty session records.

This portion of the fix has been assigned CVE-2015-5963.

Additionally, the contrib.sessions.backends.base.SessionBase.flush()
and cache_db.SessionStore.flush() methods have been modified to avoid
creating a new empty session. Maintainers of third-party session
backends should check if the same vulnerability is present in their
backend and correct it if so.

This portion of the fix has been assigned CVE-2015-5964.

We recommend that you upgrade your python-django packages.

NOTE: Tenable Network Security has extracted the preceding description
block directly from the DLA security advisory. Tenable has attempted
to automatically clean and format it as much as possible without
introducing additional issues.

See also :

https://lists.debian.org/debian-lts-announce/2015/08/msg00016.html
https://packages.debian.org/source/squeeze-lts/python-django

Solution :

Upgrade the affected python-django, and python-django-doc packages.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVSS Temporal Score : 4.8
(CVSS2#E:F/RL:ND/RC:ND)
Public Exploit Available : true

This script is Copyright (C) 2015 Tenable Network Security, Inc.

Debian DLA-300-1 : ruby1.9.1 security update


Synopsis:

The remote Debian host is missing a security update.

Description:

'sheepman' fixed a vulnerability in Ruby 1.9.1: DL::dlopen could open
a library with tainted name even if $SAFE > 0.

For Debian 6 'Squeeze', this issue has been fixed in
ruby1.9.1 1.9.2.0-2+deb6u7

NOTE: Tenable Network Security has extracted the preceding description
block directly from the DLA security advisory. Tenable has attempted
to automatically clean and format it as much as possible without
introducing additional issues.

See also :

https://lists.debian.org/debian-lts-announce/2015/08/msg00014.html
https://packages.debian.org/source/squeeze-lts/ruby1.9.1

Solution :

Upgrade the affected packages.

Risk factor :

Low / CVSS Base Score : 3.7
(CVSS2#AV:L/AC:H/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 2.7
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

This script is Copyright (C) 2015 Tenable Network Security, Inc.

Debian DLA-299-1 : ruby1.8 security update


Synopsis:

The remote Debian host is missing a security update.

Description:

'sheepman' fixed a vulnerability in Ruby 1.8: DL::dlopen could open a
library with tainted name even if $SAFE > 0.

For Debian 6 'Squeeze', this issue has been fixed in
ruby1.8 1.8.7.302-2squeeze5.

NOTE: Tenable Network Security has extracted the preceding description
block directly from the DLA security advisory. Tenable has attempted
to automatically clean and format it as much as possible without
introducing additional issues.

See also :

https://lists.debian.org/debian-lts-announce/2015/08/msg00013.html
https://packages.debian.org/source/squeeze-lts/ruby1.8

Solution :

Upgrade the affected packages.

Risk factor :

Low / CVSS Base Score : 3.7
(CVSS2#AV:L/AC:H/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 2.7
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

This script is Copyright (C) 2015 Tenable Network Security, Inc.

Drupal 7.x < 7.39 Multiple Vulnerabilities


Synopsis:

The remote web server is running a PHP application that is affected by
multiple vulnerabilities.

Description:

The remote web server is running a version of Drupal that is 7.x prior
to 7.39. It is, therefore, potentially affected by the following
vulnerabilities :

- A cross-site scripting vulnerability exists in the
autocomplete functionality due to improper validation of
input passed via requested URLs. An authenticated,
remote attacker can exploit this, via a specially
crafted request, to execute arbitrary script code.
(CVE-2015-6658)

- A SQL injection vulnerability exists in the SQL comment
filtering system due to improper sanitization of
user-supplied input before using it in SQL queries. An
authenticated, remote attacker can exploit this to
inject SQL queries, resulting in the manipulation or
disclosure of arbitrary data. (CVE-2015-6659)

- A cross-site request forgery vulnerability exists in the
form API due to improper validation of form tokens. An
authenticated, remote attacker can exploit this, via a
specially crafted link, to upload arbitrary files under
another user's account. (CVE-2015-6660)

- An information disclosure vulnerability exists that
allows a remote, authenticated user to view the titles
of nodes that they do not have access to.
(CVE-2015-6661)

- A cross-site scripting vulnerability exists due to
improper validation of user-supplied input when invoking
Drupal.ajax() on whitelisted HTML elements. A remote
attacker can exploit this, via a specially crafted
request, to execute arbitrary script code.
(CVE-2015-6665)

Note that Nessus has not tested for these issues but has instead
relied only on the application's self-reported version number.

See also :

https://www.drupal.org/SA-CORE-2015-003
https://www.drupal.org/drupal-7.39-release-notes

Solution :

Upgrade to Drupal version 7.39 or later.

Risk factor :

Medium / CVSS Base Score : 6.5
(CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P)
CVSS Temporal Score : 4.8
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

This script is Copyright (C) 2015 Tenable Network Security, Inc.

Drupal 6.x < 6.37 Multiple Vulnerabilities


Synopsis:

The remote web server is running a PHP application that is affected by
multiple vulnerabilities.

Description:

The remote web server is running a version of Drupal that is 6.x prior
to 6.37. It is, therefore, potentially affected by the following
vulnerabilities :

- A cross-site scripting vulnerability exists in the
autocomplete functionality due to improper validation of
input passed via requested URLs. An authenticated,
remote attacker can exploit this, via a specially
crafted request, to execute arbitrary script code.
(CVE-2015-6658)

- A cross-site request forgery vulnerability exists in the
form API due to improper validation of form tokens. An
authenticated, remote attacker can exploit this, via a
specially crafted link, to upload arbitrary files under
another user's account. (CVE-2015-6660)

- An information disclosure vulnerability exists that
allows a remote, authenticated user to view the titles
of nodes that they do not have access to.
(CVE-2015-6661)

Note that Nessus has not tested for this issue but has instead relied
only on the application's self-reported version number.

