Newest Plugins

Cisco TelePresence Conductor Default Credentials (Web UI)


Synopsis:

The remote web application uses default credentials.

Description:

It is possible to log into the remote Cisco TelePresence Conductor
installation by providing the default credentials. A remote,
unauthenticated attacker can exploit this to gain administrative
control.

Solution :

Secure any default accounts with a strong password.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 7.5
(CVSS2#E:H/RL:ND/RC:ND)
Public Exploit Available : true

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Cisco TelePresence Conductor Bash Remote Code Execution (Shellshock)


Synopsis:

The remote Cisco TelePresence Conductor device is affected by a
command injection vulnerability.

Description:

According to its self-reported version number, remote Cisco
TelePresence Conductor device is affected by a command injection
vulnerability in GNU Bash known as Shellshock. The vulnerability is
due to the processing of trailing strings after function definitions
in the values of environment variables. This allows a remote attacker
to execute arbitrary code via environment variable manipulation
depending on the configuration of the system.

Note that an attacker must be authenticated before the device is
exposed to this exploit.

See also :

https://tools.cisco.com/bugsearch/bug/CSCur02103
http://www.nessus.org/u?7269978d
http://seclists.org/oss-sec/2014/q3/650
http://www.nessus.org/u?dacf7829
https://www.invisiblethreat.ca/2014/09/cve-2014-6271/

Solution :

Upgrade to version 2.3.1 / 2.4.1 / 3.0 or later.

Risk factor :

High / CVSS Base Score : 9.0
(CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C)
CVSS Temporal Score : 7.8
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Default Password (TANDBERG) for 'root' Account


Synopsis:

The remote system can be accessed with a default account.

Description:

The account 'root' on the remote host has the password 'TANDBERG'.

An attacker may leverage this issue to gain administrative access to
the affected system.

Note that Cisco TelePresence Conductor virtual appliances are known to
use these credentials to provide complete, administrative access to
the appliance.

Solution :

Set a strong password for this account or use ACLs to restrict access
to the host.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
Public Exploit Available : true

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Cisco TelePresence Conductor WebUI Detection


Synopsis:

The login page for a Cisco TelePresence Conductor video conferencing
device was detected on the remote web server.

Description:

The login page for a Cisco TelePresence Conductor video conferencing
device was detected on the remote web server. With valid credentials it is
possible to extract version information from the API.

See also :

http://www.nessus.org/u?55fcb1a9

Solution :

n/a

Risk factor :

None

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Cisco TelePresence Conductor Detection


Synopsis:

Nessus detected a remote video conferencing device.

Description:

Nessus determined that the remote host is a Cisco TelePresence
Conductor video teleconferencing device.

See also :

http://www.nessus.org/u?55fcb1a9

Solution :

n/a

Risk factor :

None

This script is Copyright (C) 2014 Tenable Network Security, Inc.

CUPS < 2.0.1 SSLv3 Legacy Encryption Vulnerability (POODLE)


Synopsis:

The remote printer service is potentially affected by an information
disclosure vulnerability.

Description:

According to its banner, the CUPS printer service installed on the
remote host is a version prior to 2.0.1. It is, therefore, potentially
affected by a man-in-the-middle (MitM) information disclosure
vulnerability known as POODLE. The vulnerability is due to the way SSL
3.0 handles padding bytes when decrypting messages encrypted using
block ciphers in cipher block chaining (CBC) mode. MitM attackers can
decrypt a selected byte of a cipher text in as few as 256 tries if
they are able to force a victim application to repeatedly send the
same data over newly created SSL 3.0 connections.

Note that Nessus has not tested for this issue but has instead relied
only on the application's self-reported version number.

See also :

https://cups.org/blog.php?L734
https://cups.org/str.php?L4476
https://www.imperialviolet.org/2014/10/14/poodle.html
https://www.openssl.org/~bodo/ssl-poodle.pdf
https://tools.ietf.org/html/draft-ietf-tls-downgrade-scsv-00

Solution :

Either upgrade to CUPS version 2.0.1 or later, or apply the vendor
patch.

Risk factor :

Medium / CVSS Base Score : 4.3
(CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N)
CVSS Temporal Score : 3.7
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Google Chrome < 39.0.2171.71 Flash Player Remote Code Execution (Mac OS X)


Synopsis:

The remote Mac OS X host contains a web browser that is affected by a
remote code execution vulnerability.

Description:

The version of Google Chrome installed on the remote Mac OS X host is
prior to 39.0.2171.71. It is, therefore, affected by a remote code
execution vulnerability in the included Flash Player plugin, which is
due to the processing of a dereferenced memory pointer.

See also :

http://www.nessus.org/u?4bb46c17

Solution :

Upgrade to Google Chrome 39.0.2171.71 or later.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 8.1
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Google Chrome < 39.0.2171.71 Flash Player Remote Code Execution


Synopsis:

The remote Windows host contains a web browser that is affected by a
remote code execution vulnerability.

Description:

The version of Google Chrome installed on the remote Windows host is
prior to 39.0.2171.71. It is, therefore, affected by a remote code
execution vulnerability in the included Flash Player plugin, which is
due to the processing of a dereferenced memory pointer.

See also :

http://www.nessus.org/u?4bb46c17

Solution :

Upgrade to Google Chrome 39.0.2171.71 or later.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 8.1
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Cisco IOS XR DHCPv6 DoS


Synopsis:

The remote device is missing vendor-supplied security patches.

