Newest Plugins

F5 Networks BIG-IP : ASM < 11.6.0 Response Body XSS


Synopsis:

The remote device is missing a vendor-supplied security patch.

Description:

The F5 Networks Application Security Manager (ASM) running on the
remote device is prior to version 11.6.0. It is, therefore, affected
by a cross-site scripting vulnerability due to improper validation of
user-supplied input to the 'Response Body' field when a new user
account is being created. A remote attacker can exploit this to inject
HTML or arbitrary web script, which then can be run by an
administrative account using the 'Show' button in the management
console.

See also :

http://seclists.org/fulldisclosure/2015/Jan/40

Solution :

Upgrade ASM to version 11.6.0 or later.

Risk factor :

Medium / CVSS Base Score : 4.3
(CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N)

This script is Copyright (C) 2015 Tenable Network Security, Inc.

Cisco IOS XR GNU C Library (glibc) Buffer Overflow (GHOST)


Synopsis:

The remote device is missing a vendor-supplied security patch.

Description:

The remote Cisco device is running a version of Cisco IOS XR software
that is potentially affected by a heap-based buffer overflow
vulnerability in the GNU C Library (glibc) due to improperly
validated user-supplied input to the __nss_hostname_digits_dots(),
gethostbyname(), and gethostbyname2() functions. This allows a remote
attacker to cause a buffer overflow, resulting in a denial of service
condition or the execution of arbitrary code.

Note that this issue only affects Cisco Network Convergence System
6000 Series routers.

See also :

https://tools.cisco.com/bugsearch/bug/CSCus69517
http://www.nessus.org/u?cf670adc
http://www.nessus.org/u?c7a6ddbd

Solution :

Apply the relevant patch referenced in Cisco bug ID CSCus69517.

Risk factor :

High / CVSS Base Score : 7.6
(CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C)

This script is Copyright (C) 2015 Tenable Network Security, Inc.

Cisco IOS XE GNU GNU C Library (glibc) Buffer Overflow (CSCus69731) (GHOST)


Synopsis:

The remote device is missing a vendor-supplied security patch.

Description:

The remote Cisco device is running a version of Cisco IOS XE software
that is potentially affected by a heap-based buffer overflow
vulnerability in the GNU C Library (glibc) due to improperly
validated user-supplied input to the __nss_hostname_digits_dots(),
gethostbyname(), and gethostbyname2() functions. This allows a remote
attacker to cause a buffer overflow, resulting in a denial of service
condition or the execution of arbitrary code.

Note that this issue only affects those IOS XE instances that are
running as a 'Nova' device, and thus, if the remote IOS XE instance
is not running as a 'Nova' device, consider this a false positive.

See also :

https://tools.cisco.com/bugsearch/bug/CSCus69731
http://www.nessus.org/u?cf670adc
http://www.nessus.org/u?c7a6ddbd

Solution :

Apply the relevant patch referenced in Cisco bug ID CSCus69731.

Risk factor :

High / CVSS Base Score : 7.6
(CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C)

This script is Copyright (C) 2015 Tenable Network Security, Inc.

Cisco IOS XE GNU C Library (glibc) Buffer Overflow (CSCus69732) (GHOST)


Synopsis:

The remote device is missing a vendor-supplied security patch.

Description:

The remote Cisco device is running a version of Cisco IOS XE software
that is affected by a heap-based buffer overflow vulnerability in the
GNU C Library (glibc) due to improperly validated user-supplied input
to the __nss_hostname_digits_dots(), gethostbyname(), and
gethostbyname2() functions. This allows a remote attacker to cause a
buffer overflow, resulting in a denial of service condition or the
execution of arbitrary code.

Note that only the following devices are listed as affected :

- Cisco ASR 1000 Series Aggregation Services Routers
- Cisco ASR 920 Series Aggregation Services Routers
- Cisco ASR 900 Series Aggregation Services Routers
- Cisco 4400 Series Integrated Services Routers
- Cisco 4300 Series Integrated Services Routers
- Cisco Cloud Services Router 1000V Series

See also :

https://tools.cisco.com/bugsearch/bug/CSCus69732
http://www.nessus.org/u?cf670adc
http://www.nessus.org/u?c7a6ddbd

Solution :

Apply the relevant patch referenced in Cisco bug ID CSCus69732.

Risk factor :

High / CVSS Base Score : 7.6
(CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C)

This script is Copyright (C) 2015 Tenable Network Security, Inc.

Siemens SIMATIC S7-1200 PLC Web Server Detection


Synopsis:

The remote web server is for managing and monitoring PLC systems.

Description:

The remote device is running an integrated web server that is part of
the software platform for managing and monitoring the SIMATIC S7-1200
Programmable Logic Controller (PLC).

See also :

http://www.nessus.org/u?198ba3cd

Solution :

n/a

Risk factor :

None

This script is Copyright (C) 2015 Tenable Network Security, Inc.

Siemens SIMATIC S7-1200 PLC Open Redirection


Synopsis:

The remote web server running on the S7-1200 PLC is affected by an
open redirection vulnerability.

Description:

The Siemens SIMATIC S7-1200 integrated web server has a firmware
version that is prior to 4.1. It is, therefore, affected by an open
redirection vulnerability due to a failure to properly sanitize
user-supplied input. A remote attacker, using a crafted URL, can
exploit this to conduct a phishing attack by redirecting a legitimate
user to a malicious website. This is only a version check and does not
actually exploit the S7-1200 PLC.

See also :

http://www.nessus.org/u?198aa549
http://www.nessus.org/u?1e07e181

Solution :

Upgrade to SIMATIC S7-1200 CPU firmware release version 4.1 or later.

Risk factor :

Medium / CVSS Base Score : 4.3
(CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N)

This script is Copyright (C) 2015 Tenable Network Security, Inc.

Siemens SIMATIC S7-1200 PLC Firmware Detection


Synopsis:

The remote device is a Siemens SIMATIC S7-1200 PLC.

Description:

The remote device has been identified as a Siemens SIMATIC S7-1200
Programmable Logic Controller (PLC), which is managed and monitored
using the S7 protocol.

See also :

http://www.nessus.org/u?198ba3cd

Solution :

n/a

Risk factor :

None

This script is Copyright (C) 2015 Tenable Network Security, Inc.

Ubuntu 14.04 : linux vulnerability (USN-2516-2)


Synopsis:

The remote Ubuntu host is missing one or more security-related patches.

Description:

USN-2516-1 fixed vulnerabilities in the Linux kernel. There was an
unrelated regression in the use of the virtual counter (CNTVCT) on
arm64 architectures. This update fixes the problem.

We apologize for the inconvenience.