See also :

https://www.drupal.org/SA-CORE-2015-003
https://www.drupal.org/drupal-6.37-release-notes

Solution :

Upgrade to Drupal version 6.37 or later.

Risk factor :

Medium / CVSS Base Score : 6.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 5.6
(CVSS2#E:F/RL:OF/RC:ND)
Public Exploit Available : true

This script is Copyright (C) 2015 Tenable Network Security, Inc.

Cisco TelePresence VCS Expressway Series 8.5.2 Multiple Vulnerabilities


Synopsis:

The remote host is affected by multiple vulnerabilities.

Description:

According to its self-reported version, the instance of Cisco
TelePresence Video Communication Server (VCS) Expressway running on
the remote host is affected by multiple vulnerabilities :

- A command injection vulnerability exists in the web
framework component due to insufficient validation of
user-supplied input. An authenticated, remote attacker
can exploit this, via a specially crafted request, to
inject arbitrary commands that execute at the 'nobody'
user privilege level. (CVE-2015-4303)

- An access vulnerability exists in the Mobile and Remote
Access (MRA) endpoint-validation feature due to improper
validation of the phone line used for registration. An
authenticated, remote attacker can exploit this, via a
crafted Session Initiation Protocol (SIP) message, to
register their phones and impersonate legitimate users.
(CVE-2015-4316)

- A denial of service vulnerability exists due to
insufficient handling of malformed authentication
messages. An unauthenticated, remote attacker can
exploit this, via a crafted authentication packet with
invalid variables, to cause a denial of service
condition. (CVE-2015-4317)

- A denial of service vulnerability exists due to
insufficient handling of malformed GET request messages.
An unauthenticated, remote attacker can exploit this,
via a crafted packet with invalid variables, to cause a
denial of service condition. (CVE-2015-4318)

- A security bypass vulnerability exists in the Password
Change functionality due to insufficient enforcement in
the authorization process. An authenticated, remote
attacker can exploit this, via a specially crafted
packet, to reset arbitrary active-user passwords.
(CVE-2015-4319)

- An information disclosure vulnerability exists in the
Configuration Log File component due to the inclusion of
sensitive information in certain log files. An
authenticated, remote attacker can exploit this to view
the sensitive information in the log files.
(CVE-2015-4320)

See also :

https://tools.cisco.com/bugsearch/bug/CSCuv12333
https://tools.cisco.com/bugsearch/bug/CSCuv12338
https://tools.cisco.com/bugsearch/bug/CSCuv12340
https://tools.cisco.com/bugsearch/bug/CSCuv40396
https://tools.cisco.com/bugsearch/bug/CSCuv40469
https://tools.cisco.com/bugsearch/bug/CSCuv40528
http://tools.cisco.com/security/center/viewAlert.x?alertId=40433
http://tools.cisco.com/security/center/viewAlert.x?alertId=40441
http://tools.cisco.com/security/center/viewAlert.x?alertId=40442
http://tools.cisco.com/security/center/viewAlert.x?alertId=40443
http://tools.cisco.com/security/center/viewAlert.x?alertId=40444
http://tools.cisco.com/security/center/viewAlert.x?alertId=40445

Solution :

Upgrade to the relevant fixed version referenced in Cisco bug IDs
CSCuv12333, CSCuv12338, and CSCuv12340. For Cisco bug IDs CSCuv40396,
CSCuv40469, and CSCuv40528 contact the vendor for a fix.

Risk factor :

Medium / CVSS Base Score : 6.5
(CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P)
CVSS Temporal Score : 5.4
(CVSS2#E:F/RL:OF/RC:ND)
Public Exploit Available : true

This script is Copyright (C) 2015 Tenable Network Security, Inc.

Cisco TelePresence VCS Expressway Series 8.5.1 Information Disclosure


Synopsis:

The remote host is affected by an information disclosure
vulnerability.

Description:

According to its self-reported version, the instance of Cisco
TelePresence Video Communication Server (VCS) Expressway running on
the remote host is affected by an information disclosure vulnerability
due to a flaw in the System Snapshot feature. An authenticated, remote
attacker can download snapshot files and view the password hashes
contained within them.

See also :

https://tools.cisco.com/bugsearch/bug/CSCuv40422
http://tools.cisco.com/security/center/viewAlert.x?alertId=40439

Solution :

Contact the vendor for a fix.

Risk factor :

Medium / CVSS Base Score : 4.0
(CVSS2#AV:N/AC:L/Au:S/C:P/I:N/A:N)
CVSS Temporal Score : 3.8
(CVSS2#E:F/RL:U/RC:ND)
Public Exploit Available : true

This script is Copyright (C) 2015 Tenable Network Security, Inc.

Cisco TelePresence VCS Expressway 8.5.3 XML External Entity (XXE) Injection


Synopsis:

The remote host is affected by an XML External Entity (XXE) injection
vulnerability.

Description:

According to its self-reported version, the instance of Cisco
TelePresence Video Communication Server (VCS) Expressway running on
the remote host is affected by an XML External Entity (XXE) injection
vulnerability due to insufficient validation of declared document type
definitions (DTD) stored externally. An authenticated, remote attacker
can exploit this, via a specially crafted XML file, to cause a denial
of service condition or to read arbitrary files.

See also :

https://tools.cisco.com/bugsearch/bug/CSCuv31853
http://tools.cisco.com/security/center/viewAlert.x?alertId=40446

Solution :

Contact the vendor for a fix.

Risk factor :

Medium / CVSS Base Score : 5.5
(CVSS2#AV:N/AC:L/Au:S/C:P/I:N/A:P)
CVSS Temporal Score : 5.2
(CVSS2#E:F/RL:U/RC:ND)
Public Exploit Available : true

This script is Copyright (C) 2015 Tenable Network Security, Inc.

