Newest Plugins

Symantec Endpoint Protection Installed (Unix Credentialed Check)


Synopsis:

A management and endpoint protection application is installed on the
remote host.

Description:

Symantec Endpoint Protection, a management and endpoint protection
application, is installed on the remote host.

See also :

http://www.symantec.com/endpoint-protection/

Solution :

n/a

Risk factor :

None

This script is Copyright (C) 2016 Tenable Network Security, Inc.

Mac OS X : Apple Safari < 9.0.3 Multiple Vulnerabilities


Synopsis:

The remote host has a web browser installed that is affected by
multiple vulnerabilities.

Description:

The version of Apple Safari installed on the remote Mac OS X host is
prior to 9.0.3. It is, therefore, affected by the following
vulnerabilities :

- Multiple memory corruption vulnerabilities exist in
WebKit due to improper validation of user-supplied
input. A remote attacker, via a specially crafted
website, can exploit these issues to execute arbitrary
code or cause a denial of service. (CVE-2016-1723,
CVE-2016-1724, CVE-2016-1725, CVE-2016-1726,
CVE-2016-1727)

- A flaw exists in the Cascading Style Sheets (CSS)
implementation in WebKit CSS when handling the
'a:visited button' CSS selector while evaluating the
height of the containing element. A remote attacker
can exploit this, via a crafted website, to obtain
sensitive browser history information. (CVE-2016-1728)

See also :

https://support.apple.com/en-us/HT205730
http://www.nessus.org/u?c7e0375f

Solution :

Upgrade to Apple Safari version 9.0.3 or later.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)

This script is Copyright (C) 2016 Tenable Network Security, Inc.

Cisco APIC-EM WebUI Detection


Synopsis:

The remote host is a Cisco APIC-EM appliance.

Description:

The login page for a Cisco Application Policy Infrastructure
Controller Enterprise Module (APIC-EM) appliance was detected on the
remote host. It is possible to extract version and patch information
if login credentials are provided.

See also :

http://www.nessus.org/u?1f79e994

Solution :

n/a

Risk factor :

None

This script is Copyright (C) 2016 Tenable Network Security, Inc.

Cisco APIC-EM 1.1 Unspecified XSS (credentialed check)


Synopsis:

A network management system running on the remote host is affected by
an unspecified reflected cross-site scripting vulnerability.

Description:

According to its self-reported version number, the Cisco Application
Policy Infrastructure Controller Enterprise Module (APIC-EM)
application running on the remote host is version 1.1. It is,
therefore, affected by a reflected cross-site scripting vulnerability
due to improper sanitization of input before returning it to users. A
remote attacker can exploit this, via a specially crafted request, to
execute arbitrary script code in a user's browser session.

See also :

http://www.nessus.org/u?6beb8017

Solution :

Contact the vendor for a fix.

Risk factor :

Medium / CVSS Base Score : 4.3
(CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N)

This script is Copyright (C) 2016 Tenable Network Security, Inc.

Cisco Security Manager Web Server Detection


Synopsis:

An application used for managing and monitoring Cisco security
products is running on the remote web server.

Description:

Cisco Security Manager, a security management platform that helps
enable policy enforcement, is running on the remote web server.

See also :

http://www.nessus.org/u?05070256

Solution :

n/a

Risk factor :

None

This script is Copyright (C) 2016 Tenable Network Security, Inc.

Cisco Security Manager 4.9.x < 4.9(0.397) / 4.10.x < 4.10(0.189) OpenSSL ASN.1 Signature Handling DoS


Synopsis:

The web application running on the remote web server is affected by a
denial of service vulnerability.

Description:

The version of Cisco Security Manager running on the remote web server
is 4.9.x prior to 4.9(0.397) or 4.10.x prior to 4.10(0.189). It is,
therefore, affected by a NULL pointer dereference flaw in file
rsa_ameth.c due to improper handling of ASN.1 signatures that are
missing the PSS parameter. A remote attacker can exploit this to cause
the signature verification routine to crash, resulting in a denial of
service condition.

See also :

http://www.nessus.org/u?4099a8d6
https://tools.cisco.com/bugsearch/bug/CSCux41352
https://www.openssl.org/news/secadv/20151203.txt

Solution :

Upgrade to Cisco Security Manager version 4.9(0.397) / 4.10(0.189) or
later.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)

This script is Copyright (C) 2016 Tenable Network Security, Inc.

Cisco Web Security Appliance Proxy Restrictions Bypass


Synopsis:

The remote security appliance is affected by a security feature bypass
vulnerability.

Description:

According to its self-reported version, the Cisco Web Security
Appliance (WSA) running on the remote host is affected by a security
feature bypass vulnerability that allows an unauthenticated, remote
attacker to bypass proxy restrictions via improper or malformed HTTP
methods.

See also :

http://www.nessus.org/u?9e6e1f04

Solution :

No patch currently exists. Contact Cisco for a patch or workaround.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)

This script is Copyright (C) 2016 Tenable Network Security, Inc.

AIX OpenSSL Advisory : openssl_advisory16.asc (SLOTH)


Synopsis:

The remote AIX host has a version of OpenSSL installed that is
affected by a collision-based forgery vulnerability.

Description:

The remote AIX host has a version of OpenSSL installed that is
affected by a collision-based forgery vulnerability, known as SLOTH
(Security Losses from Obsolete and Truncated Transcript Hashes), in
the TLS protocol due to accepting RSA-MD5 signatures in the server
signature within the TLS 1.2 ServerKeyExchange messages during a TLS
handshake. A man-in-the-middle attacker can exploit this, via a
transcript collision attack, to impersonate a TLS server.

