Newest Plugins

McAfee ePolicy Orchestrator SSL/TLS Certificate Validation Security Bypass Vulnerability


Synopsis:

A security management application running on the remote host is
affected by a security bypass vulnerability.

Description:

According to its self-reported version, the McAfee ePolicy
Orchestrator (ePO) running on the remote host is affected by a
security bypass vulnerability due to a failure to properly validate
server and Certificate Authority names in X.509 certificates from SSL
servers. A man-in-the-middle attacker, by using a crafted certificate,
can exploit this flaw to spoof servers, thus gaining access to
transmitted information.

See also :

https://kc.mcafee.com/corporate/index?page=content&id=SB10120
https://kc.mcafee.com/corporate/index?page=content&id=KB84628

Solution :

Upgrade to McAfee ePO version 4.6.9 / 5.1.2 / 5.3.0 or later, and
apply the vendor-supplied workaround.

Risk factor :

Medium / CVSS Base Score : 6.4
(CVSS2#AV:A/AC:M/Au:N/C:C/I:P/A:N)

This script is Copyright (C) 2015 Tenable Network Security, Inc.

Ubuntu 12.04 LTS : linux-lts-trusty vulnerabilities (USN-2701-1)


Synopsis:

The remote Ubuntu host is missing one or more security-related patches.

Description:

Andy Lutomirski discovered a flaw in the Linux kernel's handling of
nested NMIs (non-maskable interrupts). An unprivileged local user
could exploit this flaw to cause a denial of service (system crash) or
potentially escalate their privileges. (CVE-2015-3290)

Andy Lutomirski discovered a flaw that allows user to cause the Linux
kernel to ignore some NMIs (non-maskable interrupts). A local
unprivileged user could exploit this flaw to potentially cause the
system to miss important NMIs resulting in unspecified effects.
(CVE-2015-3291)

Andy Lutomirski and Petr Matousek discovered that an NMI (non-maskable
interrupt) that interrupts userspace and encounters an IRET fault is
incorrectly handled by the Linux kernel. An unprivileged local user
could exploit this flaw to cause a denial of service (kernel OOPs),
corruption, or potentially escalate privileges on the system.
(CVE-2015-5157).

Solution :

Update the affected linux-image-3.13.0-61-generic and / or
linux-image-3.13.0-61-generic-lpae packages.

Risk factor :

High

This script is Copyright (C) 2015 Tenable Network Security, Inc.

Ubuntu 14.04 : linux vulnerabilities (USN-2700-1)


Synopsis:

The remote Ubuntu host is missing one or more security-related patches.

Description:

Andy Lutomirski discovered a flaw in the Linux kernel's handling of
nested NMIs (non-maskable interrupts). An unprivileged local user
could exploit this flaw to cause a denial of service (system crash) or
potentially escalate their privileges. (CVE-2015-3290)

Andy Lutomirski discovered a flaw that allows user to cause the Linux
kernel to ignore some NMIs (non-maskable interrupts). A local
unprivileged user could exploit this flaw to potentially cause the
system to miss important NMIs resulting in unspecified effects.
(CVE-2015-3291)

Andy Lutomirski and Petr Matousek discovered that an NMI (non-maskable
interrupt) that interrupts userspace and encounters an IRET fault is
incorrectly handled by the Linux kernel. An unprivileged local user
could exploit this flaw to cause a denial of service (kernel OOPs),
corruption, or potentially escalate privileges on the system.
(CVE-2015-5157).

Solution :

Update the affected linux-image-3.13.0-61-generic,
linux-image-3.13.0-61-generic-lpae and / or
linux-image-3.13.0-61-lowlatency packages.

Risk factor :

High

This script is Copyright (C) 2015 Tenable Network Security, Inc.

Ubuntu 12.04 LTS / 14.04 / 15.04 : hplip vulnerability (USN-2699-1)


Synopsis:

The remote Ubuntu host is missing a security-related patch.

Description:

Enrico Zini discovered that HPLIP used a short GPG key ID when
downloading keys from the keyserver. An attacker could possibly use
this to return a different key with a duplicate short key id and
perform a man-in-the-middle attack on printer plugin installations.

Solution :

Update the affected hplip-data package.

Risk factor :

High

This script is Copyright (C) 2015 Tenable Network Security, Inc.

Ubuntu 12.04 LTS / 14.04 / 15.04 : sqlite3 vulnerabilities (USN-2698-1)


Synopsis:

The remote Ubuntu host is missing a security-related patch.

Description:

It was discovered that SQLite incorrectly handled skip-scan
optimization. An attacker could use this issue to cause applications
using SQLite to crash, resulting in a denial of service, or possibly
execute arbitrary code. This issue only affected Ubuntu 14.04 LTS.
(CVE-2013-7443)

Michal Zalewski discovered that SQLite incorrectly handled dequoting
of collation-sequence names. An attacker could use this issue to cause
applications using SQLite to crash, resulting in a denial of service,
or possibly execute arbitrary code. This issue only affected Ubuntu
14.04 LTS and Ubuntu 15.04. (CVE-2015-3414)

Michal Zalewski discovered that SQLite incorrectly implemented
comparison operators. An attacker could use this issue to cause
applications using SQLite to crash, resulting in a denial of service,
or possibly execute arbitrary code. This issue only affected Ubuntu
15.04. (CVE-2015-3415)

Michal Zalewski discovered that SQLite incorrectly handle printf
precision and width values during floating-point conversions. An
attacker could use this issue to cause applications using SQLite to
crash, resulting in a denial of service, or possibly execute arbitrary
code. (CVE-2015-3416).

Solution :

Update the affected libsqlite3-0 package.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)

This script is Copyright (C) 2015 Tenable Network Security, Inc.

Ubuntu 12.04 LTS / 14.04 / 15.04 : ghostscript vulnerability (USN-2697-1)


Synopsis:

The remote Ubuntu host is missing a security-related patch.

Description:

William Robinet and Stefan Cornelius discovered that Ghostscript did
not correctly handle certain Postscript files. If a user or automated
system were tricked into opening a specially crafted file, an attacker
could cause a denial of service or possibly execute arbitrary code.

Solution :

Update the affected libgs9 package.

Risk factor :

High

This script is Copyright (C) 2015 Tenable Network Security, Inc.

Ubuntu 14.04 / 15.04 : openjdk-7 vulnerabilities (USN-2696-1)


Synopsis:

The remote Ubuntu host is missing one or more security-related patches.

Description:

Several vulnerabilities were discovered in the OpenJDK JRE related to
information disclosure, data integrity, and availability. An attacker
could exploit these to cause a denial of service or expose sensitive
data over the network. (CVE-2015-2590, CVE-2015-2628, CVE-2015-4731,
CVE-2015-4732, CVE-2015-4733, CVE-2015-4760, CVE-2015-4748)

Several vulnerabilities were discovered in the cryptographic
components of the OpenJDK JRE. An attacker could exploit these to
expose sensitive data over the network. (CVE-2015-2601, CVE-2015-2808,
CVE-2015-4000, CVE-2015-2625, CVE-2015-2613)

As a security improvement, this update modifies OpenJDK behavior to
disable RC4 TLS/SSL cipher suites by default.

As a security improvement, this update modifies OpenJDK behavior to
reject DH key sizes below 768 bits by default, preventing a possible
downgrade attack.

Several vulnerabilities were discovered in the OpenJDK JRE related to
information disclosure. An attacker could exploit these to expose
sensitive data over the network. (CVE-2015-2621, CVE-2015-2632)

A vulnerability was discovered with how the JNDI component of the
OpenJDK JRE handles DNS resolutions. A remote attacker could exploit
this to cause a denial of service. (CVE-2015-4749).

Solution :

Update the affected packages.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
Public Exploit Available : true

This script is Copyright (C) 2015 Tenable Network Security, Inc.

SUSE SLED11 Security Update : java-1_7_0-openjdk (SUSE-SU-2015:1320-1)


Synopsis:

The remote SUSE host is missing one or more security updates.

Description:

OpenJDK was updated to 2.6.1 - OpenJDK 7u85 to fix security issues and
bugs.

The following vulnerabilities were fixed :

- CVE-2015-2590: Easily exploitable vulnerability in the
Libraries component allowed successful unauthenticated
network attacks via multiple protocols. Successful
attack of this vulnerability could have resulted in
unauthorized Operating System takeover including
arbitrary code execution.

- CVE-2015-2596: Difficult to exploit vulnerability in the
Hotspot component allowed successful unauthenticated
network attacks via multiple protocols. Successful
attack of this vulnerability could have resulted in
unauthorized update, insert or delete access to some
Java accessible data.