Ubuntu 12.04 LTS / 14.04 / 15.04 : thunderbird vulnerabilities (USN-2712-1)


Synopsis:

The remote Ubuntu host is missing a security-related patch.

Description:

Gary Kwong, Christian Holler, and Byron Campen discovered multiple
memory safety issues in Thunderbird. If a user were tricked in to
opening a specially crafted message, an attacker could potentially
exploit these to cause a denial of service via application crash, or
execute arbitrary code with the privileges ofthe user invoking
Thunderbird. (CVE-2015-4473)

Ronald Crane reported 3 security issues. If a user were tricked in to
opening a specially crafted message, an attacker could potentially
exploit these, in combination with another security vulnerability, to
cause a denial of service via application crash, or execute arbitrary
code with the privileges of the user invoking Thunderbird.
(CVE-2015-4487, CVE-2015-4488, CVE-2015-4489)

Gustavo Grieco discovered a heap overflow in gdk-pixbuf. If a user
were tricked in to opening a specially crafted message, an attacker
could potentially exploit this to cause a denial of service via
application crash or execute arbitrary code with the priviliges of the
user invoking Thunderbird. (CVE-2015-4491).

Solution :

Update the affected thunderbird package.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

This script is Copyright (C) 2015 Tenable Network Security, Inc.

SUSE SLED12 / SLES12 Security Update : p7zip (SUSE-SU-2015:1433-1)


Synopsis:

The remote SUSE host is missing one or more security updates.

Description:

This update fixes the following security issue :

- CVE-2015-1038: directory traversal vulnerability
[bnc#912878]

This could for the overwriting of arbitrary files
through uncompressing a crafted archive, with the
privileges of the user running 7z

Note that Tenable Network Security has extracted the preceding
description block directly from the SUSE security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.

See also :

https://bugzilla.suse.com/912878
https://www.suse.com/security/cve/CVE-2015-1038.html
http://www.nessus.org/u?be2e1122

Solution :

To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product :

SUSE Linux Enterprise Server 12 :

zypper in -t patch SUSE-SLE-SERVER-12-2015-437=1

SUSE Linux Enterprise Desktop 12 :

zypper in -t patch SUSE-SLE-DESKTOP-12-2015-437=1

To bring your system up-to-date, use 'zypper patch'.

Risk factor :

Medium / CVSS Base Score : 5.8
(CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:P)
CVSS Temporal Score : 5.0
(CVSS2#E:ND/RL:OF/RC:ND)
Public Exploit Available : true

This script is Copyright (C) 2015 Tenable Network Security, Inc.

Scientific Linux Security Update : thunderbird on SL5.x, SL6.x, SL7.x i386/x86_64


Synopsis:

The remote Scientific Linux host is missing one or more security
updates.

Description:

Several flaws were found in the processing of malformed web content. A
web page containing malicious content could cause Thunderbird to crash
or, potentially, execute arbitrary code with the privileges of the
user running Thunderbird. (CVE-2015-4473, CVE-2015-4491,
CVE-2015-4487, CVE-2015-4488, CVE-2015-4489)

Note: All of the above issues cannot be exploited by a specially
crafted HTML mail message because JavaScript is disabled by default
for mail messages. However, they could be exploited in other ways in
Thunderbird (for example, by viewing the full remote content of an RSS
feed).

After installing the update, Thunderbird must be restarted for the
changes to take effect.

See also :

http://www.nessus.org/u?4a357acb

Solution :

Update the affected thunderbird and / or thunderbird-debuginfo
packages.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

This script is Copyright (C) 2015 Tenable Network Security, Inc.

RHEL 5 / 6 / 7 : thunderbird (RHSA-2015:1682)


Synopsis:

The remote Red Hat host is missing one or more security updates.

Description:

An updated thunderbird package that fixes multiple security issues is
now available for Red Hat Enterprise Linux 5, 6, and 7.

Red Hat Product Security has rated this update as having Important
security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.

Mozilla Thunderbird is a standalone mail and newsgroup client.

Several flaws were found in the processing of malformed web content. A
web page containing malicious content could cause Thunderbird to crash
or, potentially, execute arbitrary code with the privileges of the
user running Thunderbird. (CVE-2015-4473, CVE-2015-4491,
CVE-2015-4487, CVE-2015-4488, CVE-2015-4489)

Note: All of the above issues cannot be exploited by a specially
crafted HTML mail message because JavaScript is disabled by default
for mail messages. However, they could be exploited in other ways in
Thunderbird (for example, by viewing the full remote content of an RSS
feed).

Red Hat would like to thank the Mozilla project for reporting these
issues. Upstream acknowledges Gary Kwong, Christian Holler, Byron
Campen, Gustavo Grieco, and Ronald Crane as the original reporters of
these issues.

For technical details regarding these flaws, refer to the Mozilla
security advisories for Thunderbird 38.2. You can find a link to the
Mozilla advisories in the References section of this erratum.

All Thunderbird users should upgrade to this updated package, which
contains Thunderbird version 38.2, which corrects these issues. After
installing the update, Thunderbird must be restarted for the changes
to take effect.

See also :

https://www.redhat.com/security/data/cve/CVE-2015-4473.html
https://www.redhat.com/security/data/cve/CVE-2015-4487.html
https://www.redhat.com/security/data/cve/CVE-2015-4488.html
https://www.redhat.com/security/data/cve/CVE-2015-4489.html
https://www.redhat.com/security/data/cve/CVE-2015-4491.html
http://www.nessus.org/u?f3138c54
http://rhn.redhat.com/errata/RHSA-2015-1682.html

Solution :

Update the affected thunderbird and / or thunderbird-debuginfo
packages.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

This script is Copyright (C) 2015 Tenable Network Security, Inc.

RHEL 6 : JBoss EAP (RHSA-2015:1670)


Synopsis:

The remote Red Hat host is missing one or more security updates.

