Newest Plugins

Citrix NetScaler Multiple Vulnerabilities (CTX140863)


Synopsis:

The remote device is affected by multiple vulnerabilities.

Description:

The remote Citrix NetScaler version is affected by multiple
vulnerabilities :

- A reflected cross-site-scripting in the administration
user interface. (CVE-2014-4346)

- A cookie information disclosure vulnerability.
(CVE-2014-4347)

See also :

http://support.citrix.com/article/CTX140863

Solution :

Upgrade to Citrix NetScaler 10.1-126.12 or 9.3-62.4 or later.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)
CVSS Temporal Score : 3.9
(CVSS2#E:POC/RL:OF/RC:C)
Public Exploit Available : true

This script is Copyright (C) 2014 Tenable Network Security, Inc.

phpMyAdmin 4.0.x < 4.0.10.1 / 4.1.x < 4.1.14.2 / 4.2.x < 4.2.6 Multiple Vulnerabilities (PMASA-2014-4 - PMASA-2014-7)


Synopsis:

The remote web server hosts a PHP application that is affected by
multiple vulnerabilities.

Description:

According to its self-reported version number, the phpMyAdmin install
hosted on the remote web server is 4.0.x prior to 4.0.10.1, 4.1.x
prior to 4.1.14.2, or 4.2.x prior to 4.2.6. It is, therefore, affected
by the following vulnerabilities :

- The 'TABLE_COMMENT' parameter input is not being
validated in the script 'libraries/structure.lib.php'
and could allow cross-site scripting attacks. Note that
this issue affects the 4.2.x branch. (CVE-2014-4954)

- The 'trigger' parameter input is not being validated in
the script 'libraries/rte/rte_list.lib.php' and could
allow cross-site scripting attacks. (CVE-2014-4955)

- The 'table' and 'curr_column_name' parameter inputs are
not being validated in the scripts 'js/functions.js'
and 'js/tbl_structure.js' respectively and could allow
cross-site scripting attacks. (CVE-2014-4986)

- The script 'server_user_groups.php' contains an error
that could allow a remote attacker to obtain the MySQL
user list and possibly make changes to the application
display. Note this issue only affects the 4.1.x and
4.2.x branches. (CVE-2014-4987)

Note that Nessus has not tested for these issues, but has instead
relied only on the application's self-reported version number.

See also :

http://www.nessus.org/u?545bac7a
http://www.phpmyadmin.net/home_page/security/PMASA-2014-4.php
http://www.phpmyadmin.net/home_page/security/PMASA-2014-5.php
http://www.phpmyadmin.net/home_page/security/PMASA-2014-6.php
http://www.phpmyadmin.net/home_page/security/PMASA-2014-7.php
http://www.nessus.org/u?91815216
http://www.nessus.org/u?8cdbf2d1
http://www.nessus.org/u?1aafba98
http://www.nessus.org/u?67967469
http://www.nessus.org/u?c3bfc267
http://www.nessus.org/u?97997036
http://www.nessus.org/u?79fdaa0b
http://www.nessus.org/u?7abe0a00
http://www.nessus.org/u?55cf9587

Solution :

Either upgrade to phpMyAdmin 4.0.10.1 / 4.1.14.2 / 4.2.6 or later, or
apply the patches from the referenced links.

Risk factor :

Medium / CVSS Base Score : 5.5
(CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:N)
CVSS Temporal Score : 4.8
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Apache 2.4.6 Remote DoS


Synopsis:

The remote web server is affected by a denial of service
vulnerability.

Description:

According to its banner, the version of Apache 2.4 installed on the
remote host is version 2.4.6. It is, therefore, affected by a flaw in
the mod_cache module involving a NULL pointer dereference. An attacker
may be able to specially craft a request designed to cause a denial of
service.

Note that Nessus has not tested for this issue, but has instead relied
only on the application's self-reported version number.

See also :

http://httpd.apache.org/security/vulnerabilities_24.html

Solution :

Either ensure that the affected module is not in use or upgrade to
Apache version 2.4.7 or later.

Risk factor :

Medium / CVSS Base Score : 4.3
(CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P)
CVSS Temporal Score : 3.7
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

This script is Copyright (C) 2014 Tenable Network Security, Inc.

HP StoreVirtual 4000 and StoreVirtual VSA Software < 11.5 Multiple Vulnerabilities


Synopsis:

The remote host is affected by an information disclosure vulnerability
and a privilege elevation vulnerability.

Description:

The remote HP storage system, running HP StoreVirtual 4000 Storage and
StoreVirtual VSA, with a version between 9.5 and 11.5 is affected by
the following vulnerabilities :

- There is an unspecified flaw that may allow an
attacker to obtain potentially sensitive information
via an unspecified information disclosure
vulnerability. (CVE-2014-2605)

- There is an unspecified flaw that may allow an
attacker to gain elevated privileges via an
unspecified privilege elevation vulnerability.
(CVE-2014-2606)

See also :

http://www.nessus.org/u?7ae79afd

Solution :

Upgrade to HP StoreVirtual 4000 Storage and StoreVirtual VSA 11.5 or
higher.

Risk factor :

High / CVSS Base Score : 9.0
(CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C)
CVSS Temporal Score : 7.8
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

This script is Copyright (C) 2014 Tenable Network Security, Inc.

openSUSE Security Update : openSUSE-2014- (openSUSE-2014--1)


Synopsis:

The remote openSUSE host is missing a security update.

Description:

MozillaFirefox was updated to version 31 to fix various security
issues and bugs :

- MFSA 2014-56/CVE-2014-1547/CVE-2014-1548 Miscellaneous
memory safety hazards

- MFSA 2014-57/CVE-2014-1549 (bmo#1020205) Buffer overflow
during Web Audio buffering for playback

- MFSA 2014-58/CVE-2014-1550 (bmo#1020411) Use-after-free
in Web Audio due to incorrect control message ordering

- MFSA 2014-60/CVE-2014-1561 (bmo#1000514, bmo#910375)
Toolbar dialog customization event spoofing

- MFSA 2014-61/CVE-2014-1555 (bmo#1023121) Use-after-free
with FireOnStateChange event

- MFSA 2014-62/CVE-2014-1556 (bmo#1028891) Exploitable
WebGL crash with Cesium JavaScript library

- MFSA 2014-63/CVE-2014-1544 (bmo#963150) Use-after-free
while when manipulating certificates in the trusted
cache (solved with NSS 3.16.2 requirement)

- MFSA 2014-64/CVE-2014-1557 (bmo#913805) Crash in Skia
library when scaling high quality images

- MFSA 2014-65/CVE-2014-1558/CVE-2014-1559/CVE-2014-1560
(bmo#1015973, bmo#1026022, bmo#997795) Certificate
parsing broken by non-standard character encoding

- MFSA 2014-66/CVE-2014-1552 (bmo#985135) IFRAME sandbox
same-origin access through redirect

Mozilla-nss was updated to 3.16.3: New Functions :

- CERT_GetGeneralNameTypeFromString (This function was
already added in NSS 3.16.2, however, it wasn't declared
in a public header file.) Notable Changes :

- The following 1024-bit CA certificates were removed

- Entrust.net Secure Server Certification Authority

- GTE CyberTrust Global Root

- ValiCert Class 1 Policy Validation Authority

- ValiCert Class 2 Policy Validation Authority

- ValiCert Class 3 Policy Validation Authority

- Additionally, the following CA certificate was removed
as requested by the CA :

- TDC Internet Root CA

- The following CA certificates were added :

- Certification Authority of WoSign

- CA 沃






- DigiCert Assured ID Root G2

- DigiCert Assured ID Root G3

- DigiCert Global Root G2

- DigiCert Global Root G3

- DigiCert Trusted Root G4

- QuoVadis Root CA 1 G3

- QuoVadis Root CA 2 G3

- QuoVadis Root CA 3 G3

- The Trust Bits were changed for the following CA
certificates

- Class 3 Public Primary Certification Authority

- Class 3 Public Primary Certification Authority

- Class 2 Public Primary Certification Authority - G2

- VeriSign Class 2 Public Primary Certification Authority
- G3

- AC Raí
z Certicá
mara S.A.

- NetLock Uzleti (Class B) Tanusitvanykiado

- NetLock Expressz (Class C) Tanusitvanykiado changes in
3.16.2 New functionality :

- DTLS 1.2 is supported.

- The TLS application layer protocol negotiation (ALPN)
extension is also supported on the server side.

- RSA-OEAP is supported. Use the new PK11_PrivDecrypt and
PK11_PubEncrypt functions with the CKM_RSA_PKCS_OAEP
mechanism.

- New Intel AES assembly code for 32-bit and 64-bit
Windows, contributed by Shay Gueron and Vlad Krasnov of
Intel. Notable Changes :

- The btoa command has a new command-line option -w
suffix, which causes the output to be wrapped in
BEGIN/END lines with the given suffix

- The certutil commands supports additionals types of
subject alt name extensions.

- The certutil command supports generic certificate
extensions, by loading binary data from files, which
have been prepared using external tools, or which have
been extracted from other existing certificates and
dumped to file.

- The certutil command supports three new certificate
usage specifiers.

- The pp command supports printing UTF-8 (-u).

- On Linux, NSS is built with the -ffunction-sections
-fdata-sections compiler flags and the --gc-sections
linker flag to allow unused functions to be discarded.
changes in 3.16.1 New functionality :

- Added the 'ECC' flag for modutil to select the module
used for elliptic curve cryptography (ECC) operations.
New Macros

- PUBLIC_MECH_ECC_FLAG a public mechanism flag for
elliptic curve cryptography (ECC) operations

- SECMOD_ECC_FLAG an NSS-internal mechanism flag for
elliptic curve cryptography (ECC) operations. This macro
has the same numeric value as PUBLIC_MECH_ECC_FLAG.
Notable Changes :

- Imposed name constraints on the French government root
CA ANSSI (DCISS).

See also :

https://bugzilla.novell.com/show_bug.cgi?id=887746

Solution :

Update the affected openSUSE-2014- packages.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

This script is Copyright (C) 2014 Tenable Network Security, Inc.

openSUSE Security Update : openSUSE-2014- (openSUSE-2014--1)


Synopsis:

The remote openSUSE host is missing a security update.

Description:

MozillaFirefox was updated to version 31 to fix various security
issues and bugs :

- MFSA 2014-56/CVE-2014-1547/CVE-2014-1548 Miscellaneous
memory safety hazards

- MFSA 2014-57/CVE-2014-1549 (bmo#1020205) Buffer overflow
during Web Audio buffering for playback

- MFSA 2014-58/CVE-2014-1550 (bmo#1020411) Use-after-free
in Web Audio due to incorrect control message ordering

- MFSA 2014-60/CVE-2014-1561 (bmo#1000514, bmo#910375)
Toolbar dialog customization event spoofing

- MFSA 2014-61/CVE-2014-1555 (bmo#1023121) Use-after-free
with FireOnStateChange event

- MFSA 2014-62/CVE-2014-1556 (bmo#1028891) Exploitable
WebGL crash with Cesium JavaScript library

- MFSA 2014-63/CVE-2014-1544 (bmo#963150) Use-after-free
while when manipulating certificates in the trusted
cache (solved with NSS 3.16.2 requirement)

- MFSA 2014-64/CVE-2014-1557 (bmo#913805) Crash in Skia
library when scaling high quality images

- MFSA 2014-65/CVE-2014-1558/CVE-2014-1559/CVE-2014-1560
(bmo#1015973, bmo#1026022, bmo#997795) Certificate
parsing broken by non-standard character encoding

- MFSA 2014-66/CVE-2014-1552 (bmo#985135) IFRAME sandbox
same-origin access through redirect

Mozilla-nss was updated to 3.16.3: New Functions :

- CERT_GetGeneralNameTypeFromString (This function was
already added in NSS 3.16.2, however, it wasn't declared
in a public header file.) Notable Changes :

- The following 1024-bit CA certificates were removed

- Entrust.net Secure Server Certification Authority

- GTE CyberTrust Global Root

- ValiCert Class 1 Policy Validation Authority

- ValiCert Class 2 Policy Validation Authority

- ValiCert Class 3 Policy Validation Authority

- Additionally, the following CA certificate was removed
as requested by the CA :

- TDC Internet Root CA

- The following CA certificates were added :

- Certification Authority of WoSign

- CA 沃






- DigiCert Assured ID Root G2

- DigiCert Assured ID Root G3

- DigiCert Global Root G2

- DigiCert Global Root G3

- DigiCert Trusted Root G4

- QuoVadis Root CA 1 G3

- QuoVadis Root CA 2 G3

- QuoVadis Root CA 3 G3

- The Trust Bits were changed for the following CA
certificates

- Class 3 Public Primary Certification Authority

- Class 3 Public Primary Certification Authority

- Class 2 Public Primary Certification Authority - G2

- VeriSign Class 2 Public Primary Certification Authority
- G3

- AC Raí
z Certicá
mara S.A.