See also :

http://aix.software.ibm.com/aix/efixes/security/openssl_advisory16.asc
http://www.mitls.org/downloads/transcript-collisions.pdf
http://www.mitls.org/pages/attacks/SLOTH

Solution :

A fix is available and can be downloaded from the IBM AIX website.

Risk factor :

Medium / CVSS Base Score : 4.3
(CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N)

This script is Copyright (C) 2016 Tenable Network Security, Inc.

AIX OpenSSH Advisory : openssh_advisory7.asc


Synopsis:

The remote AIX host has a version of OpenSSH installed that is
affected by multiple vulnerabilities.

Description:

The remote AIX host has a version of OpenSSH installed that is
affected by the following vulnerabilities :

- An information disclosure vulnerability exists in the
resend_bytes() function in the undocumented roaming
connection feature. An authenticated, remote attacker
can exploit this vulnerability, by persuading a victim
to connect to a malicious server, to retrieve private
cryptographic keys or other sensitive information.
(CVE-2016-0777)

- A heap-based buffer overflow condition exists in the
undocumented roaming connection feature due to improper
bounds checking of user-supplied input to the
packet_write_wait() and ssh_packet_write_wait()
functions whenever the non-default option ProxyCommand
is used with either ForwardAgent or ForwardX11are.
An authenticated, remote attacker can exploit this
vulnerability, by persuading a victim to connect to a
malicious server, to execute arbitrary code or cause
a denial of service. (CVE-2016-0778)

See also :

http://aix.software.ibm.com/aix/efixes/security/openssh_advisory7.asc

Solution :

A fix is available and can be downloaded from the IBM AIX website.

Risk factor :

Medium / CVSS Base Score : 6.5
(CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P)

This script is Copyright (C) 2016 Tenable Network Security, Inc.

Cisco Unified Computing System Manager CGI RCE (CSCur90888) (remote check)


Synopsis:

The remote device is affected by a remote command execution
vulnerability.

Description:

The Cisco Unified Computing System (UCS) Manager running on the remote
device is affected by a remote command execution vulnerability due to
unprotected calling of shell commands in the /ucsm/getkvmurl.cgi CGI
script. An unauthenticated, remote attacker can exploit this, via a
crafted HTTP request, to execute arbitrary commands.

See also :

http://www.nessus.org/u?72dbb5d7

Solution :

Refer to Cisco bug ID CSCur90888 for any available patches, or contact
the vendor for a fix.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

This script is Copyright (C) 2016 Tenable Network Security, Inc.

RHEL 6 : jboss-ec2-eap (RHSA-2016:0124)


Synopsis:

The remote Red Hat host is missing one or more security updates.

Description:

Updated jboss-ec2-eap packages that add one enhancement and resolve
one security issue are now available for Red Hat JBoss Enterprise
Application Platform 6.4.6 on Red Hat Enterprise Linux 6.

Red Hat Product Security has rated this update as having Important
security impact. A Common Vulnerability Scoring System (CVSS) base
score, which gives a detailed severity rating, is available from the
CVE link in the References section.

Red Hat JBoss Enterprise Application Platform 6 is a platform for Java
EE applications. It is based on JBoss Application Server 7 and
incorporates multiple open-source projects to provide a complete Java
EE platform solution.

It was found that the Java Standard Tag Library (JSTL) allowed the
processing of untrusted XML documents to utilize external entity
references, which could access resources on the host system and,
potentially, allowing arbitrary code execution. (CVE-2015-0254)

Note: Tag Library users may need to take additional steps after
applying this update. Detailed instructions on the additional steps
can be found here: https://access.redhat.com/solutions/1584363

Red Hat would like to thank David Jorm of IIX, and the Apache Software
Foundation for reporting the CVE-2015-0254 flaw.

* The jboss-ec2-eap packages provide scripts for Red Hat JBoss
Enterprise Application Platform running on the Amazon Web Services
(AWS) Elastic Compute Cloud (EC2). With this update, the packages have
been updated to ensure compatibility with Red Hat JBoss Enterprise
Application Platform 6.4.6.

All users of EAP 6.4.5 jboss-ec2-eap are advised to upgrade to these
updated packages.

See also :

https://www.redhat.com/security/data/cve/CVE-2015-0254.html
https://access.redhat.com/documentation/en-US/
https://access.redhat.com/solutions/1584363
http://rhn.redhat.com/errata/RHSA-2016-0124.html

Solution :

Update the affected jboss-ec2-eap and / or jboss-ec2-eap-samples
packages.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)

This script is Copyright (C) 2016 Tenable Network Security, Inc.

GLSA-201602-01 : QEMU: Multiple vulnerabilities (Venom)


Synopsis:

The remote Gentoo host is missing one or more security-related
patches.

Description:

The remote host is affected by the vulnerability described in GLSA-201602-01
(QEMU: Multiple vulnerabilities)

Multiple vulnerabilities have been discovered in QEMU. Please review the
CVE identifiers referenced below for details.

Impact :

A remote attacker might cause a Denial of Service or gain escalated
privileges from a guest VM.

Workaround :

There is no known workaround at this time.

See also :

https://security.gentoo.org/glsa/201602-01

Solution :

All QEMU users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose '>=app-emulation/qemu-2.5.0-r1'

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
Public Exploit Available : true

This script is Copyright (C) 2016 Tenable Network Security, Inc.

GLSA-201601-05 : OpenSSL: Multiple vulnerabilities


Synopsis:

The remote Gentoo host is missing one or more security-related
patches.

Description:

The remote host is affected by the vulnerability described in GLSA-201601-05
(OpenSSL: Multiple vulnerabilities)

Multiple vulnerabilities have been discovered in OpenSSL. Please review
the upstream advisory and CVE identifiers referenced below for details.

Impact :

A remote attacker could disclose a server&rsquo
s private DH exponent, or
complete SSLv2 handshakes using ciphers that have been disabled on the
server.

