Newest Plugins

Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2014-3083)


Synopsis:

The remote Oracle Linux host is missing one or more security updates.

Description:

Description of changes:

kernel-uek
[2.6.32-400.36.9.el5uek]
- ALSA: control: Don't access controls outside of protected regions
(Lars-Peter Clausen) [Orabug: 19817787] {CVE-2014-4653}
{CVE-2014-4654} {CVE-2014-4655}
- ALSA: control: Fix replacing user controls (Lars-Peter Clausen)
[Orabug: 19817749] {CVE-2014-4653} {CVE-2014-4654} {CVE-2014-4655}
- mm: try_to_unmap_cluster() should lock_page() before mlocking
(Vlastimil Babka) [Orabug: 19817324] {CVE-2014-3122}
- vm: convert fb_mmap to vm_iomap_memory() helper (Linus Torvalds)
[Orabug: 19816564] {CVE-2013-2596}
- vm: add vm_iomap_memory() helper function (Linus Torvalds) [Orabug:
19816564] {CVE-2013-2596}
- net: sctp: inherit auth_capable on INIT collisions (Daniel Borkmann)
[Orabug: 19816069] {CVE-2014-5077}

See also :

https://oss.oracle.com/pipermail/el-errata/2014-October/004551.html
https://oss.oracle.com/pipermail/el-errata/2014-October/004552.html

Solution :

Update the affected unbreakable enterprise kernel packages.

Risk factor :

Medium / CVSS Base Score : 6.9
(CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C)

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2014-3082)


Synopsis:

The remote Oracle Linux host is missing one or more security updates.

Description:

Description of changes:

[2.6.39-400.215.11.el6uek]
- ALSA: control: Don't access controls outside of protected regions
(Lars-Peter Clausen) [Orabug: 19817786] {CVE-2014-4653}
{CVE-2014-4654} {CVE-2014-4655}
- ALSA: control: Fix replacing user controls (Lars-Peter Clausen)
[Orabug: 19817748] {CVE-2014-4653} {CVE-2014-4654} {CVE-2014-4655}
- kvm: iommu: fix the third parameter of kvm_iommu_put_pages
(CVE-2014-3601) (Michael S. Tsirkin) [Orabug: 19817647] {CVE-2014-3601}
- mm: try_to_unmap_cluster() should lock_page() before mlocking
(Vlastimil Babka) [Orabug: 19817323] {CVE-2014-3122}
- vm: convert fb_mmap to vm_iomap_memory() helper (Linus Torvalds)
[Orabug: 19816563] {CVE-2013-2596}
- vm: add vm_iomap_memory() helper function (Linus Torvalds) [Orabug:
19816563] {CVE-2013-2596}
- net: sctp: inherit auth_capable on INIT collisions (Daniel Borkmann)
[Orabug: 19816068] {CVE-2014-5077}

See also :

https://oss.oracle.com/pipermail/el-errata/2014-October/004547.html
https://oss.oracle.com/pipermail/el-errata/2014-October/004548.html

Solution :

Update the affected unbreakable enterprise kernel packages.

Risk factor :

Medium / CVSS Base Score : 6.9
(CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C)

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2014-3081)


Synopsis:

The remote Oracle Linux host is missing one or more security updates.

Description:

Description of changes:

kernel-uek
[3.8.13-44.1.3.el6uek]
- ALSA: control: Don't access controls outside of protected regions
(Lars-Peter Clausen) [Orabug: 19817785] {CVE-2014-4653}
{CVE-2014-4654} {CVE-2014-4655}
- ALSA: control: Fix replacing user controls (Lars-Peter Clausen)
[Orabug: 19817747] {CVE-2014-4653} {CVE-2014-4654} {CVE-2014-4655}
- kvm: iommu: fix the third parameter of kvm_iommu_put_pages
(CVE-2014-3601) (Michael S. Tsirkin) [Orabug: 19817646] {CVE-2014-3601}
- net: sctp: inherit auth_capable on INIT collisions (Daniel Borkmann)
[Orabug: 19816067] {CVE-2014-5077}

[3.8.13-44.1.2.el6uek]
- CVE-2014-3535: NULL pointer dereference in VxLAN packet logging.
(Sasha Levin) [Orabug: 19613139]

See also :

https://oss.oracle.com/pipermail/el-errata/2014-October/004545.html
https://oss.oracle.com/pipermail/el-errata/2014-October/004546.html

Solution :

Update the affected unbreakable enterprise kernel packages.

Risk factor :

High / CVSS Base Score : 7.8
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C)

This script is Copyright (C) 2014 Tenable Network Security, Inc.

FreeBSD : libxml2 -- Denial of service (0642b064-56c4-11e4-8b87-bcaec565249c)


Synopsis:

The remote FreeBSD host is missing a security-related update.

Description:

RedHat reports :

A denial of service flaw was found in libxml2, a library providing
support to read, modify and write XML and HTML files. A remote
attacker could provide a specially crafted XML file that, when
processed by an application using libxml2, would lead to excessive CPU
consumption (denial of service) based on excessive entity
substitutions, even if entity substitution was disabled, which is the
parser default behavior.