Description:

An updated Red Hat JBoss Enterprise Application Platform 6.4.3 package
that fixes a security issue, several bugs and adds various
enhancements is now available for Red Hat Enterprise Linux 6.

Red Hat JBoss Enterprise Application Platform 6 is a platform for Java
applications based on JBoss Application Server 7.

This release serves as a replacement for Red Hat JBoss Enterprise
Application Platform 6.4.2 and includes bug fixes and enhancements.
Documentation for these changes is available from the Red Hat JBoss
Enterprise Application Platform 6.4.3 Release Notes, linked to in the
References.

The following security issue is also fixed with this release :

It was discovered that under specific conditions that PicketLink IDP
ignores role based authorization. This could lead to an authenticated
user being able to access application resources that are not permitted
for a given role. (CVE-2015-3158)

All users of Red Hat JBoss Enterprise Application Platform 6.4 on Red
Hat Enterprise Linux 6 are advised to upgrade to this updated package,
which fixes these bugs and adds these enhancements. The JBoss server
process must be restarted for the update to take effect.

See also :

https://www.redhat.com/security/data/cve/CVE-2015-3158.html
https://access.redhat.com/documentation/en-US/
http://rhn.redhat.com/errata/RHSA-2015-1670.html

Solution :

Update the affected packages.

Risk factor :

Low / CVSS Base Score : 3.5
(CVSS2#AV:N/AC:M/Au:S/C:P/I:N/A:N)
CVSS Temporal Score : 2.9
(CVSS2#E:F/RL:OF/RC:ND)
Public Exploit Available : true

This script is Copyright (C) 2015 Tenable Network Security, Inc.

RHEL 5 : JBoss EAP (RHSA-2015:1669)


Synopsis:

The remote Red Hat host is missing one or more security updates.

Description:

An updated Red Hat JBoss Enterprise Application Platform 6.4.3 package
that fixes a security issue, several bugs and adds various
enhancements is now available for Red Hat Enterprise Linux 5.

Red Hat JBoss Enterprise Application Platform 6 is a platform for Java
applications based on JBoss Application Server 7.

This release serves as a replacement for Red Hat JBoss Enterprise
Application Platform 6.4.2 and includes bug fixes and enhancements.
Documentation for these changes is available from the Red Hat JBoss
Enterprise Application Platform 6.4.3 Release Notes, linked to in the
References.

The following security issue is also fixed with this release :

It was discovered that under specific conditions that PicketLink IDP
ignores role based authorization. This could lead to an authenticated
user being able to access application resources that are not permitted
for a given role. (CVE-2015-3158)

All users of Red Hat JBoss Enterprise Application Platform 6.4 on Red
Hat Enterprise Linux 5 are advised to upgrade to this updated package,
which fixes these bugs and adds these enhancements. The JBoss server
process must be restarted for the update to take effect.

See also :

https://www.redhat.com/security/data/cve/CVE-2015-3158.html
https://access.redhat.com/documentation/en-US/
http://rhn.redhat.com/errata/RHSA-2015-1669.html

Solution :

Update the affected packages.

Risk factor :

Low / CVSS Base Score : 3.5
(CVSS2#AV:N/AC:M/Au:S/C:P/I:N/A:N)
CVSS Temporal Score : 2.9
(CVSS2#E:F/RL:OF/RC:ND)
Public Exploit Available : true

This script is Copyright (C) 2015 Tenable Network Security, Inc.

Oracle Linux 6 / 7 : thunderbird (ELSA-2015-1682)


Synopsis:

The remote Oracle Linux host is missing a security update.

Description:

Description of changes:

[38.2.0-1.0.1]
- Replaced thunderbird-redhat-default-prefs.js with
thunderbird-oracle-default-prefs.js

[38.2.0-1]
- Update to 38.2.0

[38.1.0-2]
- Rebase to 38.1.0

See also :

https://oss.oracle.com/pipermail/el-errata/2015-August/005359.html
https://oss.oracle.com/pipermail/el-errata/2015-August/005360.html

Solution :

Update the affected thunderbird package.

Risk factor :

High

This script is Copyright (C) 2015 Tenable Network Security, Inc.

FreeBSD : go -- multiple vulnerabilities (4464212e-4acd-11e5-934b-002590263bf5)


Synopsis:

The remote FreeBSD host is missing one or more security-related
updates.

Description:

Jason Buberel, Go Product Manager, reports :

CVE-2015-5739 - 'Content Length' treated as valid header

CVE-2015-5740 - Double content-length headers does not return 400
error

CVE-2015-5741 - Additional hardening, not sending Content-Length
w/Transfer-Encoding, Closing connections

See also :

http://www.nessus.org/u?14d69ded
http://www.nessus.org/u?981f69a2
http://www.nessus.org/u?27017e66
http://seclists.org/oss-sec/2015/q3/237
http://www.nessus.org/u?9313e898

Solution :

Update the affected packages.

Risk factor :

High

This script is Copyright (C) 2015 Tenable Network Security, Inc.

FreeBSD : libtremor -- memory corruption (40497e81-fee3-4e54-9d5f-175a5c633b73)


Synopsis:

The remote FreeBSD host is missing a security-related update.

Description:

The Mozilla Project reports :

Security researcher regenrecht reported via TippingPoint's Zero Day
Initiative the possibility of memory corruption during the decoding of
Ogg Vorbis files. This can cause a crash during decoding and has the
potential for remote code execution.

See also :

https://bugzilla.mozilla.org/show_bug.cgi?id=719612
https://git.xiph.org/?p=tremor.git
a=commitdiff
h=3daa274
http://www.nessus.org/u?a4707023

Solution :

Update the affected package.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

This script is Copyright (C) 2015 Tenable Network Security, Inc.

FreeBSD : libtremor -- multiple vulnerabilities (3dac84c9-bce1-4199-9784-d68af1eb7b2e)


Synopsis:

The remote FreeBSD host is missing a security-related update.