Workaround :

There is no known workaround at this time.

See also :

http://openssl.org/news/secadv/20160128.txt
https://security.gentoo.org/glsa/201601-05

Solution :

All OpenSSL users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose '>=dev-libs/openssl-1.0.2f'

Risk factor :

Medium

This script is Copyright (C) 2016 Tenable Network Security, Inc.

FreeBSD : py-rsa -- Bleichenbacher'06 signature forgery vulnerability (e78bfc9d-cb1e-11e5-b251-0050562a4d7b)


Synopsis:

The remote FreeBSD host is missing one or more security-related
updates.

Description:

Filippo Valsorda reports :

python-rsa is vulnerable to a straightforward variant of the
Bleichenbacher'06 attack against RSA signature verification with low
public exponent.

See also :

http://www.nessus.org/u?24eb0dd8
http://www.nessus.org/u?525636eb
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1494
http://www.openwall.com/lists/oss-security/2016/01/05/3
http://www.openwall.com/lists/oss-security/2016/01/05/1
http://www.nessus.org/u?f242d522

Solution :

Update the affected packages.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)

This script is Copyright (C) 2016 Tenable Network Security, Inc.

FreeBSD : asterisk -- Multiple vulnerabilities (559f3d1b-cb1d-11e5-80a4-001999f8d30b)


Synopsis:

The remote FreeBSD host is missing one or more security-related
updates.

Description:

The Asterisk project reports :

AST-2016-001 - BEAST vulnerability in HTTP server

AST-2016-002 - File descriptor exhaustion in chan_sip

AST-2016-003 - Remote crash vulnerability when receiving UDPTL FAX
data

See also :

http://downloads.asterisk.org/pub/security/AST-2016-001.html
http://downloads.asterisk.org/pub/security/AST-2016-002.html
http://downloads.asterisk.org/pub/security/AST-2016-003.html
http://www.nessus.org/u?5524082f

Solution :

Update the affected packages.

Risk factor :

High

This script is Copyright (C) 2016 Tenable Network Security, Inc.

FreeBSD : webkit -- UI spoof (1091d2d1-cb2e-11e5-b14b-bcaec565249c)


Synopsis:

The remote FreeBSD host is missing one or more security-related
updates.

Description:

webkit reports :

The ScrollView::paint function in platform/scroll/ScrollView.cpp in
Blink, as used in Google Chrome before 35.0.1916.114, allows remote
attackers to spoof the UI by extending scrollbar painting into the
parent frame.

See also :

http://webkitgtk.org/security/WSA-2015-0002.html
http://www.nessus.org/u?80aae00a

Solution :

Update the affected packages.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)

This script is Copyright (C) 2016 Tenable Network Security, Inc.

F5 Networks BIG-IP : libtar vulnerability (SOL16015326)


Synopsis:

The remote device is missing a vendor-supplied security patch.

Description:

Multiple integer overflows in the th_read function in lib/block.c in
libtar before 1.2.20 allow remote attackers to cause a denial of
service (crash) and possibly execute arbitrary code via a long (1)
name or (2) link in an archive, which triggers a heap-based buffer
overflow.

See also :

http://www.nessus.org/u?1b45492e
http://www.nessus.org/u?19c90f46

Solution :

Upgrade to one of the non-vulnerable versions listed in the F5
Solution SOL16015326.

Risk factor :

Medium / CVSS Base Score : 6.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 5.9
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

This script is Copyright (C) 2016 Tenable Network Security, Inc.

Debian DSA-3466-1 : krb5 - security update


Synopsis:

The remote Debian host is missing a security-related update.

Description:

Several vulnerabilities were discovered in krb5, the MIT
implementation of Kerberos. The Common Vulnerabilities and Exposures
project identifies the following problems :

- CVE-2015-8629
It was discovered that an authenticated attacker can
cause kadmind to read beyond the end of allocated memory
by sending a string without a terminating zero byte.
Information leakage may be possible for an attacker with
permission to modify the database.

- CVE-2015-8630
It was discovered that an authenticated attacker with
permission to modify a principal entry can cause kadmind
to dereference a null pointer by supplying a null policy
value but including KADM5_POLICY in the mask.

- CVE-2015-8631
It was discovered that an authenticated attacker can
cause kadmind to leak memory by supplying a null
principal name in a request which uses one. Repeating
these requests will eventually cause kadmind to exhaust
all available memory.

See also :

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=813126
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=813127
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=813296
https://security-tracker.debian.org/tracker/CVE-2015-8629
https://security-tracker.debian.org/tracker/CVE-2015-8630
https://security-tracker.debian.org/tracker/CVE-2015-8631
https://security-tracker.debian.org/tracker/CVE-2015-8630
https://packages.debian.org/source/wheezy/krb5
https://packages.debian.org/source/jessie/krb5
http://www.debian.org/security/2016/dsa-3466

Solution :

Upgrade the krb5 packages.

For the oldstable distribution (wheezy), these problems have been
fixed in version 1.10.1+dfsg-5+deb7u7. The oldstable distribution
(wheezy) is not affected by CVE-2015-8630.

For the stable distribution (jessie), these problems have been fixed
in version 1.12.1+dfsg-19+deb8u2.

Risk factor :

High

This script is Copyright (C) 2016 Tenable Network Security, Inc.

Debian DLA-410-1 : openjdk-6 security update


Synopsis:

The remote Debian host is missing a security update.

Description:

Several vulnerabilities have been discovered in OpenJDK, an
implementation of the Oracle Java platform, resulting in breakouts of
the Java sandbox, information disclosure, denial of service and
insecure cryptography.

CVE-2015-7575
A flaw was found in the way TLS 1.2 could use the
MD5 hash function for signing ServerKeyExchange and Client
Authentication packets during a TLS handshake.