See also :

https://rhn.redhat.com/errata/RHSA-2014-1655.html
http://www.nessus.org/u?83e091bb

Solution :

Update the affected package.

Risk factor :

High

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Fedora 20 : java-1.8.0-openjdk-1.8.0.25-0.b18.fc20 (2014-13075)


Synopsis:

The remote Fedora host is missing a security update.

Description:

Updated to security u25. Security bugs are same as for
http://blog.fuseyism.com/index.php/2014/10/15/security-icedtea-2-5-3-f
or-openjdk-7-released/

See also :

http://www.nessus.org/u?d4851c44
http://www.nessus.org/u?aab9a4ad

Solution :

Update the affected java-1.8.0-openjdk package.

Risk factor :

High

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Fedora 20 : openssl-1.0.1e-40.fc20 (2014-13069)


Synopsis:

The remote Fedora host is missing a security update.

Description:

Update fixing three moderate security issues.

See also :

https://bugzilla.redhat.com/show_bug.cgi?id=1152850
http://www.nessus.org/u?89ddd0de

Solution :

Update the affected openssl package.

Risk factor :

Medium / CVSS Base Score : 4.3
(CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N)
Public Exploit Available : true

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Fedora 20 : kernel-3.16.6-200.fc20 (2014-13045)


Synopsis:

The remote Fedora host is missing a security update.

Description:

The 3.16.6 stable update contains a number of important fixes across
the tree.

See also :

https://bugzilla.redhat.com/show_bug.cgi?id=1151095
https://bugzilla.redhat.com/show_bug.cgi?id=1151108
http://www.nessus.org/u?5c7dfaaf

Solution :

Update the affected kernel package.

Risk factor :

Medium / CVSS Base Score : 4.9
(CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:C)

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Fedora 20 : firefox-33.0-1.fc20 (2014-13042)


Synopsis:

The remote Fedora host is missing a security update.

Description:

New upstream version - Firefox 33. Update to the latest upstream
32.0.2.

See also :

http://www.nessus.org/u?75cf85a7

Solution :

Update the affected firefox package.

Risk factor :

High

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Fedora 20 : java-1.7.0-openjdk-1.7.0.71-2.5.3.0.fc20 (2014-13021)


Synopsis:

The remote Fedora host is missing a security update.

Description:

Upodated to security u71
http://blog.fuseyism.com/index.php/2014/10/15/security-icedtea-2-5-3-f
or-openjdk-7-released/

See also :

http://www.nessus.org/u?d4851c44
http://www.nessus.org/u?76d303f8

Solution :

Update the affected java-1.7.0-openjdk package.

Risk factor :

High

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Fedora 20 : thunderbird-31.2.0-1.fc20 (2014-13001)


Synopsis:

The remote Fedora host is missing a security update.

Description:

For list of changes see:
https://www.mozilla.org/en-US/thunderbird/31.2.0/releasenotes/ For
release notes and fixed issues see here:
https://www.mozilla.org/en-US/thunderbird/31.1.1/releasenotes/

See also :

https://www.mozilla.org/en-US/thunderbird/31.1.1/releasenotes/
https://www.mozilla.org/en-US/thunderbird/31.2.0/releasenotes/
http://www.nessus.org/u?d798df4e

Solution :

Update the affected thunderbird package.

Risk factor :

High

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Fedora 20 : libxml2-2.9.1-3.fc20 (2014-12995)


Synopsis:

The remote Fedora host is missing a security update.

Description:

New variants for the billion laugh DOS attacks

See also :

https://bugzilla.redhat.com/show_bug.cgi?id=1149084
http://www.nessus.org/u?389e0d36

Solution :

Update the affected libxml2 package.

Risk factor :

High

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Fedora 20 : gnome-shell-3.10.4-9.fc20 (2014-12690)


Synopsis:

The remote Fedora host is missing a security update.

Description:

Security fix for lock screen circumvention by consecutive screenshot
requests triggering OOM situation

See also :

https://bugzilla.redhat.com/show_bug.cgi?id=1147917
http://www.nessus.org/u?1686c48b

Solution :

Update the affected gnome-shell package.

Risk factor :

High

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Fedora 20 : php-ZendFramework-1.12.9-1.fc20 (2014-12418)


Synopsis:

The remote Fedora host is missing a security update.

Description:

Contains fixes for two security relevant bugs :

- 'ZF2014-05: Anonymous authentication in ldap_bind()
function of PHP, using null byte'
(http://framework.zend.com/security/advisory/ZF2014-05)

- 'ZF2014-06: SQL injection vector when manually quoting
values for sqlsrv extension, using null byte'
(http://framework.zend.com/security/advisory/ZF2014-06)

See also :

http://framework.zend.com/security/advisory/ZF2014-05
http://framework.zend.com/security/advisory/ZF2014-06
https://bugzilla.redhat.com/show_bug.cgi?id=1151276
https://bugzilla.redhat.com/show_bug.cgi?id=1151277
http://www.nessus.org/u?a8428d3a

Solution :

Update the affected php-ZendFramework package.

Risk factor :

High

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Fedora 19 : php-ZendFramework-1.12.9-1.fc19 (2014-12344)


Synopsis:

The remote Fedora host is missing a security update.