Description:

The remote Cisco device is running a version of Cisco IOS XR software
that is affected by a denial of service vulnerability related to the
incorrect handling of malformed DHCPv6 packets.

See also :

http://www.nessus.org/u?3262dc10
http://tools.cisco.com/security/center/viewAlert.x?alertId=35651

Solution :

Apply the relevant patches referenced in Cisco bug ID CSCuo59052.

Risk factor :

Medium / CVSS Base Score : 4.3
(CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P)
CVSS Temporal Score : 3.7
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

This script is (C) 2014 Tenable Network Security, Inc.

Ubuntu 14.04 / 14.10 : squid3 vulnerabilities (USN-2422-1)


Synopsis:

The remote Ubuntu host is missing a security-related patch.

Description:

Sebastian Krahmer discovered that the Squid pinger incorrectly handled
certain malformed ICMP packets. A remote attacker could possibly use
this issue to cause Squid to crash, resulting in a denial of service.

Solution :

Update the affected squid3 package.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVSS Temporal Score : 4.3
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

Ubuntu Security Notice (C) 2014 Canonical, Inc. / NASL script (C) 2014 Tenable Network Security, Inc.

openSUSE Security Update : zeromq (openSUSE-SU-2014:1493-1)


Synopsis:

The remote openSUSE host is missing a security update.

Description:

zeromq was updated to version 4.0.5 to fix two security issues and
various other bugs.

These security issues were fixed :

- Did not validate the other party's security handshake
properly, allowing a man-in-the-middle downgrade attack
(CVE-2014-7202).

- Did not implement a uniqueness check on connection
nonces, and the CurveZMQ RFC was ambiguous about nonce
validation. This allowed replay attacks (CVE-2014-7203).

Other issues fixed in this update :

- CURVE mechanism does not verify short term nonces.

- stream_engine is vulnerable to downgrade attacks.

- assertion failure for WSAENOTSOCK on Windows.

- race condition while connecting inproc sockets.

- bump so library number to 4.0.0

- assertion failed: !more (fq.cpp:99) after many ZAP
requests.

- lost first part of message over inproc://.

See also :

http://lists.opensuse.org/opensuse-updates/2014-11/msg00101.html
https://bugzilla.opensuse.org/show_bug.cgi?id=898917

Solution :

Update the affected zeromq packages.

Risk factor :

Medium / CVSS Base Score : 4.3
(CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N)

This script is Copyright (C) 2014 Tenable Network Security, Inc.

openSUSE Security Update : ImageMagick (openSUSE-SU-2014:1492-1)


Synopsis:

The remote openSUSE host is missing a security update.

Description:

ImageMagick was updated to fix one security issue.

This security issue was fixed :

- Crafted jpeg file could lead to DOS (CVE-2014-8716).

See also :

http://lists.opensuse.org/opensuse-updates/2014-11/msg00100.html
https://bugzilla.opensuse.org/show_bug.cgi?id=905260

Solution :

Update the affected ImageMagick packages.

Risk factor :

Medium

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Mandriva Linux Security Advisory : ffmpeg (MDVSA-2014:227)


Synopsis:

The remote Mandriva Linux host is missing one or more security
updates.

Description:

Multiple vulnerabilities has been discovered and corrected in ffmpeg :

The decode_init function in libavcodec/huffyuv.c in FFmpeg before 1.1
allows remote attackers to have an unspecified impact via a crafted
width in huffyuv data with the predictor set to median and the
colorspace set to YUV422P, which triggers an out-of-bounds array
access (CVE-2013-0848).

The parse_picture_segment function in libavcodec/pgssubdec.c in FFmpeg
before 1.1 allows remote attackers to have an unspecified impact via
crafted RLE data, which triggers an out-of-bounds array access
(CVE-2013-0852).

The ff_er_frame_end function in libavcodec/error_resilience.c in
FFmpeg before 1.0.4 and 1.1.x before 1.1.1 does not properly verify
that a frame is fully initialized, which allows remote attackers to
trigger a NULL pointer dereference via crafted picture data
(CVE-2013-0860).

The mm_decode_inter function in mmvideo.c in libavcodec in FFmpeg
before 1.2.1 does not validate the relationship between a horizontal
coordinate and a width value, which allows remote attackers to cause a
denial of service (out-of-bounds array access and application crash)
via crafted American Laser Games (ALG) MM Video data (CVE-2013-3672).

The cdg_decode_frame function in cdgraphics.c in libavcodec in FFmpeg
before 1.2.1 does not validate the presence of non-header data in a
buffer, which allows remote attackers to cause a denial of service
(out-of-bounds array access and application crash) via crafted CD
Graphics Video data (CVE-2013-3674).

The read_header function in libavcodec/ffv1dec.c in FFmpeg before 2.1
does not properly enforce certain bit-count and colorspace
constraints, which allows remote attackers to cause a denial of
service (out-of-bounds array access) or possibly have unspecified
other impact via crafted FFV1 data (CVE-2013-7020).

The updated packages have been upgraded to the 0.10.15 version which
is not vulnerable to these issues.

See also :

https://www.ffmpeg.org/security.html

Solution :

Update the affected packages.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 8.1
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Mandriva Linux Security Advisory : imagemagick (MDVSA-2014:226)


Synopsis:

The remote Mandriva Linux host is missing one or more security
updates.