- NetLock Uzleti (Class B) Tanusitvanykiado

- NetLock Expressz (Class C) Tanusitvanykiado changes in
3.16.2 New functionality :

- DTLS 1.2 is supported.

- The TLS application layer protocol negotiation (ALPN)
extension is also supported on the server side.

- RSA-OEAP is supported. Use the new PK11_PrivDecrypt and
PK11_PubEncrypt functions with the CKM_RSA_PKCS_OAEP
mechanism.

- New Intel AES assembly code for 32-bit and 64-bit
Windows, contributed by Shay Gueron and Vlad Krasnov of
Intel. Notable Changes :

- The btoa command has a new command-line option -w
suffix, which causes the output to be wrapped in
BEGIN/END lines with the given suffix

- The certutil commands supports additionals types of
subject alt name extensions.

- The certutil command supports generic certificate
extensions, by loading binary data from files, which
have been prepared using external tools, or which have
been extracted from other existing certificates and
dumped to file.

- The certutil command supports three new certificate
usage specifiers.

- The pp command supports printing UTF-8 (-u).

- On Linux, NSS is built with the -ffunction-sections
-fdata-sections compiler flags and the --gc-sections
linker flag to allow unused functions to be discarded.
changes in 3.16.1 New functionality :

- Added the 'ECC' flag for modutil to select the module
used for elliptic curve cryptography (ECC) operations.
New Macros

- PUBLIC_MECH_ECC_FLAG a public mechanism flag for
elliptic curve cryptography (ECC) operations

- SECMOD_ECC_FLAG an NSS-internal mechanism flag for
elliptic curve cryptography (ECC) operations. This macro
has the same numeric value as PUBLIC_MECH_ECC_FLAG.
Notable Changes :

- Imposed name constraints on the French government root
CA ANSSI (DCISS).

See also :

https://bugzilla.novell.com/show_bug.cgi?id=887746

Solution :

Update the affected openSUSE-2014- packages.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

This script is Copyright (C) 2014 Tenable Network Security, Inc.

SuSE 11.3 Security Update : ntp (SAT Patch Number 9540)


Synopsis:

The remote SuSE 11 host is missing one or more security updates.

Description:

The NTP time service could have been used for remote denial of service
amplification attacks.

This issue can be fixed by the administrator as we described in our
security advisory SUSE-SA:2014:001:
http://lists.opensuse.org/opensuse-security-announce/2014-01/msg00005.
html

and on

http://support.novell.com/security/cve/CVE-2013-5211.html

This update now also replaces the default ntp.conf template to fix
this problem.

Please note that if you have touched or modified ntp.conf yourself, it
will not be automatically fixed, you need to merge the changes
manually as described.

Additionally the following bug has been fixed :

- ntp start script does not update the
/var/lib/ntp/etc/localtime file if /etc/localtime is a
symlink (bnc#838458)

See also :

https://bugzilla.novell.com/show_bug.cgi?id=838458
https://bugzilla.novell.com/show_bug.cgi?id=857195
http://support.novell.com/security/cve/CVE-2013-5211.html

Solution :

Apply SAT patch number 9540.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
Public Exploit Available : true

This script is Copyright (C) 2014 Tenable Network Security, Inc.

SuSE 11.3 Security Update : PHP 5.3 (SAT Patch Number 9537)


Synopsis:

The remote SuSE 11 host is missing one or more security updates.

Description:

PHP 5.3 has been updated to fix several security problems :

- The SPL component in PHP incorrectly anticipated that
certain data structures will have the array data type
after unserialization, which allowed remote attackers to
execute arbitrary code via a crafted string that
triggers use of a Hashtable destructor, related to 'type
confusion' issues in (1) ArrayObject and (2)
SPLObjectStorage. (CVE-2014-3515)

- The cdf_read_short_sector function in cdf.c in file
before 5.19, as used in the Fileinfo component in PHP
allowed remote attackers to cause a denial of service
(assertion failure and application exit) via a crafted
CDF file. (CVE-2014-0207)

- Buffer overflow in the mconvert function in softmagic.c
in file before 5.19, as used in the Fileinfo component
in PHP allowed remote attackers to cause a denial of
service (application crash) via a crafted Pascal string
in a FILE_PSTRING conversion. (CVE-2014-3478)

- The cdf_check_stream_offset function in cdf.c in file
before 5.19, as used in the Fileinfo component in PHP
relied on incorrect sector-size data, which allowed
remote attackers to cause a denial of service
(application crash) via a crafted stream offset in a CDF
file. (CVE-2014-3479)

- The cdf_count_chain function in cdf.c in file before
5.19, as used in the Fileinfo component in PHP did not
properly validate sector-count data, which allowed
remote attackers to cause a denial of service
(application crash) via a crafted CDF file.
(CVE-2014-3480)

- The cdf_read_property_info function in file before 5.19,
as used in the Fileinfo component in PHP did not
properly validate a stream offset, which allowed remote
attackers to cause a denial of service (application
crash) via a crafted CDF file. (CVE-2014-3487)

- Use-after-free vulnerability in ext/spl/spl_dllist.c in
the SPL component in PHP allowed context-dependent
attackers to cause a denial of service or possibly have
unspecified other impact via crafted iterator usage
within applications in certain web-hosting environments.
(CVE-2014-4670)

- Use-after-free vulnerability in ext/spl/spl_array.c in
the SPL component in PHP allowed context-dependent
attackers to cause a denial of service or possibly have
unspecified other impact via crafted ArrayIterator usage
within applications in certain web-hosting environments.
(CVE-2014-4698)

- The phpinfo implementation in ext/standard/info.c in PHP
did not ensure use of the string data type for the
PHP_AUTH_PW, PHP_AUTH_TYPE, PHP_AUTH_USER, and PHP_SELF
variables, which might allow context-dependent attackers
to obtain sensitive information from process memory by
using the integer data type with crafted values, related
to a 'type confusion' vulnerability, as demonstrated by
reading a private SSL key in an Apache HTTP Server
web-hosting environment with mod_ssl and a PHP 5.3.x
mod_php. (CVE-2014-4721)

See also :

https://bugzilla.novell.com/show_bug.cgi?id=884986
https://bugzilla.novell.com/show_bug.cgi?id=884987
https://bugzilla.novell.com/show_bug.cgi?id=884989
https://bugzilla.novell.com/show_bug.cgi?id=884990
https://bugzilla.novell.com/show_bug.cgi?id=884991
https://bugzilla.novell.com/show_bug.cgi?id=884992
https://bugzilla.novell.com/show_bug.cgi?id=885961
https://bugzilla.novell.com/show_bug.cgi?id=886059
https://bugzilla.novell.com/show_bug.cgi?id=886060
http://support.novell.com/security/cve/CVE-2014-0207.html
http://support.novell.com/security/cve/CVE-2014-3478.html
http://support.novell.com/security/cve/CVE-2014-3479.html
http://support.novell.com/security/cve/CVE-2014-3480.html
http://support.novell.com/security/cve/CVE-2014-3487.html
http://support.novell.com/security/cve/CVE-2014-3515.html
http://support.novell.com/security/cve/CVE-2014-4670.html
http://support.novell.com/security/cve/CVE-2014-4698.html
http://support.novell.com/security/cve/CVE-2014-4721.html

Solution :

Apply SAT patch number 9537.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)

This script is Copyright (C) 2014 Tenable Network Security, Inc.

RHEL 6 : kernel (RHSA-2014:0981)


Synopsis:

The remote Red Hat host is missing one or more security updates.

Description:

Updated kernel packages that fix multiple security issues, several
bugs, and add one enhancement are now available for Red Hat Enterprise
Linux 6.

The Red Hat Security Response Team has rated this update as having
Important security impact. Common Vulnerability Scoring System (CVSS)
base scores, which give detailed severity ratings, are available for
each vulnerability from the CVE links in the References section.

The kernel packages contain the Linux kernel, the core of any Linux
operating system.

* A use-after-free flaw was found in the way the ping_init_sock()
function of the Linux kernel handled the group_info reference counter.
A local, unprivileged user could use this flaw to crash the system or,
potentially, escalate their privileges on the system. (CVE-2014-2851,
Important)

* A NULL pointer dereference flaw was found in the way the
futex_wait_requeue_pi() function of the Linux kernel's futex subsystem
handled the requeuing of certain Priority Inheritance (PI) futexes. A
local, unprivileged user could use this flaw to crash the system.
(CVE-2012-6647, Moderate)

* A NULL pointer dereference flaw was found in the
rds_ib_laddr_check() function in the Linux kernel's implementation of
Reliable Datagram Sockets (RDS). A local, unprivileged user could use
this flaw to crash the system. (CVE-2013-7339, Moderate)

* It was found that a remote attacker could use a race condition flaw
in the ath_tx_aggr_sleep() function to crash the system by creating
large network traffic on the system's Atheros 9k wireless network
adapter. (CVE-2014-2672, Moderate)

* A NULL pointer dereference flaw was found in the
rds_iw_laddr_check() function in the Linux kernel's implementation of
Reliable Datagram Sockets (RDS). A local, unprivileged user could use
this flaw to crash the system. (CVE-2014-2678, Moderate)

* A race condition flaw was found in the way the Linux kernel's
mac80211 subsystem implementation handled synchronization between TX
and STA wake-up code paths. A remote attacker could use this flaw to
crash the system. (CVE-2014-2706, Moderate)

* An out-of-bounds memory access flaw was found in the Netlink
Attribute extension of the Berkeley Packet Filter (BPF) interpreter
functionality in the Linux kernel's networking implementation. A
local, unprivileged user could use this flaw to crash the system or
leak kernel memory to user space via a specially crafted socket
filter. (CVE-2014-3144, CVE-2014-3145, Moderate)

This update also fixes several bugs and adds one enhancement.
Documentation for these changes will be available shortly from the
Technical Notes document linked to in the References section.

All kernel users are advised to upgrade to these updated packages,
which contain backported patches to correct these issues and add this
enhancement. The system must be rebooted for this update to take
effect.

See also :

https://www.redhat.com/security/data/cve/CVE-2012-6647.html
https://www.redhat.com/security/data/cve/CVE-2013-7339.html
https://www.redhat.com/security/data/cve/CVE-2014-2672.html
https://www.redhat.com/security/data/cve/CVE-2014-2678.html
https://www.redhat.com/security/data/cve/CVE-2014-2706.html
https://www.redhat.com/security/data/cve/CVE-2014-2851.html
https://www.redhat.com/security/data/cve/CVE-2014-3144.html
https://www.redhat.com/security/data/cve/CVE-2014-3145.html
http://www.nessus.org/u?cfcf474c
http://rhn.redhat.com/errata/RHSA-2014-0981.html

Solution :

Update the affected packages.

Risk factor :

High / CVSS Base Score : 7.1
(CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C)

This script is Copyright (C) 2014 Tenable Network Security, Inc.