Description:

Contains fixes for two security relevant bugs :

- 'ZF2014-05: Anonymous authentication in ldap_bind()
function of PHP, using null byte'
(http://framework.zend.com/security/advisory/ZF2014-05)

- 'ZF2014-06: SQL injection vector when manually quoting
values for sqlsrv extension, using null byte'
(http://framework.zend.com/security/advisory/ZF2014-06)

See also :

http://framework.zend.com/security/advisory/ZF2014-05
http://framework.zend.com/security/advisory/ZF2014-06
https://bugzilla.redhat.com/show_bug.cgi?id=1151276
https://bugzilla.redhat.com/show_bug.cgi?id=1151277
http://www.nessus.org/u?c0fc553d

Solution :

Update the affected php-ZendFramework package.

Risk factor :

High

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Fedora 19 : torque-3.0.4-5.fc19 (2014-12059)


Synopsis:

The remote Fedora host is missing a security update.

Description:

Fix CVE-2013-4319 (RHBZ #1005918, #1005919)

Fix CVE-2013-4495: arbitrary code execution via job submission (RHBZ
#1029752) Fix CVE-2013-4495: arbitrary code execution via job
submission (RHBZ #1029752)

See also :

https://bugzilla.redhat.com/show_bug.cgi?id=1005918
http://www.nessus.org/u?e4acf9f6

Solution :

Update the affected torque package.

Risk factor :

High / CVSS Base Score : 9.0
(CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C)

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Fedora 20 : torque-3.0.4-6.fc20 (2014-11989)


Synopsis:

The remote Fedora host is missing a security update.

Description:

Fix CVE-2013-4319 (RHBZ #1005918, #1005919)

Fix CVE-2013-4495: arbitrary code execution via job submission (RHBZ
#1029752) Fix CVE-2013-4495: arbitrary code execution via job
submission (RHBZ #1029752)

See also :

https://bugzilla.redhat.com/show_bug.cgi?id=1005918
http://www.nessus.org/u?41ea24c5

Solution :

Update the affected torque package.

Risk factor :

High / CVSS Base Score : 9.0
(CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C)

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Fedora 20 : openstack-glance-2013.2.4-1.fc20 (2014-11697)


Synopsis:

The remote Fedora host is missing a security update.

Description:

Update to upstream 2013.2.4 Merge spec from el6-icehouse Security fix
for CVE-2014-5356

See also :

https://bugzilla.redhat.com/show_bug.cgi?id=1131770
http://www.nessus.org/u?08dbea45

Solution :

Update the affected openstack-glance package.

Risk factor :

Medium / CVSS Base Score : 6.0
(CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:P)

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Debian DSA-3050-1 : iceweasel - security update


Synopsis:

The remote Debian host is missing a security-related update.

Description:

Multiple security issues have been found in Iceweasel, Debian's
version of the Mozilla Firefox web browser: Multiple memory safety
errors, buffer overflows, use-after-frees and other implementation
errors may lead to the execution of arbitrary code, denial of service,
the bypass of the same-origin policy or a loss of privacy.

This update updates Iceweasel to the ESR31 series of Firefox. The new
release introduces a new user interface.

In addition, this update also disables SSLv3.

See also :

http://www.debian.org/security/2014/dsa-3050

Solution :

Upgrade the iceweasel packages.

For the stable distribution (wheezy), these problems have been fixed
in version 31.2.0esr-2~deb7u1.

Risk factor :

High

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Amazon Linux AMI : java-1.8.0-openjdk (ALAS-2014-432)


Synopsis:

The remote Amazon Linux AMI host is missing a security update.

Description:

It was discovered that the Libraries component in OpenJDK failed to
properly handle ZIP archives that contain entries with a NUL byte used
in the file names. An untrusted Java application or applet could use
this flaw to bypass Java sandbox restrictions. (CVE-2014-6562)

Multiple flaws were discovered in the Libraries, 2D, and Hotspot
components in OpenJDK. An untrusted Java application or applet could
use these flaws to bypass certain Java sandbox restrictions.
(CVE-2014-6506 , CVE-2014-6531 , CVE-2014-6502 , CVE-2014-6511 ,
CVE-2014-6504 , CVE-2014-6519)

It was discovered that the StAX XML parser in the JAXP component in
OpenJDK performed expansion of external parameter entities even when
external entity substitution was disabled. A remote attacker could use
this flaw to perform XML eXternal Entity (XXE) attack against
applications using the StAX parser to parse untrusted XML documents.
(CVE-2014-6517)

It was discovered that the Hotspot component in OpenJDK failed to
properly handle malformed Shared Archive files. A local attacker able
to modify a Shared Archive file used by a virtual machine of a
different user could possibly use this flaw to escalate their
privileges. (CVE-2014-6468)

It was discovered that the DatagramSocket implementation in OpenJDK
failed to perform source address checks for packets received on a
connected socket. A remote attacker could use this flaw to have their
packets processed as if they were received from the expected source.
(CVE-2014-6512)

It was discovered that the TLS/SSL implementation in the JSSE
component in OpenJDK failed to properly verify the server identity
during the renegotiation following session resumption, making it
possible for malicious TLS/SSL servers to perform a Triple Handshake
attack against clients using JSSE and client certificate
authentication. (CVE-2014-6457)

It was discovered that the CipherInputStream class implementation in
OpenJDK did not properly handle certain exceptions. This could
possibly allow an attacker to affect the integrity of an encrypted
stream handled by this class. (CVE-2014-6558)

See also :

http://www.nessus.org/u?8b13ce16

Solution :

Run 'yum update java-1.8.0-openjdk' to update your system.