Description:

Updated imagemagick packages fix security vulnerabilities :

ImageMagick is vulnerable to a denial of service due to out-of-bounds
memory accesses in the resize code (CVE-2014-8354), PCX parser
(CVE-2014-8355), DCM decoder (CVE-2014-8562), and JPEG decoder
(CVE-2014-8716).

See also :

http://advisories.mageia.org/MGASA-2014-0482.html

Solution :

Update the affected packages.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVSS Temporal Score : 4.3
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Mandriva Linux Security Advisory : ruby (MDVSA-2014:225)


Synopsis:

The remote Mandriva Linux host is missing one or more security
updates.

Description:

Updated ruby packages fix security vulnerabilities :

Will Wood discovered that Ruby incorrectly handled the encodes()
function. An attacker could possibly use this issue to cause Ruby to
crash, resulting in a denial of service, or possibly execute arbitrary
code. The default compiler options for affected releases should reduce
the vulnerability to a denial of service (CVE-2014-4975).

Due to an incomplete fix for CVE-2014-8080, 100% CPU utilization can
occur as a result of recursive expansion with an empty String. When
reading text nodes from an XML document, the REXML parser in Ruby can
be coerced into allocating extremely large string objects which can
consume all of the memory on a machine, causing a denial of service
(CVE-2014-8090).

Additionally ruby has been upgraded to patch level 374.

See also :

http://advisories.mageia.org/MGASA-2014-0472.html

Solution :

Update the affected packages.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)
CVSS Temporal Score : 4.3
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

This script is Copyright (C) 2014 Tenable Network Security, Inc.

HP-UX PHCO_43875 : s700_800 11.31 libpam_updbe patch


Synopsis:

The remote HP-UX host is missing a security-related patch.

Description:

s700_800 11.31 libpam_updbe patch :

A potential security vulnerability has been identified in the HP-UX
running PAM using libpam_updbe in pam.conf(4). This vulnerability
could allow remote users to bypass certain authentication
restrictions. References: CVE-2014-7879 (SSRT101489).

See also :

http://www.nessus.org/u?462a1237

Solution :

Install patch PHCO_43875 or subsequent.

Risk factor :

High

This script is Copyright (C) 2014 Tenable Network Security, Inc.

HP-UX PHCO_43874 : s700_800 11.23 libpam_updbe cumulative patch


Synopsis:

The remote HP-UX host is missing a security-related patch.

Description:

s700_800 11.23 libpam_updbe cumulative patch :

A potential security vulnerability has been identified in the HP-UX
running PAM using libpam_updbe in pam.conf(4). This vulnerability
could allow remote users to bypass certain authentication
restrictions. References: CVE-2014-7879 (SSRT101489).

See also :

http://www.nessus.org/u?462a1237

Solution :

Install patch PHCO_43874 or subsequent.

Risk factor :

High

This script is Copyright (C) 2014 Tenable Network Security, Inc.

HP-UX PHCO_43873 : s700_800 11.11 libpam_updbe patch


Synopsis:

The remote HP-UX host is missing a security-related patch.

Description:

s700_800 11.11 libpam_updbe patch :

A potential security vulnerability has been identified in the HP-UX
running PAM using libpam_updbe in pam.conf(4). This vulnerability
could allow remote users to bypass certain authentication
restrictions. References: CVE-2014-7879 (SSRT101489).

See also :

http://www.nessus.org/u?462a1237

Solution :

Install patch PHCO_43873 or subsequent.

Risk factor :

High

This script is Copyright (C) 2014 Tenable Network Security, Inc.

FreeBSD : flac -- Multiple vulnerabilities (a33addf6-74e6-11e4-a615-f8b156b6dcc8)


Synopsis:

The remote FreeBSD host is missing a security-related update.

Description:

Erik de Castro Lopo reports :

Google Security Team member, Michele Spagnuolo, recently found two
potential problems in the FLAC code base. They are :

- CVE-2014-9028: Heap buffer write overflow.

- CVE-2014-8962: Heap buffer read overflow.

See also :

http://www.nessus.org/u?32a2259e
http://www.nessus.org/u?42f6725d
http://www.nessus.org/u?6800f311

Solution :

Update the affected package.

Risk factor :

High

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Fedora 20 : kde-runtime-4.14.3-2.fc20 (2014-15532)


Synopsis:

The remote Fedora host is missing a security update.

Description:

New security fix release, insufficient Input Validation By IO Slaves,
see also https://www.kde.org/info/security/advisory-20141113-1.txt

See also :

https://bugzilla.redhat.com/show_bug.cgi?id=1164293
https://www.kde.org/info/security/advisory-20141113-1.txt
http://www.nessus.org/u?11237040

Solution :

Update the affected kde-runtime package.

Risk factor :

High

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Fedora 20 : moodle-2.5.9-1.fc20 (2014-15102)


Synopsis:

The remote Fedora host is missing a security update.

Description:

Fix for security issues.

https://moodle.org/mod/forum/discuss.php?d=274730

See also :

https://bugzilla.redhat.com/show_bug.cgi?id=1164072
https://bugzilla.redhat.com/show_bug.cgi?id=1164073
https://moodle.org/mod/forum/discuss.php?d=274730
http://www.nessus.org/u?e191a298

Solution :

Update the affected moodle package.

Risk factor :

High

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Debian DSA-3076-1 : wireshark - security update


Synopsis:

The remote Debian host is missing a security-related update.

Description:

Multiple vulnerabilities were discovered in the dissectors/parsers for
SigComp UDVM, AMQP, NCP and TN5250, which could result in denial of
service.