- CVE-2015-2597: Easily exploitable vulnerability in the
Install component requiring logon to Operating System.
Successful attack of this vulnerability could have
resulted in unauthorized Operating System takeover
including arbitrary code execution.

- CVE-2015-2601: Easily exploitable vulnerability in the
JCE component allowed successful unauthenticated network
attacks via multiple protocols. Successful attack of
this vulnerability could have resulted in unauthorized
read access to a subset of Java accessible data.

- CVE-2015-2613: Easily exploitable vulnerability in the
JCE component allowed successful unauthenticated network
attacks via multiple protocols. Successful attack of
this vulnerability could have resulted in unauthorized
read access to a subset of Java SE, Java SE Embedded
accessible data.

- CVE-2015-2619: Easily exploitable vulnerability in the
2D component allowed successful unauthenticated network
attacks via multiple protocols. Successful attack of
this vulnerability could have resulted in unauthorized
read access to a subset of Java accessible data.

- CVE-2015-2621: Easily exploitable vulnerability in the
JMX component allowed successful unauthenticated network
attacks via multiple protocols. Successful attack of
this vulnerability could have resulted in unauthorized
read access to a subset of Java accessible data.

- CVE-2015-2625: Very difficult to exploit vulnerability
in the JSSE component allowed successful unauthenticated
network attacks via SSL/TLS. Successful attack of this
vulnerability could have resulted in unauthorized read
access to a subset of Java accessible data.

- CVE-2015-2627: Very difficult to exploit vulnerability
in the Install component allowed successful
unauthenticated network attacks via multiple protocols.
Successful attack of this vulnerability could have
resulted in unauthorized read access to a subset of Java
accessible data.

- CVE-2015-2628: Easily exploitable vulnerability in the
CORBA component allowed successful unauthenticated
network attacks via multiple protocols. Successful
attack of this vulnerability could have resulted in
unauthorized Operating System takeover including
arbitrary code execution.

- CVE-2015-2632: Easily exploitable vulnerability in the
2D component allowed successful unauthenticated network
attacks via multiple protocols. Successful attack of
this vulnerability could have resulted in unauthorized
read access to a subset of Java accessible data.

- CVE-2015-2637: Easily exploitable vulnerability in the
2D component allowed successful unauthenticated network
attacks via multiple protocols. Successful attack of
this vulnerability could have resulted in unauthorized
read access to a subset of Java accessible data.

- CVE-2015-2638: Easily exploitable vulnerability in the
2D component allowed successful unauthenticated network
attacks via multiple protocols. Successful attack of
this vulnerability could have resulted in unauthorized
Operating System takeover including arbitrary code
execution.

- CVE-2015-2664: Difficult to exploit vulnerability in the
Deployment component requiring logon to Operating
System. Successful attack of this vulnerability could
have resulted in unauthorized Operating System takeover
including arbitrary code execution.

- CVE-2015-2808: Very difficult to exploit vulnerability
in the JSSE component allowed successful unauthenticated
network attacks via SSL/TLS. Successful attack of this
vulnerability could have resulted in unauthorized
update, insert or delete access to some Java accessible
data as well as read access to a subset of Java
accessible data.

- CVE-2015-4000: Very difficult to exploit vulnerability
in the JSSE component allowed successful unauthenticated
network attacks via SSL/TLS. Successful attack of this
vulnerability could have resulted in unauthorized
update, insert or delete access to some Java accessible
data as well as read access to a subset of Java Embedded
accessible data.

- CVE-2015-4729: Very difficult to exploit vulnerability
in the Deployment component allowed successful
unauthenticated network attacks via multiple protocols.
Successful attack of this vulnerability could have
resulted in unauthorized update, insert or delete access
to some Java SE accessible data as well as read access
to a subset of Java SE accessible data.

- CVE-2015-4731: Easily exploitable vulnerability in the
JMX component allowed successful unauthenticated network
attacks via multiple protocols. Successful attack of
this vulnerability could have resulted in unauthorized
Operating System takeover including arbitrary code
execution.

- CVE-2015-4732: Easily exploitable vulnerability in the
Libraries component allowed successful unauthenticated
network attacks via multiple protocols. Successful
attack of this vulnerability could have resulted in
unauthorized Operating System takeover including
arbitrary code execution.

- CVE-2015-4733: Easily exploitable vulnerability in the
RMI component allowed successful unauthenticated network
attacks via multiple protocols. Successful attack of
this vulnerability could have resulted in unauthorized
Operating System takeover including arbitrary code
execution.

- CVE-2015-4736: Difficult to exploit vulnerability in the
Deployment component allowed successful unauthenticated
network attacks via multiple protocols. Successful
attack of this vulnerability could have resulted in
unauthorized Operating System takeover including
arbitrary code execution.

- CVE-2015-4748: Very difficult to exploit vulnerability
in the Security component allowed successful
unauthenticated network attacks via OCSP. Successful
attack of this vulnerability could have resulted in
unauthorized Operating System takeover including
arbitrary code execution.

- CVE-2015-4749: Difficult to exploit vulnerability in the
JNDI component allowed successful unauthenticated
network attacks via multiple protocols. Successful
attack of this vulnerability could have resulted in
unauthorized ability to cause a partial denial of
service (partial DOS).

- CVE-2015-4760: Easily exploitable vulnerability in the
2D component allowed successful unauthenticated network
attacks via multiple protocols. Successful attack of
this vulnerability could have resulted in unauthorized
Operating System takeover including arbitrary code
execution.

Note that Tenable Network Security has extracted the preceding
description block directly from the SUSE security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.

See also :

https://bugzilla.suse.com/938248
https://www.suse.com/security/cve/CVE-2015-2590.html
https://www.suse.com/security/cve/CVE-2015-2596.html
https://www.suse.com/security/cve/CVE-2015-2597.html
https://www.suse.com/security/cve/CVE-2015-2601.html
https://www.suse.com/security/cve/CVE-2015-2613.html
https://www.suse.com/security/cve/CVE-2015-2619.html
https://www.suse.com/security/cve/CVE-2015-2621.html
https://www.suse.com/security/cve/CVE-2015-2625.html
https://www.suse.com/security/cve/CVE-2015-2627.html
https://www.suse.com/security/cve/CVE-2015-2628.html
https://www.suse.com/security/cve/CVE-2015-2632.html
https://www.suse.com/security/cve/CVE-2015-2637.html
https://www.suse.com/security/cve/CVE-2015-2638.html
https://www.suse.com/security/cve/CVE-2015-2664.html
https://www.suse.com/security/cve/CVE-2015-2808.html
https://www.suse.com/security/cve/CVE-2015-4000.html
https://www.suse.com/security/cve/CVE-2015-4729.html
https://www.suse.com/security/cve/CVE-2015-4731.html
https://www.suse.com/security/cve/CVE-2015-4732.html
https://www.suse.com/security/cve/CVE-2015-4733.html
https://www.suse.com/security/cve/CVE-2015-4736.html
https://www.suse.com/security/cve/CVE-2015-4748.html
https://www.suse.com/security/cve/CVE-2015-4749.html
https://www.suse.com/security/cve/CVE-2015-4760.html
http://www.nessus.org/u?5a340dff

Solution :

To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product :

SUSE Linux Enterprise Desktop 11-SP4 :

zypper in -t patch sledsp4-java-1_7_0-openjdk-12012=1

SUSE Linux Enterprise Desktop 11-SP3 :

zypper in -t patch sledsp3-java-1_7_0-openjdk-12012=1

SUSE Linux Enterprise Debuginfo 11-SP4 :

zypper in -t patch dbgsp4-java-1_7_0-openjdk-12012=1

SUSE Linux Enterprise Debuginfo 11-SP3 :

zypper in -t patch dbgsp3-java-1_7_0-openjdk-12012=1

To bring your system up-to-date, use 'zypper patch'.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 10.0
(CVSS2#E:ND/RL:ND/RC:ND)
Public Exploit Available : true

This script is Copyright (C) 2015 Tenable Network Security, Inc.

SUSE SLED12 / SLES12 Security Update : java-1_7_0-openjdk (SUSE-SU-2015:1319-1)


Synopsis:

The remote SUSE host is missing one or more security updates.

Description:

OpenJDK was updated to 2.6.1 - OpenJDK 7u85 to fix security issues and
bugs.

The following vulnerabilities were fixed :

- CVE-2015-2590: Easily exploitable vulnerability in the
Libraries component allowed successful unauthenticated
network attacks via multiple protocols. Successful
attack of this vulnerability could have resulted in
unauthorized Operating System takeover including
arbitrary code execution.

- CVE-2015-2596: Difficult to exploit vulnerability in the
Hotspot component allowed successful unauthenticated
network attacks via multiple protocols. Successful
attack of this vulnerability could have resulted in
unauthorized update, insert or delete access to some
Java accessible data.