CVE-2015-8126
Multiple buffer overflows in the (1) png_set_PLTE
and (2)
png_get_PLTE functions in libpng before 1.0.64, 1.1.x and
1.2.x
before 1.2.54, 1.3.x and 1.4.x before 1.4.17, 1.5.x before

1.5.24, and 1.6.x before 1.6.19 allow remote attackers to cause

a denial of service (application crash) or possibly have

unspecified other impact via a small bit-depth value in an IHDR

(aka image header) chunk in a PNG image.

CVE-2015-8472
Buffer overflow in the png_set_PLTE function in
libpng before
1.0.65, 1.1.x and 1.2.x before 1.2.55, 1.3.x, 1.4.x
before
1.4.18, 1.5.x before 1.5.25, and 1.6.x before 1.6.20 allows

remote attackers to cause a denial of service (application

crash) or possibly have unspecified other impact via a small

bit-depth value in an IHDR (aka image header) chunk in a PNG

image. NOTE: this vulnerability exists because of an incomplete

fix for CVE-2015-8126.

CVE-2016-0402
Unspecified vulnerability in the Java SE and Java SE
Embedded
components in Oracle Java SE 6u105, 7u91, and 8u66 and
Java SE
Embedded 8u65 allows remote attackers to affect integrity
via
unknown vectors related to Networking.

CVE-2016-0448
Unspecified vulnerability in the Java SE and Java SE
Embedded
components in Oracle Java SE 6u105, 7u91, and 8u66, and
Java SE
Embedded 8u65 allows remote authenticated users to affect

confidentiality via vectors related to JMX.

CVE-2016-0466
It was discovered that the JAXP component in OpenJDK
did not properly enforce the totalEntitySizeLimit limit. An attacker
able to make a Java application process a specially crafted XML file
could use this flaw to make the application consume an excessive
amount of memory.

CVE-2016-0483
Unspecified vulnerability in the Java SE, Java SE
Embedded, and
JRockit components in Oracle Java SE 6u105, 7u91,
and 8u66

Java SE Embedded 8u65
and JRockit R28.3.8 allows remote

attackers to affect confidentiality, integrity, and

availability via vectors related to AWT.

CVE-2016-0494
Unspecified vulnerability in the Java SE and Java SE
Embedded
components in Oracle Java SE 6u105, 7u91, and 8u66 and
Java SE
Embedded 8u65 allows remote attackers to affect


confidentiality, integrity, and availability via
unknown
vectors related to 2D.

For Debian 6 'Squeeze', these problems have been fixed in version
6b38-1.13.10-1~deb6u1.

We recommend that you upgrade your openjdk-6 packages.

NOTE: Tenable Network Security has extracted the preceding description
block directly from the DLA security advisory. Tenable has attempted
to automatically clean and format it as much as possible without
introducing additional issues.

See also :

https://lists.debian.org/debian-lts-announce/2016/02/msg00001.html
https://packages.debian.org/source/squeeze-lts/openjdk-6

Solution :

Upgrade the affected packages.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

This script is Copyright (C) 2016 Tenable Network Security, Inc.

WordPress < 4.4.2 Multiple Vulnerabilities


Synopsis:

The PHP application running on the remote web server is affected by
multiple vulnerabilities.

Description:

According to its self-reported version number, the WordPress
application running on the remote web server is prior to 4.4.2. It is,
therefore, affected by the following vulnerabilities :

- A server-side request forgery vulnerability exists in
which the server can be induced into performing
unintended actions when handling certain requests. An
unauthenticated, remote attacker can exploit this, via
crafted requests to certain local URIs, to conduct
further host-based attacks, such as bypassing access
restrictions, conducting port scanning, enumerating
internal networks and hosts, or invoking additional
protocols. (OSVDB 133900)

- A cross-site redirection vulnerability exists due to a
failure by the application to validate certain input.
An unauthenticated, remote attacker can exploit this,
via a specially crafted link, to redirect a victim from
a legitimate web site to an arbitrary web site of the
attacker's choosing, thus allowing further attacks on
client-side software, such as web browsers or document
rendering software. (OSVDB 133901)

Note that Nessus has not tested for these issues but has instead
relied only on the application's self-reported version number.

See also :

https://wpvulndb.com/vulnerabilities/8376
https://wpvulndb.com/vulnerabilities/8377
http://www.nessus.org/u?d40090f8
https://codex.wordpress.org/Version_4.4.2

Solution :

Upgrade to WordPress version 4.4.2 or later.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)

This script is Copyright (C) 2016 Tenable Network Security, Inc.

Intel Driver Update Utility Installed


Synopsis:

A driver update utility is installed on the remote host.

Description:

Intel Driver Update Utility is installed on the remote host.

See also :

http://www.intel.com/content/www/us/en/support/detect.html?iid=dc_iduu

Solution :

n/a

Risk factor :

None

This script is Copyright (C) 2016 Tenable Network Security, Inc.

Intel Driver Update Utility 2.x < 2.4 Cleartext Download MitM


Synopsis:

The Intel Driver Update Utility installed on the remote Windows host
is affected by a man-in-the-middle vulnerability.

Description:

The version of the Intel Driver Update Utility installed on the remote
host is 2.x prior to 2.4. It is, therefore, affected by a
man-in-the-middle vulnerability due to the transmission of driver
updates in cleartext. A man-in-the-middle attacker can exploit this to
disclose or manipulate data, potentially resulting in the execution of
arbitrary code via a crafted malicious update.

See also :

http://www.nessus.org/u?ddad21f6
http://www.nessus.org/u?73ab0374

Solution :

Upgrade to Intel Driver Update Utility version 2.4 or later.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)

This script is Copyright (C) 2016 Tenable Network Security, Inc.