See also :

http://www.debian.org/security/2014/dsa-3076

Solution :

Upgrade the wireshark packages.

For the stable distribution (wheezy), these problems have been fixed
in version 1.8.2-5wheezy13.

For the upcoming stable distribution (jessie), these problems have
been fixed in version 1.12.1+g01b65bf-2.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVSS Temporal Score : 4.3
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

This script is Copyright (C) 2014 Tenable Network Security, Inc.

CentOS 5 : libXfont (CESA-2014:1893)


Synopsis:

The remote CentOS host is missing one or more security updates.

Description:

Updated libXfont packages that fix three security issues are now
available for Red Hat Enterprise Linux 5.

Red Hat Product Security has rated this update as having Important
security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.

The libXfont packages provide the X.Org libXfont runtime library.
X.Org is an open source implementation of the X Window System.

A use-after-free flaw was found in the way libXfont processed certain
font files when attempting to add a new directory to the font path. A
malicious, local user could exploit this issue to potentially execute
arbitrary code with the privileges of the X.Org server.
(CVE-2014-0209)

Multiple out-of-bounds write flaws were found in the way libXfont
parsed replies received from an X.org font server. A malicious X.org
server could cause an X client to crash or, possibly, execute
arbitrary code with the privileges of the X.Org server.
(CVE-2014-0210, CVE-2014-0211)

Red Hat would like to thank the X.org project for reporting these
issues. Upstream acknowledges Ilja van Sprundel as the original
reporter.

Users of libXfont should upgrade to these updated packages, which
contain a backported patch to resolve this issue. All running X.Org
server instances must be restarted for the update to take effect.

See also :

http://www.nessus.org/u?66531efe

Solution :

Update the affected libxfont packages.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 6.5
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Amazon Linux AMI : docker (ALAS-2014-454)


Synopsis:

The remote Amazon Linux AMI host is missing a security update.

Description:

Docker versions 1.3.0 through 1.3.1 allowed security options to be
applied to images, allowing images to modify the default run profile
of containers executing these images. This vulnerability could allow a
malicious image creator to loosen the restrictions applied to a
container's processes, potentially facilitating a break-out.
(CVE-2014-6408)

The Docker engine, up to and including version 1.3.1, was vulnerable
to extracting files to arbitrary paths on the host during 'docker
pull' and 'docker load' operations. This was caused by symlink and
hardlink traversals present in Docker's image extraction. This
vulnerability could be leveraged to perform remote code execution and
privilege escalation. (CVE-2014-6407)

See also :

http://www.nessus.org/u?57ab0637

Solution :

Run 'yum update docker' to update your system.

Risk factor :

High

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Amazon Linux AMI : file (ALAS-2014-453)


Synopsis:

The remote Amazon Linux AMI host is missing a security update.

Description:

An out-of-bounds read flaw was found in the way the File Information
(fileinfo) extension parsed Executable and Linkable Format (ELF)
files. A remote attacker could use this flaw to crash a PHP
application using fileinfo via a specially crafted ELF file.

See also :

http://www.nessus.org/u?c19ead16

Solution :

Run 'yum update file' to update your system.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Amazon Linux AMI : libX11 / libXcursor,libXfixes,libXi,libXrandr,libXrender,libXres,libXt,libXv,libXvMC,libXxf86dga,libXxf86vm,libdmx,xorg-x11-proto-devel (ALAS-2014-452)


Synopsis:

The remote Amazon Linux AMI host is missing a security update.

Description:

Multiple integer overflow flaws, leading to heap-based buffer
overflows, were found in the way various X11 client libraries handled
certain protocol data. An attacker able to submit invalid protocol
data to an X11 server via a malicious X11 client could use either of
these flaws to potentially escalate their privileges on the system.
(CVE-2013-1981 , CVE-2013-1982 , CVE-2013-1983 , CVE-2013-1984 ,
CVE-2013-1985 , CVE-2013-1986 , CVE-2013-1987 , CVE-2013-1988 ,
CVE-2013-1989 , CVE-2013-1990 , CVE-2013-1991 , CVE-2013-2003 ,
CVE-2013-2062 , CVE-2013-2064)

Multiple array index errors, leading to heap-based buffer
out-of-bounds write flaws, were found in the way various X11 client
libraries handled data returned from an X11 server. A malicious X11
server could possibly use this flaw to execute arbitrary code with the
privileges of the user running an X11 client. (CVE-2013-1997 ,
CVE-2013-1998 , CVE-2013-1999 , CVE-2013-2000 , CVE-2013-2001 ,
CVE-2013-2002 , CVE-2013-2066)

A buffer overflow flaw was found in the way the XListInputDevices()
function of X.Org X11's libXi runtime library handled signed numbers.
A malicious X11 server could possibly use this flaw to execute
arbitrary code with the privileges of the user running an X11 client.
(CVE-2013-1995)

A flaw was found in the way the X.Org X11 libXt runtime library used
uninitialized pointers. A malicious X11 server could possibly use this
flaw to execute arbitrary code with the privileges of the user running
an X11 client. (CVE-2013-2005)

Two stack-based buffer overflow flaws were found in the way libX11,
the Core X11 protocol client library, processed certain user-specified
files. A malicious X11 server could possibly use this flaw to crash an
X11 client via a specially crafted file. (CVE-2013-2004)

See also :

http://www.nessus.org/u?abc79afa

Solution :

Run 'yum update libX11 libXcursor libXfixes libXi libXrandr libXrender
libXres libXt libXv libXvMC libXxf86dga libXxf86vm libdmx
xorg-x11-proto-devel' to update your system.