- CVE-2015-2597: Easily exploitable vulnerability in the
Install component requiring logon to Operating System.
Successful attack of this vulnerability could have
resulted in unauthorized Operating System takeover
including arbitrary code execution.

- CVE-2015-2601: Easily exploitable vulnerability in the
JCE component allowed successful unauthenticated network
attacks via multiple protocols. Successful attack of
this vulnerability could have resulted in unauthorized
read access to a subset of Java accessible data.

- CVE-2015-2613: Easily exploitable vulnerability in the
JCE component allowed successful unauthenticated network
attacks via multiple protocols. Successful attack of
this vulnerability could have resulted in unauthorized
read access to a subset of Java SE, Java SE Embedded
accessible data.

- CVE-2015-2619: Easily exploitable vulnerability in the
2D component allowed successful unauthenticated network
attacks via multiple protocols. Successful attack of
this vulnerability could have resulted in unauthorized
read access to a subset of Java accessible data.

- CVE-2015-2621: Easily exploitable vulnerability in the
JMX component allowed successful unauthenticated network
attacks via multiple protocols. Successful attack of
this vulnerability could have resulted in unauthorized
read access to a subset of Java accessible data.

- CVE-2015-2625: Very difficult to exploit vulnerability
in the JSSE component allowed successful unauthenticated
network attacks via SSL/TLS. Successful attack of this
vulnerability could have resulted in unauthorized read
access to a subset of Java accessible data.

- CVE-2015-2627: Very difficult to exploit vulnerability
in the Install component allowed successful
unauthenticated network attacks via multiple protocols.
Successful attack of this vulnerability could have
resulted in unauthorized read access to a subset of Java
accessible data.

- CVE-2015-2628: Easily exploitable vulnerability in the
CORBA component allowed successful unauthenticated
network attacks via multiple protocols. Successful
attack of this vulnerability could have resulted in
unauthorized Operating System takeover including
arbitrary code execution.

- CVE-2015-2632: Easily exploitable vulnerability in the
2D component allowed successful unauthenticated network
attacks via multiple protocols. Successful attack of
this vulnerability could have resulted in unauthorized
read access to a subset of Java accessible data.

- CVE-2015-2637: Easily exploitable vulnerability in the
2D component allowed successful unauthenticated network
attacks via multiple protocols. Successful attack of
this vulnerability could have resulted in unauthorized
read access to a subset of Java accessible data.

- CVE-2015-2638: Easily exploitable vulnerability in the
2D component allowed successful unauthenticated network
attacks via multiple protocols. Successful attack of
this vulnerability could have resulted in unauthorized
Operating System takeover including arbitrary code
execution.

- CVE-2015-2664: Difficult to exploit vulnerability in the
Deployment component requiring logon to Operating
System. Successful attack of this vulnerability could
have resulted in unauthorized Operating System takeover
including arbitrary code execution.

- CVE-2015-2808: Very difficult to exploit vulnerability
in the JSSE component allowed successful unauthenticated
network attacks via SSL/TLS. Successful attack of this
vulnerability could have resulted in unauthorized
update, insert or delete access to some Java accessible
data as well as read access to a subset of Java
accessible data.

- CVE-2015-4000: Very difficult to exploit vulnerability
in the JSSE component allowed successful unauthenticated
network attacks via SSL/TLS. Successful attack of this
vulnerability could have resulted in unauthorized
update, insert or delete access to some Java accessible
data as well as read access to a subset of Java Embedded
accessible data.

- CVE-2015-4729: Very difficult to exploit vulnerability
in the Deployment component allowed successful
unauthenticated network attacks via multiple protocols.
Successful attack of this vulnerability could have
resulted in unauthorized update, insert or delete access
to some Java SE accessible data as well as read access
to a subset of Java SE accessible data.

- CVE-2015-4731: Easily exploitable vulnerability in the
JMX component allowed successful unauthenticated network
attacks via multiple protocols. Successful attack of
this vulnerability could have resulted in unauthorized
Operating System takeover including arbitrary code
execution.

- CVE-2015-4732: Easily exploitable vulnerability in the
Libraries component allowed successful unauthenticated
network attacks via multiple protocols. Successful
attack of this vulnerability could have resulted in
unauthorized Operating System takeover including
arbitrary code execution.

- CVE-2015-4733: Easily exploitable vulnerability in the
RMI component allowed successful unauthenticated network
attacks via multiple protocols. Successful attack of
this vulnerability could have resulted in unauthorized
Operating System takeover including arbitrary code
execution.

- CVE-2015-4736: Difficult to exploit vulnerability in the
Deployment component allowed successful unauthenticated
network attacks via multiple protocols. Successful
attack of this vulnerability could have resulted in
unauthorized Operating System takeover including
arbitrary code execution.

- CVE-2015-4748: Very difficult to exploit vulnerability
in the Security component allowed successful
unauthenticated network attacks via OCSP. Successful
attack of this vulnerability could have resulted in
unauthorized Operating System takeover including
arbitrary code execution.

- CVE-2015-4749: Difficult to exploit vulnerability in the
JNDI component allowed successful unauthenticated
network attacks via multiple protocols. Successful
attack of this vulnerability could have resulted in
unauthorized ability to cause a partial denial of
service (partial DOS).

- CVE-2015-4760: Easily exploitable vulnerability in the
2D component allowed successful unauthenticated network
attacks via multiple protocols. Successful attack of
this vulnerability could have resulted in unauthorized
Operating System takeover including arbitrary code
execution.

Note that Tenable Network Security has extracted the preceding
description block directly from the SUSE security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.

See also :

https://bugzilla.suse.com/938248
https://www.suse.com/security/cve/CVE-2015-2590.html
https://www.suse.com/security/cve/CVE-2015-2596.html
https://www.suse.com/security/cve/CVE-2015-2597.html
https://www.suse.com/security/cve/CVE-2015-2601.html
https://www.suse.com/security/cve/CVE-2015-2613.html
https://www.suse.com/security/cve/CVE-2015-2619.html
https://www.suse.com/security/cve/CVE-2015-2621.html
https://www.suse.com/security/cve/CVE-2015-2625.html
https://www.suse.com/security/cve/CVE-2015-2627.html
https://www.suse.com/security/cve/CVE-2015-2628.html
https://www.suse.com/security/cve/CVE-2015-2632.html
https://www.suse.com/security/cve/CVE-2015-2637.html
https://www.suse.com/security/cve/CVE-2015-2638.html
https://www.suse.com/security/cve/CVE-2015-2664.html
https://www.suse.com/security/cve/CVE-2015-2808.html
https://www.suse.com/security/cve/CVE-2015-4000.html
https://www.suse.com/security/cve/CVE-2015-4729.html
https://www.suse.com/security/cve/CVE-2015-4731.html
https://www.suse.com/security/cve/CVE-2015-4732.html
https://www.suse.com/security/cve/CVE-2015-4733.html
https://www.suse.com/security/cve/CVE-2015-4736.html
https://www.suse.com/security/cve/CVE-2015-4748.html
https://www.suse.com/security/cve/CVE-2015-4749.html
https://www.suse.com/security/cve/CVE-2015-4760.html
http://www.nessus.org/u?16d16647

Solution :

To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product :

SUSE Linux Enterprise Server 12 :

zypper in -t patch SUSE-SLE-SERVER-12-2015-352=1

SUSE Linux Enterprise Desktop 12 :

zypper in -t patch SUSE-SLE-DESKTOP-12-2015-352=1

To bring your system up-to-date, use 'zypper patch'.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 10.0
(CVSS2#E:ND/RL:ND/RC:ND)
Public Exploit Available : true

This script is Copyright (C) 2015 Tenable Network Security, Inc.

SUSE SLES11 Security Update : bind (SUSE-SU-2015:1316-1)


Synopsis:

The remote SUSE host is missing one or more security updates.

Description:

bind was updated to fix one security issue.

This security issue was fixed :

- CVE-2015-5477: Remote DoS via TKEY queries (bsc#939567)

Exposure to this issue can not be prevented by either ACLs or
configuration options limiting or denying service because the
exploitable code occurs early in the packet handling.

Note that Tenable Network Security has extracted the preceding
description block directly from the SUSE security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.

See also :

https://bugzilla.suse.com/939567
https://www.suse.com/security/cve/CVE-2015-5477.html
http://www.nessus.org/u?0f319995

Solution :

To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product :

SUSE Linux Enterprise Server 11-SP1-LTSS :

zypper in -t patch slessp1-bind-12010=1

To bring your system up-to-date, use 'zypper patch'.