Ubuntu 12.04 LTS / 14.04 / 15.10 : qemu, qemu-kvm vulnerabilities (USN-2891-1)


Synopsis:

The remote Ubuntu host is missing one or more security-related patches.

Description:

Qinghao Tang discovered that QEMU incorrectly handled PCI MSI-X
support. An attacker inside the guest could use this issue to cause
QEMU to crash, resulting in a denial of service. This issue only
affected Ubuntu 14.04 LTS and Ubuntu 15.10. (CVE-2015-7549)

Lian Yihan discovered that QEMU incorrectly handled the VNC server. A
remote attacker could use this issue to cause QEMU to crash, resulting
in a denial of service. (CVE-2015-8504)

Felix Wilhelm discovered a race condition in the Xen paravirtualized
drivers which can cause double fetch vulnerabilities. An attacker in
the paravirtualized guest could exploit this flaw to cause a denial of
service (crash the host) or potentially execute arbitrary code on the
host. (CVE-2015-8550)

Qinghao Tang discovered that QEMU incorrectly handled USB EHCI
emulation support. An attacker inside the guest could use this issue
to cause QEMU to consume resources, resulting in a denial of service.
(CVE-2015-8558)

Qinghao Tang discovered that QEMU incorrectly handled the vmxnet3
device. An attacker inside the guest could use this issue to cause
QEMU to consume resources, resulting in a denial of service. This
issue only affected Ubuntu 14.04 LTS and Ubuntu 15.10. (CVE-2015-8567,
CVE-2015-8568)

Qinghao Tang discovered that QEMU incorrectly handled SCSI MegaRAID
SAS HBA emulation. An attacker inside the guest could use this issue
to cause QEMU to crash, resulting in a denial of service. This issue
only affected Ubuntu 14.04 LTS and Ubuntu 15.10. (CVE-2015-8613)

Ling Liu discovered that QEMU incorrectly handled the Human Monitor
Interface. A local attacker could use this issue to cause QEMU to
crash, resulting in a denial of service. This issue only affected
Ubuntu 14.04 LTS and Ubuntu 15.10. (CVE-2015-8619, CVE-2016-1922)

David Alan Gilbert discovered that QEMU incorrectly handled the Q35
chipset emulation when performing VM guest migrations. An attacker
could use this issue to cause QEMU to crash, resulting in a denial of
service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 15.10.
(CVE-2015-8666)

Ling Liu discovered that QEMU incorrectly handled the NE2000 device.
An attacker inside the guest could use this issue to cause QEMU to
crash, resulting in a denial of service. (CVE-2015-8743)

It was discovered that QEMU incorrectly handled the vmxnet3 device. An
attacker inside the guest could use this issue to cause QEMU to crash,
resulting in a denial of service. This issue only affected Ubuntu
14.04 LTS and Ubuntu 15.10. (CVE-2015-8744, CVE-2015-8745)

Qinghao Tang discovered that QEMU incorrect handled IDE AHCI
emulation. An attacker inside the guest could use this issue to cause
a denial of service, or possibly execute arbitrary code on the host as
the user running the QEMU process. In the default installation, when
QEMU is used with libvirt, attackers would be isolated by the libvirt
AppArmor profile. (CVE-2016-1568)

Donghai Zhu discovered that QEMU incorrect handled the firmware
configuration device. An attacker inside the guest could use this
issue to cause a denial of service, or possibly execute arbitrary code
on the host as the user running the QEMU process. In the default
installation, when QEMU is used with libvirt, attackers would be
isolated by the libvirt AppArmor profile. (CVE-2016-1714)

It was discovered that QEMU incorrectly handled the e1000 device. An
attacker inside the guest could use this issue to cause QEMU to crash,
resulting in a denial of service. (CVE-2016-1981)

Zuozhi Fzz discovered that QEMU incorrectly handled IDE AHCI
emulation. An attacker inside the guest could use this issue to cause
QEMU to crash, resulting in a denial of service. This issue only
affected Ubuntu 15.10. (CVE-2016-2197)

Zuozhi Fzz discovered that QEMU incorrectly handled USB EHCI
emulation. An attacker inside the guest could use this issue to cause
QEMU to crash, resulting in a denial of service. This issue only
affected Ubuntu 14.04 LTS and Ubuntu 15.10. (CVE-2016-2198).

Solution :

Update the affected packages.

Risk factor :

High

This script is Copyright (C) 2016 Tenable Network Security, Inc.

SUSE SLED11 Security Update : Recommended update for LibreOffice (SUSE-SU-2016:0324-1)


Synopsis:

The remote SUSE host is missing one or more security updates.

Description:

This update brings LibreOffice to version 5.0.4, a major version
update.

It brings lots of new features, bug fixes and also security fixes.

Features as seen on http://www.libreoffice.org/discover/new-features/

- LibreOffice 5.0 ships an impressive number of new
features for its spreadsheet module, Calc: complex
formulae image cropping, new functions, more powerful
conditional formatting, table addressing and much more.
Calc's blend of performance and features makes it an
enterprise-ready, heavy duty spreadsheet application
capable of handling all kinds of workload for an
impressive range of use cases

- New icons, major improvements to menus and sidebar : no
other LibreOffice version has looked that good and
helped you be creative and get things done the right
way. In addition, style management is now more intuitive
thanks to the visualization of styles right in the
interface.

- LibreOffice 5 ships with numerous improvements to
document import and export filters for MS Office, PDF,
RTF, and more. You can now timestamp PDF documents
generated with LibreOffice and enjoy enhanced document
conversion fidelity all around.

The Pentaho Flow Reporting Engine is now added and used.