Risk factor :

Medium / CVSS Base Score : 6.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Amazon Linux AMI : php55 (ALAS-2014-451)


Synopsis:

The remote Amazon Linux AMI host is missing a security update.

Description:

An out-of-bounds read flaw was found in the way the File Information
(fileinfo) extension parsed Executable and Linkable Format (ELF)
files. A remote attacker could use this flaw to crash a PHP
application using fileinfo via a specially crafted ELF file.

See also :

http://www.nessus.org/u?6ad0d615

Solution :

Run 'yum update php55' to update your system.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Amazon Linux AMI : php54 (ALAS-2014-450)


Synopsis:

The remote Amazon Linux AMI host is missing a security update.

Description:

An out-of-bounds read flaw was found in the way the File Information
(fileinfo) extension parsed Executable and Linkable Format (ELF)
files. A remote attacker could use this flaw to crash a PHP
application using fileinfo via a specially crafted ELF file.

See also :

http://www.nessus.org/u?c962669f

Solution :

Run 'yum update php54' to update your system.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)

This script is Copyright (C) 2014 Tenable Network Security, Inc.

OracleVM 3.3 : libXfont (OVMSA-2014-0080)


Synopsis:

The remote OracleVM host is missing a security update.

Description:

The remote OracleVM system is missing necessary patches to address
critical security updates :

- CVE-2014-0209: integer overflow of allocations in font
metadata file parsing (bug 1163602, bug 1163601)

- CVE-2014-0210: unvalidated length fields when parsing
xfs protocol replies (bug 1163602, bug 1163601)

- CVE-2014-0211: integer overflows calculating memory
needs for xfs replies (bug 1163602, bug 1163601)

- CVE-2013-6462.patch: sscanf overflow (bug 1049684)

- sscanf-hardening.patch: Some other sscanf hardening
fixes (1049684)

See also :

http://www.nessus.org/u?cfbd88e1

Solution :

Update the affected libXfont package.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 8.1
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

This script is Copyright (C) 2014 Tenable Network Security, Inc.

OracleVM 3.2 : xen (OVMSA-2014-0041)


Synopsis:

The remote OracleVM host is missing one or more security updates.

Description:

The remote OracleVM system is missing necessary patches to address
critical security updates :

- xend: disable sslv3 due to (CVE-2014-3566)

- Keep the maxmem and memory same in vm.cfg Singed-off-by:
Annie Li

See also :

http://www.nessus.org/u?6fc1675a

Solution :

Update the affected xen / xen-devel / xen-tools packages.

Risk factor :

Medium / CVSS Base Score : 4.3
(CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N)
CVSS Temporal Score : 3.7
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

This script is Copyright (C) 2014 Tenable Network Security, Inc.

OracleVM 2.2 : openssl (OVMSA-2014-0040)


Synopsis:

The remote OracleVM host is missing a security update.

Description:

The remote OracleVM system is missing necessary patches to address
critical security updates :

- add support for fallback SCSV to partially mitigate
(CVE-2014-3566) (padding attack on SSL3)

- fix CVE-2014-0221 - recursion in DTLS code leading to
DoS

- fix CVE-2014-3505 - doublefree in DTLS packet processing

- fix CVE-2014-3506 - avoid memory exhaustion in DTLS

- fix CVE-2014-3508 - fix OID handling to avoid
information leak

- fix CVE-2014-3510 - fix DoS in anonymous (EC)DH handling
in DTLS

- fix for CVE-2014-0224 - SSL/TLS MITM vulnerability

- replace expired GlobalSign Root CA certificate in
ca-bundle.crt

See also :

http://www.nessus.org/u?9b5d5a25

Solution :

Update the affected openssl package.

Risk factor :

Medium / CVSS Base Score : 6.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 5.9
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

This script is Copyright (C) 2014 Tenable Network Security, Inc.

OracleVM 3.2 : openssl (OVMSA-2014-0039)


Synopsis:

The remote OracleVM host is missing a security update.

Description:

The remote OracleVM system is missing necessary patches to address
critical security updates :

- add support for fallback SCSV to partially mitigate
(CVE-2014-3566) (padding attack on SSL3)

- fix CVE-2014-0221 - recursion in DTLS code leading to
DoS

- fix CVE-2014-3505 - doublefree in DTLS packet processing

- fix CVE-2014-3506 - avoid memory exhaustion in DTLS

- fix CVE-2014-3508 - fix OID handling to avoid
information leak

- fix CVE-2014-3510 - fix DoS in anonymous (EC)DH handling
in DTLS

- fix for CVE-2014-0224 - SSL/TLS MITM vulnerability

- replace expired GlobalSign Root CA certificate in
ca-bundle.crt

See also :

http://www.nessus.org/u?1400728e

Solution :

Update the affected openssl package.

Risk factor :

Medium / CVSS Base Score : 6.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 5.9
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

This script is Copyright (C) 2014 Tenable Network Security, Inc.

OracleVM 3.3 : xen (OVMSA-2014-0038)


Synopsis:

The remote OracleVM host is missing one or more security updates.

Description:

The remote OracleVM system is missing necessary patches to address
critical security updates :

- xend: disable sslv3 due to (CVE-2014-3566)

See also :

http://www.nessus.org/u?c3b9133e

Solution :

Update the affected xen / xen-tools packages.