Description:

The RedHat Project reports :

Will Drewry of the Google Security Team reported multiple issues in
OGG Vorbis and Tremor libraries, that could cause application using
those libraries to crash (NULL pointer dereference or divide by zero),
enter an infinite loop or cause heap overflow caused by integer
overflow.

See also :

http://www.nessus.org/u?2624b1eb
https://git.xiph.org/?p=tremor.git
a=commitdiff
h=7e94eea
https://git.xiph.org/?p=tremor.git
a=commitdiff
h=1d1f93e
https://git.xiph.org/?p=tremor.git
a=commitdiff
h=159efc4
http://www.nessus.org/u?364845d9

Solution :

Update the affected package.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)

This script is Copyright (C) 2015 Tenable Network Security, Inc.

Fedora 23 : rt-4.2.12-1.fc23 (2015-13641)


Synopsis:

The remote Fedora host is missing a security update.

Description:

Security fix for CVE-2015-5475

See also :

https://bugzilla.redhat.com/show_bug.cgi?id=1254111
http://www.nessus.org/u?ed7f3028

Solution :

Update the affected rt package.

Risk factor :

Medium / CVSS Base Score : 4.3
(CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N)

This script is Copyright (C) 2015 Tenable Network Security, Inc.

CentOS 6 : httpd (CESA-2015:1668)


Synopsis:

The remote CentOS host is missing one or more security updates.

Description:

Updated httpd packages that fix one security issue are now available
for Red Hat Enterprise Linux 6.

Red Hat Product Security has rated this update as having Moderate
security impact. A Common Vulnerability Scoring System (CVSS) base
score, which gives a detailed severity rating, is available from the
CVE link in the References section.

The httpd packages provide the Apache HTTP Server, a powerful,
efficient, and extensible web server.

Multiple flaws were found in the way httpd parsed HTTP requests and
responses using chunked transfer encoding. A remote attacker could use
these flaws to create a specially crafted request, which httpd would
decode differently from an HTTP proxy software in front of it,
possibly leading to HTTP request smuggling attacks. (CVE-2015-3183)

All httpd users are advised to upgrade to these updated packages,
which contain a backported patch to correct this issue. After
installing the updated packages, the httpd service will be restarted
automatically.

See also :

http://www.nessus.org/u?bdf5a280

Solution :

Update the affected httpd packages.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)
CVSS Temporal Score : 3.7
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

This script is Copyright (C) 2015 Tenable Network Security, Inc.

CentOS 7 : httpd (CESA-2015:1667)


Synopsis:

The remote CentOS host is missing one or more security updates.

Description:

Updated httpd packages that fix two security issues are now available
for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having Moderate
security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.

The httpd packages provide the Apache HTTP Server, a powerful,
efficient, and extensible web server.

Multiple flaws were found in the way httpd parsed HTTP requests and
responses using chunked transfer encoding. A remote attacker could use
these flaws to create a specially crafted request, which httpd would
decode differently from an HTTP proxy software in front of it,
possibly leading to HTTP request smuggling attacks. (CVE-2015-3183)

It was discovered that in httpd 2.4, the internal API function
ap_some_auth_required() could incorrectly indicate that a request was
authenticated even when no authentication was used. An httpd module
using this API function could consequently allow access that should
have been denied. (CVE-2015-3185)

All httpd users are advised to upgrade to these updated packages,
which contain backported patches to correct these issues. After
installing the updated packages, the httpd service will be restarted
automatically.

See also :

http://www.nessus.org/u?afbc3cb5

Solution :

Update the affected httpd packages.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)
CVSS Temporal Score : 3.7
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

This script is Copyright (C) 2015 Tenable Network Security, Inc.

CentOS 7 : mariadb (CESA-2015:1665)


Synopsis:

The remote CentOS host is missing one or more security updates.

Description:

Updated mariadb packages that fix several security issues are now
available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having Moderate
security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.

MariaDB is a multi-user, multi-threaded SQL database server that is
binary compatible with MySQL.

It was found that the MySQL client library permitted but did not
require a client to use SSL/TLS when establishing a secure connection
to a MySQL server using the '--ssl' option. A man-in-the-middle
attacker could use this flaw to strip the SSL/TLS protection from a
connection between a client and a server. (CVE-2015-3152)

This update fixes several vulnerabilities in the MariaDB database
server. Information about these flaws can be found on the Oracle
Critical Patch Update Advisory page, listed in the References section.
(CVE-2015-0501, CVE-2015-2568, CVE-2015-0499, CVE-2015-2571,
CVE-2015-0433, CVE-2015-0441, CVE-2015-0505, CVE-2015-2573,
CVE-2015-2582, CVE-2015-2620, CVE-2015-2643, CVE-2015-2648,
CVE-2015-4737, CVE-2015-4752, CVE-2015-4757)

These updated packages upgrade MariaDB to version 5.5.44. Refer to the
MariaDB Release Notes listed in the References section for a complete
list of changes.

All MariaDB users should upgrade to these updated packages, which
correct these issues. After installing this update, the MariaDB server
daemon (mysqld) will be restarted automatically.

See also :

http://www.nessus.org/u?6df14bc2

Solution :

Update the affected mariadb packages.

Risk factor :

Medium / CVSS Base Score : 5.7
(CVSS2#AV:N/AC:M/Au:M/C:N/I:N/A:C)
CVSS Temporal Score : 4.2
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

This script is Copyright (C) 2015 Tenable Network Security, Inc.

CentOS 5 : nss (CESA-2015:1664)


Synopsis:

The remote CentOS host is missing one or more security updates.

Description:

Updated nss packages that fix two security issues, several bugs, and
add various enhancements are now available for Red Hat Enterprise
Linux 5.

Red Hat Product Security has rated this update as having Moderate
security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.