Risk factor :

Medium / CVSS Base Score : 6.8
(CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:C)

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Amazon Linux AMI : java-1.7.0-openjdk (ALAS-2014-431)


Synopsis:

The remote Amazon Linux AMI host is missing a security update.

Description:

Multiple flaws were discovered in the Libraries, 2D, and Hotspot
components in OpenJDK. An untrusted Java application or applet could
use these flaws to bypass certain Java sandbox restrictions.
(CVE-2014-6506 , CVE-2014-6531 , CVE-2014-6502 , CVE-2014-6511 ,
CVE-2014-6504 , CVE-2014-6519)

It was discovered that the StAX XML parser in the JAXP component in
OpenJDK performed expansion of external parameter entities even when
external entity substitution was disabled. A remote attacker could use
this flaw to perform XML eXternal Entity (XXE) attack against
applications using the StAX parser to parse untrusted XML documents.
(CVE-2014-6517)

It was discovered that the DatagramSocket implementation in OpenJDK
failed to perform source address checks for packets received on a
connected socket. A remote attacker could use this flaw to have their
packets processed as if they were received from the expected source.
(CVE-2014-6512)

It was discovered that the TLS/SSL implementation in the JSSE
component in OpenJDK failed to properly verify the server identity
during the renegotiation following session resumption, making it
possible for malicious TLS/SSL servers to perform a Triple Handshake
attack against clients using JSSE and client certificate
authentication. (CVE-2014-6457)

It was discovered that the CipherInputStream class implementation in
OpenJDK did not properly handle certain exceptions. This could
possibly allow an attacker to affect the integrity of an encrypted
stream handled by this class. (CVE-2014-6558)

See also :

http://www.nessus.org/u?7f41cc2b

Solution :

Run 'yum update java-1.7.0-openjdk' to update your system.

Risk factor :

Medium / CVSS Base Score : 6.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Amazon Linux AMI : java-1.6.0-openjdk (ALAS-2014-430)


Synopsis:

The remote Amazon Linux AMI host is missing a security update.

Description:

Multiple flaws were discovered in the Libraries, 2D, and Hotspot
components in OpenJDK. An untrusted Java application or applet could
use these flaws to bypass certain Java sandbox restrictions.
(CVE-2014-6506 , CVE-2014-6531 , CVE-2014-6502 , CVE-2014-6511 ,
CVE-2014-6504 , CVE-2014-6519)

It was discovered that the StAX XML parser in the JAXP component in
OpenJDK performed expansion of external parameter entities even when
external entity substitution was disabled. A remote attacker could use
this flaw to perform XML eXternal Entity (XXE) attack against
applications using the StAX parser to parse untrusted XML documents.
(CVE-2014-6517)

It was discovered that the DatagramSocket implementation in OpenJDK
failed to perform source address checks for packets received on a
connected socket. A remote attacker could use this flaw to have their
packets processed as if they were received from the expected source.
(CVE-2014-6512)

It was discovered that the TLS/SSL implementation in the JSSE
component in OpenJDK failed to properly verify the server identity
during the renegotiation following session resumption, making it
possible for malicious TLS/SSL servers to perform a Triple Handshake
attack against clients using JSSE and client certificate
authentication. (CVE-2014-6457)

It was discovered that the CipherInputStream class implementation in
OpenJDK did not properly handle certain exceptions. This could
possibly allow an attacker to affect the integrity of an encrypted
stream handled by this class. (CVE-2014-6558)

See also :

http://www.nessus.org/u?7be2978e

Solution :

Run 'yum update java-1.6.0-openjdk' to update your system.

Risk factor :

Medium / CVSS Base Score : 6.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Amazon Linux AMI : nss (ALAS-2014-429)


Synopsis:

The remote Amazon Linux AMI host is missing a security update.

Description:

A flaw was found in the way SSL 3.0 handled padding bytes when
decrypting messages encrypted using block ciphers in cipher block
chaining (CBC) mode. This flaw allows a man-in-the-middle (MITM)
attacker to decrypt a selected byte of a cipher text in as few as 256
tries if they are able to force a victim application to repeatedly
send the same data over newly created SSL 3.0 connections.

See also :

http://www.nessus.org/u?0d68c71e

Solution :

Run 'yum update nss' to update your system.

Risk factor :

Medium / CVSS Base Score : 4.3
(CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N)
Public Exploit Available : true

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Amazon Linux AMI : mysql55 (ALAS-2014-428)


Synopsis:

The remote Amazon Linux AMI host is missing a security update.