Risk factor :

Medium / CVSS Base Score : 4.3
(CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N)
CVSS Temporal Score : 3.7
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

This script is Copyright (C) 2014 Tenable Network Security, Inc.

OracleVM 3.2 : ovs-agent (OVMSA-2014-0037)


Synopsis:

The remote OracleVM host is missing a security update.

Description:

The remote OracleVM system is missing necessary patches to address
critical security updates :

- disable sslv3 due to (CVE-2014-3566)

- Allow to create more than 6 bonds Singed-off-by: Adnan
Misherfi

See also :

http://www.nessus.org/u?7109f25f

Solution :

Update the affected ovs-agent package.

Risk factor :

Medium / CVSS Base Score : 4.3
(CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N)
CVSS Temporal Score : 3.7
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

This script is Copyright (C) 2014 Tenable Network Security, Inc.

OracleVM 3.3 : wget (OVMSA-2014-0036)


Synopsis:

The remote OracleVM host is missing a security update.

Description:

The remote OracleVM system is missing necessary patches to address
critical security updates :

- Fix CVE-2014-4877 wget: FTP symlink arbitrary filesystem
access (#1156133)

- Fix the parsing of weblink when doing recursive
retrieving (#960137)

- Fix errors found by static analysis of source code
(#873216)

- Add SNI (Server Name Indication) support (#909604)

- Add --trust-server-names option to fix CVE-2010-2252
(#1062190)

- Fix wget to recognize certificates with alternative
names (#736445)

See also :

http://www.nessus.org/u?4a15552a

Solution :

Update the affected wget package.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 8.1
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

This script is Copyright (C) 2014 Tenable Network Security, Inc.

OracleVM 3.3 : cups (OVMSA-2014-0035)


Synopsis:

The remote OracleVM host is missing one or more security updates.

Description:

The remote OracleVM system is missing necessary patches to address
critical security updates :

- Revert change to whitelist /rss/ resources, as this was
not used upstream.

- More STR #4461 fixes from upstream: make rss feeds
world-readable, but cachedir private.

- Fix icon display in web interface during server restart
(STR #4475).

- Fixes for upstream patch for STR #4461: allow /rss/
requests for files we created.

- Use upstream patch for STR #4461.

- Applied upstream patch to fix CVE-2014-5029 (bug
#1122600), CVE-2014-5030 (bug #1128764), CVE-2014-5031
(bug #1128767).

- Fix conf/log file reading for authenticated users (STR
#4461).

- Fix CGI handling (STR #4454, bug #1120419).

- fix patch for CVE-2014-3537 (bug #1117794)

- CVE-2014-2856: cross-site scripting flaw (bug #1117798)

- CVE-2014-3537: insufficient checking leads to privilege
escalation (bug #1117794)

- Removed package description changes.

- Applied patch to fix 'Bad request' errors as a result of
adding in httpSetTimeout (STR #4440, also part of svn
revision 9967).

- Fixed timeout issue with cupsd reading when there is no
data ready (bug #1110045).

- Fixed synconclose patch to avoid 'too many arguments for
format' warning.

- Fixed settimeout patch to include math.h for fmod
declaration.

- Fixed typo preventing web interface from changing driver
(bug #1104483, STR #3601).

- Fixed SyncOnClose patch (bug #984883).

- Use upstream patch to avoid replaying GSS credentials
(bug #1040293).

- Prevent BrowsePoll problems across suspend/resume (bug
#769292) :

- Eliminate indefinite wait for response (svn revision
9688).

- Backported httpSetTimeout API function from CUPS 1.5 and
use it in the ipp backend so that we wait indefinitely
until the printer responds, we get a hard error, or the
job is cancelled.

- cups-polld: reconnect on error.

- Added new SyncOnClose directive to use fsync after
altering configuration files: defaults to 'Yes'. Adjust
in cupsd.conf (bug #984883).

- Fix cupsctl man page typo (bug #1011076).

- Use more portable rpm specfile syntax for conditional
php building (bug #988598).

- Fix SetEnv directive in cupsd.conf (bug #986495).

- Fix 'collection' attribute sending (bug #978387).

- Prevent format_log segfault (bug #971079).

- Prevent stringpool corruption (bug #884851).

- Don't crash when job queued for printer that times out
(bug #855431).

- Upstream patch for broken multipart handling (bug
#852846).

- Install /etc/cron.daily/cups with correct permissions
(bug #1012482).

- Fixes for jobs with multiple files and multiple formats
(bug #972242).

- Applied patch to fix CVE-2012-5519 (privilege escalation
for users in SystemGroup or with equivalent polkit
permission). This prevents HTTP PUT requests with paths
under /admin/conf/ other than that for cupsd.conf, and
also prevents such requests altering certain
configuration directives such as PageLog and FileDevice
(bug #875898).

See also :

http://www.nessus.org/u?5c27127c

Solution :

Update the affected cups / cups-libs packages.

Risk factor :

High / CVSS Base Score : 7.2
(CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 6.3
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

This script is Copyright (C) 2014 Tenable Network Security, Inc.

OracleVM 3.3 : krb5 (OVMSA-2014-0034)


Synopsis:

The remote OracleVM host is missing a security update.