Network Security Services (NSS) is a set of libraries designed to
support cross-platform development of security-enabled client and
server applications.

It was found that NSS permitted skipping of the ServerKeyExchange
packet during a handshake involving ECDHE (Elliptic Curve
Diffie-Hellman key Exchange). A remote attacker could use this flaw to
bypass the forward-secrecy of a TLS/SSL connection. (CVE-2015-2721)

A flaw was found in the way NSS verified certain ECDSA (Elliptic Curve
Digital Signature Algorithm) signatures. Under certain conditions, an
attacker could use this flaw to conduct signature forgery attacks.
(CVE-2015-2730)

Red Hat would like to thank the Mozilla project for reporting this
issue. Upstream acknowledges Karthikeyan Bhargavan as the original
reporter of CVE-2015-2721, and Watson Ladd as the original reporter of
CVE-2015-2730.

The nss packages have been upgraded to upstream version 3.19.1, which
provides a number of bug fixes and enhancements over the previous
version.

All nss users are advised to upgrade to these updated packages, which
correct these issues.

See also :

http://www.nessus.org/u?079e87bf

Solution :

Update the affected nss packages.

Risk factor :

Medium / CVSS Base Score : 4.3
(CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N)
CVSS Temporal Score : 3.2
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

This script is Copyright (C) 2015 Tenable Network Security, Inc.

Amazon Linux AMI : golang / docker (ALAS-2015-588)


Synopsis:

The remote Amazon Linux AMI host is missing a security update.

Description:

As discussed upstream -- here and here -- the Go project received
notification of an HTTP request smuggling vulnerability in the
net/http library. Invalid headers are parsed as valid headers (like
'Content Length:' with a space in the middle) and Double
Content-length headers in a request does not generate a 400 error, the
second Content-length is ignored.

See also :

http://seclists.org/oss-sec/2015/q3/237
http://seclists.org/oss-sec/2015/q3/294
https://alas.aws.amazon.com/ALAS-2015-588.html

Solution :

Run 'yum update golang docker' to update your system.

Risk factor :

High

This script is Copyright (C) 2015 Tenable Network Security, Inc.

Amazon Linux AMI : subversion / mod_dav_svn (ALAS-2015-587)


Synopsis:

The remote Amazon Linux AMI host is missing a security update.

Description:

The mod_dav_svn server in Subversion 1.8.0 through 1.8.11 allows
remote attackers to cause a denial of service (memory consumption) via
a large number of REPORT requests, which trigger the traversal of FSFS
repository nodes. (CVE-2015-0202)

An assertion failure flaw was found in the way the SVN server
processed certain requests with dynamically evaluated revision
numbers. A remote attacker could use this flaw to cause the SVN server
(both svnserve and httpd with the mod_dav_svn module) to crash.
(CVE-2015-0248)

It was found that the mod_dav_svn module did not properly validate the
svn:author property of certain requests. An attacker able to create
new revisions could use this flaw to spoof the svn:author property.
(CVE-2015-0251)

See also :

https://alas.aws.amazon.com/ALAS-2015-587.html

Solution :

Run 'yum update subversion mod_dav_svn' to update your system.

Risk factor :

High / CVSS Base Score : 7.8
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C)

This script is Copyright (C) 2015 Tenable Network Security, Inc.

Amazon Linux AMI : java-1.6.0-openjdk (ALAS-2015-586)


Synopsis:

The remote Amazon Linux AMI host is missing a security update.

Description:

Multiple flaws were discovered in the 2D, CORBA, JMX, Libraries and
RMI components in OpenJDK. An untrusted Java application or applet
could use these flaws to bypass Java sandbox restrictions.
(CVE-2015-4760 , CVE-2015-2628 , CVE-2015-4731 , CVE-2015-2590 ,
CVE-2015-4732 , CVE-2015-4733)

A flaw was found in the way the Libraries component of OpenJDK
verified Online Certificate Status Protocol (OCSP) responses. An OCSP
response with no nextUpdate date specified was incorrectly handled as
having unlimited validity, possibly causing a revoked X.509
certificate to be interpreted as valid. (CVE-2015-4748)

It was discovered that the JCE component in OpenJDK failed to use
constant time comparisons in multiple cases. An attacker could
possibly use these flaws to disclose sensitive information by
measuring the time used to perform operations using these non-constant
time comparisons. (CVE-2015-2601)

A flaw was found in the RC4 encryption algorithm. When using certain
keys for RC4 encryption, an attacker could obtain portions of the
plain text from the cipher text without the knowledge of the
encryption key. (CVE-2015-2808)

A flaw was found in the way the TLS protocol composed the
Diffie-Hellman (DH) key exchange. A man-in-the-middle attacker could
use this flaw to force the use of weak 512 bit export-grade keys
during the key exchange, allowing them to decrypt all traffic.
(CVE-2015-4000)

It was discovered that the JNDI component in OpenJDK did not handle
DNS resolutions correctly. An attacker able to trigger such DNS errors
could cause a Java application using JNDI to consume memory and CPU
time, and possibly block further DNS resolution. (CVE-2015-4749)

Multiple information leak flaws were found in the JMX and 2D
components in OpenJDK. An untrusted Java application or applet could
use this flaw to bypass certain Java sandbox restrictions.
(CVE-2015-2621 , CVE-2015-2632)

A flaw was found in the way the JSSE component in OpenJDK performed
X.509 certificate identity verification when establishing a TLS/SSL
connection to a host identified by an IP address. In certain cases,
the certificate was accepted as valid if it was issued for a host name
to which the IP address resolves rather than for the IP address.
(CVE-2015-2625)

See also :

https://alas.aws.amazon.com/ALAS-2015-586.html

Solution :

Run 'yum update java-1.6.0-openjdk' to update your system.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
Public Exploit Available : true

This script is Copyright (C) 2015 Tenable Network Security, Inc.