RHEL 7 : qemu-kvm (RHSA-2014:0927)


Synopsis:

The remote Red Hat host is missing one or more security updates.

Description:

Updated qemu-kvm packages that fix multiple security issues and
various bugs are now available for Red Hat Enterprise Linux 7.

The Red Hat Security Response Team has rated this update as having
Moderate security impact. Common Vulnerability Scoring System (CVSS)
base scores, which give detailed severity ratings, are available for
each vulnerability from the CVE links in the References section.

KVM (Kernel-based Virtual Machine) is a full virtualization solution
for Linux on AMD64 and Intel 64 systems. The qemu-kvm package provides
the user-space component for running virtual machines using KVM.

Two integer overflow flaws were found in the QEMU block driver for
QCOW version 1 disk images. A user able to alter the QEMU disk image
files loaded by a guest could use either of these flaws to corrupt
QEMU process memory on the host, which could potentially result in
arbitrary code execution on the host with the privileges of the QEMU
process. (CVE-2014-0222, CVE-2014-0223)

Multiple buffer overflow, input validation, and out-of-bounds write
flaws were found in the way virtio, virtio-net, virtio-scsi, usb, and
hpet drivers of QEMU handled state loading after migration. A user
able to alter the savevm data (either on the disk or over the wire
during migration) could use either of these flaws to corrupt QEMU
process memory on the (destination) host, which could potentially
result in arbitrary code execution on the host with the privileges of
the QEMU process. (CVE-2013-4148, CVE-2013-4149, CVE-2013-4150,
CVE-2013-4151, CVE-2013-4527, CVE-2013-4529, CVE-2013-4535,
CVE-2013-4536, CVE-2013-4541, CVE-2013-4542, CVE-2013-6399,
CVE-2014-0182, CVE-2014-3461)

These issues were discovered by Michael S. Tsirkin, Anthony Liguori
and Michael Roth of Red Hat: CVE-2013-4148, CVE-2013-4149,
CVE-2013-4150, CVE-2013-4151, CVE-2013-4527, CVE-2013-4529,
CVE-2013-4535, CVE-2013-4536, CVE-2013-4541, CVE-2013-4542,
CVE-2013-6399, CVE-2014-0182, and CVE-2014-3461.

This update also fixes the following bugs :

* Previously, QEMU did not free pre-allocated zero clusters correctly
and the clusters under some circumstances leaked. With this update,
pre-allocated zero clusters are freed appropriately and the cluster
leaks no longer occur. (BZ#1110188)

* Prior to this update, the QEMU command interface did not properly
handle resizing of cache memory during guest migration, causing QEMU
to terminate unexpectedly with a segmentation fault and QEMU to fail.
This update fixes the related code and QEMU no longer crashes in the
described situation. (BZ#1110191)

* Previously, when a guest device was hot unplugged, QEMU correctly
removed the corresponding file descriptor watch but did not re-create
it after the device was re-connected. As a consequence, the guest
became unable to receive any data from the host over this device. With
this update, the file descriptor's watch is re-created and the guest
in the above scenario can communicate with the host as expected.
(BZ#1110219)

* Previously, the QEMU migration code did not account for the gaps
caused by hot unplugged devices and thus expected more memory to be
transferred during migrations. As a consequence, guest migration
failed to complete after multiple devices were hot unplugged. In
addition, the migration info text displayed erroneous values for the
'remaining ram' item. With this update, QEMU calculates memory after a
device has been unplugged correctly, and any subsequent guest
migrations proceed as expected. (BZ#1110189)

All qemu-kvm users are advised to upgrade to these updated packages,
which contain backported patches to correct these issues. After
installing this update, shut down all running virtual machines. Once
all virtual machines have shut down, start them again for this update
to take effect.

See also :

https://www.redhat.com/security/data/cve/CVE-2013-4148.html
https://www.redhat.com/security/data/cve/CVE-2013-4149.html
https://www.redhat.com/security/data/cve/CVE-2013-4150.html
https://www.redhat.com/security/data/cve/CVE-2013-4151.html
https://www.redhat.com/security/data/cve/CVE-2013-4527.html
https://www.redhat.com/security/data/cve/CVE-2013-4529.html
https://www.redhat.com/security/data/cve/CVE-2013-4535.html
https://www.redhat.com/security/data/cve/CVE-2013-4536.html
https://www.redhat.com/security/data/cve/CVE-2013-4541.html
https://www.redhat.com/security/data/cve/CVE-2013-4542.html
https://www.redhat.com/security/data/cve/CVE-2013-6399.html
https://www.redhat.com/security/data/cve/CVE-2014-0182.html
https://www.redhat.com/security/data/cve/CVE-2014-0222.html
https://www.redhat.com/security/data/cve/CVE-2014-0223.html
https://www.redhat.com/security/data/cve/CVE-2014-3461.html
http://rhn.redhat.com/errata/RHSA-2014-0927.html

Solution :

Update the affected packages.

Risk factor :

Medium / CVSS Base Score : 4.3
(CVSS2#AV:A/AC:H/Au:N/C:P/I:P/A:P)

This script is Copyright (C) 2014 Tenable Network Security, Inc.

RHEL 7 : kernel (RHSA-2014:0923)


Synopsis:

The remote Red Hat host is missing one or more security updates.

Description:

Updated kernel packages that fix two security issues are now available
for Red Hat Enterprise Linux 7.

The Red Hat Security Response Team has rated this update as having
Important security impact. Common Vulnerability Scoring System (CVSS)
base scores, which give detailed severity ratings, are available for
each vulnerability from the CVE links in the References section.

The kernel packages contain the Linux kernel, the core of any Linux
operating system.

* It was found that the Linux kernel's ptrace subsystem allowed a
traced process' instruction pointer to be set to a non-canonical
memory address without forcing the non-sysret code path when returning
to user space. A local, unprivileged user could use this flaw to crash
the system or, potentially, escalate their privileges on the system.
(CVE-2014-4699, Important)

Note: The CVE-2014-4699 issue only affected systems using an Intel
CPU.

* A flaw was found in the way the pppol2tp_setsockopt() and
pppol2tp_getsockopt() functions in the Linux kernel's PPP over L2TP
implementation handled requests with a non-SOL_PPPOL2TP socket option
level. A local, unprivileged user could use this flaw to escalate
their privileges on the system. (CVE-2014-4943, Important)

Red Hat would like to thank Andy Lutomirski for reporting
CVE-2014-4699, and Sasha Levin for reporting CVE-2014-4943.

All kernel users are advised to upgrade to these updated packages,
which contain backported patches to correct these issues. The system
must be rebooted for this update to take effect.

See also :

https://www.redhat.com/security/data/cve/CVE-2014-4699.html
https://www.redhat.com/security/data/cve/CVE-2014-4943.html
http://rhn.redhat.com/errata/RHSA-2014-0923.html

Solution :

Update the affected packages.

Risk factor :

Medium / CVSS Base Score : 6.9
(CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C)

This script is Copyright (C) 2014 Tenable Network Security, Inc.

RHEL 7 : httpd (RHSA-2014:0921)


Synopsis:

The remote Red Hat host is missing one or more security updates.

Description:

Updated httpd packages that fix multiple security issues are now
available for Red Hat Enterprise Linux 7.

The Red Hat Security Response Team has rated this update as having
Important security impact. Common Vulnerability Scoring System (CVSS)
base scores, which give detailed severity ratings, are available for
each vulnerability from the CVE links in the References section.

The httpd packages provide the Apache HTTP Server, a powerful,
efficient, and extensible web server.

A race condition flaw, leading to heap-based buffer overflows, was
found in the mod_status httpd module. A remote attacker able to access
a status page served by mod_status on a server using a threaded
Multi-Processing Module (MPM) could send a specially crafted request
that would cause the httpd child process to crash or, possibly, allow
the attacker to execute arbitrary code with the privileges of the
'apache' user. (CVE-2014-0226)

A NULL pointer dereference flaw was found in the mod_cache httpd
module. A malicious HTTP server could cause the httpd child process to
crash when the Apache HTTP Server was used as a forward proxy with
caching. (CVE-2013-4352)

A denial of service flaw was found in the mod_proxy httpd module. A
remote attacker could send a specially crafted request to a server
configured as a reverse proxy using a threaded Multi-Processing
Modules (MPM) that would cause the httpd child process to crash.
(CVE-2014-0117)

A denial of service flaw was found in the way httpd's mod_deflate
module handled request body decompression (configured via the
'DEFLATE' input filter). A remote attacker able to send a request
whose body would be decompressed could use this flaw to consume an
excessive amount of system memory and CPU on the target system.
(CVE-2014-0118)

A denial of service flaw was found in the way httpd's mod_cgid module
executed CGI scripts that did not read data from the standard input. A
remote attacker could submit a specially crafted request that would
cause the httpd child process to hang indefinitely. (CVE-2014-0231)

All httpd users are advised to upgrade to these updated packages,
which contain backported patches to correct these issues. After
installing the updated packages, the httpd daemon will be restarted
automatically.

See also :

https://www.redhat.com/security/data/cve/CVE-2013-4352.html
https://www.redhat.com/security/data/cve/CVE-2014-0117.html
https://www.redhat.com/security/data/cve/CVE-2014-0118.html
https://www.redhat.com/security/data/cve/CVE-2014-0226.html
https://www.redhat.com/security/data/cve/CVE-2014-0231.html
http://rhn.redhat.com/errata/RHSA-2014-0921.html

Solution :

Update the affected packages.

Risk factor :

Medium / CVSS Base Score : 6.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)

This script is Copyright (C) 2014 Tenable Network Security, Inc.

RHEL 7 : libvirt (RHSA-2014:0914)


Synopsis:

The remote Red Hat host is missing one or more security updates.

Description:

Updated libvirt packages that fix one security issue and three bugs
are now available for Red Hat Enterprise Linux 7.

The Red Hat Security Response Team has rated this update as having
Moderate security impact. A Common Vulnerability Scoring System (CVSS)
base score, which gives a detailed severity rating, is available from
the CVE link in the References section.

The libvirt library is a C API for managing and interacting with the
virtualization capabilities of Linux and other operating systems. In
addition, libvirt provides tools for remote management of virtualized
systems.

It was found that libvirt passes the XML_PARSE_NOENT flag when parsing
XML documents using the libxml2 library, in which case all XML
entities in the parsed documents are expanded. A user able to force
libvirtd to parse an XML document with an entity pointing to a file
could use this flaw to read the contents of that file
parsing an XML
document with an entity pointing to a special file that blocks on read
access could cause libvirtd to hang indefinitely, resulting in a
denial of service on the system. (CVE-2014-0179)

Red Hat would like to thank the upstream Libvirt project for reporting
this issue. Upstream acknowledges Daniel P. Berrange and Richard Jones
as the original reporters.

This update also fixes the following bugs :

* A previous update of the libvirt package introduced an error
a
SIG_SETMASK argument was incorrectly replaced by a SIG_BLOCK argument
after the poll() system call. Consequently, the SIGCHLD signal could
be permanently blocked, which caused signal masks to not return to
their original values and defunct processes to be generated. With this
update, the original signal masks are restored and defunct processes
are no longer generated. (BZ#1112689)

* An attempt to start a domain that did not exist caused network
filters to be locked for read-only access. As a consequence, when
trying to gain read-write access, a deadlock occurred. This update
applies a patch to fix this bug and an attempt to start a non-existent
domain no longer causes a deadlock in the described scenario.
(BZ#1112690)

* Previously, the libvirtd daemon was binding only to addresses that
were configured on certain network interfaces. When libvirtd started
before the IPv4 addresses had been configured, libvirtd listened only
on the IPv6 addresses. The daemon has been modified to not require an
address to be configured when binding to a wildcard address, such as
'0.0.0.0' or '::'. As a result, libvirtd binds to both IPv4 and IPv6
addresses as expected. (BZ#1112692)

Users of libvirt are advised to upgrade to these updated packages,
which fix these bugs. After installing the updated packages, libvirtd
will be restarted automatically.