Description:

Vulnerability in the MySQL Server component of Oracle MySQL
(subcomponent: SERVER:SSL:yaSSL). Supported versions that are affected
are 5.5.39 and earlier and 5.6.20 and earlier. Easily exploitable
vulnerability allows successful unauthenticated network attacks via
multiple protocols. Successful attack of this vulnerability can result
in unauthorized takeover of MySQL Server possibly including arbitrary
code execution within the MySQL Server. (CVE-2014-6491)

Vulnerability in the MySQL Server component of Oracle MySQL
(subcomponent: C API SSL CERTIFICATE HANDLING). Supported versions
that are affected are 5.5.39 and earlier and 5.6.20 and earlier.
Difficult to exploit vulnerability allows successful unauthenticated
network attacks via multiple protocols. Successful attack of this
vulnerability can result in unauthorized read access to all MySQL
Server accessible data. (CVE-2014-6559)

Vulnerability in the MySQL Server component of Oracle MySQL
(subcomponent: SERVER:SSL:yaSSL). Supported versions that are affected
are 5.5.39 and earlier and 5.6.20 and earlier. Easily exploitable
vulnerability allows successful unauthenticated network attacks via
multiple protocols. Successful attack of this vulnerability can result
in unauthorized takeover of MySQL Server possibly including arbitrary
code execution within the MySQL Server. (CVE-2014-6500)

Vulnerability in the MySQL Server component of Oracle MySQL
(subcomponent: CLIENT:SSL:yaSSL). Supported versions that are affected
are 5.5.39 and earlier and 5.6.20 and earlier. Difficult to exploit
vulnerability allows successful unauthenticated network attacks via
multiple protocols. Successful attack of this vulnerability can result
in unauthorized ability to cause a hang or frequently repeatable crash
(complete DOS) of MySQL Server. (CVE-2014-6494)

See also :

http://www.nessus.org/u?8d870460

Solution :

Run 'yum update mysql55' to update your system.

Risk factor :

High

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Cisco MDS 9000 VRRP DoS (CSCte27874)


Synopsis:

The remote device is missing a vendor-supplied security patch.

Description:

The remote host is an MDS 9000 series router. It is, therefore,
vulnerable to a denial of service vulnerability. A flaw with Virtual
Router Redundancy Protocol (VRRP) frame handling allows a remote
attacker, using a specially crafted VRRP frame with an Authentication
Header (AH), to cause the device to have high CPU utilization and
force a restart of the device.

See also :

http://www.nessus.org/u?d4ddd48b
http://tools.cisco.com/security/center/viewAlert.x?alertId=31663

Solution :

Apply the patch referenced in Cisco bug ID CSCte27874.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVSS Temporal Score : 4.3
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

This script is Copyright (C) 2014 Tenable Network Security, Inc.

PHP 5.6.0 Development Releases CDF File NULL Pointer Dereference DoS


Synopsis:

The remote web server uses a version of PHP that is affected by a
denial of service vulnerability.

Description:

According to its banner, the version of PHP installed on the remote
host is a development version of 5.6.0. It is, therefore, affected by
a NULL pointer dereference error in the 'libmagic' library of the
'fileinfo' extension when processing malformed CDF files. By uploading
a specially crafted CDF file to the host, a remote attacker can cause
a denial of service.

Note that Nessus has not attempted to exploit this issue but has
instead relied only on application's self-reported version number.

See also :

http://www.nessus.org/u?ab45889c
https://bugs.php.net/bug.php?id=67329
http://php.net/ChangeLog-5.php#5.6.0

Solution :

Upgrade to the stable version of PHP 5.6.0 or later.

Risk factor :

Medium / CVSS Base Score : 4.3
(CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P)

This script is Copyright (C) 2014 Tenable Network Security, Inc.

OpenSSL Unsupported


Synopsis:

The remote service is not a supported version.

Description:

According to its banner, the remote web server uses a version of
OpenSSL that is no longer supported, which implies that no new
security patches for the product will be released by the vendor. As a
result, it is likely to contain security vulnerabilities.

See also :

https://www.openssl.org/news/openssl-old-notes.html

Solution :

Upgrade to a supported version of OpenSSL.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

This script is Copyright (C) 2014 Tenable Network Security, Inc.

OpenSSL 1.0.1 < 1.0.1j Multiple Vulnerabilities (POODLE)


Synopsis:

The remote service is affected by multiple vulnerabilities.

Description:

According to its banner, the remote web server uses a version of
OpenSSL 1.0.1 prior to 1.0.1j. The OpenSSL library is, therefore,
affected by the following vulnerabilities :

- An error exists related to DTLS SRTP extension handling
and specially crafted handshake messages that can allow
denial of service attacks via memory leaks.
(CVE-2014-3513)

- An error exists related to the way SSL 3.0 handles
padding bytes when decrypting messages encrypted using
block ciphers in cipher block chaining (CBC) mode. A
man-in-the-middle attacker can decrypt a selected byte
of a cipher text in as few as 256 tries if they are able
to force a victim application to repeatedly send the
same data over newly created SSL 3.0 connections. This
is also known as the 'POODLE' issue. (CVE-2014-3566)

- An error exists related to session ticket handling that
can allow denial of service attacks via memory leaks.
(CVE-2014-3567)

- An error exists related to the build configuration
process and the 'no-ssl3' build option that allows
servers and clients to process insecure SSL 3.0
handshake messages. (CVE-2014-3568)

See also :

https://www.openssl.org/news/openssl-1.0.1-notes.html
https://www.openssl.org/news/secadv_20141015.txt
https://www.openssl.org/news/vulnerabilities.html
https://www.imperialviolet.org/2014/10/14/poodle.html
https://www.openssl.org/~bodo/ssl-poodle.pdf
https://tools.ietf.org/html/draft-ietf-tls-downgrade-scsv-00

Solution :

Upgrade to OpenSSL 1.0.1j or later.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVSS Temporal Score : 4.3
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

This script is Copyright (C) 2014 Tenable Network Security, Inc.