Description:

The remote OracleVM system is missing necessary patches to address
critical security updates :

- actually apply that last patch

- incorporate fix for MITKRB5-SA-2014-001 (CVE-2014-4345,
#1128157)

- ksu: when evaluating .k5users, don't throw away data
from .k5users when we're not passed a command to run,
which implicitly means we're attempting to run the
target user's shell (#1026721, revised)

- ksu: when evaluating .k5users, treat lines with just a
principal name as if they contained the principal name
followed by '*', and don't throw away data from .k5users
when we're not passed a command to run, which implicitly
means we're attempting to run the target user's shell
(#1026721, revised)

- gssapi: pull in upstream fix for a possible NULL
dereference in spnego (CVE-2014-4344, #1121510)

- gssapi: pull in proposed-and-accepted fix for a double
free in initiators (David Woodhouse, CVE-2014-4343,
#1121510)

- correct a type mistake in the backported fix for
(CVE-2013-1418, CVE-2013-6800)

- pull in backported fix for denial of service by
injection of malformed GSSAPI tokens (CVE-2014-4341,
CVE-2014-4342, #1121510)

- incorporate backported patch for remote crash of KDCs
which serve multiple realms simultaneously (RT#7756,
CVE-2013-1418/CVE-2013-6800, more of

- pull in backport of patch to not subsequently always
require that responses come from master KDCs if we get
one from a master somewhere along the way while chasing
referrals (RT#7650, #1113652)

- ksu: if the -e flag isn't used, use the target user's
shell when checking for authorization via the target
user's .k5users file (#1026721)

- define _GNU_SOURCE in files where we use EAI_NODATA, to
make sure that it's declared (#1059730)

- spnego: pull in patch from master to restore preserving
the OID of the mechanism the initiator requested when we
have multiple OIDs for the same mechanism, so that we
reply using the same mechanism OID and the initiator
doesn't get confused (#1087068, RT#7858)

- add patch from Jatin Nansi to avoid attempting to clear
memory at the NULL address if krb5_encrypt_helper
returns an error when called from encrypt_credencpart
(#1055329, pull #158)

- drop patch to add additional access checks to ksu - they
shouldn't be resulting in any benefit

- apply patch from Nikolai Kondrashov to pass a default
realm set in /etc/sysconfig/krb5kdc to the
kdb_check_weak helper, so that it doesn't produce an
error if there isn't one set in krb5.conf (#1009389)

- packaging: don't Obsoletes: older versions of
krb5-pkinit-openssl and virtual Provide:
krb5-pkinit-openssl on EL6, where we don't need to
bother with any of that (#1001961)

- pkinit: backport tweaks to avoid trying to call the
prompter callback when one isn't set (part of #965721)

- pkinit: backport the ability to use a prompter callback
to prompt for a password when reading private keys (the
rest of #965721)

- backport fix to not spin on a short read when reading
the length of a response over TCP (RT#7508, #922884)

- backport fix for trying all compatible keys when not
being strict about acceptor names while reading AP-REQs
(RT#7883, #1070244)

- backport fix for not being able to verify the list of
transited realms in GSS acceptors (RT#7639, #959685)

- pull fix for keeping track of the message type when
parsing FAST requests in the KDC (RT#7605, #951965)

- incorporate upstream patch to fix a NULL pointer
dereference while processing certain TGS requests
(CVE-2013-1416, #950343)

- incorporate upstream patch to fix a NULL pointer
dereference when the client supplies an
otherwise-normal-looking PKINIT request (CVE-2013-1415,
#917910)

- add patch to avoid dereferencing a NULL pointer in the
KDC when handling a draft9 PKINIT request (#917910,
CVE-2012-1016)

- pull up fix for UDP ping-pong flaw in kpasswd service
(CVE-2002-2443,

- don't leak the memory used to hold the previous entry
when walking a keytab to figure out which kinds of keys
we have (#911147)

See also :

http://www.nessus.org/u?4dbf93cd

Solution :

Update the affected krb5-libs package.

Risk factor :

High / CVSS Base Score : 8.5
(CVSS2#AV:N/AC:M/Au:S/C:C/I:C/A:C)
CVSS Temporal Score : 7.4
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

This script is Copyright (C) 2014 Tenable Network Security, Inc.

OracleVM 3.3 : glibc (OVMSA-2014-0033)


Synopsis:

The remote OracleVM host is missing one or more security updates.

Description:

The remote OracleVM system is missing necessary patches to address
critical security updates :

- Remove gconv transliteration loadable modules support
(CVE-2014-5119, - _nl_find_locale: Improve handling of
crafted locale names (CVE-2014-0475,

- Switch gettimeofday from INTUSE to libc_hidden_proto
(#1099025).

- Fix stack overflow due to large AF_INET6 requests
(CVE-2013-4458, #1111460).

- Fix buffer overflow in readdir_r (CVE-2013-4237,
#1111460).

- Fix memory order when reading libgcc handle (#905941).

- Fix format specifier in malloc_info output (#1027261).

- Fix nscd lookup for innetgr when netgroup has wildcards
(#1054846).

- Add mmap usage to malloc_info output (#1027261).

- Use NSS_STATUS_TRYAGAIN to indicate insufficient buffer
(#1087833).

- [ppc] Add VDSO IFUNC for gettimeofday (#1028285).

- [ppc] Fix ftime gettimeofday internal call returning
bogus data (#1099025).

- Also relocate in dependency order when doing symbol
dependency testing (#1019916).

- Fix infinite loop in nscd when netgroup is empty
(#1085273).

- Provide correct buffer length to netgroup queries in
nscd (#1074342).

- Return NULL for wildcard values in getnetgrent from nscd
(#1085289).

- Avoid overlapping addresses to stpcpy calls in nscd
(#1082379).