Security issues fixed :

- CVE-2014-8146: The resolveImplicitLevels function in
common/ubidi.c in the Unicode Bidirectional Algorithm
implementation in ICU4C in International Components for
Unicode (ICU) before 55.1 did not properly track
directionally isolated pieces of text, which allowed
remote attackers to cause a denial of service
(heap-based buffer overflow) or possibly execute
arbitrary code via crafted text.

- CVE-2014-8147: The resolveImplicitLevels function in
common/ubidi.c in the Unicode Bidirectional Algorithm
implementation in ICU4C in International Components for
Unicode (ICU) before 55.1 used an integer data type that
is inconsistent with a header file, which allowed remote
attackers to cause a denial of service (incorrect malloc
followed by invalid free) or possibly execute arbitrary
code via crafted text.

- CVE-2015-4551: An arbitrary file disclosure
vulnerability in Libreoffice and Openoffice Calc and
Writer was fixed.

- CVE-2015-5212: A LibreOffice 'PrinterSetup Length'
integer underflow vulnerability could be used by
attackers supplying documents to execute code as the
user opening the document.

- CVE-2015-5213: A LibreOffice 'Piece Table Counter'
invalid check design error vulnerability allowed
attackers supplying documents to execute code as the
user opening the document.

- CVE-2015-5214: Multiple Vendor LibreOffice Bookmark
Status Memory Corruption Vulnerability allowed attackers
supplying documents to execute code as the user opening
the document.

Note that Tenable Network Security has extracted the preceding
description block directly from the SUSE security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.

See also :

http://www.libreoffice.org/discover/new-features/
https://bugzilla.suse.com/306333
https://bugzilla.suse.com/547549
https://bugzilla.suse.com/668145
https://bugzilla.suse.com/679938
https://bugzilla.suse.com/681560
https://bugzilla.suse.com/688200
https://bugzilla.suse.com/718113
https://bugzilla.suse.com/806250
https://bugzilla.suse.com/857026
https://bugzilla.suse.com/889755
https://bugzilla.suse.com/890735
https://bugzilla.suse.com/907636
https://bugzilla.suse.com/907966
https://bugzilla.suse.com/910805
https://bugzilla.suse.com/910806
https://bugzilla.suse.com/914911
https://bugzilla.suse.com/934423
https://bugzilla.suse.com/936188
https://bugzilla.suse.com/936190
https://bugzilla.suse.com/939996
https://bugzilla.suse.com/940838
https://bugzilla.suse.com/943075
https://bugzilla.suse.com/945047
https://bugzilla.suse.com/945692
https://bugzilla.suse.com/951579
https://bugzilla.suse.com/954345
https://www.suse.com/security/cve/CVE-2014-8146.html
https://www.suse.com/security/cve/CVE-2014-8147.html
https://www.suse.com/security/cve/CVE-2014-9093.html
https://www.suse.com/security/cve/CVE-2015-4551.html
https://www.suse.com/security/cve/CVE-2015-5212.html
https://www.suse.com/security/cve/CVE-2015-5213.html
https://www.suse.com/security/cve/CVE-2015-5214.html
http://www.nessus.org/u?6cb3ddc7

Solution :

To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product :

SUSE Linux Enterprise Software Development Kit 11-SP4 :

zypper in -t patch sdksp4-libreoffice-504-1174=1

SUSE Linux Enterprise Desktop 11-SP4 :

zypper in -t patch sledsp4-libreoffice-504-1174=1

SUSE Linux Enterprise Debuginfo 11-SP4 :

zypper in -t patch dbgsp4-libreoffice-504-1174=1

To bring your system up-to-date, use 'zypper patch'.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 5.5
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

This script is Copyright (C) 2016 Tenable Network Security, Inc.

RHEL 7 : kernel-rt (RHSA-2016:0065)


Synopsis:

The remote Red Hat host is missing one or more security updates.

Description:

Updated kernel-rt packages that fix one security issue are now
available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having Important
security impact. A Common Vulnerability Scoring System (CVSS) base
score, which gives a detailed severity rating, is available from the
CVE link in the References section.

The kernel packages contain the Linux kernel, the core of any Linux
operating system.

* A use-after-free flaw was found in the way the Linux kernel's key
management subsystem handled keyring object reference counting in
certain error path of the join_session_keyring() function. A local,
unprivileged user could use this flaw to escalate their privileges on
the system. (CVE-2016-0728, Important)

Red Hat would like to thank the Perception Point research team for
reporting this issue.

All kernel-rt users are advised to upgrade to these updated packages,
which contain a backported patch to correct this issue. The system
must be rebooted for this update to take effect.

See also :

https://www.redhat.com/security/data/cve/CVE-2016-0728.html
http://rhn.redhat.com/errata/RHSA-2016-0065.html

Solution :

Update the affected packages.

Risk factor :

High / CVSS Base Score : 7.2
(CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)
Public Exploit Available : true

This script is Copyright (C) 2016 Tenable Network Security, Inc.

RHEL 7 : glibc (RHSA-2015:2589)


Synopsis:

The remote Red Hat host is missing one or more security updates.

Description:

Updated glibc packages that fix multiple security issues are now
available for Red Hat Enterprise Linux 7.1 Extended Update Support.

Red Hat Product Security has rated this update as having Important
security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.

The glibc packages provide the standard C libraries (libc), POSIX
thread libraries (libpthread), standard math libraries (libm), and the
Name Server Caching Daemon (nscd) used by multiple programs on the
system. Without these libraries, the Linux system cannot function
correctly.