Risk factor :

High / CVSS Base Score : 7.8
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C)
CVSS Temporal Score : 6.4
(CVSS2#E:F/RL:OF/RC:ND)
Public Exploit Available : true

This script is Copyright (C) 2015 Tenable Network Security, Inc.

Scientific Linux Security Update : openafs on SL5.x, SL6.x, SL7.x i386/x86_64


Synopsis:

The remote Scientific Linux host is missing one or more security
updates.

Description:

All server platforms

* Fix for CVE-2015-3282: vos leaks stack data onto the wire in the
clear when creating vldb entries

* Workaround for CVE-2015-3283: bos commands can be spoofed,
including some which alter server state

* Disabled searching the VLDB by volume name regular
expression to avoid possible buffer overruns in the volume
location server

All client platforms

* Fix for CVE-2015-3284: pioctls leak kernel memory

* Fix for CVE-2015-3285: kernel pioctl support for OSD
command passing can trigger a panic

After installing the update, you must restart your AFS connections and
AFS services.

See also :

http://www.nessus.org/u?5d1b1f26

Solution :

Update the affected packages.

Risk factor :

High

This script is Copyright (C) 2015 Tenable Network Security, Inc.

RHEL 5 / 6 / 7 : java-1.6.0-openjdk (RHSA-2015:1526)


Synopsis:

The remote Red Hat host is missing one or more security updates.

Description:

Updated java-1.6.0-openjdk packages that fix multiple security issues
are now available for Red Hat Enterprise Linux 5, 6, and 7.

Red Hat Product Security has rated this update as having Important
security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.

The java-1.6.0-openjdk packages provide the OpenJDK 6 Java Runtime
Environment and the OpenJDK 6 Java Software Development Kit.

Multiple flaws were discovered in the 2D, CORBA, JMX, Libraries and
RMI components in OpenJDK. An untrusted Java application or applet
could use these flaws to bypass Java sandbox restrictions.
(CVE-2015-4760, CVE-2015-2628, CVE-2015-4731, CVE-2015-2590,
CVE-2015-4732, CVE-2015-4733)

A flaw was found in the way the Libraries component of OpenJDK
verified Online Certificate Status Protocol (OCSP) responses. An OCSP
response with no nextUpdate date specified was incorrectly handled as
having unlimited validity, possibly causing a revoked X.509
certificate to be interpreted as valid. (CVE-2015-4748)

It was discovered that the JCE component in OpenJDK failed to use
constant time comparisons in multiple cases. An attacker could
possibly use these flaws to disclose sensitive information by
measuring the time used to perform operations using these non-constant
time comparisons. (CVE-2015-2601)

A flaw was found in the RC4 encryption algorithm. When using certain
keys for RC4 encryption, an attacker could obtain portions of the
plain text from the cipher text without the knowledge of the
encryption key. (CVE-2015-2808)

Note: With this update, OpenJDK now disables RC4 TLS/SSL cipher suites
by default to address the CVE-2015-2808 issue. Refer to Red Hat
Bugzilla bug 1207101, linked to in the References section, for
additional details about this change.

A flaw was found in the way the TLS protocol composed the
Diffie-Hellman (DH) key exchange. A man-in-the-middle attacker could
use this flaw to force the use of weak 512 bit export-grade keys
during the key exchange, allowing them to decrypt all traffic.
(CVE-2015-4000)

Note: This update forces the TLS/SSL client implementation in OpenJDK
to reject DH key sizes below 768 bits, which prevents sessions to be
downgraded to export-grade keys. Refer to Red Hat Bugzilla bug
1223211, linked to in the References section, for additional details
about this change.

It was discovered that the JNDI component in OpenJDK did not handle
DNS resolutions correctly. An attacker able to trigger such DNS errors
could cause a Java application using JNDI to consume memory and CPU
time, and possibly block further DNS resolution. (CVE-2015-4749)

Multiple information leak flaws were found in the JMX and 2D
components in OpenJDK. An untrusted Java application or applet could
use this flaw to bypass certain Java sandbox restrictions.
(CVE-2015-2621, CVE-2015-2632)

A flaw was found in the way the JSSE component in OpenJDK performed
X.509 certificate identity verification when establishing a TLS/SSL
connection to a host identified by an IP address. In certain cases,
the certificate was accepted as valid if it was issued for a host name
to which the IP address resolves rather than for the IP address.
(CVE-2015-2625)

All users of java-1.6.0-openjdk are advised to upgrade to these
updated packages, which resolve these issues. All running instances of
OpenJDK Java must be restarted for the update to take effect.

See also :

https://www.redhat.com/security/data/cve/CVE-2015-2590.html
https://www.redhat.com/security/data/cve/CVE-2015-2601.html
https://www.redhat.com/security/data/cve/CVE-2015-2621.html
https://www.redhat.com/security/data/cve/CVE-2015-2625.html
https://www.redhat.com/security/data/cve/CVE-2015-2628.html
https://www.redhat.com/security/data/cve/CVE-2015-2632.html
https://www.redhat.com/security/data/cve/CVE-2015-2808.html
https://www.redhat.com/security/data/cve/CVE-2015-4000.html
https://www.redhat.com/security/data/cve/CVE-2015-4731.html
https://www.redhat.com/security/data/cve/CVE-2015-4732.html
https://www.redhat.com/security/data/cve/CVE-2015-4733.html
https://www.redhat.com/security/data/cve/CVE-2015-4748.html
https://www.redhat.com/security/data/cve/CVE-2015-4749.html
https://www.redhat.com/security/data/cve/CVE-2015-4760.html
https://bugzilla.redhat.com/show_bug.cgi?id=1207101#c11
https://bugzilla.redhat.com/show_bug.cgi?id=1223211#c33
http://rhn.redhat.com/errata/RHSA-2015-1526.html

Solution :

Update the affected packages.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
Public Exploit Available : true

This script is Copyright (C) 2015 Tenable Network Security, Inc.

OracleVM 3.3 : curl (OVMSA-2015-0107)


Synopsis:

The remote OracleVM host is missing one or more security updates.

Description:

The remote OracleVM system is missing necessary patches to address
critical security updates :

- require credentials to match for NTLM re-use
(CVE-2015-3143)

- close Negotiate connections when done (CVE-2015-3148)

- reject CRLFs in URLs passed to proxy (CVE-2014-8150)

- use only full matches for hosts used as IP address in
cookies (CVE-2014-3613)

- fix handling of CURLOPT_COPYPOSTFIELDS in
curl_easy_duphandle (CVE-2014-3707)

- fix manpage typos found using aspell (#1011101)

- fix comments about loading CA certs with NSS in man
pages (#1011083)

- fix handling of DNS cache timeout while a transfer is in
progress (#835898)

- eliminate unnecessary inotify events on upload via file
protocol (#883002)

- use correct socket type in the examples (#997185)

- do not crash if MD5 fingerprint is not provided by
libssh2 (#1008178)

- fix SIGSEGV of curl --retry when network is down
(#1009455)

- allow to use TLS 1.1 and TLS 1.2 (#1012136)

- docs: update the links to cipher-suites supported by NSS
(#1104160)

- allow to use ECC ciphers if NSS implements them
(#1058767)

- make curl --trace-time print correct time (#1120196)

- let tool call PR_Cleanup on exit if NSPR is used
(#1146528)

- ignore CURLOPT_FORBID_REUSE during NTLM HTTP auth
(#1154747)

- allow to enable/disable new AES cipher-suites (#1156422)

- include response headers added by proxy in
CURLINFO_HEADER_SIZE (#1161163)

- disable libcurl-level downgrade to SSLv3 (#1154059)

- do not force connection close after failed HEAD request
(#1168137)

- fix occasional SIGSEGV during SSL handshake (#1168668)

- fix a connection failure when FTPS handle is reused
(#1154663)

- fix re-use of wrong HTTP NTLM connection (CVE-2014-0015)

- fix connection re-use when using different log-in
credentials (CVE-2014-0138)

- fix authentication failure when server offers multiple
auth options (#799557)

- refresh expired cookie in test172 from upstream
test-suite (#1069271)

- fix a memory leak caused by write after close (#1078562)

- nss: implement non-blocking SSL handshake (#1083742)

See also :

https://oss.oracle.com/pipermail/oraclevm-errata/2015-July/000355.html

Solution :

Update the affected curl / libcurl packages.

Risk factor :

Medium / CVSS Base Score : 6.4
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N)
CVSS Temporal Score : 4.7
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

This script is Copyright (C) 2015 Tenable Network Security, Inc.

OracleVM 3.3 : libuser (OVMSA-2015-0106)


Synopsis:

The remote OracleVM host is missing a security update.