See also :

https://www.redhat.com/security/data/cve/CVE-2014-0179.html
http://rhn.redhat.com/errata/RHSA-2014-0914.html

Solution :

Update the affected packages.

Risk factor :

Low / CVSS Base Score : 3.3
(CVSS2#AV:A/AC:L/Au:N/C:N/I:N/A:P)

This script is Copyright (C) 2014 Tenable Network Security, Inc.

RHEL 7 : samba (RHSA-2014:0867)


Synopsis:

The remote Red Hat host is missing one or more security updates.

Description:

Updated samba packages that fix three security issues are now
available for Red Hat Enterprise Linux 7.

The Red Hat Security Response Team has rated this update as having
Moderate security impact. Common Vulnerability Scoring System (CVSS)
base scores, which give detailed severity ratings, are available for
each vulnerability from the CVE links in the References section.

Samba is an open source implementation of the Server Message Block
(SMB) or Common Internet File System (CIFS) protocol, which allows
PC-compatible machines to share files, printers, and other
information.

A denial of service flaw was found in the way the sys_recvfile()
function of nmbd, the NetBIOS message block daemon, processed
non-blocking sockets. An attacker could send a specially crafted
packet that, when processed, would cause nmbd to enter an infinite
loop and consume an excessive amount of CPU time. (CVE-2014-0244)

A flaw was found in the way Samba created responses for certain
authenticated client requests when a shadow-copy VFS module was
enabled. An attacker able to send an authenticated request could use
this flaw to disclose limited portions of memory per each request.
(CVE-2014-0178)

It was discovered that smbd, the Samba file server daemon, did not
properly handle certain files that were stored on the disk and used a
valid Unicode character in the file name. An attacker able to send an
authenticated non-Unicode request that attempted to read such a file
could cause smbd to crash. (CVE-2014-3493)

Red Hat would like to thank Daniel Berteaud of FIREWALL-SERVICES SARL
for reporting CVE-2014-0244, and the Samba project for reporting
CVE-2014-0178 and CVE-2014-3493. The Samba project acknowledges
Christof Schmitt as the original reporter of CVE-2014-0178, and Simon
Arlott as the original reporter of CVE-2014-3493.

All Samba users are advised to upgrade to these updated packages,
which contain backported patches to correct these issues. After
installing this update, the smb service will be restarted
automatically.

See also :

https://www.redhat.com/security/data/cve/CVE-2014-0178.html
https://www.redhat.com/security/data/cve/CVE-2014-0244.html
https://www.redhat.com/security/data/cve/CVE-2014-3493.html
https://www.samba.org/samba/security/CVE-2014-0244
https://www.samba.org/samba/security/CVE-2014-0178
https://www.samba.org/samba/security/CVE-2014-3493
http://rhn.redhat.com/errata/RHSA-2014-0867.html

Solution :

Update the affected packages.

Risk factor :

Low / CVSS Base Score : 3.5
(CVSS2#AV:N/AC:M/Au:S/C:P/I:N/A:N)
CVSS Temporal Score : 3.0
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

This script is Copyright (C) 2014 Tenable Network Security, Inc.

RHEL 7 : tomcat (RHSA-2014:0827)


Synopsis:

The remote Red Hat host is missing one or more security updates.

Description:

Updated tomcat packages that fix three security issues are now
available for Red Hat Enterprise Linux 7.

The Red Hat Security Response Team has rated this update as having
Moderate security impact. Common Vulnerability Scoring System (CVSS)
base scores, which give detailed severity ratings, are available for
each vulnerability from the CVE links in the References section.

Apache Tomcat is a servlet container for the Java Servlet and
JavaServer Pages (JSP) technologies.

It was discovered that Apache Tomcat did not limit the length of chunk
sizes when using chunked transfer encoding. A remote attacker could
use this flaw to perform a denial of service attack against Tomcat by
streaming an unlimited quantity of data, leading to excessive
consumption of server resources. (CVE-2014-0075)

It was found that Apache Tomcat did not check for overflowing values
when parsing request content length headers. A remote attacker could
use this flaw to perform an HTTP request smuggling attack on a Tomcat
server located behind a reverse proxy that processed the content
length header correctly. (CVE-2014-0099)

It was found that the org.apache.catalina.servlets.DefaultServlet
implementation in Apache Tomcat allowed the definition of XML External
Entities (XXEs) in provided XSLTs. A malicious application could use
this to circumvent intended security restrictions to disclose
sensitive information. (CVE-2014-0096)

The CVE-2014-0075 issue was discovered by David Jorm of Red Hat
Product Security.

All Tomcat 7 users are advised to upgrade to these updated packages,
which contain backported patches to correct these issues. Tomcat must
be restarted for this update to take effect.

See also :

https://www.redhat.com/security/data/cve/CVE-2014-0075.html
https://www.redhat.com/security/data/cve/CVE-2014-0096.html
https://www.redhat.com/security/data/cve/CVE-2014-0099.html
http://tomcat.apache.org/security-7.html
http://rhn.redhat.com/errata/RHSA-2014-0827.html

Solution :

Update the affected packages.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVSS Temporal Score : 4.3
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

This script is Copyright (C) 2014 Tenable Network Security, Inc.

RHEL 7 : kernel (RHSA-2014:0786)


Synopsis:

The remote Red Hat host is missing one or more security updates.

Description:

Updated kernel packages that fix multiple security issues, several
bugs, and add various enhancements are now available for Red Hat
Enterprise Linux 7.

The Red Hat Security Response Team has rated this update as having
Important security impact. Common Vulnerability Scoring System (CVSS)
base scores, which give detailed severity ratings, are available for
each vulnerability from the CVE links in the References section.

The kernel packages contain the Linux kernel, the core of any Linux
operating system.

* A flaw was found in the way the Linux kernel's futex subsystem
handled the requeuing of certain Priority Inheritance (PI) futexes. A
local, unprivileged user could use this flaw to escalate their
privileges on the system. (CVE-2014-3153, Important)

* A use-after-free flaw was found in the way the ping_init_sock()
function of the Linux kernel handled the group_info reference counter.
A local, unprivileged user could use this flaw to crash the system or,
potentially, escalate their privileges on the system. (CVE-2014-2851,
Important)

* Use-after-free and information leak flaws were found in the way the
Linux kernel's floppy driver processed the FDRAWCMD IOCTL command. A
local user with write access to /dev/fdX could use these flaws to
escalate their privileges on the system. (CVE-2014-1737,
CVE-2014-1738, Important)

* It was found that the aio_read_events_ring() function of the Linux
kernel's Asynchronous I/O (AIO) subsystem did not properly sanitize
the AIO ring head received from user space. A local, unprivileged user
could use this flaw to disclose random parts of the (physical) memory
belonging to the kernel and/or other processes. (CVE-2014-0206,
Moderate)

* An out-of-bounds memory access flaw was found in the Netlink
Attribute extension of the Berkeley Packet Filter (BPF) interpreter
functionality in the Linux kernel's networking implementation. A
local, unprivileged user could use this flaw to crash the system or
leak kernel memory to user space via a specially crafted socket
filter. (CVE-2014-3144, CVE-2014-3145, Moderate)

* An information leak flaw was found in the way the skb_zerocopy()
function copied socket buffers (skb) that are backed by user-space
buffers (for example vhost-net and Xen netback), potentially allowing
an attacker to read data from those buffers. (CVE-2014-2568, Low)

Red Hat would like to thank Kees Cook of Google for reporting
CVE-2014-3153 and Matthew Daley for reporting CVE-2014-1737 and
CVE-2014-1738. Google acknowledges Pinkie Pie as the original reporter
of CVE-2014-3153. The CVE-2014-0206 issue was discovered by Mateusz
Guzik of Red Hat.

This update also fixes the following bugs :

* Due to incorrect calculation of Tx statistics in the qlcninc driver,
running the 'ethtool -S ethX' command could trigger memory corruption.
As a consequence, running the sosreport tool, that uses this command,
resulted in a kernel panic. The problem has been fixed by correcting
the said statistics calculation. (BZ#1104972)

* When an attempt to create a file on the GFS2 file system failed due
to a file system quota violation, the relevant VFS inode was not
completely uninitialized. This could result in a list corruption
error. This update resolves this problem by correctly uninitializing
the VFS inode in this situation. (BZ#1097407)

* Due to a race condition in the kernel, the getcwd() system call
could return '/' instead of the correct full path name when querying a
path name of a file or directory. Paths returned in the '/proc' file
system could also be incorrect. This problem was causing instability
of various applications. The aforementioned race condition has been
fixed and getcwd() now always returns the correct paths. (BZ#1099048)

In addition, this update adds the following enhancements :

* The kernel mutex code has been improved. The changes include
improved queuing of the MCS spin locks, the MCS code optimization,
introduction of the cancellable MCS spin locks, and improved handling
of mutexes without wait locks. (BZ#1103631, BZ#1103629)

* The handling of the Virtual Memory Area (VMA) cache and huge page
faults has been improved. (BZ#1103630)

All kernel users are advised to upgrade to these updated packages,
which contain backported patches to correct these issues and add these
enhancements. The system must be rebooted for this update to take
effect.

See also :

https://www.redhat.com/security/data/cve/CVE-2014-0206.html
https://www.redhat.com/security/data/cve/CVE-2014-1737.html
https://www.redhat.com/security/data/cve/CVE-2014-1738.html
https://www.redhat.com/security/data/cve/CVE-2014-2568.html
https://www.redhat.com/security/data/cve/CVE-2014-2851.html
https://www.redhat.com/security/data/cve/CVE-2014-3144.html
https://www.redhat.com/security/data/cve/CVE-2014-3145.html
https://www.redhat.com/security/data/cve/CVE-2014-3153.html
http://rhn.redhat.com/errata/RHSA-2014-0786.html

Solution :

Update the affected packages.

Risk factor :

High / CVSS Base Score : 7.2
(CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 6.3
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

This script is Copyright (C) 2014 Tenable Network Security, Inc.

RHEL 7 : java-1.7.1-ibm (RHSA-2014:0705)


Synopsis:

The remote Red Hat host is missing one or more security updates.

Description:

Updated java-1.7.1-ibm packages that fix several security issues are
now available for Red Hat Enterprise Linux 7 Supplementary.

The Red Hat Security Response Team has rated this update as having
Critical security impact. Common Vulnerability Scoring System (CVSS)
base scores, which give detailed severity ratings, are available for
each vulnerability from the CVE links in the References section.

IBM Java SE version 7 Release 1 includes the IBM Java Runtime
Environment and the IBM Java Software Development Kit.

This update fixes several vulnerabilities in the IBM Java Runtime
Environment and the IBM Java Software Development Kit. Detailed
vulnerability descriptions are linked from the IBM Security alerts
page, listed in the References section. (CVE-2013-5878, CVE-2013-5884,
CVE-2013-5887, CVE-2013-5888, CVE-2013-5889, CVE-2013-5896,
CVE-2013-5898, CVE-2013-5899, CVE-2013-5907, CVE-2013-5910,
CVE-2013-6629, CVE-2013-6954, CVE-2014-0368, CVE-2014-0373,
CVE-2014-0375, CVE-2014-0376, CVE-2014-0387, CVE-2014-0403,
CVE-2014-0410, CVE-2014-0411, CVE-2014-0415, CVE-2014-0416,
CVE-2014-0417, CVE-2014-0422, CVE-2014-0423, CVE-2014-0424,
CVE-2014-0428, CVE-2014-0429, CVE-2014-0446, CVE-2014-0448,
CVE-2014-0449, CVE-2014-0451, CVE-2014-0452, CVE-2014-0453,
CVE-2014-0454, CVE-2014-0455, CVE-2014-0457, CVE-2014-0458,
CVE-2014-0459, CVE-2014-0460, CVE-2014-0461, CVE-2014-1876,
CVE-2014-2398, CVE-2014-2401, CVE-2014-2402, CVE-2014-2409,
CVE-2014-2412, CVE-2014-2414, CVE-2014-2420, CVE-2014-2421,
CVE-2014-2423, CVE-2014-2427, CVE-2014-2428)

All users of java-1.7.1-ibm are advised to upgrade to these updated
packages, containing the IBM Java SE 7R1 SR1 release. All running
instances of IBM Java must be restarted for the update to take effect.