OpenSSL 1.0.0 < 1.0.1o Multiple Vulnerabilities (POODLE)


Synopsis:

The remote service is affected by multiple vulnerabilities.

Description:

According to its banner, the remote web server uses a version of
OpenSSL 1.0.0 prior to 1.0.0o. The OpenSSL library is, therefore,
affected by the following vulnerabilities :

- An error exists related to the way SSL 3.0 handles
padding bytes when decrypting messages encrypted using
block ciphers in cipher block chaining (CBC) mode. A
man-in-the-middle attacker can decrypt a selected byte
of a cipher text in as few as 256 tries if they are able
to force a victim application to repeatedly send the
same data over newly created SSL 3.0 connections. This
is also known as the 'POODLE' issue. (CVE-2014-3566)

- An error exists related to session ticket handling that
can allow denial of service attacks via memory leaks.
(CVE-2014-3567)

- An error exists related to the build configuration
process and the 'no-ssl3' build option that allows
servers and clients to process insecure SSL 3.0
handshake messages. (CVE-2014-3568)

See also :

https://www.openssl.org/news/openssl-1.0.0-notes.html
https://www.openssl.org/news/secadv_20141015.txt
https://www.openssl.org/news/vulnerabilities.html
https://www.imperialviolet.org/2014/10/14/poodle.html
https://www.openssl.org/~bodo/ssl-poodle.pdf
https://tools.ietf.org/html/draft-ietf-tls-downgrade-scsv-00

Solution :

Upgrade to OpenSSL 1.0.0o or later.

Risk factor :

Medium / CVSS Base Score : 4.3
(CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N)
CVSS Temporal Score : 3.7
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

This script is Copyright (C) 2014 Tenable Network Security, Inc.

OpenSSL 0.9.8 < 0.9.8zc Multiple Vulnerabilities (POODLE)


Synopsis:

The remote service is affected by multiple vulnerabilities.

Description:

According to its banner, the remote web server uses a version of
OpenSSL 0.9.8 prior to 0.9.8zc. The OpenSSL library is, therefore,
affected by the following vulnerabilities :

- An error exists related to the way SSL 3.0 handles
padding bytes when decrypting messages encrypted using
block ciphers in cipher block chaining (CBC) mode. A
man-in-the-middle attacker can decrypt a selected byte
of a cipher text in as few as 256 tries if they are able
to force a victim application to repeatedly send the
same data over newly created SSL 3.0 connections. This
is also known as the 'POODLE' issue. (CVE-2014-3566)

- An error exists related to session ticket handling that
can allow denial of service attacks via memory leaks.
(CVE-2014-3567)

- An error exists related to the build configuration
process and the 'no-ssl3' build option that allows
servers and clients to process insecure SSL 3.0
handshake messages. (CVE-2014-3568)

See also :

https://www.openssl.org/news/openssl-0.9.8-notes.html
https://www.openssl.org/news/secadv_20141015.txt
https://www.openssl.org/news/vulnerabilities.html
https://www.imperialviolet.org/2014/10/14/poodle.html
https://www.openssl.org/~bodo/ssl-poodle.pdf
https://tools.ietf.org/html/draft-ietf-tls-downgrade-scsv-00

Solution :

Upgrade to OpenSSL 0.9.8zc or later.

Risk factor :

Medium / CVSS Base Score : 4.3
(CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N)
CVSS Temporal Score : 3.7
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Mac OS X Multiple Vulnerabilities (Security Update 2014-005)


Synopsis:

The remote host is missing a Mac OS X update that fixes several
security issues.

Description:

The remote host is running a version of Mac OS X 10.8 or 10.9 that
does not have Security Update 2014-005 applied. This update contains
several security-related fixes for the following issues :

- A command injection vulnerability in GNU Bash known as
Shellshock. The vulnerability is due to the processing
of trailing strings after function definitions in the
values of environment variables. This allows a remote
attacker to execute arbitrary code via environment
variable manipulation depending on the configuration of
the system. (CVE-2014-6271, CVE-2014-7169)

- A man-in-the-middle (MitM) information disclosure
vulnerability known as POODLE. The vulnerability is due
to the way SSL 3.0 handles padding bytes when decrypting
messages encrypted using block ciphers in cipher block
chaining (CBC) mode. A MitM attacker can decrypt a
selected byte of a cipher text in as few as 256 tries if
they are able to force a victim application to
repeatedly send the same data over newly created SSL 3.0
connections. (CVE-2014-3566)

Note that successful exploitation of the most serious issues can
result in arbitrary code execution.