A flaw was discovered in the Kernel Virtual Machine's (KVM) emulation
of the SYSTENTER instruction when the guest OS does not initialize the
SYSENTER MSRs. A guest OS user could exploit this flaw to cause a
denial of service of the guest OS (crash) or potentially gain
privileges on the guest OS. (CVE-2015-0239)

Andy Lutomirski discovered an information leak in the Linux kernel's
Thread Local Storage (TLS) implementation allowing users to bypass the
espfix to obtain information that could be used to bypass the Address
Space Layout Randomization (ASLR) protection mechanism. A local user
could exploit this flaw to obtain potentially sensitive information
from kernel memory. (CVE-2014-8133)

A restriction bypass was discovered in iptables when conntrack rules
are specified and the conntrack protocol handler module is not loaded
into the Linux kernel. This flaw can cause the firewall rules on the
system to be bypassed when conntrack rules are used. (CVE-2014-8160)

A flaw was discovered with file renaming in the linux kernel. A local
user could exploit this flaw to cause a denial of service (deadlock
and system hang). (CVE-2014-8559)

A flaw was discovered in how supplemental group memberships are
handled in certain namespace scenarios. A local user could exploit
this flaw to bypass file permission restrictions. (CVE-2014-8989)

A flaw was discovered in how Thread Local Storage (TLS) is handled by
the task switching function in the Linux kernel for x86_64 based
machines. A local user could exploit this flaw to bypass the Address
Space Layout Radomization (ASLR) protection mechanism. (CVE-2014-9419)

Prasad J Pandit reported a flaw in the rock_continue function of the
Linux kernel's ISO 9660 CDROM file system. A local user could exploit
this flaw to cause a denial of service (system crash or hang).
(CVE-2014-9420)

A flaw was discovered in the fragment handling of the B.A.T.M.A.N.
Advanced Meshing Protocol in the Linux kernel. A remote attacker could
exploit this flaw to cause a denial of service (mesh-node system
crash) via fragmented packets. (CVE-2014-9428)

A race condition was discovered in the Linux kernel's key ring. A
local user could cause a denial of service (memory corruption or
panic) or possibly have unspecified impact via the keyctl commands.
(CVE-2014-9529)

A memory leak was discovered in the ISO 9660 CDROM file system when
parsing rock ridge ER records. A local user could exploit this flaw to
obtain sensitive information from kernel memory via a crafted iso9660
image. (CVE-2014-9584)

A flaw was discovered in the Address Space Layout Randomization (ASLR)
of the Virtual Dynamically linked Shared Objects (vDSO) location. This
flaw makes it easier for a local user to bypass the ASLR protection
mechanism. (CVE-2014-9585)

Dmitry Chernenkov discovered a buffer overflow in eCryptfs' encrypted
file name decoding. A local unprivileged user could exploit this flaw
to cause a denial of service (system crash) or potentially gain
administrative privileges. (CVE-2014-9683).

Solution :

Update the affected packages.

Risk factor :

High / CVSS Base Score : 7.8
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C)

Ubuntu Security Notice (C) 2015 Canonical, Inc. / NASL script (C) 2015 Tenable Network Security, Inc.

openSUSE Security Update : MozillaFirefox / mozilla-nss (openSUSE-2015-185)


Synopsis:

The remote openSUSE host is missing a security update.

Description:

MozillaFirefox, mozilla-nss were updated to fix 18 security issues.

MozillaFirefox was updated to version 36.0. These security issues were
fixed :

- CVE-2015-0835, CVE-2015-0836: Miscellaneous memory
safety hazards

- CVE-2015-0832: Appended period to hostnames can bypass
HPKP and HSTS protections

- CVE-2015-0830: Malicious WebGL content crash when
writing strings

- CVE-2015-0834: TLS TURN and STUN connections silently
fail to simple TCP connections

- CVE-2015-0831: Use-after-free in IndexedDB

- CVE-2015-0829: Buffer overflow in libstagefright during
MP4 video playback

- CVE-2015-0828: Double-free when using non-default memory
allocators with a zero-length XHR

- CVE-2015-0827: Out-of-bounds read and write while
rendering SVG content

- CVE-2015-0826: Buffer overflow during CSS restyling

- CVE-2015-0825: Buffer underflow during MP3 playback

- CVE-2015-0824: Crash using DrawTarget in Cairo graphics
library

- CVE-2015-0823: Use-after-free in Developer Console date
with OpenType Sanitiser

- CVE-2015-0822: Reading of local files through
manipulation of form autocomplete

- CVE-2015-0821: Local files or privileged URLs in pages
can be opened into new tabs

- CVE-2015-0819: UI Tour whitelisted sites in background
tab can spoof foreground tabs

- CVE-2015-0820: Caja Compiler JavaScript sandbox bypass

mozilla-nss was updated to version 3.17.4 to fix the following
issues :

- CVE-2014-1569: QuickDER decoder length issue
(bnc#910647).

- bmo#1084986: If an SSL/TLS connection fails, because
client and server don't have any common protocol version
enabled, NSS has been changed to report error code
SSL_ERROR_UNSUPPORTED_VERSION (instead of reporting
SSL_ERROR_NO_CYPHER_OVERLAP).

- bmo#1112461: libpkix was fixed to prefer the newest
certificate, if multiple certificates match.

- bmo#1094492: fixed a memory corruption issue during
failure of keypair generation.

- bmo#1113632: fixed a failure to reload a PKCS#11 module
in FIPS mode.

- bmo#1119983: fixed interoperability of NSS server code
with a LibreSSL client.

See also :

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-CVE-2014-1569
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-CVE-2015-0819
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-CVE-2015-0820
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-CVE-2015-0821
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-CVE-2015-0822
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-CVE-2015-0823
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-CVE-2015-0824
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-CVE-2015-0825
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-CVE-2015-0826
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-CVE-2015-0827
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-CVE-2015-0828
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-CVE-2015-0829
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-CVE-2015-0830
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-CVE-2015-0831
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-CVE-2015-0832
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-CVE-2015-0834
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-CVE-2015-0835
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-CVE-2015-0836
https://bugzilla.opensuse.org/show_bug.cgi?id=910647
https://bugzilla.opensuse.org/show_bug.cgi?id=917597

Solution :

Update the affected MozillaFirefox / mozilla-nss packages.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)

This script is Copyright (C) 2015 Tenable Network Security, Inc.

FreeBSD : mozilla -- multiple vulnerabilities (99029172-8253-407d-9d8b-2cfeab9abf81)


Synopsis:

The remote FreeBSD host is missing one or more security-related
updates.