See also :

https://www.redhat.com/security/data/cve/CVE-2013-5878.html
https://www.redhat.com/security/data/cve/CVE-2013-5884.html
https://www.redhat.com/security/data/cve/CVE-2013-5887.html
https://www.redhat.com/security/data/cve/CVE-2013-5888.html
https://www.redhat.com/security/data/cve/CVE-2013-5889.html
https://www.redhat.com/security/data/cve/CVE-2013-5896.html
https://www.redhat.com/security/data/cve/CVE-2013-5898.html
https://www.redhat.com/security/data/cve/CVE-2013-5899.html
https://www.redhat.com/security/data/cve/CVE-2013-5907.html
https://www.redhat.com/security/data/cve/CVE-2013-5910.html
https://www.redhat.com/security/data/cve/CVE-2013-6629.html
https://www.redhat.com/security/data/cve/CVE-2013-6954.html
https://www.redhat.com/security/data/cve/CVE-2014-0368.html
https://www.redhat.com/security/data/cve/CVE-2014-0373.html
https://www.redhat.com/security/data/cve/CVE-2014-0375.html
https://www.redhat.com/security/data/cve/CVE-2014-0376.html
https://www.redhat.com/security/data/cve/CVE-2014-0387.html
https://www.redhat.com/security/data/cve/CVE-2014-0403.html
https://www.redhat.com/security/data/cve/CVE-2014-0410.html
https://www.redhat.com/security/data/cve/CVE-2014-0411.html
https://www.redhat.com/security/data/cve/CVE-2014-0415.html
https://www.redhat.com/security/data/cve/CVE-2014-0416.html
https://www.redhat.com/security/data/cve/CVE-2014-0417.html
https://www.redhat.com/security/data/cve/CVE-2014-0422.html
https://www.redhat.com/security/data/cve/CVE-2014-0423.html
https://www.redhat.com/security/data/cve/CVE-2014-0424.html
https://www.redhat.com/security/data/cve/CVE-2014-0428.html
https://www.redhat.com/security/data/cve/CVE-2014-0429.html
https://www.redhat.com/security/data/cve/CVE-2014-0446.html
https://www.redhat.com/security/data/cve/CVE-2014-0448.html
https://www.redhat.com/security/data/cve/CVE-2014-0449.html
https://www.redhat.com/security/data/cve/CVE-2014-0451.html
https://www.redhat.com/security/data/cve/CVE-2014-0452.html
https://www.redhat.com/security/data/cve/CVE-2014-0453.html
https://www.redhat.com/security/data/cve/CVE-2014-0454.html
https://www.redhat.com/security/data/cve/CVE-2014-0455.html
https://www.redhat.com/security/data/cve/CVE-2014-0457.html
https://www.redhat.com/security/data/cve/CVE-2014-0458.html
https://www.redhat.com/security/data/cve/CVE-2014-0459.html
https://www.redhat.com/security/data/cve/CVE-2014-0460.html
https://www.redhat.com/security/data/cve/CVE-2014-0461.html
https://www.redhat.com/security/data/cve/CVE-2014-0878.html
https://www.redhat.com/security/data/cve/CVE-2014-1876.html
https://www.redhat.com/security/data/cve/CVE-2014-2398.html
https://www.redhat.com/security/data/cve/CVE-2014-2401.html
https://www.redhat.com/security/data/cve/CVE-2014-2402.html
https://www.redhat.com/security/data/cve/CVE-2014-2409.html
https://www.redhat.com/security/data/cve/CVE-2014-2412.html
https://www.redhat.com/security/data/cve/CVE-2014-2414.html
https://www.redhat.com/security/data/cve/CVE-2014-2420.html
https://www.redhat.com/security/data/cve/CVE-2014-2421.html
https://www.redhat.com/security/data/cve/CVE-2014-2423.html
https://www.redhat.com/security/data/cve/CVE-2014-2427.html
https://www.redhat.com/security/data/cve/CVE-2014-2428.html
https://www.ibm.com/developerworks/java/jdk/alerts/
http://rhn.redhat.com/errata/RHSA-2014-0705.html

Solution :

Update the affected packages.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

This script is Copyright (C) 2014 Tenable Network Security, Inc.

RHEL 7 : qemu-kvm (RHSA-2014:0704)


Synopsis:

The remote Red Hat host is missing one or more security updates.

Description:

Updated qemu-kvm packages that fix one security issue and several bugs
are now available for Red Hat Enterprise Linux 7.

The Red Hat Security Response Team has rated this update as having
Moderate security impact. A Common Vulnerability Scoring System (CVSS)
base score, which gives a detailed severity rating, is available from
the CVE link in the References section.

KVM (Kernel-based Virtual Machine) is a full virtualization solution
for Linux on AMD64 and Intel 64 systems. The qemu-kvm packages provide
a user-space component to run virtual machines using KVM.

An out-of-bounds memory access flaw was found in the way QEMU's IDE
device driver handled the execution of SMART EXECUTE OFFLINE commands.
A privileged guest user could use this flaw to corrupt QEMU process
memory on the host, which could potentially result in arbitrary code
execution on the host with the privileges of the QEMU process.
(CVE-2014-2894)

This update also fixes the following bugs :

* Prior to this update, a bug in the migration code caused the
following error on specific machine types: after a Red Hat Enterprise
Linux 6.5 guest was migrated from a Red Hat Enterprise Linux 6.5 host
to a Red Hat Enterprise Linux 7.0 host and then restarted, the boot
failed and the guest automatically restarted. Thus, the guest entered
an endless loop. With this update, the migration code has been fixed
and the Red Hat Enterprise Linux 6.5 guests migrated in the
aforementioned scenario now boot properly. (BZ#1091322)

* Due to a regression bug in the iSCSI driver, the qemu-kvm process
terminated unexpectedly with a segmentation fault when the 'write
same' command was executed in guest mode under the iSCSI protocol.
This update fixes the regression and the 'write same' command now
functions in guest mode under iSCSI as intended. (BZ#1090978)

* Due to a mismatch in interrupt request (IRQ) routing, migration of a
Red Hat Enterprise Linux 6.5 guest from a Red Hat Enterprise Linux 6.5
host to a Red Hat Enterprise Linux 7.0 host could produce a call
trace. This happened if memory ballooning and a Universal Host Control
Interface (UHCI) device were used at the same time on certain machine
types. With this patch, the IRQ routing mismatch has been amended and
the described migration now proceeds as expected. (BZ#1090981)

* Previously, an internal error prevented KVM from executing a CPU hot
plug on a Red Hat Enterprise Linux 7 guest running on a Red Hat
Enterprise Linux 7 host. This update addresses the internal error and
CPU hot plugging in the described scenario now functions correctly.
(BZ#1094820)

All qemu-kvm users are advised to upgrade to these updated packages,
which contain backported patches to correct these issues. After
installing this update, shut down all running virtual machines. Once
all virtual machines have shut down, start them again for this update
to take effect.

See also :

https://www.redhat.com/security/data/cve/CVE-2014-2894.html
http://rhn.redhat.com/errata/RHSA-2014-0704.html

Solution :

Update the affected packages.

Risk factor :

High / CVSS Base Score : 7.2
(CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)

This script is Copyright (C) 2014 Tenable Network Security, Inc.

RHEL 7 : json-c (RHSA-2014:0703)


Synopsis:

The remote Red Hat host is missing one or more security updates.

Description:

Updated json-c packages that fix two security issues are now available
for Red Hat Enterprise Linux 7.

The Red Hat Security Response Team has rated this update as having
Moderate security impact. Common Vulnerability Scoring System (CVSS)
base scores, which give detailed severity ratings, are available for
each vulnerability from the CVE links in the References section.

JSON-C implements a reference counting object model that allows you to
easily construct JSON objects in C, output them as JSON-formatted
strings, and parse JSON-formatted strings back into the C
representation of JSON objects.

Multiple buffer overflow flaws were found in the way the json-c
library handled long strings in JSON documents. An attacker able to
make an application using json-c parse excessively large JSON input
could cause the application to crash. (CVE-2013-6370)

A denial of service flaw was found in the implementation of hash
arrays in json-c. An attacker could use this flaw to make an
application using json-c consume an excessive amount of CPU time by
providing a specially crafted JSON document that triggers multiple
hash function collisions. To mitigate this issue, json-c now uses a
different hash function and randomization to reduce the chance of an
attacker successfully causing intentional collisions. (CVE-2013-6371)

These issues were discovered by Florian Weimer of the Red Hat Product
Security Team.

All json-c users are advised to upgrade to these updated packages,
which contain backported patches to correct these issues.

See also :

https://www.redhat.com/security/data/cve/CVE-2013-6370.html
https://www.redhat.com/security/data/cve/CVE-2013-6371.html
http://rhn.redhat.com/errata/RHSA-2014-0703.html

Solution :

Update the affected packages.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVSS Temporal Score : 4.3
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

This script is Copyright (C) 2014 Tenable Network Security, Inc.

RHEL 7 : mariadb (RHSA-2014:0702)


Synopsis:

The remote Red Hat host is missing one or more security updates.

Description:

Updated mariadb packages that fix several security issues are now
available for Red Hat Enterprise Linux 7.

The Red Hat Security Response Team has rated this update as having
Moderate security impact. Common Vulnerability Scoring System (CVSS)
base scores, which give detailed severity ratings, are available for
each vulnerability from the CVE links in the References section.

MariaDB is a multi-user, multi-threaded SQL database server that is
binary compatible with MySQL.

This update fixes several vulnerabilities in the MariaDB database
server. Information about these flaws can be found on the Oracle
Critical Patch Update Advisory page, listed in the References section.
(CVE-2014-2436, CVE-2014-2440, CVE-2014-0384, CVE-2014-2419,
CVE-2014-2430, CVE-2014-2431, CVE-2014-2432, CVE-2014-2438)

These updated packages upgrade MariaDB to version 5.5.37. Refer to the
MariaDB Release Notes listed in the References section for a complete
list of changes.

All MariaDB users should upgrade to these updated packages, which
correct these issues. After installing this update, the MariaDB server
daemon (mysqld) will be restarted automatically.

See also :

https://www.redhat.com/security/data/cve/CVE-2014-0384.html
https://www.redhat.com/security/data/cve/CVE-2014-2419.html
https://www.redhat.com/security/data/cve/CVE-2014-2430.html
https://www.redhat.com/security/data/cve/CVE-2014-2431.html
https://www.redhat.com/security/data/cve/CVE-2014-2432.html
https://www.redhat.com/security/data/cve/CVE-2014-2436.html
https://www.redhat.com/security/data/cve/CVE-2014-2438.html
https://www.redhat.com/security/data/cve/CVE-2014-2440.html
http://www.nessus.org/u?87e76858
https://mariadb.com/kb/en/mariadb-5537-release-notes/
http://rhn.redhat.com/errata/RHSA-2014-0702.html

Solution :

Update the affected packages.

Risk factor :

Medium / CVSS Base Score : 6.0
(CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:P)

This script is Copyright (C) 2014 Tenable Network Security, Inc.

RHEL 7 : libtasn1 (RHSA-2014:0687)


Synopsis:

The remote Red Hat host is missing one or more security updates.

Description:

Updated libtasn1 packages that fix three security issues are now
available for Red Hat Enterprise Linux 7.

The Red Hat Security Response Team has rated this update as having
Moderate security impact. Common Vulnerability Scoring System (CVSS)
base scores, which give detailed severity ratings, are available for
each vulnerability from the CVE links in the References section.