Description:

The remote OracleVM system is missing necessary patches to address
critical security updates :

- Update CVE-2015-3246 patch based on review comments
Resolves: #1235518

- Don&rsquo
t use 512-bit RSA private keys in tests
Related: #1235518

- Fix testsuite failures if more than one architecture is
building concurrently Related: #1235518

- Fix (CVE-2015-3246) Resolves: #1235518

See also :

https://oss.oracle.com/pipermail/oraclevm-errata/2015-July/000354.html

Solution :

Update the affected libuser package.

Risk factor :

High / CVSS Base Score : 7.2
(CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 6.0
(CVSS2#E:F/RL:OF/RC:ND)
Public Exploit Available : true

This script is Copyright (C) 2015 Tenable Network Security, Inc.

OracleVM 3.3 : bind (OVMSA-2015-0105)


Synopsis:

The remote OracleVM host is missing one or more security updates.

Description:

The remote OracleVM system is missing necessary patches to address
critical security updates :

- Fix (CVE-2015-5477)

- Fix (CVE-2015-4620)

- Resolves: 1215687 - DNS resolution failure in high load
environment with SERVFAIL and 'out of memory/success' in
the log

- Fix (CVE-2015-1349)

- Enable RPZ-NSIP and RPZ-NSDNAME during compilation
(#1176476)

- Fix race condition when using isc__begin_beginexclusive
(#1175321)

- Sanitize SDB API to better handle database errors
(#1146893)

- Fix CVE-2014-8500 (#1171974)

- Fix RRL slip behavior when set to 1 (#1112356)

- Fix issue causing bind to hang after reload if using
DYNDB (#1142152)

See also :

https://oss.oracle.com/pipermail/oraclevm-errata/2015-July/000353.html

Solution :

Update the affected bind-libs / bind-utils packages.

Risk factor :

High / CVSS Base Score : 7.8
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C)
CVSS Temporal Score : 6.8
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

This script is Copyright (C) 2015 Tenable Network Security, Inc.

OracleVM 3.3 : kernel-uek (OVMSA-2015-0104)


Synopsis:

The remote OracleVM host is missing one or more security updates.

Description:

The remote OracleVM system is missing necessary patches to address
critical security updates :

- KVM: x86: SYSENTER emulation is broken (Nadav Amit)
[Orabug: 21502739] (CVE-2015-0239) (CVE-2015-0239)

- fs: take i_mutex during prepare_binprm for set[ug]id
executables (Jann Horn) [Orabug: 21502254]
(CVE-2015-3339)

- eCryptfs: Remove buggy and unnecessary write in file
name decode routine (Michael Halcrow) [Orabug: 21502065]
(CVE-2014-9683)

See also :

https://oss.oracle.com/pipermail/oraclevm-errata/2015-July/000348.html

Solution :

Update the affected kernel-uek / kernel-uek-firmware packages.

Risk factor :

Medium / CVSS Base Score : 6.2
(CVSS2#AV:L/AC:H/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 5.4
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

This script is Copyright (C) 2015 Tenable Network Security, Inc.

OracleVM 3.3 : sudo (OVMSA-2015-0103)


Synopsis:

The remote OracleVM host is missing a security update.

Description:

The remote OracleVM system is missing necessary patches to address
critical security updates :

- RHEL-6.7 erratum

- modified the authlogicfix patch to fix #1144448

- fixed a bug in the ldapusermatchfix patch Resolves:
rhbz#1144448 Resolves: rhbz#1142122

- RHEL-6.7 erratum

- fixed the mantypos-ldap.patch Resolves: rhbz#1138267

- RHEL-6.7 erratum

- added patch for (CVE-2014-9680)

- added BuildRequires for tzdata Resolves: rhbz#1200253

- RHEL-6.7 erratum

- added zlib-devel build required to enable zlib
compression support

- fixed two typos in the sudoers.ldap man page

- fixed a hang when duplicate nss entries are specified in
nsswitch.conf

- SSSD: implemented sorting of the result entries
according to the sudoOrder attribute

- LDAP: fixed logic handling the computation of the 'user
matched' flag

- fixed restoring of the SIGPIPE signal in the tgetpass
function

- fixed listpw, verifypw + authenticate option logic in
LDAP/SSSD Resolves: rhbz#1106433 Resolves: rhbz#1138267
Resolves: rhbz#1147498 Resolves: rhbz#1138581 Resolves:
rhbz#1142122 Resolves: rhbz#1094548 Resolves:
rhbz#1144448

- RHEL-6.6 erratum

- SSSD: dropped the ipahostnameshort patch, as it is not
needed. rhbz#1033703 is a configuration issue. Related:
rhbz#1033703

- RHEL-6.6 erratum

- SSSD: fixed netgroup filter patch

- SSSD: dropped serparate patch for #1006463, the fix is
now part of the netgroup filter patch Resolves:
rhbz#1006463 Resolves: rhbz#1083064

- RHEL-6.6 erratum

- don't retry authentication when ctrl-c pressed

- fix double-quote processing in Defaults options

- fix sesh login shell argv[0]

- handle the '(none)' hostname correctly

- SSSD: fix ipa_hostname handling

- SSSD: fix sudoUser netgroup specification filtering

- SSSD: list correct user when -U -l specified

- SSSD: show rule names on long listing (-ll) Resolves:
rhbz#1065415 Resolves: rhbz#1078338 Resolves:
rhbz#1052940 Resolves: rhbz#1083064 Resolves:
rhbz#1033703 Resolves: rhbz#1006447 Resolves:
rhbz#1006463 Resolves: rhbz#1070952

See also :

https://oss.oracle.com/pipermail/oraclevm-errata/2015-July/000351.html

Solution :

Update the affected sudo package.

Risk factor :

Medium / CVSS Base Score : 4.4
(CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 3.8
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

This script is Copyright (C) 2015 Tenable Network Security, Inc.

OracleVM 3.3 : ntp (OVMSA-2015-0102)


Synopsis:

The remote OracleVM host is missing one or more security updates.

Description:

The remote OracleVM system is missing necessary patches to address
critical security updates :

- reject packets without MAC when authentication is
enabled (CVE-2015-1798)

- protect symmetric associations with symmetric key
against DoS attack (CVE-2015-1799)

- fix generation of MD5 keys with ntp-keygen on big-endian
systems (CVE-2015-3405)

- log when stepping clock for leap second or ignoring it
with -x (#1204625)

- fix typos in ntpd man page (#1194463)

- validate lengths of values in extension fields
(CVE-2014-9297)

- drop packets with spoofed source address ::1
(CVE-2014-9298)

- add nanosecond support to SHM refclock (#1117704)

- allow creating all SHM segments with owner-only access
(#1122015)

- allow symmetric keys up to 32 bytes again (#1053551)

- fix calculation of root dispersion (#1045376)

- fix crash in ntpq mreadvar command (#1165141)

- don't step clock for leap second with -x option
(#1190619)

- don't drop packets with source port below 123 (#1171630)

- use larger RSA exponent in ntp-keygen (#1184421)

- refresh peers on routing updates (#1193850)

- increase memlock limit again (#1053568)

- warn when monitor can't be disabled due to limited
restrict (#1166596)

- improve documentation of restrict command (#1069019)

- update logconfig documentation for patched default
(#1193849)

- don't build ntpsnmpd (#995134)

See also :

https://oss.oracle.com/pipermail/oraclevm-errata/2015-July/000352.html

Solution :

Update the affected ntp / ntpdate packages.

Risk factor :

Medium / CVSS Base Score : 4.3
(CVSS2#AV:A/AC:M/Au:N/C:N/I:P/A:P)
CVSS Temporal Score : 3.6
(CVSS2#E:F/RL:OF/RC:ND)
Public Exploit Available : true

This script is Copyright (C) 2015 Tenable Network Security, Inc.

OracleVM 3.3 : gnutls (OVMSA-2015-0101)


Synopsis:

The remote OracleVM host is missing a security update.

Description:

The remote OracleVM system is missing necessary patches to address
critical security updates :

- fix CVE-2015-0282 (#1198159)

- fix CVE-2015-0294 (#1198159)

- Corrected value initialization in mpi printing
(#1129241)

- Check for expiry information in the CA certificates
(#1159778)

- fix issue with integer padding in certificates and keys
(#1036385)

- fix session ID length check (#1102025)

- fix CVE-2014-0092 (#1069891)

- fix CVE-2013-2116 - fix DoS regression in
(CVE-2013-1619) upstream patch (#966754)

- fix CVE-2013-1619 - fix TLS-CBC timing attack (#908238)

See also :

https://oss.oracle.com/pipermail/oraclevm-errata/2015-July/000350.html

Solution :

Update the affected gnutls package.

Risk factor :

Medium / CVSS Base Score : 5.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N)
CVSS Temporal Score : 5.0
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

This script is Copyright (C) 2015 Tenable Network Security, Inc.