Description:

The Mozilla Project reports :

MFSA-2015-11 Miscellaneous memory safety hazards (rv:36.0 / rv:31.5)

MFSA-2015-12 Invoking Mozilla updater will load locally stored DLL
files

MFSA-2015-13 Appended period to hostnames can bypass HPKP and HSTS
protections

MFSA-2015-14 Malicious WebGL content crash when writing strings

MFSA-2015-15 TLS TURN and STUN connections silently fail to simple TCP
connections

MFSA-2015-16 Use-after-free in IndexedDB

MFSA-2015-17 Buffer overflow in libstagefright during MP4 video
playback

MFSA-2015-18 Double-free when using non-default memory allocators with
a zero-length XHR

MFSA-2015-19 Out-of-bounds read and write while rendering SVG content

MFSA-2015-20 Buffer overflow during CSS restyling

MFSA-2015-21 Buffer underflow during MP3 playback

MFSA-2015-22 Crash using DrawTarget in Cairo graphics library

MFSA-2015-23 Use-after-free in Developer Console date with OpenType
Sanitiser

MFSA-2015-24 Reading of local files through manipulation of form
autocomplete

MFSA-2015-25 Local files or privileged URLs in pages can be opened
into new tabs

MFSA-2015-26 UI Tour whitelisted sites in background tab can spoof
foreground tabs

MFSA-2015-27 Caja Compiler JavaScript sandbox bypass

See also :

https://www.mozilla.org/security/advisories/mfsa2015-11/
https://www.mozilla.org/security/advisories/mfsa2015-12/
https://www.mozilla.org/security/advisories/mfsa2015-13/
https://www.mozilla.org/security/advisories/mfsa2015-14/
https://www.mozilla.org/security/advisories/mfsa2015-15/
https://www.mozilla.org/security/advisories/mfsa2015-16/
https://www.mozilla.org/security/advisories/mfsa2015-17/
https://www.mozilla.org/security/advisories/mfsa2015-18/
https://www.mozilla.org/security/advisories/mfsa2015-19/
https://www.mozilla.org/security/advisories/mfsa2015-20/
https://www.mozilla.org/security/advisories/mfsa2015-21/
https://www.mozilla.org/security/advisories/mfsa2015-22/
https://www.mozilla.org/security/advisories/mfsa2015-23/
https://www.mozilla.org/security/advisories/mfsa2015-24/
https://www.mozilla.org/security/advisories/mfsa2015-25/
https://www.mozilla.org/security/advisories/mfsa2015-26/
https://www.mozilla.org/security/advisories/mfsa2015-27/
https://www.mozilla.org/security/advisories/
http://www.nessus.org/u?abff0cd3

Solution :

Update the affected packages.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)

This script is Copyright (C) 2015 Tenable Network Security, Inc.

FreeBSD : jenkins -- multiple vulnerabilities (7480b6ac-adf1-443e-a33c-3a3c0becba1e)


Synopsis:

The remote FreeBSD host is missing one or more security-related
updates.

Description:

Kohsuke Kawaguchi from Jenkins team reports : DescriptionSECURITY-125
(Combination filter Groovy script unsecured) This vulnerability allows
users with the job configuration privilege to escalate his privileges,
resulting in arbitrary code execution to the master. SECURITY-162
(directory traversal from artifacts via symlink) This vulnerability
allows users with the job configuration privilege or users with commit
access to the build script to access arbitrary files/directories on
the master, resulting in the exposure of sensitive information, such
as encryption keys. SECURITY-163 (update center metadata retrieval DoS
attack) This vulnerability allows authenticated users to disrupt the
operation of Jenkins by feeding malicious update center data into
Jenkins, affecting plugin installation and tool installation.
SECURITY-165 (external entity injection via XPath) This vulnerability
allows users with the read access to Jenkins to retrieve arbitrary XML
document on the server, resulting in the exposure of sensitive
information inside/outside Jenkins. SECURITY-166
(HudsonPrivateSecurityRealm allows creation of reserved names) For
users using 'Jenkins' own user database' setting, Jenkins doesn't
refuse reserved names, thus allowing privilege escalation.
SECURITY-167 (External entity processing in XML can reveal sensitive
local files) This vulnerability allows attackers to create malicious
XML documents and feed that into Jenkins, which causes Jenkins to
retrieve arbitrary XML document on the server, resulting in the
exposure of sensitive information inside/outside Jenkins. Severity
SECURITY-125 is rated critical. This attack can be only mounted by
users with some trust, but it results in arbitrary code execution on
the master.

SECURITY-162 is rated critical. This attack can be only mounted by
users with some trust, but it results in the exposure of sensitive
information.

SECURITY-163 is rated medium, as it results in the loss of
functionality.

SECURITY-165 is rated critical. This attack is easy to mount, and it
results in the exposure of sensitive information.

SECURITY-166 is rated critical. For users who use the affected
feature, this attack results in arbitrary code execution on the
master.

SECURITY-167 is rated critical. This attack is easy to mount, and it
results in the exposure of sensitive information.

See also :

http://www.nessus.org/u?3a908b80
http://www.nessus.org/u?eefdfcad

Solution :

Update the affected packages.

Risk factor :

High

This script is Copyright (C) 2015 Tenable Network Security, Inc.

Fedora 21 : vorbis-tools-1.4.0-19.fc21 (2015-2335)


Synopsis:

The remote Fedora host is missing a security update.

Description:

- validate count of channels in the header (CVE-2014-9638
and CVE-2014-9639)

See also :

https://bugzilla.redhat.com/show_bug.cgi?id=1184448
https://bugzilla.redhat.com/show_bug.cgi?id=1184449
http://www.nessus.org/u?c06283ea

Solution :

Update the affected vorbis-tools package.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)

This script is Copyright (C) 2015 Tenable Network Security, Inc.

Fedora 20 : vorbis-tools-1.4.0-14.fc20 (2015-2330)


Synopsis:

The remote Fedora host is missing a security update.

Description:

- validate count of channels in the header (CVE-2014-9638
and CVE-2014-9639)

See also :

https://bugzilla.redhat.com/show_bug.cgi?id=1184448
https://bugzilla.redhat.com/show_bug.cgi?id=1184449
http://www.nessus.org/u?93d3ac88

Solution :

Update the affected vorbis-tools package.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)

This script is Copyright (C) 2015 Tenable Network Security, Inc.

Fedora 21 : libuv-0.10.34-1.fc21 / nodejs-0.10.36-3.fc21 / v8-3.14.5.10-17.fc21 (2015-2313)


Synopsis:

The remote Fedora host is missing one or more security updates.

Description:

# nodejs

- tls: re-add 1024-bit SSL certs removed by f9456a2 (Chris
Dickinson)

- timers: don't close interval timers when unrefd (Julien
Gilli)

- timers: don't mutate unref list while iterating it
(Julien Gilli)

- child_process: check execFile args is an array (Sam
Roberts)

- child_process: check fork args is an array (Sam Roberts)

- crypto: update root certificates (Ben Noordhuis)

- domains: fix issues with abort on uncaught (Julien
Gilli)

- timers: Avoid linear scan in _unrefActive. (Julien
Gilli)

- timers: fix unref() memory leak (Trevor Norris)

- debugger: fix when using 'use strict' (Julien Gilli)

# libuv

- linux: fix epoll_pwait() regression with < 2.6.19 (Ben
Noordhuis)

- linux: fix epoll_pwait() sigmask size calculation (Ben
Noordhuis)

- linux: fix sigmask size arg in epoll_pwait() call (Ben
Noordhuis)

- linux: handle O_NONBLOCK != SOCK_NONBLOCK case (Helge
Deller)

- doc: update project links (Ben Noordhuis)

- unix: add flag for blocking SIGPROF during poll (Ben
Noordhuis)

- unix, windows: add uv_loop_configure() function (Ben
Noordhuis)

# v8

- Fix debugger and strict mode regression (Julien Gilli)

- don't busy loop in cpu profiler thread (Ben Noordhuis)

- add api for aborting on uncaught exception (Julien
Gilli)

See also :

https://bugzilla.redhat.com/show_bug.cgi?id=1194651
http://www.nessus.org/u?b24d9909
http://www.nessus.org/u?ea82449a
http://www.nessus.org/u?9a1797f1

Solution :

Update the affected libuv, nodejs and / or v8 packages.