IBM Storwize V7000 Unified 1.3.x < 1.4.3.5 / 1.5.x < 1.5.0.4 Multiple Vulnerabilities (Shellshock)


Synopsis:

The remote IBM Storwize V7000 Unified device is affected by multiple
vulnerabilities.

Description:

The remote IBM Storwize V7000 Unified device is running version 1.3.x
prior to 1.4.3.5 or 1.5.x prior to 1.5.0.4. It is, therefore, affected
by the following vulnerabilities :

- A command injection vulnerability exists in GNU Bash
known as Shellshock. The vulnerability is due to the
processing of trailing strings after function
definitions in the values of environment variables.
This allows a remote attacker to execute arbitrary code
via environment variable manipulation depending on the
configuration of the system. (CVE-2014-6271)

- An out-of-bounds memory access error exists in GNU Bash
in file parse.y due to evaluating untrusted input during
stacked redirects handling. A remote attacker can exploit
this, via a crafted 'here' document, to execute arbitrary
code or cause a denial of service. (CVE-2014-7186)

- An off-by-one error exists in GNU Bash in the
read_token_word() function in file parse.y when handling
deeply-nested flow control constructs. A remote attacker
can exploit this, by using deeply nested loops, to
execute arbitrary code or cause a denial of service.
(CVE-2014-7187)

- A command injection vulnerability exists in GNU Bash
known as Shellshock. The vulnerability is due to the
processing of trailing strings after function
definitions in the values of environment variables.
This allows a remote attacker to execute arbitrary code
via environment variable manipulation depending on the
configuration of the system. (CVE-2014-6278) Note that
this vulnerability exists because of an incomplete fix
for CVE-2014-6271, CVE-2014-7169, and CVE-2014-6277.

See also :

http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004898
http://seclists.org/oss-sec/2014/q3/650
http://www.nessus.org/u?dacf7829
https://www.invisiblethreat.ca/2014/09/cve-2014-6271/
http://lcamtuf.blogspot.com/2014/10/bash-bug-how-we-finally-cracked.html

Solution :

Upgrade to IBM Storwize V7000 Unified version 1.4.3.5 / 1.5.0.4 or
later.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 9.0
(CVSS2#E:POC/RL:ND/RC:ND)
Public Exploit Available : true

This script is Copyright (C) 2015 Tenable Network Security, Inc.

WP Symposium Plugin for WordPress forum_functions.php 'topic_id' Parameter SQLi


Synopsis:

The remote web server hosts a web application that is affected by a
SQL injection vulnerability.

Description:

The WordPress WP Symposium Plugin installed on the remote host is
affected by a SQL injection vulnerability due to a failure to properly
sanitize user-supplied input to the 'topic_id' parameter of the
forum_functions.php script. An unauthenticated, remote attacker can
exploit this issue to conduct a blind SQL injection attack against the
affected application, resulting in the manipulation or disclosure of
arbitrary data.

See also :

http://seclists.org/fulldisclosure/2015/Aug/33
https://plugins.trac.wordpress.org/changeset/1214869

Solution :

Upgrade to WordPress WP Symposium Plugin version 15.8 or later.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 6.2
(CVSS2#E:F/RL:OF/RC:ND)
Public Exploit Available : true

This script is Copyright (C) 2015 Tenable Network Security, Inc.

Tenable SecurityCenter Multiple Apache Vulnerabilities (TNS-2015-11)


Synopsis:

The remote application is affected by multiple vulnerabilities.

Description:

The Tenable SecurityCenter application installed on the remote host
contains a bundled version of Apache HTTP Server prior to 2.4.16. It
is, therefore, affected by the following vulnerabilities :

- A flaw exists in the chunked transfer coding
implementation in http_filters.c. due to a failure to
properly parse chunk headers when handling large
chunk-size values and invalid chunk-extension
characters. A remote attacker can exploit this, via a
crafted request, to carry out HTTP request smuggling,
potentially resulting in cache poisoning or the
hijacking of credentials. (CVE-2015-3183)

- A security bypass vulnerability exists due to a failure
in the ap_some_auth_required() function in request.c to
consider that a Require directive may be associated with
an authorization setting instead of an authentication
setting. A remote attacker can exploit this, by
leveraging the presence of a module that relies on the
2.2 API behavior, to bypass intended access restrictions
under certain circumstances.
(CVE-2015-3185)

Note that the 4.x version of SecurityCenter is impacted only by
CVE-2015-3183. The 5.x version is impacted by both CVE-2015-3183 and
CVE-2015-3185

See also :

http://www.tenable.com/security/tns-2015-11
http://www.apache.org/dist/httpd/Announcement2.2.html
http://www.apache.org/dist/httpd/Announcement2.4.html

Solution :

Apply the relevant patch for version 4.7.1 / 4.8.2 as referenced in
the vendor advisory. Alternatively, upgrade to Tenable SecurityCenter
version 5.0.2.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)

This script is Copyright (C) 2015 Tenable Network Security, Inc.

HP Operations Manager i (OMi) Detection


Synopsis:

The remote host has infrastructure monitoring software installed.

Description:

HP Operations Manager i (OMi), infrastructure monitoring software, is
installed on the remote host.

See also :

http://www.nessus.org/u?7a59c676

Solution :

n/a

Risk factor :

None

This script is Copyright (C) 2015 Tenable Network Security, Inc.

HP Operations Manager i (OMi) Unspecified RCE


Synopsis:

The remote host is affected by an unspecified remote code execution
vulnerability.

Description:

The version of HP Operations Manager i (OMi) installed on the remote
host is missing a security patch that fixes an unspecified remote code
execution vulnerability.

See also :

http://www.nessus.org/u?59999363

Solution :

Apply the appropriate patch per the vendor advisory.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 6.9
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

This script is Copyright (C) 2015 Tenable Network Security, Inc.