The libtasn1 library provides Abstract Syntax Notation One (ASN.1)
parsing and structures management, and Distinguished Encoding Rules
(DER) encoding and decoding functions.

It was discovered that the asn1_get_bit_der() function of the libtasn1
library incorrectly reported the length of ASN.1-encoded data.
Specially crafted ASN.1 input could cause an application using
libtasn1 to perform an out-of-bounds access operation, causing the
application to crash or, possibly, execute arbitrary code.
(CVE-2014-3468)

Multiple incorrect buffer boundary check issues were discovered in
libtasn1. Specially crafted ASN.1 input could cause an application
using libtasn1 to crash. (CVE-2014-3467)

Multiple NULL pointer dereference flaws were found in libtasn1's
asn1_read_value() function. Specially crafted ASN.1 input could cause
an application using libtasn1 to crash, if the application used the
aforementioned function in a certain way. (CVE-2014-3469)

Red Hat would like to thank GnuTLS upstream for reporting these
issues.

All libtasn1 users are advised to upgrade to these updated packages,
which correct these issues. For the update to take effect, all
applications linked to the libtasn1 library must be restarted.

See also :

https://www.redhat.com/security/data/cve/CVE-2014-3467.html
https://www.redhat.com/security/data/cve/CVE-2014-3468.html
https://www.redhat.com/security/data/cve/CVE-2014-3469.html
http://rhn.redhat.com/errata/RHSA-2014-0687.html

Solution :

Update the affected packages.

Risk factor :

Medium / CVSS Base Score : 6.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 5.9
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

This script is Copyright (C) 2014 Tenable Network Security, Inc.

RHEL 7 : tomcat (RHSA-2014:0686)


Synopsis:

The remote Red Hat host is missing one or more security updates.

Description:

Updated tomcat packages that fix three security issues are now
available for Red Hat Enterprise Linux 7.

The Red Hat Security Response Team has rated this update as having
Important security impact. Common Vulnerability Scoring System (CVSS)
base scores, which give detailed severity ratings, are available for
each vulnerability from the CVE links in the References section.

Apache Tomcat is a servlet container for the Java Servlet and
JavaServer Pages (JSP) technologies.

It was found that a fix for a previous security flaw introduced a
regression that could cause a denial of service in Tomcat 7. A remote
attacker could use this flaw to consume an excessive amount of CPU on
the Tomcat server by sending a specially crafted request to that
server. (CVE-2014-0186)

It was found that when Tomcat 7 processed a series of HTTP requests in
which at least one request contained either multiple content-length
headers, or one content-length header with a chunked transfer-encoding
header, Tomcat would incorrectly handle the request. A remote attacker
could use this flaw to poison a web cache, perform cross-site
scripting (XSS) attacks, or obtain sensitive information from other
requests. (CVE-2013-4286)

It was discovered that the fix for CVE-2012-3544 did not properly
resolve a denial of service flaw in the way Tomcat 7 processed chunk
extensions and trailing headers in chunked requests. A remote attacker
could use this flaw to send an excessively long request that, when
processed by Tomcat, could consume network bandwidth, CPU, and memory
on the Tomcat server. Note that chunked transfer encoding is enabled
by default. (CVE-2013-4322)

All Tomcat 7 users are advised to upgrade to these updated packages,
which contain backported patches to correct these issues. Tomcat must
be restarted for this update to take effect.

See also :

https://www.redhat.com/security/data/cve/CVE-2013-4286.html
https://www.redhat.com/security/data/cve/CVE-2013-4322.html
https://www.redhat.com/security/data/cve/CVE-2014-0186.html
http://rhn.redhat.com/errata/RHSA-2014-0686.html

Solution :

Update the affected packages.

Risk factor :

Medium / CVSS Base Score : 5.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N)
CVSS Temporal Score : 5.0
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

This script is Copyright (C) 2014 Tenable Network Security, Inc.

RHEL 7 : java-1.6.0-openjdk (RHSA-2014:0685)


Synopsis:

The remote Red Hat host is missing one or more security updates.

Description:

Updated java-1.6.0-openjdk packages that fix various security issues
are now available for Red Hat Enterprise Linux 7.

The Red Hat Security Response Team has rated this update as having
Important security impact. Common Vulnerability Scoring System (CVSS)
base scores, which give detailed severity ratings, are available for
each vulnerability from the CVE links in the References section.

The java-1.6.0-openjdk packages provide the OpenJDK 6 Java Runtime
Environment and the OpenJDK 6 Java Software Development Kit.

An input validation flaw was discovered in the medialib library in the
2D component. A specially crafted image could trigger Java Virtual
Machine memory corruption when processed. A remote attacker, or an
untrusted Java application or applet, could possibly use this flaw to
execute arbitrary code with the privileges of the user running the
Java Virtual Machine. (CVE-2014-0429)

Multiple flaws were discovered in the Hotspot and 2D components in
OpenJDK. An untrusted Java application or applet could use these flaws
to trigger Java Virtual Machine memory corruption and possibly bypass
Java sandbox restrictions. (CVE-2014-0456, CVE-2014-2397,
CVE-2014-2421)

Multiple improper permission check issues were discovered in the
Libraries component in OpenJDK. An untrusted Java application or
applet could use these flaws to bypass Java sandbox restrictions.
(CVE-2014-0457, CVE-2014-0461)

Multiple improper permission check issues were discovered in the AWT,
JAX-WS, JAXB, Libraries, and Sound components in OpenJDK. An untrusted
Java application or applet could use these flaws to bypass certain
Java sandbox restrictions. (CVE-2014-2412, CVE-2014-0451,
CVE-2014-0458, CVE-2014-2423, CVE-2014-0452, CVE-2014-2414,
CVE-2014-0446, CVE-2014-2427)

Multiple flaws were identified in the Java Naming and Directory
Interface (JNDI) DNS client. These flaws could make it easier for a
remote attacker to perform DNS spoofing attacks. (CVE-2014-0460)

It was discovered that the JAXP component did not properly prevent
access to arbitrary files when a SecurityManager was present. This
flaw could cause a Java application using JAXP to leak sensitive
information, or affect application availability. (CVE-2014-2403)

It was discovered that the Security component in OpenJDK could leak
some timing information when performing PKCS#1 unpadding. This could
possibly lead to the disclosure of some information that was meant to
be protected by encryption. (CVE-2014-0453)

It was discovered that the fix for CVE-2013-5797 did not properly
resolve input sanitization flaws in javadoc. When javadoc
documentation was generated from an untrusted Java source code and
hosted on a domain not controlled by the code author, these issues
could make it easier to perform cross-site scripting (XSS) attacks.
(CVE-2014-2398)

An insecure temporary file use flaw was found in the way the unpack200
utility created log files. A local attacker could possibly use this
flaw to perform a symbolic link attack and overwrite arbitrary files
with the privileges of the user running unpack200. (CVE-2014-1876)

All users of java-1.6.0-openjdk are advised to upgrade to these
updated packages, which resolve these issues. All running instances of
OpenJDK Java must be restarted for the update to take effect.

See also :

https://www.redhat.com/security/data/cve/CVE-2014-0429.html
https://www.redhat.com/security/data/cve/CVE-2014-0446.html
https://www.redhat.com/security/data/cve/CVE-2014-0451.html
https://www.redhat.com/security/data/cve/CVE-2014-0452.html
https://www.redhat.com/security/data/cve/CVE-2014-0453.html
https://www.redhat.com/security/data/cve/CVE-2014-0456.html
https://www.redhat.com/security/data/cve/CVE-2014-0457.html
https://www.redhat.com/security/data/cve/CVE-2014-0458.html
https://www.redhat.com/security/data/cve/CVE-2014-0460.html
https://www.redhat.com/security/data/cve/CVE-2014-0461.html
https://www.redhat.com/security/data/cve/CVE-2014-1876.html
https://www.redhat.com/security/data/cve/CVE-2014-2397.html
https://www.redhat.com/security/data/cve/CVE-2014-2398.html
https://www.redhat.com/security/data/cve/CVE-2014-2403.html
https://www.redhat.com/security/data/cve/CVE-2014-2412.html
https://www.redhat.com/security/data/cve/CVE-2014-2414.html
https://www.redhat.com/security/data/cve/CVE-2014-2421.html
https://www.redhat.com/security/data/cve/CVE-2014-2423.html
https://www.redhat.com/security/data/cve/CVE-2014-2427.html
http://rhn.redhat.com/errata/RHSA-2014-0685.html

Solution :

Update the affected packages.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

This script is Copyright (C) 2014 Tenable Network Security, Inc.

RHEL 7 : gnutls (RHSA-2014:0684)


Synopsis:

The remote Red Hat host is missing one or more security updates.

Description:

Updated gnutls packages that fix two security issues are now available
for Red Hat Enterprise Linux 7.

The Red Hat Security Response Team has rated this update as having
Important security impact. Common Vulnerability Scoring System (CVSS)
base scores, which give detailed severity ratings, are available for
each vulnerability from the CVE links in the References section.

The GnuTLS library provides support for cryptographic algorithms and
for protocols such as Transport Layer Security (TLS).

A flaw was found in the way GnuTLS parsed session IDs from ServerHello
messages of the TLS/SSL handshake. A malicious server could use this
flaw to send an excessively long session ID value, which would trigger
a buffer overflow in a connecting TLS/SSL client application using
GnuTLS, causing the client application to crash or, possibly, execute
arbitrary code. (CVE-2014-3466)

A NULL pointer dereference flaw was found in the way GnuTLS parsed
X.509 certificates. A specially crafted certificate could cause a
server or client application using GnuTLS to crash. (CVE-2014-3465)

Red Hat would like to thank GnuTLS upstream for reporting these
issues. Upstream acknowledges Joonas Kuorilehto of Codenomicon as the
original reporter of CVE-2014-3466.

Users of GnuTLS are advised to upgrade to these updated packages,
which correct these issues. For the update to take effect, all
applications linked to the GnuTLS library must be restarted.

See also :

https://www.redhat.com/security/data/cve/CVE-2014-3465.html
https://www.redhat.com/security/data/cve/CVE-2014-3466.html
http://rhn.redhat.com/errata/RHSA-2014-0684.html

Solution :

Update the affected packages.

Risk factor :

Medium / CVSS Base Score : 6.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 5.9
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

This script is Copyright (C) 2014 Tenable Network Security, Inc.

RHEL 7 : openssl098e (RHSA-2014:0680)


Synopsis:

The remote Red Hat host is missing one or more security updates.

Description:

Updated openssl098e packages that fix one security issue are now
available for Red Hat Enterprise Linux 7.

The Red Hat Security Response Team has rated this update as having
Important security impact. A Common Vulnerability Scoring System
(CVSS) base score, which gives a detailed severity rating, is
available from the CVE link in the References section.

OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL
v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a
full-strength, general purpose cryptography library.

It was found that OpenSSL clients and servers could be forced, via a
specially crafted handshake packet, to use weak keying material for
communication. A man-in-the-middle attacker could use this flaw to
decrypt and modify traffic between a client and a server.
(CVE-2014-0224)

Note: In order to exploit this flaw, both the server and the client
must be using a vulnerable version of OpenSSL
the server must be
using OpenSSL version 1.0.1 and above, and the client must be using
any version of OpenSSL. For more information about this flaw, refer
to: https://access.redhat.com/site/articles/904433

Red Hat would like to thank the OpenSSL project for reporting this
issue. Upstream acknowledges KIKUCHI Masashi of Lepidum as the
original reporter of this issue.

All OpenSSL users are advised to upgrade to these updated packages,
which contain a backported patch to correct this issue. For the update
to take effect, all services linked to the OpenSSL library (such as
httpd and other SSL-enabled services) must be restarted or the system
rebooted.