Risk factor :

Low / CVSS Base Score : 3.3
(CVSS2#AV:L/AC:M/Au:N/C:P/I:N/A:P)

This script is Copyright (C) 2015 Tenable Network Security, Inc.

Fedora 21 : librsvg2-2.40.7-1.fc21 (2015-2166)


Synopsis:

The remote Fedora host is missing a security update.

Description:

Update to 2.40.7. This contains various security fixes for which CVEs
have apparently not yet been issued.

See also :

http://www.nessus.org/u?37c9e8a2

Solution :

Update the affected librsvg2 package.

Risk factor :

High

This script is Copyright (C) 2015 Tenable Network Security, Inc.

Fedora 20 : librsvg2-2.40.7-1.fc20 (2015-2134)


Synopsis:

The remote Fedora host is missing a security update.

Description:

Update to 2.40.7. This contains various security updates for which
CVEs have apparently not yet been assigned.

See also :

http://www.nessus.org/u?716c469d

Solution :

Update the affected librsvg2 package.

Risk factor :

High

This script is Copyright (C) 2015 Tenable Network Security, Inc.

Fedora 20 : httpd-2.4.10-2.fc20 (2014-17153)


Synopsis:

The remote Fedora host is missing a security update.

Description:

- core: fix bypassing of mod_headers rules via chunked
requests (CVE-2013-5704)

- mod_cache: fix NULL pointer dereference on empty
Content-Type (CVE-2014-3581)

- mod_proxy_fcgi: fix a potential crash with long
headers (CVE-2014-3583)

- mod_lua: fix handling of the Require line when a
LuaAuthzProvider is used in multiple Require
directives with different arguments (CVE-2014-8109)

See also :

https://bugzilla.redhat.com/show_bug.cgi?id=1082903
https://bugzilla.redhat.com/show_bug.cgi?id=1149709
https://bugzilla.redhat.com/show_bug.cgi?id=1163555
http://www.nessus.org/u?76d03c99

Solution :

Update the affected httpd package.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)

This script is Copyright (C) 2015 Tenable Network Security, Inc.

Apache Tomcat 8.0.x < 8.0.9 Handling Request Smuggling DoS


Synopsis:

The remote Apache Tomcat service is affected by a denial of service
vulnerability.

Description:

According to its self-reported version number, the Apache Tomcat 8.0.x
running on the remote host is prior to version 8.0.9. It is,
therefore, affected by a flaw in 'ChunkedInputFilter.java' due to
improper handling of attempts to continue reading data after an error
has occurred. A remote attacker, using streaming data with malformed
chunked transfer coding, can exploit this to conduct HTTP request
smuggling or cause a denial of service.

Note that Nessus has not tested for this issue but has instead relied
only on the application's self-reported version number.

See also :

http://archives.neohapsis.com/archives/bugtraq/2015-02/0067.html
http://tomcat.apache.org/tomcat-8.0-doc/changelog.html

Solution :

Update to Apache Tomcat version 8.0.9 or later.

Risk factor :

Medium / CVSS Base Score : 6.4
(CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:P)
CVSS Temporal Score : 5.6
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

This script is Copyright (C) 2015 Tenable Network Security, Inc.

Apache Tomcat 6.0.x < 6.0.42 Handling Request Smuggling DoS


Synopsis:

The remote Apache Tomcat service is affected by a denial of service
vulnerability.

Description:

According to its self-reported version number, the Apache Tomcat 6.0.x
running on the remote host is prior to version 6.0.42. It is,
therefore, affected by a flaw in 'ChunkedInputFilter.java' due to
improper handling of attempts to continue reading data after an error
has occurred. A remote attacker, using streaming data with malformed
chunked transfer coding, can exploit this to conduct HTTP request
smuggling or cause a denial of service.

Note that Nessus has not tested for this issue but has instead relied
only on the application's self-reported version number.

See also :

http://archives.neohapsis.com/archives/bugtraq/2015-02/0067.html
http://tomcat.apache.org/tomcat-6.0-doc/changelog.html

Solution :

Update to Apache Tomcat version 6.0.43 or later.

Note that while version 6.0.42 fixes the issue, it was not officially
released, and the vendor recommends upgrading to 6.0.43 or later.

Risk factor :

Medium / CVSS Base Score : 6.4
(CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:P)
CVSS Temporal Score : 5.6
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

This script is Copyright (C) 2015 Tenable Network Security, Inc.

Siemens SIMATIC WinCC (TIA Portal) < 1300.100.2201.15 Multiple Vulnerabilities (SSA-543623)


Synopsis:

An application running on the remote host is affected by multiple
vulnerabilities.

Description:

The remote host is running a version of Siemens SIMATIC WinCC (TIA
Portal) 13.x prior to version 13 service pack 1. It is, therefore,
affected by multiple vulnerabilities :

- A flaw exists in the project administration application
due to the use of a hardcoded encryption key. A remote
attacker can extract this key and use it to perform a
man-in-the-middle attack in order to gain access to the
system. (CVE-2014-4686)

- A flaw exists in the remote management module in Multi
Panels, Comfort Panels, and RT Advanced due to the
transmission of weakly protected credentials over the
network. A remote, man-in-the-middle attacker can
capture the network traffic of the remote management
module to gain access to credential information.
(CVE-2015-1358)

See also :

http://www.nessus.org/u?453f2b12
https://ics-cert.us-cert.gov/advisories/ICSA-15-048-02

Solution :

Upgrade to Siemens SIMATIC WinCC (TIA Portal) version 13 SP1 or later
as recommended by the vendor.

Risk factor :

Medium / CVSS Base Score : 6.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)

This script is Copyright (C) 2015 Tenable Network Security, Inc.

Siemens SIMATIC WinCC (TIA Portal) V13 Detection


Synopsis:

The remote host is running Siemens SIMATIC WinCC (TIA Portal).

Description:

The remote host is running Siemens SIMATIC WinCC Totally Integrated
Automation Portal. This software is commonly used for engineering
SIMATIC S7 programmable logic controllers.

See also :

http://www.nessus.org/u?79601dd6

Solution :

n/a

Risk factor :

None

This script is Copyright (C) 2015 Tenable Network Security, Inc.

Jetty HttpParser Error Remote Memory Disclosure


Synopsis:

The remote web server is affected by a remote memory disclosure
vulnerability.