OracleVM 3.3 : grep (OVMSA-2015-0100)


Synopsis:

The remote OracleVM host is missing a security update.

Description:

The remote OracleVM system is missing necessary patches to address
critical security updates :

- Updated pcre buildrequires to require pcre-devel >=
7.8-7

See also :

https://oss.oracle.com/pipermail/oraclevm-errata/2015-July/000347.html

Solution :

Update the affected grep package.

Risk factor :

High

This script is Copyright (C) 2015 Tenable Network Security, Inc.

OracleVM 3.3 : net-snmp (OVMSA-2015-0099)


Synopsis:

The remote OracleVM host is missing one or more security updates.

Description:

The remote OracleVM system is missing necessary patches to address
critical security updates :

- Add Oracle ACFS to hrStorage (John Haxby) [orabug
18510373]

- Quicker loading of IP-MIB::ipAddrTable (#1191393)

- Quicker loading of IP-MIB::ipAddressTable (#1191393)

- Fixed snmptrapd crash when '-OQ' parameter is used and
invalid trap is received (#CVE-2014-3565)

- added faster caching into IP-MIB::ipNetToMediaTable
(#789500)

- fixed compilation with '-Werror=format-security'
(#1181994)

- added clear error message when port specified in
'clientaddrr' config option cannot be bound (#886468)

- fixed error check in IP-MIB::ipAddressTable (#1012430)

- fixed agentx client crash on failed response (#1023570)

- fixed dashes in net-snmp-config.h (#1034441)

- fixed crash on monitor trigger (#1050970)

- fixed 'netsnmp_assert 1 == new_val->high failed' message
in system log (#1065210)

- fixed parsing of 64bit counters from SMUX subagents
(#1069046)

- Fixed HOST-RESOURCES-MIB::hrProcessorTable on machines
with >100 CPUs (#1070075)

- fixed net-snmp-create-v3-user to have the same content
on 32 and 64bit installations (#1073544)

- fixed IPADDRESS value length in Python bindings
(#1100099)

- fixed hrStorageTable to contain 31 bits integers
(#1104293)

- fixed links to developer man pages (#1119567)

- fixed storageUseNFS functionality in hrStorageTable
(#1125793)

- fixed netsnmp_set Python bindings call truncating at the
first '\000' character (#1126914)

- fixed log level of SMUX messages (#1140234)

- use python/README to net-snmp-python subpackage
(#1157373)

- fixed forwarding of traps with RequestID=0 in snmptrapd
(#1146948)

- fixed typos in NET-SNMP-PASS-MIB and SMUX-MIB (#1162040)

- fixed close overhead of extend commands (#1188295)

- fixed lmSensorsTable not reporting sensors with
duplicate names (#967871)

- fixed hrDeviceTable with interfaces with large ifIndex
(#1195547)

- added 'diskio' option to snmpd.conf, it's possible to
monitor only selected devices in diskIOTable (#990674)

- fixed CVE-2014-2284: denial of service flaw in Linux
implementation of ICMP-MIB (#1073223)

- added cache to hrSWRunTable to provide consistent
results (#1007634)

- skip 'mvfs' (ClearCase) when skipNFSInHostResources is
enabled (#1073237)

- fixed snmptrapd crashing on forwarding SNMPv3 traps
(#1131844)

- fixed HOST-RESOURCES-MIB::hrSystemProcesses (#1134335)

- fixed snmp daemons and utilities crashing in FIPS mode
(#1001830)

- added support of btrfs filesystem in hrStorageTable
(#1006706)

- fixed issues found by static analysis tools

- restored ABI of read_configs_* functions

- fixed parsing of bulk responses (#983116)

- added support of vzfs filesystem in hrStorageTable
(#989498)

- fixed endless loop when parsing sendmail configuration
file with queue groups (#991213)

- fixed potential memory leak on realloc failure when
processing 'extend' option (#893119)

- added precise enumeration of configuration files
searched to snmp_config(5) man page (#907571)

- set permissions of snmpd.conf and snmptrapd conf to 0600
(#919239)

- fixed kernel threads in hrSWRunTable (#919952)

- fixed various error codes in Python module (#955771)

- fixed snmpd crashing in the middle of agentx request
processing when a subagent disconnects (#955511)

- allow 'includeFile' and 'includeDir' options in
configuration files (#917816)

- fixed netlink message size (#927474)

- fixed IF-MIB::ifSpeedHi on systems with non-standard
interface speeds (#947973)

- fixed BRIDGE-MIB::dot1dBasePortTable not to include the
bridge itself as a port (#960568)

- fixed snmpd segfault when 'agentaddress' configuration
options is used and too many SIGHUP signals are received
(#968898)

- updated UCD-SNMP-MIB::dskTable to dynamically add/remove
disks if 'includeAllDisks' is specified in snmpd.conf
(#922691)

- fixed crash when parsing invalid SNMP packets (#953926)

- fixed snmpd crashing with 'exec' command with no
arguments in snmpd.conf (#919259)

See also :

https://oss.oracle.com/pipermail/oraclevm-errata/2015-July/000349.html

Solution :

Update the affected net-snmp / net-snmp-libs / net-snmp-utils
packages.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVSS Temporal Score : 4.3
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

This script is Copyright (C) 2015 Tenable Network Security, Inc.

OracleVM 3.3 : python (OVMSA-2015-0098)


Synopsis:

The remote OracleVM host is missing one or more security updates.

Description:

The remote OracleVM system is missing necessary patches to address
critical security updates :

- Add Oracle Linux distribution in platform.py [orabug
21288328] (Keshav Sharma)

- Enable use of deepcopy with instance methods Resolves:
rhbz#1223037

- Since -libs now provide python-ordered dict, added
ordereddict dist-info to site-packages Resolves:
rhbz#1199997

- Fix CVE-2014-7185/4650/1912 (CVE-2013-1752) Resolves:
rhbz#1206572

- Fix logging module error when multiprocessing module is
not initialized Resolves: rhbz#1204966

- Add provides for python-ordereddict Resolves:
rhbz#1199997

- Let ConfigParse handle options without values

- Add check phase to specfile, fix and skip relevant
failing tests Resolves: rhbz#1031709

- Make Popen.communicate catch EINTR error Resolves:
rhbz#1073165

- Add choices for sort option of cProfile for better
output Resolves: rhbz#1160640

- Make multiprocessing ignore EINTR Resolves: rhbz#1180864

- Fix iteration over files with very long lines Resolves:
rhbz#794632

- Fix subprocess.Popen.communicate being broken by SIGCHLD
handler. Resolves: rhbz#1065537

- Rebuild against latest valgrind-devel. Resolves:
rhbz#1142170

- Bump release up to ensure proper upgrade path. Related:
rhbz#958256

- Fix multilib dependencies. Resolves: rhbz#958256

See also :

https://oss.oracle.com/pipermail/oraclevm-errata/2015-July/000346.html

Solution :

Update the affected python / python-libs packages.

Risk factor :

Medium / CVSS Base Score : 6.4
(CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P)
CVSS Temporal Score : 5.6
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

This script is Copyright (C) 2015 Tenable Network Security, Inc.

OracleVM 3.3 : libxml2 (OVMSA-2015-0097)


Synopsis:

The remote OracleVM host is missing one or more security updates.

Description:

The remote OracleVM system is missing necessary patches to address
critical security updates :

- Update doc/redhat.gif in tarball

- Add libxml2-oracle-enterprise.patch and update logos in
tarball

- CVE-2015-1819 Enforce the reader to run in constant
memory(rhbz#1214163)

- Stop parsing on entities boundaries errors

- Fix missing entities after CVE-2014-3660 fix
(rhbz#1149086)

- CVE-2014-3660 denial of service via recursive entity
expansion (rhbz#1149086)

- Fix html serialization error and htmlSetMetaEncoding
(rhbz#1004513)

See also :

https://oss.oracle.com/pipermail/oraclevm-errata/2015-July/000345.html

Solution :

Update the affected libxml2 / libxml2-python packages.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVSS Temporal Score : 3.7
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

This script is Copyright (C) 2015 Tenable Network Security, Inc.

Oracle Linux 6 / 7 : java-1.6.0-openjdk (ELSA-2015-1526)


Synopsis:

The remote Oracle Linux host is missing one or more security updates.

Description:

Description of changes:

[1:1.6.0.36-1.13.8.1]
- Update tarball to fix TCK regression (PR2565)
- Resolves: rhbz#1235153

[1:1.6.0.36-1.13.8.0]
- Update to IcedTea 1.13.8
- Update no_pr2125.patch to work against new version.
- Resolves: rhbz#1235153

See also :

https://oss.oracle.com/pipermail/el-errata/2015-July/005258.html
https://oss.oracle.com/pipermail/el-errata/2015-July/005259.html

Solution :

Update the affected java-1.6.0-openjdk packages.