It was discovered that the nss_files backend for the Name Service
Switch in glibc would return incorrect data to applications or corrupt
the heap (depending on adjacent heap contents). A local attacker could
potentially use this flaw to execute arbitrary code on the system.
(CVE-2015-5277)

It was discovered that, under certain circumstances, glibc's
getaddrinfo() function would send DNS queries to random file
descriptors. An attacker could potentially use this flaw to send DNS
queries to unintended recipients, resulting in information disclosure
or data loss due to the application encountering corrupted data.
(CVE-2013-7423)

A buffer overflow flaw was found in the way glibc's gethostbyname_r()
and other related functions computed the size of a buffer when passed
a misaligned buffer as input. An attacker able to make an application
call any of these functions with a misaligned buffer could use this
flaw to crash the application or, potentially, execute arbitrary code
with the permissions of the user running the application.
(CVE-2015-1781)

A heap-based buffer overflow flaw and a stack overflow flaw were found
in glibc's swscanf() function. An attacker able to make an application
call the swscanf() function could use these flaws to crash that
application or, potentially, execute arbitrary code with the
permissions of the user running the application. (CVE-2015-1472,
CVE-2015-1473)

The CVE-2015-5277 issue was discovered by Sumit Bose and Lukáš
Slebodník of Red Hat, and the CVE-2015-1781 issue was discovered by
Arjun Shankar of Red Hat.

All glibc users are advised to upgrade to these updated packages,
which contain backported patches to correct these issues.

See also :

https://www.redhat.com/security/data/cve/CVE-2013-7423.html
https://www.redhat.com/security/data/cve/CVE-2015-1472.html
https://www.redhat.com/security/data/cve/CVE-2015-1473.html
https://www.redhat.com/security/data/cve/CVE-2015-1781.html
https://www.redhat.com/security/data/cve/CVE-2015-5277.html
http://rhn.redhat.com/errata/RHSA-2015-2589.html

Solution :

Update the affected packages.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)

This script is Copyright (C) 2016 Tenable Network Security, Inc.

RHEL 7 : kernel (RHSA-2015:2587)


Synopsis:

The remote Red Hat host is missing one or more security updates.

Description:

Updated kernel packages that fix three security issues, several bugs,
and one enhancement are now available for Red Hat Enterprise Linux 7.1
Extended Update Support.

Red Hat Product Security has rated this update as having Important
security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.

The kernel packages contain the Linux kernel, the core of any Linux
operating system.

* A flaw was found in the way the Linux kernel's file system
implementation handled rename operations in which the source was
inside and the destination was outside of a bind mount. A privileged
user inside a container could use this flaw to escape the bind mount
and, potentially, escalate their privileges on the system.
(CVE-2015-2925, Important)

* It was found that the x86 ISA (Instruction Set Architecture) is
prone to a denial of service attack inside a virtualized environment
in the form of an infinite loop in the microcode due to the way
(sequential) delivering of benign exceptions such as #AC (alignment
check exception) is handled. A privileged user inside a guest could
use this flaw to create denial of service conditions on the host
kernel. (CVE-2015-5307, Important)

* A race condition flaw was found in the way the Linux kernel's IPC
subsystem initialized certain fields in an IPC object structure that
were later used for permission checking before inserting the object
into a globally visible list. A local, unprivileged user could
potentially use this flaw to elevate their privileges on the system.
(CVE-2015-7613, Important)

Red Hat would like to thank Ben Serebrin of Google Inc. for reporting
the CVE-2015-5307 issue.

This update also fixes the following bugs and adds one enhancement :

* When setting up an ESP IPsec connection, the aes_ctr algorithm did
not work for ESP on a Power little endian VM host. As a consequence, a
kernel error was previously returned and the connection failed to be
established. A set of patches has been provided to fix this bug, and
aes_ctr works for ESP in the described situation as expected.
(BZ#1247127)

* The redistribute3() function distributed entries across 3 nodes.
However, some entries were moved an incorrect way, breaking the
ordering. As a result, BUG() in the dm-btree-remove.c:shift() function
occurred when entries were removed from the btree. A patch has been
provided to fix this bug, and redistribute3() now works as expected.
(BZ#1263945)

* When booting an mpt2sas adapter in a huge DDW enabled slot on Power,
the kernel previously generated a warning followed by a call trace.
The provided patch set enhances the Power kernel to be able to support
IOMMU as a fallback for the cases where the coherent mask of the
device is not suitable for direct DMA. As a result, neither the
warning nor the call trace occur in this scenario. (BZ#1267133)

* If the client mounted /exports and tried to execute the 'chown -R'
command across the entire mountpoint, a warning about a circular
directory structure was previously returned because mount points all
had the same inode number. A set of patches has been provided to fix
this bug, and mount points are now assigned with unique inode numbers
as expected. (BZ#1273239)

* Due to a validation error of in-kernel MMIO tracing, a VM became
previously unresponsive when connected to Red Hat Enterprise
Virtualization Hypervisor. The provided patch fixes this bug by
dropping the check in MMIO handler, and a VM continues running as
expected. (BZ#1275149)

* The NFS client could previously fail to send a CLOSE operation if
the file was opened with O_WRONLY and the server restarted after the
OPEN. Consequently, the server appeared in a state that could block
other NFS operations from completing. The client's state flags have
been modified to catch this condition and correctly CLOSE the file.
(BZ#1275298)

* This update sets multicast filters for multicast packets when the
interface is not in promiscuous mode. This change has an impact on the
RAR usage such that SR-IOV has some RARs reserved for its own usage as
well. (BZ#1265091)

All kernel users are advised to upgrade to these updated packages,
which contain backported patches to correct these issues and add this
enhancement. The system must be rebooted for this update to take
effect.

See also :

https://www.redhat.com/security/data/cve/CVE-2015-2925.html
https://www.redhat.com/security/data/cve/CVE-2015-5307.html
https://www.redhat.com/security/data/cve/CVE-2015-7613.html
http://rhn.redhat.com/errata/RHSA-2015-2587.html

Solution :

Update the affected packages.