See also :

https://www.redhat.com/security/data/cve/CVE-2014-0224.html
https://access.redhat.com/site/articles/904433
https://access.redhat.com/site/solutions/905793
http://rhn.redhat.com/errata/RHSA-2014-0680.html

Solution :

Update the affected openssl098e and / or openssl098e-debuginfo
packages.

Risk factor :

Medium / CVSS Base Score : 6.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 5.9
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

This script is Copyright (C) 2014 Tenable Network Security, Inc.

RHEL 7 : openssl (RHSA-2014:0679)


Synopsis:

The remote Red Hat host is missing one or more security updates.

Description:

Updated openssl packages that fix multiple security issues are now
available for Red Hat Enterprise Linux 7.

The Red Hat Security Response Team has rated this update as having
Important security impact. Common Vulnerability Scoring System (CVSS)
base scores, which give detailed severity ratings, are available for
each vulnerability from the CVE links in the References section.

OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL
v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a
full-strength, general purpose cryptography library.

It was found that OpenSSL clients and servers could be forced, via a
specially crafted handshake packet, to use weak keying material for
communication. A man-in-the-middle attacker could use this flaw to
decrypt and modify traffic between a client and a server.
(CVE-2014-0224)

Note: In order to exploit this flaw, both the server and the client
must be using a vulnerable version of OpenSSL
the server must be
using OpenSSL version 1.0.1 and above, and the client must be using
any version of OpenSSL. For more information about this flaw, refer
to: https://access.redhat.com/site/articles/904433

A buffer overflow flaw was found in the way OpenSSL handled invalid
DTLS packet fragments. A remote attacker could possibly use this flaw
to execute arbitrary code on a DTLS client or server. (CVE-2014-0195)

Multiple flaws were found in the way OpenSSL handled read and write
buffers when the SSL_MODE_RELEASE_BUFFERS mode was enabled. A TLS/SSL
client or server using OpenSSL could crash or unexpectedly drop
connections when processing certain SSL traffic. (CVE-2010-5298,
CVE-2014-0198)

A denial of service flaw was found in the way OpenSSL handled certain
DTLS ServerHello requests. A specially crafted DTLS handshake packet
could cause a DTLS client using OpenSSL to crash. (CVE-2014-0221)

A NULL pointer dereference flaw was found in the way OpenSSL performed
anonymous Elliptic Curve Diffie Hellman (ECDH) key exchange. A
specially crafted handshake packet could cause a TLS/SSL client that
has the anonymous ECDH cipher suite enabled to crash. (CVE-2014-3470)

Red Hat would like to thank the OpenSSL project for reporting these
issues. Upstream acknowledges KIKUCHI Masashi of Lepidum as the
original reporter of CVE-2014-0224, Jüri Aedla as the original
reporter of CVE-2014-0195, Imre Rad of Search-Lab as the original
reporter of CVE-2014-0221, and Felix Gröbert and Ivan Fratrić of
Google as the original reporters of CVE-2014-3470.

All OpenSSL users are advised to upgrade to these updated packages,
which contain backported patches to correct these issues. For the
update to take effect, all services linked to the OpenSSL library
(such as httpd and other SSL-enabled services) must be restarted or
the system rebooted.

See also :

https://www.redhat.com/security/data/cve/CVE-2010-5298.html
https://www.redhat.com/security/data/cve/CVE-2014-0195.html
https://www.redhat.com/security/data/cve/CVE-2014-0198.html
https://www.redhat.com/security/data/cve/CVE-2014-0221.html
https://www.redhat.com/security/data/cve/CVE-2014-0224.html
https://www.redhat.com/security/data/cve/CVE-2014-3470.html
https://access.redhat.com/site/articles/904433
https://access.redhat.com/site/solutions/905793
http://rhn.redhat.com/errata/RHSA-2014-0679.html

Solution :

Update the affected packages.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
Public Exploit Available : true

This script is Copyright (C) 2014 Tenable Network Security, Inc.

RHEL 7 : kernel (RHSA-2014:0678)


Synopsis:

The remote Red Hat host is missing one or more security updates.

Description:

Updated kernel packages that fix one security issue are now available
for Red Hat Enterprise Linux 7.

The Red Hat Security Response Team has rated this update as having
Important security impact. A Common Vulnerability Scoring System
(CVSS) base score, which gives a detailed severity rating, is
available from the CVE link in the References section.

The kernel packages contain the Linux kernel, the core of any Linux
operating system.

* A race condition flaw, leading to heap-based buffer overflows, was
found in the way the Linux kernel's N_TTY line discipline (LDISC)
implementation handled concurrent processing of echo output and TTY
write operations originating from user space when the underlying TTY
driver was PTY. An unprivileged, local user could use this flaw to
crash the system or, potentially, escalate their privileges on the
system. (CVE-2014-0196, Important)

All kernel users are advised to upgrade to these updated packages,
which contain a backported patch to correct this issue. The system
must be rebooted for this update to take effect.

See also :

https://www.redhat.com/security/data/cve/CVE-2014-0196.html
http://rhn.redhat.com/errata/RHSA-2014-0678.html

Solution :

Update the affected packages.

Risk factor :

Medium / CVSS Base Score : 6.9
(CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C)
Public Exploit Available : true

This script is Copyright (C) 2014 Tenable Network Security, Inc.

RHEL 7 : java-1.7.0-openjdk (RHSA-2014:0675)


Synopsis:

The remote Red Hat host is missing one or more security updates.

Description:

Updated java-1.7.0-openjdk packages that fix various security issues
are now available for Red Hat Enterprise Linux 7.

The Red Hat Security Response Team has rated this update as having
Critical security impact. Common Vulnerability Scoring System (CVSS)
base scores, which give detailed severity ratings, are available for
each vulnerability from the CVE links in the References section.

The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime
Environment and the OpenJDK 7 Java Software Development Kit.

An input validation flaw was discovered in the medialib library in the
2D component. A specially crafted image could trigger Java Virtual
Machine memory corruption when processed. A remote attacker, or an
untrusted Java application or applet, could possibly use this flaw to
execute arbitrary code with the privileges of the user running the
Java Virtual Machine. (CVE-2014-0429)

Multiple flaws were discovered in the Hotspot and 2D components in
OpenJDK. An untrusted Java application or applet could use these flaws
to trigger Java Virtual Machine memory corruption and possibly bypass
Java sandbox restrictions. (CVE-2014-0456, CVE-2014-2397,
CVE-2014-2421)

Multiple improper permission check issues were discovered in the
Libraries component in OpenJDK. An untrusted Java application or
applet could use these flaws to bypass Java sandbox restrictions.
(CVE-2014-0457, CVE-2014-0455, CVE-2014-0461)

Multiple improper permission check issues were discovered in the AWT,
JAX-WS, JAXB, Libraries, Security, Sound, and 2D components in
OpenJDK. An untrusted Java application or applet could use these flaws
to bypass certain Java sandbox restrictions. (CVE-2014-2412,
CVE-2014-0451, CVE-2014-0458, CVE-2014-2423, CVE-2014-0452,
CVE-2014-2414, CVE-2014-2402, CVE-2014-0446, CVE-2014-2413,
CVE-2014-0454, CVE-2014-2427, CVE-2014-0459)

Multiple flaws were identified in the Java Naming and Directory
Interface (JNDI) DNS client. These flaws could make it easier for a
remote attacker to perform DNS spoofing attacks. (CVE-2014-0460)

It was discovered that the JAXP component did not properly prevent
access to arbitrary files when a SecurityManager was present. This
flaw could cause a Java application using JAXP to leak sensitive
information, or affect application availability. (CVE-2014-2403)

It was discovered that the Security component in OpenJDK could leak
some timing information when performing PKCS#1 unpadding. This could
possibly lead to the disclosure of some information that was meant to
be protected by encryption. (CVE-2014-0453)

It was discovered that the fix for CVE-2013-5797 did not properly
resolve input sanitization flaws in javadoc. When javadoc
documentation was generated from an untrusted Java source code and
hosted on a domain not controlled by the code author, these issues
could make it easier to perform cross-site scripting (XSS) attacks.
(CVE-2014-2398)

An insecure temporary file use flaw was found in the way the unpack200
utility created log files. A local attacker could possibly use this
flaw to perform a symbolic link attack and overwrite arbitrary files
with the privileges of the user running unpack200. (CVE-2014-1876)

Note: If the web browser plug-in provided by the icedtea-web package
was installed, the issues exposed via Java applets could have been
exploited without user interaction if a user visited a malicious
website.

All users of java-1.7.0-openjdk are advised to upgrade to these
updated packages, which resolve these issues. All running instances of
OpenJDK Java must be restarted for the update to take effect.

See also :

https://www.redhat.com/security/data/cve/CVE-2014-0429.html
https://www.redhat.com/security/data/cve/CVE-2014-0446.html
https://www.redhat.com/security/data/cve/CVE-2014-0451.html
https://www.redhat.com/security/data/cve/CVE-2014-0452.html
https://www.redhat.com/security/data/cve/CVE-2014-0453.html
https://www.redhat.com/security/data/cve/CVE-2014-0454.html
https://www.redhat.com/security/data/cve/CVE-2014-0455.html
https://www.redhat.com/security/data/cve/CVE-2014-0456.html
https://www.redhat.com/security/data/cve/CVE-2014-0457.html
https://www.redhat.com/security/data/cve/CVE-2014-0458.html
https://www.redhat.com/security/data/cve/CVE-2014-0459.html
https://www.redhat.com/security/data/cve/CVE-2014-0460.html
https://www.redhat.com/security/data/cve/CVE-2014-0461.html
https://www.redhat.com/security/data/cve/CVE-2014-1876.html
https://www.redhat.com/security/data/cve/CVE-2014-2397.html
https://www.redhat.com/security/data/cve/CVE-2014-2398.html
https://www.redhat.com/security/data/cve/CVE-2014-2402.html
https://www.redhat.com/security/data/cve/CVE-2014-2403.html
https://www.redhat.com/security/data/cve/CVE-2014-2412.html
https://www.redhat.com/security/data/cve/CVE-2014-2413.html
https://www.redhat.com/security/data/cve/CVE-2014-2414.html
https://www.redhat.com/security/data/cve/CVE-2014-2421.html
https://www.redhat.com/security/data/cve/CVE-2014-2423.html
https://www.redhat.com/security/data/cve/CVE-2014-2427.html
http://rhn.redhat.com/errata/RHSA-2014-0675.html

Solution :

Update the affected packages.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Oracle Linux 6 : kernel (ELSA-2014-0981)


Synopsis:

The remote Oracle Linux host is missing one or more security updates.

Description:

From Red Hat Security Advisory 2014:0981 :

Updated kernel packages that fix multiple security issues, several
bugs, and add one enhancement are now available for Red Hat Enterprise
Linux 6.

The Red Hat Security Response Team has rated this update as having
Important security impact. Common Vulnerability Scoring System (CVSS)
base scores, which give detailed severity ratings, are available for
each vulnerability from the CVE links in the References section.

The kernel packages contain the Linux kernel, the core of any Linux
operating system.

* A use-after-free flaw was found in the way the ping_init_sock()
function of the Linux kernel handled the group_info reference counter.
A local, unprivileged user could use this flaw to crash the system or,
potentially, escalate their privileges on the system. (CVE-2014-2851,
Important)

* A NULL pointer dereference flaw was found in the way the
futex_wait_requeue_pi() function of the Linux kernel's futex subsystem
handled the requeuing of certain Priority Inheritance (PI) futexes. A
local, unprivileged user could use this flaw to crash the system.
(CVE-2012-6647, Moderate)

* A NULL pointer dereference flaw was found in the
rds_ib_laddr_check() function in the Linux kernel's implementation of
Reliable Datagram Sockets (RDS). A local, unprivileged user could use
this flaw to crash the system. (CVE-2013-7339, Moderate)

* It was found that a remote attacker could use a race condition flaw
in the ath_tx_aggr_sleep() function to crash the system by creating
large network traffic on the system's Atheros 9k wireless network
adapter. (CVE-2014-2672, Moderate)

* A NULL pointer dereference flaw was found in the
rds_iw_laddr_check() function in the Linux kernel's implementation of
Reliable Datagram Sockets (RDS). A local, unprivileged user could use
this flaw to crash the system. (CVE-2014-2678, Moderate)

* A race condition flaw was found in the way the Linux kernel's
mac80211 subsystem implementation handled synchronization between TX
and STA wake-up code paths. A remote attacker could use this flaw to
crash the system. (CVE-2014-2706, Moderate)

* An out-of-bounds memory access flaw was found in the Netlink
Attribute extension of the Berkeley Packet Filter (BPF) interpreter
functionality in the Linux kernel's networking implementation. A
local, unprivileged user could use this flaw to crash the system or
leak kernel memory to user space via a specially crafted socket
filter. (CVE-2014-3144, CVE-2014-3145, Moderate)

This update also fixes several bugs and adds one enhancement.
Documentation for these changes will be available shortly from the
Technical Notes document linked to in the References section.