Description:

The remote instance of Jetty is affected by a remote memory disclosure
vulnerability in the HttpParser module due to incorrect handling of
illegal characters in header values. When an illegal character is
encountered in an HTTP request, Jetty writes a response in a shared
buffer that was used in a previous request. Jetty's response to the
client includes this shared buffer which contains potentially
sensitive data from the previous request. An attacker, using specially
crafted requests containing variable length strings of illegal
characters, can steal sensitive header data (e.g. cookies,
authentication tokens) or sensitive POST data (e.g. credentials).

See also :

http://www.nessus.org/u?b8d0e830
https://bugs.eclipse.org/bugs/show_bug.cgi?id=460642
http://www.nessus.org/u?f918c477

Solution :

Upgrade to Jetty 9.2.9.v20150224 or later. For Jetty 9.3.x, contact
the vendor for a solution.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)
CVSS Temporal Score : 4.3
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

This script is Copyright (C) 2015 Tenable Network Security, Inc.

TYPO3 Anchor-only Links Remote Spoofing Vulnerability


Synopsis:

The remote host is affected by a URL spoofing vulnerability.

Description:

The TYPO3 content management system running on the remote host is
affected by a URL spoofing vulnerability involving anchor-only links
on the homepage. A remote attacker, using a specially crafted request,
can modify links so they point to arbitrary domains. Furthermore, an
attacker can utilize this vulnerability to poison the cache in order
to temporarily alter the links on the index page until cache
expiration.

See also :

http://www.nessus.org/u?940a47ed

Solution :

Upgrade to a patched version or set the 'config.absRefPrefix'
configuration option to a non-empty value.

Risk factor :

Medium / CVSS Base Score : 4.3
(CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N)
CVSS Temporal Score : 4.3
(CVSS2#E:ND/RL:U/RC:C)
Public Exploit Available : true

This script is Copyright (C) 2015 Tenable Network Security, Inc.

Cisco ASA SSL VPN Remote Information Disclosure (CSCuq65542)


Synopsis:

The remote device is missing a vendor-supplied security patch.

Description:

The Cisco ASA software on the remote device is affected by an
information disclosure vulnerability in the SSL VPN feature. A remote
attacker, by requesting a specific URL (/CSCOSSLC/config-auth) via
HTTPS, can obtain software version information, which then can be used
for reconnaissance attacks.

See also :

http://www.nessus.org/u?ea385c92
http://tools.cisco.com/security/center/viewAlert.x?alertId=35946
http://www.nessus.org/u?d5013fbe

Solution :

Apply the relevant patch referenced in Cisco bug ID CSCuq65542.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)

This script is Copyright (C) 2015 Tenable Network Security, Inc.

Ubuntu 10.04 LTS / 12.04 LTS / 14.04 / 14.10 : cups vulnerability (USN-2520-1)


Synopsis:

The remote Ubuntu host is missing a security-related patch.

Description:

Peter De Wachter discovered that CUPS incorrectly handled certain
malformed compressed raster files. A remote attacker could use this
issue to cause CUPS to crash, resulting in a denial of service, or
possibly execute arbitrary code.

Solution :

Update the affected cups package.

Risk factor :

Medium / CVSS Base Score : 6.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)

Ubuntu Security Notice (C) 2015 Canonical, Inc. / NASL script (C) 2015 Tenable Network Security, Inc.

Ubuntu 10.04 LTS / 12.04 LTS / 14.04 / 14.10 : eglibc, glibc vulnerabilities (USN-2519-1)


Synopsis:

The remote Ubuntu host is missing a security-related patch.

Description:

Arnaud Le Blanc discovered that the GNU C Library incorrectly handled
file descriptors when resolving DNS queries under high load. This may
cause a denial of service in other applications, or an information
leak. This issue only affected Ubuntu 10.04 LTS, Ubuntu 12.04 LTS and
Ubuntu 14.04 LTS. (CVE-2013-7423)

It was discovered that the GNU C Library incorrectly handled receiving
a positive answer while processing the network name when performing
DNS resolution. A remote attacker could use this issue to cause the
GNU C Library to hang, resulting in a denial of service.
(CVE-2014-9402)

Joseph Myers discovered that the GNU C Library wscanf function
incorrectly handled memory. A remote attacker could possibly use this
issue to cause the GNU C Library to crash, resulting in a denial of
service, or possibly execute arbitrary code. This issue only affected
Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 14.10. (CVE-2015-1472,
CVE-2015-1473).

Solution :

Update the affected libc6 package.

Risk factor :

High / CVSS Base Score : 7.8
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C)

Ubuntu Security Notice (C) 2015 Canonical, Inc. / NASL script (C) 2015 Tenable Network Security, Inc.

Ubuntu 14.10 : linux vulnerabilities (USN-2518-1)


Synopsis:

The remote Ubuntu host is missing one or more security-related patches.

Description:

A flaw was discovered in the Kernel Virtual Machine's (KVM) emulation
of the SYSTENTER instruction when the guest OS does not initialize the
SYSENTER MSRs. A guest OS user could exploit this flaw to cause a
denial of service of the guest OS (crash) or potentially gain
privileges on the guest OS. (CVE-2015-0239)

Andy Lutomirski discovered an information leak in the Linux kernel's
Thread Local Storage (TLS) implementation allowing users to bypass the
espfix to obtain information that could be used to bypass the Address
Space Layout Randomization (ASLR) protection mechanism. A local user
could exploit this flaw to obtain potentially sensitive information
from kernel memory. (CVE-2014-8133)

A restriction bypass was discovered in iptables when conntrack rules
are specified and the conntrack protocol handler module is not loaded
into the Linux kernel. This flaw can cause the firewall rules on the
system to be bypassed when conntrack rules are used. (CVE-2014-8160)

A flaw was discovered with file renaming in the linux kernel. A local
user could exploit this flaw to cause a denial of service (deadlock
and system hang). (CVE-2014-8559)

A flaw was discovered in how supplemental group memberships are
handled in certain namespace scenarios. A local user could exploit
this flaw to bypass file permission restrictions. (CVE-2014-8989)

A flaw was discovered in how Thread Local Storage (TLS) is handled by
the task switching function in the Linux kernel for x86_64 based
machines. A local user could exploit this flaw to bypass the Address
Space Layout Radomization (ASLR) protection mechanism. (CVE-2014-9419)

Prasad J Pandit reported a flaw in the rock_continue function of the
Linux kernel's ISO 9660 CDROM file system. A local user could exploit
this flaw to cause a denial of service (system crash or hang).
(CVE-2014-9420)

A flaw was discovered in the fragment handling of the B.A.T.M.A.N.
Advanced Meshing Protocol in the Linux kernel. A remote attacker could
exploit this flaw to cause a denial of service (mesh-node system
crash) via fragmented packets. (CVE-2014-9428)

A race condition was discovered in the Linux kernel's key ring. A
local user could cause a denial of service (memory corruption or
panic) or possibly have unspecified impact via the keyctl commands.
(CVE-2014-9529)

A memory leak was discovered in the ISO 9660 CDROM file system when
parsing rock ridge ER records. A local user could exploit this flaw to
obtain sensitive information from kernel memory via a crafted iso9660
image. (CVE-2014-9584)

A flaw was discovered in the Address Space Layout Randomization (ASLR)
of the Virtual Dynamically linked Shared Objects (vDSO) location. This
flaw makes it easier for a local user to bypass the ASLR protection
mechanism. (CVE-2014-9585)

Dmitry Chernenkov discovered a buffer overflow in eCryptfs' encrypted
file name decoding. A local unprivileged user could exploit this flaw
to cause a denial of service (system crash) or potentially gain
administrative privileges. (CVE-2014-9683).