SUSE SLES11 Security Update : kvm (SUSE-SU-2015:1426-1)


Synopsis:

The remote SUSE host is missing one or more security updates.

Description:

kvm was updated to fix two security issues.

The following vulnerabilities were fixed :

- CVE-2015-5154: Host code execution via IDE subsystem
CD-ROM (bsc#938344).

- CVE-2015-3209: Fix buffer overflow in pcnet emulation
(bsc#932770).

Note that Tenable Network Security has extracted the preceding
description block directly from the SUSE security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.

See also :

https://bugzilla.suse.com/932770
https://bugzilla.suse.com/938344
https://www.suse.com/security/cve/CVE-2015-3209.html
https://www.suse.com/security/cve/CVE-2015-5154.html
http://www.nessus.org/u?49f926dd

Solution :

To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product :

SUSE Linux Enterprise Server 11-SP2-LTSS :

zypper in -t patch slessp2-kvm-12041=1

SUSE Linux Enterprise Debuginfo 11-SP2 :

zypper in -t patch dbgsp2-kvm-12041=1

To bring your system up-to-date, use 'zypper patch'.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 5.5
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

This script is Copyright (C) 2015 Tenable Network Security, Inc.

SUSE SLED11 / SLES11 Security Update : glibc (SUSE-SU-2015:1424-1)


Synopsis:

The remote SUSE host is missing one or more security updates.

Description:

This update for glibc provides fixes for security and non-security
issues.

These security issues have been fixed :

- CVE-2015-1781: Buffer length after padding in
resolv/nss_dns/dns-host.c. (bsc#927080)

- CVE-2013-2207: pt_chown did not properly check
permissions for tty files, which allowed local users to
change the permission on the files and obtain access to
arbitrary pseudo-terminals by leveraging a FUSE file
system. (bsc#830257)

- CVE-2014-8121: DB_LOOKUP in the Name Service Switch
(NSS) did not properly check if a file is open, which
allowed remote attackers to cause a denial of service
(infinite loop) by performing a look-up while the
database is iterated over the database, which triggers
the file pointer to be reset. (bsc#918187)

- Fix read past end of pattern in fnmatch. (bsc#920338)

These non-security issues have been fixed :

- Fix locking in _IO_flush_all_lockp() to prevent
deadlocks in applications. (bsc#851280)

- Record TTL also for DNS PTR queries. (bsc#928723)

- Fix invalid free in ld.so. (bsc#932059)

- Make PowerPC64 default to non-executable stack.
(bsc#933770)

- Fix floating point exceptions in some circumstances with
exp() and friends. (bsc#933903)

- Fix bad TEXTREL in glibc.i686. (bsc#935286)

Note that Tenable Network Security has extracted the preceding
description block directly from the SUSE security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.

See also :

https://bugzilla.suse.com/830257
https://bugzilla.suse.com/851280
https://bugzilla.suse.com/918187
https://bugzilla.suse.com/920338
https://bugzilla.suse.com/927080
https://bugzilla.suse.com/928723
https://bugzilla.suse.com/932059
https://bugzilla.suse.com/933770
https://bugzilla.suse.com/933903
https://bugzilla.suse.com/935286
https://www.suse.com/security/cve/CVE-2013-2207.html
https://www.suse.com/security/cve/CVE-2014-8121.html
https://www.suse.com/security/cve/CVE-2015-1781.html
http://www.nessus.org/u?63544965

Solution :

To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product :

SUSE Linux Enterprise Software Development Kit 11-SP4 :

zypper in -t patch sdksp4-glibc-12042=1

SUSE Linux Enterprise Software Development Kit 11-SP3 :

zypper in -t patch sdksp3-glibc-12042=1

SUSE Linux Enterprise Server for VMWare 11-SP3 :

zypper in -t patch slessp3-glibc-12042=1

SUSE Linux Enterprise Server 11-SP4 :

zypper in -t patch slessp4-glibc-12042=1

SUSE Linux Enterprise Server 11-SP3 :

zypper in -t patch slessp3-glibc-12042=1

SUSE Linux Enterprise Desktop 11-SP4 :

zypper in -t patch sledsp4-glibc-12042=1

SUSE Linux Enterprise Desktop 11-SP3 :

zypper in -t patch sledsp3-glibc-12042=1

SUSE Linux Enterprise Debuginfo 11-SP4 :

zypper in -t patch dbgsp4-glibc-12042=1

SUSE Linux Enterprise Debuginfo 11-SP3 :

zypper in -t patch dbgsp3-glibc-12042=1

To bring your system up-to-date, use 'zypper patch'.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVSS Temporal Score : 3.8
(CVSS2#E:U/RL:ND/RC:UC)
Public Exploit Available : false

This script is Copyright (C) 2015 Tenable Network Security, Inc.

Scientific Linux Security Update : nss on SL5.x i386/x86_64


Synopsis:

The remote Scientific Linux host is missing one or more security
updates.

Description:

It was found that NSS permitted skipping of the ServerKeyExchange
packet during a handshake involving ECDHE (Elliptic Curve
Diffie-Hellman key Exchange). A remote attacker could use this flaw to
bypass the forward- secrecy of a TLS/SSL connection. (CVE-2015-2721)

A flaw was found in the way NSS verified certain ECDSA (Elliptic Curve
Digital Signature Algorithm) signatures. Under certain conditions, an
attacker could use this flaw to conduct signature forgery attacks.
(CVE-2015-2730)

The nss packages have been upgraded to upstream version 3.19.1, which
provides a number of bug fixes and enhancements over the previous
version.

See also :

http://www.nessus.org/u?7fcb6323

Solution :

Update the affected packages.

Risk factor :

Medium / CVSS Base Score : 4.3
(CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N)

This script is Copyright (C) 2015 Tenable Network Security, Inc.