See also :

http://support.apple.com/kb/HT6531
http://www.securityfocus.com/archive/1/533721/30/0/threaded
http://seclists.org/oss-sec/2014/q3/650
http://www.nessus.org/u?dacf7829
https://www.invisiblethreat.ca/2014/09/cve-2014-6271/
https://www.imperialviolet.org/2014/10/14/poodle.html
https://www.openssl.org/~bodo/ssl-poodle.pdf
https://tools.ietf.org/html/draft-ietf-tls-downgrade-scsv-00

Solution :

Install Security Update 2014-005 or later.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 8.7
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Mac OS X < 10.10 Multiple Vulnerabilities


Synopsis:

The remote host is missing a Mac OS X update that fixes multiple
vulnerabilities.

Description:

The remote host is running a version of Mac OS X 10.9.x that is prior
to version 10.10. This update contains several security-related fixes
for the following components :

- 802.1X
- AFP File Server
- apache
- App Sandbox
- Bash
- Bluetooth
- Certificate Trust Policy
- CFPreferences
- CoreStorage
- CUPS
- Dock
- fdesetup
- iCloud Find My Mac
- IOAcceleratorFamily
- IOHIDFamily
- IOKit
- Kernel
- LaunchServices
- LoginWindow
- Mail
- MCX Desktop Config Profiles
- NetFS Client Framework
- QuickTime
- Safari
- Secure Transport
- Security
- Security - Code Signing

Note that successful exploitation of the most serious issues can
result in arbitrary code execution.

See also :

https://support.apple.com/kb/HT6535
http://www.securityfocus.com/archive/1/533720/30/0/threaded
http://seclists.org/oss-sec/2014/q3/650
http://www.nessus.org/u?dacf7829
https://www.invisiblethreat.ca/2014/09/cve-2014-6271/
https://www.imperialviolet.org/2014/10/14/poodle.html
https://www.openssl.org/~bodo/ssl-poodle.pdf
https://tools.ietf.org/html/draft-ietf-tls-downgrade-scsv-00

Solution :

Upgrade to Mac OS X 10.10 or later.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 8.7
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Oracle VM VirtualBox < 4.1.34 / 4.2.26 / 4.3.14 WDDM DoS (October 2014 CPU)


Synopsis:

The remote host has an application that is affected by denial of
service vulnerability.

Description:

The remote host contains a version of Oracle VM VirtualBox that is
prior to 4.1.34, 4.2.x prior to 4.2.26, or 4.3.x prior to 4.3.14. It
is, therefore, affected by a denial of service vulnerability in the
Windows guests graphic driver (WDDM).

See also :

http://www.nessus.org/u?6dcc7b47
https://www.virtualbox.org/wiki/Changelog

Solution :

Upgrade Oracle VM VirtualBox to 4.1.34 / 4.2.26 / 4.3.14 or later as
referenced in the October 2014 Oracle Critical Patch Update advisory.

Risk factor :

Low / CVSS Base Score : 1.9
(CVSS2#AV:L/AC:M/Au:N/C:N/I:N/A:P)
CVSS Temporal Score : 1.7
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Oracle Enterprise Manager Content Management Sub-Component Unspecified Vulnerability (October 2014 CPU)


Synopsis:

The remote host has a database management application that is affected
by an unspecified vulnerability.

Description:

The version of Oracle Enterprise Manager for Oracle Database installed
on the remote host is affected by an unspecified vulnerability in the
Content Management sub-component.

See also :

http://www.nessus.org/u?6dcc7b47

Solution :

Apply the appropriate patch according to the October 2014 Oracle
Critical Patch Update advisory.

Risk factor :

Low / CVSS Base Score : 2.1
(CVSS2#AV:N/AC:H/Au:S/C:N/I:P/A:N)
CVSS Temporal Score : 1.8
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

This script is Copyright (C) 2014 Tenable Network Security, Inc.

PHP 5.6.x < 5.6.2 Multiple Vulnerabilities


Synopsis:

The remote web server uses a version of PHP that is affected by
multiple vulnerabilities.

Description:

According to its banner, the version of PHP 5.6.x installed on the
remote host is prior to 5.6.2. It is, therefore, affected by the
following vulnerabilities :

- A buffer overflow error exists in the function
'mkgmtime' that can allow application crashes or
arbitrary code execution. (CVE-2014-3668)

- An integer overflow error exists in the function
'unserialize' that can allow denial of service attacks.
Note that this only affects 32-bit instances.
(CVE-2014-3669)

- A heap corruption error exists in the function
'exif_thumbnail' that can allow application crashes or
arbitrary code execution. (CVE-2014-3670)

- An input-validation error exists in the cURL extension's
file 'ext/curl/interface.c' and NULL option handling
that can allow information disclosure. (Bug #68089)

Note that Nessus has not attempted to exploit these issues but has
instead relied only on the application's self-reported version number.

See also :

http://www.php.net/ChangeLog-5.php#5.6.2

Solution :

Upgrade to PHP version 5.6.2 or later.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 8.1
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

This script is Copyright (C) 2014 Tenable Network Security, Inc.

PHP 5.5.x < 5.5.18 Multiple Vulnerabilities


Synopsis:

The remote web server uses a version of PHP that is affected by
multiple vulnerabilities.