- Initialize all of datahead structure in nscd (#1074353).

- Return EAI_AGAIN for AF_UNSPEC when herrno is TRY_AGAIN
(#1044628).

- Do not fail if one of the two responses to AF_UNSPEC
fails (#845218).

- nscd: Make SELinux checks dynamic (#1025933).

- Fix race in free of fastbin chunk (#1027101).

- Fix copy relocations handling of unique objects
(#1032628).

- Fix encoding name for IDN in getaddrinfo (#981942).

- Fix return code from getent netgroup when the netgroup
is not found (#1039988).

- Fix handling of static TLS in dlopen'ed objects
(#995972).

- Don't use alloca in addgetnetgrentX (#1043557).

- Adjust pointers to triplets in netgroup query data
(#1043557).

See also :

http://www.nessus.org/u?bed5f80b

Solution :

Update the affected glibc / glibc-common / nscd packages.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 6.5
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

This script is Copyright (C) 2014 Tenable Network Security, Inc.

OracleVM 3.3 : openssl (OVMSA-2014-0032)


Synopsis:

The remote OracleVM host is missing a security update.

Description:

The remote OracleVM system is missing necessary patches to address
critical security updates :

- fix CVE-2014-3567 - memory leak when handling session
tickets

- fix CVE-2014-3513 - memory leak in srtp support

- add support for fallback SCSV to partially mitigate
(CVE-2014-3566) (padding attack on SSL3)

- add ECC TLS extensions to DTLS (#1119800)

- fix CVE-2014-3505 - doublefree in DTLS packet processing

- fix CVE-2014-3506 - avoid memory exhaustion in DTLS

- fix CVE-2014-3507 - avoid memory leak in DTLS

- fix CVE-2014-3508 - fix OID handling to avoid
information leak

- fix CVE-2014-3509 - fix race condition when parsing
server hello

- fix CVE-2014-3510 - fix DoS in anonymous (EC)DH handling
in DTLS

- fix CVE-2014-3511 - disallow protocol downgrade via
fragmentation

- fix CVE-2014-0224 fix that broke EAP-FAST session
resumption support

- drop EXPORT, RC2, and DES from the default cipher list
(#1057520)

- print ephemeral key size negotiated in TLS handshake
(#1057715)

- do not include ECC ciphersuites in SSLv2 client hello
(#1090952)

- properly detect encryption failure in BIO (#1100819)

- fail on hmac integrity check if the .hmac file is empty
(#1105567)

- FIPS mode: make the limitations on DSA, DH, and RSA
keygen length enforced only if
OPENSSL_ENFORCE_MODULUS_BITS environment variable is set

- fix CVE-2010-5298 - possible use of memory after free

- fix CVE-2014-0195 - buffer overflow via invalid DTLS
fragment

- fix CVE-2014-0198 - possible NULL pointer dereference

- fix CVE-2014-0221 - DoS from invalid DTLS handshake
packet

- fix CVE-2014-0224 - SSL/TLS MITM vulnerability

- fix CVE-2014-3470 - client-side DoS when using anonymous
ECDH

- add back support for secp521r1 EC curve

- fix CVE-2014-0160 - information disclosure in TLS
heartbeat extension

- use 2048 bit RSA key in FIPS selftests

- add DH_compute_key_padded needed for FIPS CAVS testing

- make 3des strength to be 128 bits instead of 168
(#1056616)

- FIPS mode: do not generate DSA keys and DH parameters <
2048 bits

- FIPS mode: use approved RSA keygen (allows only 2048 and
3072 bit keys)

- FIPS mode: add DH selftest

- FIPS mode: reseed DRBG properly on RAND_add

- FIPS mode: add RSA encrypt/decrypt selftest

- FIPS mode: add hard limit for 2^32 GCM block encryptions
with the same key

- use the key length from configuration file if req
-newkey rsa is invoked

- fix CVE-2013-4353 - Invalid TLS handshake crash

- fix CVE-2013-6450 - possible MiTM attack on DTLS1

- fix CVE-2013-6449 - crash when version in SSL structure
is incorrect

- add back some no-op symbols that were inadvertently
dropped

See also :

http://www.nessus.org/u?e1e2973b

Solution :

Update the affected openssl package.

Risk factor :

High / CVSS Base Score : 9.4
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:N)
CVSS Temporal Score : 8.2
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

This script is Copyright (C) 2014 Tenable Network Security, Inc.

OracleVM 3.3 : libxml2 (OVMSA-2014-0031)


Synopsis:

The remote OracleVM host is missing one or more security updates.

Description:

The remote OracleVM system is missing necessary patches to address
critical security updates :

- Update doc/redhat.gif in tarball

- Add libxml2-oracle-enterprise.patch and update logos in
tarball

- CVE-2014-3660 denial of service via recursive entity
expansion (rhbz#1149085)

- Fix a set of regressions introduced in CVE-2014-0191
(rhbz#1105011)

- Improve handling of xmlStopParser(CVE-2013-2877)

- Do not fetch external parameter entities (CVE-2014-0191)

- Fix a regression in 2.9.0 breaking validation while
streaming (rhbz#863166)

- detect and stop excessive entities expansion upon
replacement (rhbz#912575)

See also :

http://www.nessus.org/u?fa5c0424

Solution :

Update the affected libxml2 / libxml2-python packages.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVSS Temporal Score : 3.7
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

This script is Copyright (C) 2014 Tenable Network Security, Inc.