All kernel users are advised to upgrade to these updated packages,
which contain backported patches to correct these issues and add this
enhancement. The system must be rebooted for this update to take
effect.

See also :

https://oss.oracle.com/pipermail/el-errata/2014-July/004306.html

Solution :

Update the affected kernel packages.

Risk factor :

High / CVSS Base Score : 7.1
(CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C)

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Mandriva Linux Security Advisory : java-1.7.0-openjdk (MDVSA-2014:141)


Synopsis:

The remote Mandriva Linux host is missing one or more security
updates.

Description:

Updated java-1.7.0-openjdk packages fix security vulnerabilities :

It was discovered that the Hotspot component in OpenJDK did not
properly verify bytecode from the class files. An untrusted Java
application or applet could possibly use these flaws to bypass Java
sandbox restrictions (CVE-2014-4216, CVE-2014-4219).

A format string flaw was discovered in the Hotspot component event
logger in OpenJDK. An untrusted Java application or applet could use
this flaw to crash the Java Virtual Machine or, potentially, execute
arbitrary code with the privileges of the Java Virtual Machine
(CVE-2014-2490).

Multiple improper permission check issues were discovered in the
Libraries component in OpenJDK. An untrusted Java application or
applet could use these flaws to bypass Java sandbox restrictions
(CVE-2014-4223, CVE-2014-4262, CVE-2014-2483).

Multiple flaws were discovered in the JMX, Libraries, Security, and
Serviceability components in OpenJDK. An untrusted Java application or
applet could use these flaws to bypass certain Java sandbox
restrictions (CVE-2014-4209, CVE-2014-4218, CVE-2014-4221,
CVE-2014-4252, CVE-2014-4266).

It was discovered that the RSA algorithm in the Security component in
OpenJDK did not sufficiently perform blinding while performing
operations that were using private keys. An attacker able to measure
timing differences of those operations could possibly leak information
about the used keys (CVE-2014-4244).

The Diffie-Hellman (DH) key exchange algorithm implementation in the
Security component in OpenJDK failed to validate public DH parameters
properly. This could cause OpenJDK to accept and use weak parameters,
allowing an attacker to recover the negotiated key (CVE-2014-4263).

This update is based on IcedTea version 2.5.1, which fixes these
issues, as well as several others.

See also :

http://advisories.mageia.org/MGASA-2014-0292.html

Solution :

Update the affected packages.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Mandriva Linux Security Advisory : owncloud (MDVSA-2014:140)


Synopsis:

The remote Mandriva Linux host is missing a security update.

Description:

Updated owncloud package fixes security vulnerability :

Owncloud versions 5.0.17 and 6.0.4 fix an unspecified security
vulnerability, as well as many other bugs.

See the upstream Changelog for more information.

See also :

http://advisories.mageia.org/MGASA-2014-0301.html

Solution :

Update the affected owncloud package.

Risk factor :

High

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Mandriva Linux Security Advisory : nss (MDVSA-2014:139)


Synopsis:

The remote Mandriva Linux host is missing one or more security
updates.

Description:

A vulnerability has been found and corrected in mozilla NSS :

Use-after-free vulnerability in the CERT_DestroyCertificate function
in libnss3.so in Mozilla Network Security Services (NSS) 3.x, as used
in Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird
before 24.7, allows remote attackers to execute arbitrary code via
vectors that trigger certain improper removal of an NSSCertificate
structure from a trust domain (CVE-2014-1544).

The updated packages have been upgraded to the latest NSS (3.16.3)
versions which is not vulnerable to this issue.

The nss 3.16.1 update done as part of MDVSA-2014:125 introduced a
regression because of the upstream change: 'Imposed name constraints
on the French government root CA ANSSI (DCISS)' The change wont work
as currently implemented as the French government root CA signs more
than 'gouv.fr' domains. So for now we revert that change until its
properly fixed upstream (mga#13563).

Additionally the rootcerts package has also been updated to the latest
version as of 2014-07-03, which adds, removes, and distrusts several
certificates.

See also :

http://advisories.mageia.org/MGAA-2014-0135.html
https://bugs.mageia.org/show_bug.cgi?id=13563
http://www.nessus.org/u?a9bc9e12
http://www.nessus.org/u?d0ee8a6e
https://www.mozilla.org/security/announce/2014/mfsa2014-63.html

Solution :

Update the affected packages.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Debian DSA-2992-1 : linux - security update


Synopsis:

The remote Debian host is missing a security-related update.

Description:

Several vulnerabilities have been discovered in the Linux kernel that
may lead to a denial of service or privilege escalation :

- CVE-2014-3534
Martin Schwidefsky of IBM discovered that the ptrace
subsystem does not properly sanitize the psw mask value.
On s390 systems, an unprivileged local user could use
this flaw to set address space control bits to kernel
space combination and thus gain read/write access to
kernel memory.

- CVE-2014-4667
Gopal Reddy Kodudula of Nokia Siemens Networks
discovered that the sctp_association_free function does
not properly manage a certain backlog value, which
allows remote attackers to cause a denial of service
(socket outage) via a crafted SCTP packet.

- CVE-2014-4943
Sasha Levin discovered a flaw in the Linux kernel's
point-to-point protocol (PPP) when used with the Layer
Two Tunneling Protocol (L2TP). An unprivileged local
user could use this flaw for privilege escalation.

See also :

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=728705
https://security-tracker.debian.org/tracker/CVE-2014-3534
https://security-tracker.debian.org/tracker/CVE-2014-4667
https://security-tracker.debian.org/tracker/CVE-2014-4943
http://www.debian.org/security/2014/dsa-2992

Solution :

Upgrade the linux packages.

For the stable distribution (wheezy), these problems have been fixed
in version 3.2.60-1+deb7u3.

Risk factor :

Medium / CVSS Base Score : 6.9
(CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C)

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Oracle JRockit R27 < R27.8.3.9 / R28 < R28.3.3.10 Multiple Vulnerabilities (July 2014 CPU)


Synopsis:

The remote Windows host contains a programming platform that is
affected by multiple vulnerabilities.

Description:

The remote host has a version of Oracle JRockit that is affected by
multiple vulnerabilities that could allow a remote user to affect the
confidentiality of the system via :

- A design flaw in the RSA 'blinding' security component
of the 'RASCore' class. By performing operations
requiring the use of private keys and measuring timing
differences, an attacker may be able to disclose
information about the keys used.
(CVE-2014-4244).

- A design flaw in the 'validateDHPublicKey' function of
the 'KeyUtil' class. A remote attacker may be able to
recover a key. (CVE-2014-4263).

See also :

http://www.nessus.org/u?7de2f8eb

Solution :

Upgrade to version R27.8.3.9 / R28.3.3.10 or later.

Risk factor :

Medium / CVSS Base Score : 4.0
(CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:N)
CVSS Temporal Score : 3.5
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Cisco IOS XE DHCP AAA Clients DoS (CSCuh04949)


Synopsis:

The remote device is affected by a denial of service vulnerability.

Description:

According to its self-reported version, the remote IOS device is
affected by a denial of service vulnerability.

A denial of service flaw exists in the DHCP function when handling AAA
client IP address assignment. An authenticated attacker, with a
specially crafted AAA packet, could cause the device to reboot.

See also :

http://tools.cisco.com/security/center/viewAlert.x?alertId=31860
http://www.nessus.org/u?f8f0ba77

Solution :

Upgrade to a version referenced in Cisco Bug ID 'CSCuh04949'.

Risk factor :

Medium / CVSS Base Score : 6.3
(CVSS2#AV:N/AC:M/Au:S/C:N/I:N/A:C)
CVSS Temporal Score : 5.5
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Cisco IOS XR Typhoon-based Line Cards and Network Processor (NP) Chip DoS


Synopsis:

The remote device is missing a vendor-supplied security patch.

Description:

The remote Cisco device is running a version Cisco IOS XR software
that is potentially affected by a denial of service vulnerability
related to Netflow and handling malformed IPv4/IPv6 packets.

Note this issue only affects Cisco ASR 9000 series devices using
Typhoon-based line cards and Netflow.

See also :

http://tools.cisco.com/security/center/viewAlert.x?alertId=35009
http://www.nessus.org/u?036e90f6
https://tools.cisco.com/bugsearch/bug/CSCuo68417

Solution :

Apply the relevant patch referenced in Cisco Bug ID CSCuo68417.

Alternatively, disable Netflow as a workaround.

Risk factor :

Medium / CVSS Base Score : 6.1
(CVSS2#AV:A/AC:L/Au:N/C:N/I:N/A:C)
CVSS Temporal Score : 5.3
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

This script is (C) 2014 Tenable Network Security, Inc.

openSUSE Security Update : openSUSE-2014- (openSUSE-2014--1)


Synopsis:

The remote openSUSE host is missing a security update.

Description:

apache2-mod_wsgi was updated to fix a small of-by-one error in its use
of setgroups.

Please see
http://modwsgi.readthedocs.org/en/latest/release-notes/version-4.2.4.h
tml for more information.

See also :

http://www.nessus.org/u?e7a37c36
https://bugzilla.novell.com/show_bug.cgi?id=883229

Solution :

Update the affected openSUSE-2014- packages.

Risk factor :

Medium

This script is Copyright (C) 2014 Tenable Network Security, Inc.

FreeBSD : i2p -- Multiple Vulnerabilities (13419364-1685-11e4-bf04-60a44c524f57)


Synopsis:

The remote FreeBSD host is missing a security-related update.

Description:

The i2p project reports :

XSS and remote execution vulnerabilities reported by Exodus
Intelligence.

Exodus Intelligence reports :

The vulnerability we have found is able to perform remote code
execution with a specially crafted payload. This payload can be
customized to unmask a user and show the public IP address in which
the user connected from within 'a couple of seconds.'

See also :

http://blog.exodusintel.com/2014/07/23/silverbullets_and_fairytails/
http://geti2p.net/en/blog/post/2014/07/26/0.9.14-Release
http://www.nessus.org/u?2c06ea95

Solution :

Update the affected package.

Risk factor :

High

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Fedora 19 : drupal7-7.29-1.fc19 (2014-8515)


Synopsis:

The remote Fedora host is missing a security update.

Description:

Fixes SA-CORE-2014-003. For details refer to:
https://www.drupal.org/drupal-7.29-release-notes

See also :

https://bugzilla.redhat.com/show_bug.cgi?id=1120641
https://www.drupal.org/drupal-7.29-release-notes
http://www.nessus.org/u?b992319a

Solution :

Update the affected drupal7 package.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Fedora 20 : drupal6-6.32-1.fc20 (2014-8495)


Synopsis:

The remote Fedora host is missing a security update.

Description:

https://www.drupal.org/SA-CORE-2014-003

See also :

https://www.drupal.org/SA-CORE-2014-003
http://www.nessus.org/u?e69e3563

Solution :

Update the affected drupal6 package.

Risk factor :

High

This script is Copyright (C) 2014 Tenable Network Security, Inc.