Risk factor :

High

This script is Copyright (C) 2015 Tenable Network Security, Inc.

openSUSE Security Update : lxc (openSUSE-2015-524)


Synopsis:

The remote openSUSE host is missing a security update.

Description:

lxc was updated to fix one security issue.

The following vulnerability was fixed :

- CVE-2015-1334: AppArmor or SELinux confinement escape
via fake /proc (bnc#938523)

See also :

https://bugzilla.opensuse.org/show_bug.cgi?id=938523

Solution :

Update the affected lxc packages.

Risk factor :

Medium

This script is Copyright (C) 2015 Tenable Network Security, Inc.

openSUSE Security Update : lxc (openSUSE-2015-523)


Synopsis:

The remote openSUSE host is missing a security update.

Description:

lxc was updated to fix two security issues.

The following vulnerabilities were fixed :

- CVE-2015-1331: directory traversal flaw allowing
arbitrary file creation as the root user (bnc#938522)

- CVE-2015-1334: AppArmor or SELinux confinement escape
via fake /proc (bnc#938523)

See also :

https://bugzilla.opensuse.org/show_bug.cgi?id=938522
https://bugzilla.opensuse.org/show_bug.cgi?id=938523

Solution :

Update the affected lxc packages.

Risk factor :

Medium

This script is Copyright (C) 2015 Tenable Network Security, Inc.

Fedora 22 : libuser-0.62-1.fc22 (2015-12301)


Synopsis:

The remote Fedora host is missing a security update.

Description:

Security fix for CVE-2015-3245, CVE-2015-3246

See also :

https://bugzilla.redhat.com/show_bug.cgi?id=1233043
https://bugzilla.redhat.com/show_bug.cgi?id=1233052
http://www.nessus.org/u?74330717

Solution :

Update the affected libuser package.

Risk factor :

Medium / CVSS Base Score : 6.8
(CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C)

This script is Copyright (C) 2015 Tenable Network Security, Inc.

Fedora 22 : openssh-6.9p1-3.fc22 (2015-11981)


Synopsis:

The remote Fedora host is missing a security update.

Description:

Security fix for CVE-2015-5600

See also :

https://bugzilla.redhat.com/show_bug.cgi?id=1245969
http://www.nessus.org/u?2764763e

Solution :

Update the affected openssh package.

Risk factor :

Medium / CVSS Base Score : 4.3
(CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N)

This script is Copyright (C) 2015 Tenable Network Security, Inc.

Fedora 22 : xrdp-0.9.0-4.fc22 (2015-11688)


Synopsis:

The remote Fedora host is missing a security update.

Description:

Add epoch again. New version. Close bug #1105202 again. Own
/etc/xrdp/pulse directory. Reapply service file changes again. Fix
sesman default configuration again.

See also :

https://bugzilla.redhat.com/show_bug.cgi?id=1194214
https://bugzilla.redhat.com/show_bug.cgi?id=1194215
http://www.nessus.org/u?ca596bfc

Solution :

Update the affected xrdp package.

Risk factor :

High

This script is Copyright (C) 2015 Tenable Network Security, Inc.

F5 Networks BIG-IP : BIND DNSSEC vulnerability (SOL17025)


Synopsis:

The remote device is missing a vendor-supplied security patch.

Description:

ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P5, 9.5 before
9.5.2-P2, 9.6 before 9.6.1-P3, and 9.7.0 beta does not properly
validate DNSSEC (1) NSEC and (2) NSEC3 records.

See also :

http://www.nessus.org/u?7b9df509

Solution :

Upgrade to one of the non-vulnerable versions listed in the F5
Solution SOL17025.

Risk factor :

Medium / CVSS Base Score : 4.3
(CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N)
CVSS Temporal Score : 3.7
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

This script is Copyright (C) 2015 Tenable Network Security, Inc.

Debian DSA-3321-1 : xmltooling - security update


Synopsis:

The remote Debian host is missing a security-related update.

Description:

The InCommon Shibboleth Training team discovered that XMLTooling, a
C++ XML parsing library, did not properly handle an exception when
parsing well-formed but schema-invalid XML. This could allow remote
attackers to cause a denial of service (crash) via crafted XML data.

See also :

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=793855
https://packages.debian.org/source/wheezy/xmltooling
https://packages.debian.org/source/jessie/xmltooling
http://www.debian.org/security/2015/dsa-3321

Solution :

Upgrade the xmltooling packages.

For the oldstable distribution (wheezy), this problem has been fixed
in version 1.4.2-5+deb7u1.

For the stable distribution (jessie), this problem has been fixed in
version 1.5.3-2+deb8u1.

Risk factor :

High

This script is Copyright (C) 2015 Tenable Network Security, Inc.

Debian DSA-3320-1 : openafs - security update


Synopsis:

The remote Debian host is missing a security-related update.

Description:

It was discovered that OpenAFS, the implementation of the distributed
filesystem AFS, contained several flaws that could result in
information leak, denial-of-service or kernel panic.

See also :

https://packages.debian.org/source/wheezy/openafs
https://packages.debian.org/source/jessie/openafs
http://www.debian.org/security/2015/dsa-3320

Solution :

Upgrade the openafs packages.

For the oldstable distribution (wheezy), these problems have been
fixed in version 1.6.1-3+deb7u3.

For the stable distribution (jessie), these problems have been fixed
in version 1.6.9-2+deb8u3.

Risk factor :

High

This script is Copyright (C) 2015 Tenable Network Security, Inc.

Debian DLA-286-1 : squid3 security update


Synopsis:

The remote Debian host is missing a security update.

Description:

Alex Rousskov discovered that Squid configured with cache_peer and
operating on explicit proxy traffic does not correctly handle CONNECT
method peer responses. In some configurations, it allows remote
clients to bypass security in an explicit gateway proxy.

For Debian 6 Squeeze, this problem has been fixed in squid3 version
3.1.6-1.2+squeeze5. We recommend that you upgrade your squid3
packages.

NOTE: Tenable Network Security has extracted the preceding description
block directly from the DLA security advisory. Tenable has attempted
to automatically clean and format it as much as possible without
introducing additional issues.

See also :

https://lists.debian.org/debian-lts-announce/2015/07/msg00025.html
https://packages.debian.org/source/squeeze-lts/squid3

Solution :

Upgrade the affected packages.

Risk factor :

Low / CVSS Base Score : 2.6
(CVSS2#AV:N/AC:H/Au:N/C:P/I:N/A:N)
CVSS Temporal Score : 1.9
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

This script is Copyright (C) 2015 Tenable Network Security, Inc.

CentOS 5 / 6 / 7 : java-1.6.0-openjdk (CESA-2015:1526)


Synopsis:

The remote CentOS host is missing one or more security updates.

Description:

Updated java-1.6.0-openjdk packages that fix multiple security issues
are now available for Red Hat Enterprise Linux 5, 6, and 7.

Red Hat Product Security has rated this update as having Important
security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.

The java-1.6.0-openjdk packages provide the OpenJDK 6 Java Runtime
Environment and the OpenJDK 6 Java Software Development Kit.

Multiple flaws were discovered in the 2D, CORBA, JMX, Libraries and
RMI components in OpenJDK. An untrusted Java application or applet
could use these flaws to bypass Java sandbox restrictions.
(CVE-2015-4760, CVE-2015-2628, CVE-2015-4731, CVE-2015-2590,
CVE-2015-4732, CVE-2015-4733)

A flaw was found in the way the Libraries component of OpenJDK
verified Online Certificate Status Protocol (OCSP) responses. An OCSP
response with no nextUpdate date specified was incorrectly handled as
having unlimited validity, possibly causing a revoked X.509
certificate to be interpreted as valid. (CVE-2015-4748)

It was discovered that the JCE component in OpenJDK failed to use
constant time comparisons in multiple cases. An attacker could
possibly use these flaws to disclose sensitive information by
measuring the time used to perform operations using these non-constant
time comparisons. (CVE-2015-2601)

A flaw was found in the RC4 encryption algorithm. When using certain
keys for RC4 encryption, an attacker could obtain portions of the
plain text from the cipher text without the knowledge of the
encryption key. (CVE-2015-2808)

Note: With this update, OpenJDK now disables RC4 TLS/SSL cipher suites
by default to address the CVE-2015-2808 issue. Refer to Red Hat
Bugzilla bug 1207101, linked to in the References section, for
additional details about this change.