Solution :

Update the affected linux-image-3.16.0-31-generic,
linux-image-3.16.0-31-generic-lpae and / or
linux-image-3.16.0-31-lowlatency packages.

Risk factor :

High / CVSS Base Score : 7.8
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C)

Ubuntu Security Notice (C) 2015 Canonical, Inc. / NASL script (C) 2015 Tenable Network Security, Inc.

Ubuntu 14.04 : linux-lts-utopic vulnerabilities (USN-2517-1)


Synopsis:

The remote Ubuntu host is missing one or more security-related patches.

Description:

A flaw was discovered in the Kernel Virtual Machine's (KVM) emulation
of the SYSTENTER instruction when the guest OS does not initialize the
SYSENTER MSRs. A guest OS user could exploit this flaw to cause a
denial of service of the guest OS (crash) or potentially gain
privileges on the guest OS. (CVE-2015-0239)

Andy Lutomirski discovered an information leak in the Linux kernel's
Thread Local Storage (TLS) implementation allowing users to bypass the
espfix to obtain information that could be used to bypass the Address
Space Layout Randomization (ASLR) protection mechanism. A local user
could exploit this flaw to obtain potentially sensitive information
from kernel memory. (CVE-2014-8133)

A restriction bypass was discovered in iptables when conntrack rules
are specified and the conntrack protocol handler module is not loaded
into the Linux kernel. This flaw can cause the firewall rules on the
system to be bypassed when conntrack rules are used. (CVE-2014-8160)

A flaw was discovered with file renaming in the linux kernel. A local
user could exploit this flaw to cause a denial of service (deadlock
and system hang). (CVE-2014-8559)

A flaw was discovered in how supplemental group memberships are
handled in certain namespace scenarios. A local user could exploit
this flaw to bypass file permission restrictions. (CVE-2014-8989)

A flaw was discovered in how Thread Local Storage (TLS) is handled by
the task switching function in the Linux kernel for x86_64 based
machines. A local user could exploit this flaw to bypass the Address
Space Layout Radomization (ASLR) protection mechanism. (CVE-2014-9419)

Prasad J Pandit reported a flaw in the rock_continue function of the
Linux kernel's ISO 9660 CDROM file system. A local user could exploit
this flaw to cause a denial of service (system crash or hang).
(CVE-2014-9420)

A flaw was discovered in the fragment handling of the B.A.T.M.A.N.
Advanced Meshing Protocol in the Linux kernel. A remote attacker could
exploit this flaw to cause a denial of service (mesh-node system
crash) via fragmented packets. (CVE-2014-9428)

A race condition was discovered in the Linux kernel's key ring. A
local user could cause a denial of service (memory corruption or
panic) or possibly have unspecified impact via the keyctl commands.
(CVE-2014-9529)

A memory leak was discovered in the ISO 9660 CDROM file system when
parsing rock ridge ER records. A local user could exploit this flaw to
obtain sensitive information from kernel memory via a crafted iso9660
image. (CVE-2014-9584)

A flaw was discovered in the Address Space Layout Randomization (ASLR)
of the Virtual Dynamically linked Shared Objects (vDSO) location. This
flaw makes it easier for a local user to bypass the ASLR protection
mechanism. (CVE-2014-9585)

Dmitry Chernenkov discovered a buffer overflow in eCryptfs' encrypted
file name decoding. A local unprivileged user could exploit this flaw
to cause a denial of service (system crash) or potentially gain
administrative privileges. (CVE-2014-9683).

Solution :

Update the affected linux-image-3.16.0-31-generic,
linux-image-3.16.0-31-generic-lpae and / or
linux-image-3.16.0-31-lowlatency packages.

Risk factor :

High / CVSS Base Score : 7.8
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C)

Ubuntu Security Notice (C) 2015 Canonical, Inc. / NASL script (C) 2015 Tenable Network Security, Inc.

Ubuntu 14.04 : linux vulnerabilities (USN-2516-1)


Synopsis:

The remote Ubuntu host is missing one or more security-related patches.

Description:

A flaw was discovered in the Kernel Virtual Machine's (KVM) emulation
of the SYSTENTER instruction when the guest OS does not initialize the
SYSENTER MSRs. A guest OS user could exploit this flaw to cause a
denial of service of the guest OS (crash) or potentially gain
privileges on the guest OS. (CVE-2015-0239)

Andy Lutomirski discovered an information leak in the Linux kernel's
Thread Local Storage (TLS) implementation allowing users to bypass the
espfix to obtain information that could be used to bypass the Address
Space Layout Randomization (ASLR) protection mechanism. A local user
could exploit this flaw to obtain potentially sensitive information
from kernel memory. (CVE-2014-8133)

A restriction bypass was discovered in iptables when conntrack rules
are specified and the conntrack protocol handler module is not loaded
into the Linux kernel. This flaw can cause the firewall rules on the
system to be bypassed when conntrack rules are used. (CVE-2014-8160)

A flaw was discovered with file renaming in the linux kernel. A local
user could exploit this flaw to cause a denial of service (deadlock
and system hang). (CVE-2014-8559)

A flaw was discovered in how supplemental group memberships are
handled in certain namespace scenarios. A local user could exploit
this flaw to bypass file permission restrictions. (CVE-2014-8989)

A flaw was discovered in how Thread Local Storage (TLS) is handled by
the task switching function in the Linux kernel for x86_64 based
machines. A local user could exploit this flaw to bypass the Address
Space Layout Radomization (ASLR) protection mechanism. (CVE-2014-9419)

Prasad J Pandit reported a flaw in the rock_continue function of the
Linux kernel's ISO 9660 CDROM file system. A local user could exploit
this flaw to cause a denial of service (system crash or hang).
(CVE-2014-9420)

A flaw was discovered in the fragment handling of the B.A.T.M.A.N.
Advanced Meshing Protocol in the Linux kernel. A remote attacker could
exploit this flaw to cause a denial of service (mesh-node system
crash) via fragmented packets. (CVE-2014-9428)

A race condition was discovered in the Linux kernel's key ring. A
local user could cause a denial of service (memory corruption or
panic) or possibly have unspecified impact via the keyctl commands.
(CVE-2014-9529)

A memory leak was discovered in the ISO 9660 CDROM file system when
parsing rock ridge ER records. A local user could exploit this flaw to
obtain sensitive information from kernel memory via a crafted iso9660
image. (CVE-2014-9584)

A flaw was discovered in the Address Space Layout Randomization (ASLR)
of the Virtual Dynamically linked Shared Objects (vDSO) location. This
flaw makes it easier for a local user to bypass the ASLR protection
mechanism. (CVE-2014-9585)

Dmitry Chernenkov discovered a buffer overflow in eCryptfs' encrypted
file name decoding. A local unprivileged user could exploit this flaw
to cause a denial of service (system crash) or potentially gain
administrative privileges. (CVE-2014-9683).