Description:

According to its banner, the version of PHP 5.5.x installed on the
remote host is prior to 5.5.18. It is, therefore, affected by the
following vulnerabilities :

- A buffer overflow error exists in the function
'mkgmtime' that can allow application crashes or
arbitrary code execution. (CVE-2014-3668)

- An integer overflow error exists in the function
'unserialize' that can allow denial of service attacks.
Note that this only affects 32-bit instances.
(CVE-2014-3669)

- A heap corruption error exists in the function
'exif_thumbnail' that can allow application crashes or
arbitrary code execution. (CVE-2014-3670)

- An input-validation error exists in the cURL extension's
file 'ext/curl/interface.c' and NULL option handling
that can allow information disclosure. (Bug #68089)

Note that Nessus has not attempted to exploit these issues but has
instead relied only on the application's self-reported version number.

See also :

http://www.php.net/ChangeLog-5.php#5.5.18

Solution :

Upgrade to PHP version 5.5.18 or later.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 8.1
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

This script is Copyright (C) 2014 Tenable Network Security, Inc.

PHP 5.4.x < 5.4.34 Multiple Vulnerabilities


Synopsis:

The remote web server uses a version of PHP that is affected by
multiple vulnerabilities.

Description:

According to its banner, the version of PHP 5.4.x installed on the
remote host is prior to 5.4.34. It is, therefore, affected by the
following vulnerabilities :

- A buffer overflow error exists in the function
'mkgmtime' that can allow application crashes or
arbitrary code execution. (CVE-2014-3668)

- An integer overflow error exists in the function
'unserialize' that can allow denial of service attacks.
Note that this only affects 32-bit instances.
(CVE-2014-3669)

- A heap corruption error exists in the function
'exif_thumbnail' that can allow application crashes or
arbitrary code execution. (CVE-2014-3670)

- An input-validation error exists in the cURL extension's
file 'ext/curl/interface.c' and NULL option handling
that can allow information disclosure. (Bug #68089)

Note that Nessus has not attempted to exploit these issues but has
instead relied only on the application's self-reported version number.

See also :

http://www.php.net/ChangeLog-5.php#5.4.34

Solution :

Upgrade to PHP version 5.4.34 or later.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 8.1
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Oracle E-Business Multiple Vulnerabilities (October 2014 CPU)


Synopsis:

The remote host has a web application installed that is affected by
multiple vulnerabilities.

Description:

The version of Oracle E-Business installed on the remote host is
missing the October 2014 Oracle Critical Patch Update (CPU). It is,
therefore, affected by vulnerabilities in the following components :

- Oracle Application Technology Stack
- Oracle Applications Framework
- Oracle Applications Object Library
- Oracle Payments

See also :

http://www.nessus.org/u?6dcc7b47

Solution :

Apply the appropriate patch according to the October 2014 Oracle
Critical Patch Update advisory.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 6.5
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Oracle Secure Global Desktop Multiple DoS Vulnerabilities (October 2014 CPU)


Synopsis:

The remote host has a version of Oracle Secure Global Desktop that is
affected by multiple denial of service vulnerabilities.

Description:

The remote host has a version of Oracle Secure Global Desktop that is
version 4.63, 4.71, 5.0 or 5.1. It is, therefore, affected by multiple
denial of service vulnerabilities in the following components :

- SGD Proxy Server (ttaauxserv)
- SGD SSL Daemon (ttassl)

Note that only CVE-2014-2475 affects versions 4.63 and 4.71.

See also :

http://www.nessus.org/u?6dcc7b47

Solution :

Apply the appropriate patch according to the October 2014 Oracle
Critical Patch Update advisory.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVSS Temporal Score : 4.3
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Oracle Identity Manager (October 2014 CPU


Synopsis:

The remote host has an application installed that is affected by
multiple vulnerabilities.

Description:

The remote host is missing the October 2014 Critical Patch Update for
Oracle Identity Manager. It is, therefore, affected by multiple
vulnerabilities :

- The application is affected by a vulnerability in
Apache Commons BeanUtils in which ClassLoader objects
can be set via the class attribute of an ActionForm
object. This can be used to manipulate the ClassLoader
or execute arbitrary code. (CVE-2014-0114)

- The application is subject to a cross-site redirection
attack because user-supplied input to the 'backUrl'
parameter is not properly validated. (CVE-2014-2880)

- An unspecified vulnerability exists in the End User
Self Service component. (CVE-2014-6487).

See also :

http://www.nessus.org/u?6dcc7b47

Solution :

Apply the appropriate patch according to the October 2014 Oracle
Critical Patch Update advisory.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 6.5
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Oracle WebLogic Server Multiple Vulnerabilities (October 2014 CPU)


Synopsis:

The remote host is affected by multiple unspecified vulnerabilities.

Description:

The remote host has a version of Oracle WebLogic Server installed that
is affected by multiple unspecified vulnerabilities affecting the
following components :

- WebLogic Tuxedo Connector
- WLS-Console (Struts based)
- WLS-Console

See also :

http://www.nessus.org/u?6dcc7b47

Solution :

Apply the appropriate patch according to the October 2014 Oracle
Critical Patch Update advisory.

Risk factor :

Medium / CVSS Base Score : 6.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 5.9
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

This script is Copyright (C) 2014 Tenable Network Security, Inc.