A flaw was found in the way the TLS protocol composed the
Diffie-Hellman (DH) key exchange. A man-in-the-middle attacker could
use this flaw to force the use of weak 512 bit export-grade keys
during the key exchange, allowing them to decrypt all traffic.
(CVE-2015-4000)

Note: This update forces the TLS/SSL client implementation in OpenJDK
to reject DH key sizes below 768 bits, which prevents sessions to be
downgraded to export-grade keys. Refer to Red Hat Bugzilla bug
1223211, linked to in the References section, for additional details
about this change.

It was discovered that the JNDI component in OpenJDK did not handle
DNS resolutions correctly. An attacker able to trigger such DNS errors
could cause a Java application using JNDI to consume memory and CPU
time, and possibly block further DNS resolution. (CVE-2015-4749)

Multiple information leak flaws were found in the JMX and 2D
components in OpenJDK. An untrusted Java application or applet could
use this flaw to bypass certain Java sandbox restrictions.
(CVE-2015-2621, CVE-2015-2632)

A flaw was found in the way the JSSE component in OpenJDK performed
X.509 certificate identity verification when establishing a TLS/SSL
connection to a host identified by an IP address. In certain cases,
the certificate was accepted as valid if it was issued for a host name
to which the IP address resolves rather than for the IP address.
(CVE-2015-2625)

All users of java-1.6.0-openjdk are advised to upgrade to these
updated packages, which resolve these issues. All running instances of
OpenJDK Java must be restarted for the update to take effect.

See also :

http://www.nessus.org/u?91ab1ba7
http://www.nessus.org/u?115112c7
http://www.nessus.org/u?2d20acaf

Solution :

Update the affected java-1.6.0-openjdk packages.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
Public Exploit Available : true

This script is Copyright (C) 2015 Tenable Network Security, Inc.

Cisco Unified MeetingPlace Web Conferencing Unauthorized Password Change Security Bypass


Synopsis:

The remote web server is running a conferencing application that is
affected by security bypass vulnerability.

Description:

According to its self-reported version number, the installation of
Cisco Unified MeetingPlace Web Conferencing hosted on the remote web
server is potentially affected by a security bypass vulnerability due
to the lack of validation of the current password and HTTP session ID
during a password change request. A remote attacker can exploit this,
via a crafted HTTP request, to change the password of an arbitrary
user.

Note that Nessus has not tested for this issue but has instead relied
only on the application's self-reported version number. Additionally,
the coarse nature of the version information Nessus gathered is not
enough to confirm that the application is vulnerable, only that it
might be affected.

See also :

http://www.nessus.org/u?20df73fb
https://tools.cisco.com/bugsearch/bug/CSCuu51839

Solution :

Upgrade to Cisco Unified MeetingPlace Web Conferencing version 8.5(5)
MR3 / 8.6(2) or later.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

This script is Copyright (C) 2015 Tenable Network Security, Inc.

Cisco IOS XE Software TFTP DoS (cisco-sa-20150722-tftp)


Synopsis:

The remote device is missing a vendor-supplied security patch.

Description:

According to its self-reported version, the Cisco IOS XE software
running on the remote device is affected by a denial of service
vulnerability in the TFTP server functionality due to incorrect
management of memory when handling TFTP requests. A remote,
unauthenticated attacker can exploit this by sending a large amount of
TFTP requests to cause the remote device to reload or hang, resulting
in a denial of service condition.

See also :

http://www.nessus.org/u?18ef700f
https://tools.cisco.com/bugsearch/bug/CSCts66733

Solution :

Apply the relevant patch referenced in Cisco Security Advisory
cisco-sa-20150722-tftp.

Risk factor :

High / CVSS Base Score : 7.1
(CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C)

This script is Copyright (C) 2015 Tenable Network Security, Inc.

Cisco IOS Software TFTP DoS (cisco-sa-20150722-tftp)


Synopsis:

The remote device is missing a vendor-supplied security patch.

Description:

According to its self-reported version, the Cisco IOS software running
on the remote device is affected by a denial of service vulnerability
in the TFTP server functionality due to incorrect management of memory
when handling TFTP requests. A remote, unauthenticated attacker can
exploit this by sending a large amount of TFTP requests to cause the
remote device to reload or hang, resulting in a denial of service
condition.

See also :

http://www.nessus.org/u?18ef700f
https://tools.cisco.com/bugsearch/bug/CSCts66733

Solution :

Apply the relevant patch referenced in Cisco Security Advisory
cisco-sa-20150722-tftp.

Risk factor :

High / CVSS Base Score : 7.1
(CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C)

This script is Copyright (C) 2015 Tenable Network Security, Inc.

Ubuntu 12.04 LTS / 14.04 / 15.04 : tidy vulnerabilities (USN-2695-1)


Synopsis:

The remote Ubuntu host is missing a security-related patch.

Description:

Fernando Muñoz discovered that HTML Tidy incorrectly handled memory.
If a user or automated system were tricked into processing specially
crafted data, applications linked against HTML Tidy could be made to
crash, leading to a denial of service, or possibly execute arbitrary
code.

Solution :

Update the affected libtidy-0.99-0 package.

Risk factor :

High

This script is Copyright (C) 2015 Tenable Network Security, Inc.

Ubuntu 12.04 LTS / 14.04 / 15.04 : pcre3 vulnerabilities (USN-2694-1)


Synopsis:

The remote Ubuntu host is missing a security-related patch.

Description:

Michele Spagnuolo discovered that PCRE incorrectly handled certain
regular expressions. A remote attacker could use this issue to cause
applications using PCRE to crash, resulting in a denial of service, or
possibly execute arbitrary code. This issue only affected Ubuntu 14.04
LTS. (CVE-2014-8964)

Kai Lu discovered that PCRE incorrectly handled certain regular
expressions. A remote attacker could use this issue to cause
applications using PCRE to crash, resulting in a denial of service, or
possibly execute arbitrary code. This issue only affected Ubuntu 14.04
LTS and Ubuntu 15.04. (CVE-2015-2325, CVE-2015-2326)

Wen Guanxing discovered that PCRE incorrectly handled certain regular
expressions. A remote attacker could use this issue to cause
applications using PCRE to crash, resulting in a denial of service, or
possibly execute arbitrary code. This issue only affected Ubuntu
15.04. (CVE-2015-3210)

It was discovered that PCRE incorrectly handled certain regular
expressions. A remote attacker could use this issue to cause
applications using PCRE to crash, resulting in a denial of service, or
possibly execute arbitrary code. This issue only affected Ubuntu 12.04
LTS and 14.04 LTS. (CVE-2015-5073).

Solution :

Update the affected libpcre3 package.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)

This script is Copyright (C) 2015 Tenable Network Security, Inc.

SUSE SLED11 / SLES11 Security Update : bind (SUSE-SU-2015:1304-1)


Synopsis:

The remote SUSE host is missing one or more security updates.

Description:

bind was updated to fix one security issue.

This security issue was fixed :

- CVE-2015-5477: Remote DoS via TKEY queries (bsc#939567)

Exposure to this issue can not be prevented by either ACLs or
configuration options limiting or denying service because the
exploitable code occurs early in the packet handling.

Note that Tenable Network Security has extracted the preceding
description block directly from the SUSE security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.

See also :

https://bugzilla.suse.com/939567
https://www.suse.com/security/cve/CVE-2015-5477.html
http://www.nessus.org/u?52612bed

Solution :

To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product :

SUSE Linux Enterprise Software Development Kit 11-SP4 :

zypper in -t patch sdksp4-bind-12008=1

SUSE Linux Enterprise Software Development Kit 11-SP3 :

zypper in -t patch sdksp3-bind-12008=1

SUSE Linux Enterprise Server for VMWare 11-SP3 :

zypper in -t patch slessp3-bind-12008=1

SUSE Linux Enterprise Server 11-SP4 :

zypper in -t patch slessp4-bind-12008=1

SUSE Linux Enterprise Server 11-SP3 :

zypper in -t patch slessp3-bind-12008=1

SUSE Linux Enterprise Server 11-SP2-LTSS :

zypper in -t patch slessp2-bind-12008=1

SUSE Linux Enterprise Desktop 11-SP4 :

zypper in -t patch sledsp4-bind-12008=1

SUSE Linux Enterprise Desktop 11-SP3 :

zypper in -t patch sledsp3-bind-12008=1

SUSE Linux Enterprise Debuginfo 11-SP4 :

zypper in -t patch dbgsp4-bind-12008=1

SUSE Linux Enterprise Debuginfo 11-SP3 :

zypper in -t patch dbgsp3-bind-12008=1

To bring your system up-to-date, use 'zypper patch'.

Risk factor :

High / CVSS Base Score : 7.8
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C)
CVSS Temporal Score : 6.4
(CVSS2#E:F/RL:OF/RC:ND)
Public Exploit Available : true

This script is Copyright (C) 2015 Tenable Network Security, Inc.