Solution :

Update the affected linux-image-3.13.0-46-generic,
linux-image-3.13.0-46-generic-lpae and / or
linux-image-3.13.0-46-lowlatency packages.

Risk factor :

High / CVSS Base Score : 7.8
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C)

Ubuntu Security Notice (C) 2015 Canonical, Inc. / NASL script (C) 2015 Tenable Network Security, Inc.

Ubuntu 12.04 LTS : linux-lts-trusty vulnerabilities (USN-2515-1)


Synopsis:

The remote Ubuntu host is missing one or more security-related patches.

Description:

A flaw was discovered in the Kernel Virtual Machine's (KVM) emulation
of the SYSTENTER instruction when the guest OS does not initialize the
SYSENTER MSRs. A guest OS user could exploit this flaw to cause a
denial of service of the guest OS (crash) or potentially gain
privileges on the guest OS. (CVE-2015-0239)

Andy Lutomirski discovered an information leak in the Linux kernel's
Thread Local Storage (TLS) implementation allowing users to bypass the
espfix to obtain information that could be used to bypass the Address
Space Layout Randomization (ASLR) protection mechanism. A local user
could exploit this flaw to obtain potentially sensitive information
from kernel memory. (CVE-2014-8133)

A restriction bypass was discovered in iptables when conntrack rules
are specified and the conntrack protocol handler module is not loaded
into the Linux kernel. This flaw can cause the firewall rules on the
system to be bypassed when conntrack rules are used. (CVE-2014-8160)

A flaw was discovered with file renaming in the linux kernel. A local
user could exploit this flaw to cause a denial of service (deadlock
and system hang). (CVE-2014-8559)

A flaw was discovered in how supplemental group memberships are
handled in certain namespace scenarios. A local user could exploit
this flaw to bypass file permission restrictions. (CVE-2014-8989)

A flaw was discovered in how Thread Local Storage (TLS) is handled by
the task switching function in the Linux kernel for x86_64 based
machines. A local user could exploit this flaw to bypass the Address
Space Layout Radomization (ASLR) protection mechanism. (CVE-2014-9419)

Prasad J Pandit reported a flaw in the rock_continue function of the
Linux kernel's ISO 9660 CDROM file system. A local user could exploit
this flaw to cause a denial of service (system crash or hang).
(CVE-2014-9420)

A flaw was discovered in the fragment handling of the B.A.T.M.A.N.
Advanced Meshing Protocol in the Linux kernel. A remote attacker could
exploit this flaw to cause a denial of service (mesh-node system
crash) via fragmented packets. (CVE-2014-9428)

A race condition was discovered in the Linux kernel's key ring. A
local user could cause a denial of service (memory corruption or
panic) or possibly have unspecified impact via the keyctl commands.
(CVE-2014-9529)

A memory leak was discovered in the ISO 9660 CDROM file system when
parsing rock ridge ER records. A local user could exploit this flaw to
obtain sensitive information from kernel memory via a crafted iso9660
image. (CVE-2014-9584)

A flaw was discovered in the Address Space Layout Randomization (ASLR)
of the Virtual Dynamically linked Shared Objects (vDSO) location. This
flaw makes it easier for a local user to bypass the ASLR protection
mechanism. (CVE-2014-9585)

Dmitry Chernenkov discovered a buffer overflow in eCryptfs' encrypted
file name decoding. A local unprivileged user could exploit this flaw
to cause a denial of service (system crash) or potentially gain
administrative privileges. (CVE-2014-9683).

Solution :

Update the affected linux-image-3.13.0-46-generic and / or
linux-image-3.13.0-46-generic-lpae packages.

Risk factor :

High / CVSS Base Score : 7.8
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C)

Ubuntu Security Notice (C) 2015 Canonical, Inc. / NASL script (C) 2015 Tenable Network Security, Inc.

Ubuntu 12.04 LTS : linux vulnerabilities (USN-2513-1)


Synopsis:

The remote Ubuntu host is missing one or more security-related patches.

Description:

A flaw was discovered in the Kernel Virtual Machine's (KVM) emulation
of the SYSTENTER instruction when the guest OS does not initialize the
SYSENTER MSRs. A guest OS user could exploit this flaw to cause a
denial of service of the guest OS (crash) or potentially gain
privileges on the guest OS. (CVE-2015-0239)

A flaw was discovered in the automatic loading of modules in the
crypto subsystem of the Linux kernel. A local user could exploit this
flaw to load installed kernel modules, increasing the attack surface
and potentially using this to gain administrative privileges.
(CVE-2013-7421)

Andy Lutomirski discovered a flaw in how the Linux kernel handles
pivot_root when used with a chroot directory. A local user could
exploit this flaw to cause a denial of service (mount-tree loop).
(CVE-2014-7970)

A restriction bypass was discovered in iptables when conntrack rules
are specified and the conntrack protocol handler module is not loaded
into the Linux kernel. This flaw can cause the firewall rules on the
system to be bypassed when conntrack rules are used. (CVE-2014-8160)

A race condition was discovered in the Linux kernel's key ring. A
local user could cause a denial of service (memory corruption or
panic) or possibly have unspecified impact via the keyctl commands.
(CVE-2014-9529)

A memory leak was discovered in the ISO 9660 CDROM file system when
parsing rock ridge ER records. A local user could exploit this flaw to
obtain sensitive information from kernel memory via a crafted iso9660
image. (CVE-2014-9584)

A flaw was discovered in the Address Space Layout Randomization (ASLR)
of the Virtual Dynamically linked Shared Objects (vDSO) location. This
flaw makes it easier for a local user to bypass the ASLR protection
mechanism. (CVE-2014-9585)

A flaw was discovered in the crypto subsystem when screening module
names for automatic module loading if the name contained a valid
crypto module name, eg. vfat(aes). A local user could exploit this
flaw to load installed kernel modules, increasing the attack surface
and potentially using this to gain administrative privileges.
(CVE-2014-9644).

Solution :

Update the affected packages.

Risk factor :

High / CVSS Base Score : 7.2
(CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)

Ubuntu Security Notice (C) 2015 Canonical, Inc. / NASL script (C) 2015 Tenable Network Security, Inc.

Ubuntu 10.04 LTS : linux-ec2 vulnerabilities (USN-2512-1)


Synopsis:

The remote Ubuntu host is missing a security-related patch.

Description:

A race condition was discovered in the Linux kernel's key ring. A
local user could cause a denial of service (memory corruption or
panic) or possibly have unspecified impact via the keyctl commands.
(CVE-2014-9529)

A memory leak was discovered in the ISO 9660 CDROM file system when
parsing rock ridge ER records. A local user could exploit this flaw to
obtain sensitive information from kernel memory via a crafted iso9660
image. (CVE-2014-9584).

Solution :

Update the affected linux-image-2.6.32-376-ec2 package.

Risk factor :

High / CVSS Base Score : 7.2
(CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)

Ubuntu Security Notice (C) 2015 Canonical, Inc. / NASL script (C) 2015 Tenable Network Security, Inc.

Ubuntu 10.04 LTS : linux vulnerabilities (USN-2511-1)


Synopsis:

The remote Ubuntu host is missing one or more security-related patches.

Description:

A race condition was discovered in the Linux kernel's key ring. A
local user could cause a denial of service (memory corruption or
panic) or possibly have unspecified impact via the keyctl commands.
(CVE-2014-9529)

A memory leak was discovered in the ISO 9660 CDROM file system when
parsing rock ridge ER records. A local user could exploit this flaw to
obtain sensitive information from kernel memory via a crafted iso9660
image. (CVE-2014-9584).

Solution :

Update the affected packages.

Risk factor :

High / CVSS Base Score : 7.2
(CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)

Ubuntu Security Notice (C) 2015 Canonical, Inc. / NASL script (C) 2015 Tenable Network Security, Inc.

Oracle Linux 5 : openssl (ELSA-2015-3010)


Synopsis:

The remote Oracle Linux host is missing one or more security updates.

Description:

Description of changes:

[0.9.8e-32.0.1]

See also :

https://oss.oracle.com/pipermail/el-errata/2015-February/004863.html

Solution :

Update the affected openssl packages.

Risk factor :

High

This script is Copyright (C) 2015 Tenable Network Security, Inc.

openSUSE Security Update : snack (openSUSE-2015-183)


Synopsis:

The remote openSUSE host is missing a security update.

Description:

snack was updated to fix one security issue.

This security issue was fixed :

- CVE-2012-6303: Heap-based buffer overflow in the
GetWavHeader function in generic/jkSoundFile.c in the
Snack Sound Toolkit, as used in WaveSurfer 1.8.8p4,
allowed remote attackers to cause a denial of service
(crash) and possibly execute arbitrary code via a large
chunk size in a WAV file (bnc#793860).

See also :

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-CVE-2012-6303
https://bugzilla.opensuse.org/show_bug.cgi?id=793860

Solution :

Update the affected snack packages.

Risk factor :

Medium / CVSS Base Score : 6.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)

This script is Copyright (C) 2015 Tenable Network Security, Inc.

openSUSE Security Update : cups (openSUSE-2015-182)


Synopsis:

The remote openSUSE host is missing a security update.

Description:

cups was updated to fix one security issue.

This security issue was fixed :

- CVE-2014-9679: A malformed compressed raster file can
trigger a buffer overflow in cupsRasterReadPixels
(bnc#917799).

See also :

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-CVE-2014-9679
https://bugzilla.opensuse.org/show_bug.cgi?id=917799

Solution :

Update the affected cups packages.

Risk factor :

Medium / CVSS Base Score : 6.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)

This script is Copyright (C) 2015 Tenable Network Security, Inc.

openSUSE Security Update : samba (openSUSE-2015-179)


Synopsis:

The remote openSUSE host is missing a security update.

Description:

samba was updated to fix two security issues.

These security issues were fixed :

- CVE-2015-0240: Ensure we don't call talloc_free on an
uninitialized pointer (bnc#917376).

- CVE-2014-8143: Samba 4.0.x before 4.0.24, 4.1.x before
4.1.16, and 4.2.x before 4.2rc4, when an Active
Directory Domain Controller (AD DC) is configured,
allowed remote authenticated users to set the LDB
userAccountControl UF_SERVER_TRUST_ACCOUNT bit, and
consequently gain privileges, by leveraging delegation
of authority for user-account or computer-account
creation (bnc#914279).

Several non-security issues were fixed, please refer to the changes
file.

See also :

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-CVE-2014-8143
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-CVE-2015-0240
https://bugzilla.opensuse.org/show_bug.cgi?id=914279
https://bugzilla.opensuse.org/show_bug.cgi?id=917376

Solution :

Update the affected samba packages.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

This script is Copyright (C) 2015 Tenable Network Security, Inc.

openSUSE Security Update : glibc (openSUSE-2015-173)


Synopsis:

The remote openSUSE host is missing a security update.

Description:

Glibc was updated to fix several security issues.

- Avoid infinite loop in nss_dns getnetbyname
(CVE-2014-9402, bsc#910599, BZ #17630)

- wordexp fails to honour WRDE_NOCMD (CVE-2014-7817,
bsc#906371, BZ #17625)

- Fix invalid file descriptor reuse while sending DNS
query (CVE-2013-7423, bsc#915526, BZ #15946)

- Fix buffer overflow in wscanf (CVE-2015-1472,
bsc#916222, BZ #16618)

See also :

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-CVE-2013-7423
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-CVE-2014-7817
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-CVE-2014-9402
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-CVE-2015-1472
https://bugzilla.opensuse.org/show_bug.cgi?id=906371
https://bugzilla.opensuse.org/show_bug.cgi?id=910599
https://bugzilla.opensuse.org/show_bug.cgi?id=915526
https://bugzilla.opensuse.org/show_bug.cgi?id=916222

Solution :

Update the affected glibc packages.

Risk factor :

High / CVSS Base Score : 7.8
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C)

This script is Copyright (C) 2015 Tenable Network Security, Inc.

FreeBSD : php5 -- multiple vulnerabilities (f7a9e415-bdca-11e4-970c-000c292ee6b8)


Synopsis:

The remote FreeBSD host is missing one or more security-related
updates.

Description:

The PHP Project reports :

Use after free vulnerability in unserialize() with DateTimeZone.

Mitigation for CVE-2015-0235 -- GHOST: glibc gethostbyname buffer
overflow.

See also :

http://php.net/ChangeLog-5.php#5.4.38
http://php.net/ChangeLog-5.php#5.5.22
http://php.net/ChangeLog-5.php#5.6.6
http://www.nessus.org/u?0776bf79

Solution :

Update the affected packages.

Risk factor :

High / CVSS Base Score : 7.6
(CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C)

This script is Copyright (C) 2015 Tenable Network Security, Inc.

F5 Networks BIG-IP : BIG-IP ASM XSS vulnerability (SOL16081)


Synopsis:

The remote device is missing a vendor-supplied security patch.

Description:

Cross-site scripting (XSS) vulnerability in F5 BIG-IP Application
Security Manager (ASM) before 11.6.0 allows an authenticated user to
inject arbitrary web script or HTML via the Response Body field.
(CVE-2015-1050)

See also :

http://www.nessus.org/u?bf357527

Solution :

Upgrade to one of the non-vulnerable versions listed in the F5
Solution SOL16081.

Risk factor :

Medium / CVSS Base Score : 4.3
(CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N)
CVSS Temporal Score : 3.7
(CVSS2#E:ND/RL:OF/RC:ND)
Public Exploit Available : true

This script is Copyright (C) 2015 Tenable Network Security, Inc.