Risk factor :

Medium / CVSS Base Score : 6.9
(CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C)

This script is Copyright (C) 2016 Tenable Network Security, Inc.

RHEL 7 : kernel-rt (RHSA-2015:2411)


Synopsis:

The remote Red Hat host is missing one or more security updates.

Description:

Updated kernel-rt packages that fix multiple security issues, several
bugs, and add various enhancements are now available for Red Hat
Enterprise Linux 7.

Red Hat Product Security has rated this update as having Important
security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.

The kernel-rt packages contain the Linux kernel, the core of any Linux
operating system.

* A flaw was found in the way the Linux kernel's file system
implementation handled rename operations in which the source was
inside and the destination was outside of a bind mount. A privileged
user inside a container could use this flaw to escape the bind mount
and, potentially, escalate their privileges on the system.
(CVE-2015-2925, Important)

* A race condition flaw was found in the way the Linux kernel's IPC
subsystem initialized certain fields in an IPC object structure that
were later used for permission checking before inserting the object
into a globally visible list. A local, unprivileged user could
potentially use this flaw to elevate their privileges on the system.
(CVE-2015-7613, Important)

* It was found that the Linux kernel memory resource controller's
(memcg) handling of OOM (out of memory) conditions could lead to
deadlocks. An attacker able to continuously spawn new processes within
a single memory-constrained cgroup during an OOM event could use this
flaw to lock up the system. (CVE-2014-8171, Moderate)

* A race condition flaw was found between the chown and execve system
calls. When changing the owner of a setuid user binary to root, the
race condition could momentarily make the binary setuid root. A local,
unprivileged user could potentially use this flaw to escalate their
privileges on the system. (CVE-2015-3339, Moderate)

* A flaw was discovered in the way the Linux kernel's TTY subsystem
handled the tty shutdown phase. A local, unprivileged user could use
this flaw to cause a denial of service on the system by holding a
reference to the ldisc lock during tty shutdown, causing a deadlock.
(CVE-2015-4170, Moderate)

* A NULL pointer dereference flaw was found in the SCTP
implementation. A local user could use this flaw to cause a denial of
service on the system by triggering a kernel panic when creating
multiple sockets in parallel while the system did not have the SCTP
module loaded. (CVE-2015-5283, Moderate)

* A flaw was found in the way the Linux kernel's Crypto subsystem
handled automatic loading of kernel modules. A local user could use
this flaw to load any installed kernel module, and thus increase the
attack surface of the running kernel. (CVE-2013-7421, CVE-2014-9644,
Low)

* An information leak flaw was found in the way the Linux kernel
changed certain segment registers and thread-local storage (TLS)
during a context switch. A local, unprivileged user could use this
flaw to leak the user space TLS base address of an arbitrary process.
(CVE-2014-9419, Low)

* A flaw was found in the way the Linux kernel handled the securelevel
functionality after performing a kexec operation. A local attacker
could use this flaw to bypass the security mechanism of the
securelevel/secureboot combination. (CVE-2015-7837, Low)

Red Hat would like to thank Linn Crosetto of HP for reporting the
CVE-2015-7837 issue. The CVE-2015-5283 issue was discovered by Ji
Jianwen from Red Hat engineering.

The kernel-rt packages have been upgraded to version
3.10.0-326.rt56.204, which provides a number of bug fixes and
enhancements. (BZ#1201915, BZ#1211724)

This update also fixes several bugs and adds multiple enhancements.
Refer to the following Red Hat Knowledgebase article for information
on the most significant of these changes :

https://access.redhat.com/articles/2055783

All kernel-rt users are advised to upgrade to these updated packages,
which correct these issues and add these enhancements. The system must
be rebooted for this update to take effect.

See also :

https://www.redhat.com/security/data/cve/CVE-2013-7421.html
https://www.redhat.com/security/data/cve/CVE-2014-8171.html
https://www.redhat.com/security/data/cve/CVE-2014-9419.html
https://www.redhat.com/security/data/cve/CVE-2014-9644.html
https://www.redhat.com/security/data/cve/CVE-2015-2925.html
https://www.redhat.com/security/data/cve/CVE-2015-3339.html
https://www.redhat.com/security/data/cve/CVE-2015-4170.html
https://www.redhat.com/security/data/cve/CVE-2015-5283.html
https://www.redhat.com/security/data/cve/CVE-2015-7613.html
https://www.redhat.com/security/data/cve/CVE-2015-7837.html
https://access.redhat.com/articles/2055783
http://rhn.redhat.com/errata/RHSA-2015-2411.html

Solution :

Update the affected packages.

Risk factor :

Medium / CVSS Base Score : 6.9
(CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C)

This script is Copyright (C) 2016 Tenable Network Security, Inc.

FreeBSD : salt -- code execution (0652005e-ca96-11e5-96d6-14dae9d210b8)


Synopsis:

The remote FreeBSD host is missing one or more security-related
updates.

Description:

SaltStack reports :

Improper handling of clear messages on the minion, which could result
in executing commands not sent by the master.

See also :

https://docs.saltstack.com/en/latest/topics/releases/2015.8.4.html
https://github.com/saltstack/salt/pull/30613/files
http://www.nessus.org/u?bd093023

Solution :

Update the affected packages.

Risk factor :

High

This script is Copyright (C) 2016 Tenable Network Security, Inc.

F5 Networks BIG-IP : LZO vulnerability (SOL95698826)


Synopsis:

The remote device is missing a vendor-supplied security patch.

Description:

An integer overflow flaw was found in the way the lzo library
decompressed certain archives compressed with the LZO algorithm. An
attacker could create a specially crafted LZO-compressed input that,
when decompressed by an application using the lzo library, would cause
that application to crash or, potentially, execute arbitrary code.

See also :

http://www.nessus.org/u?5cb658ec

Solution :

Upgrade to one of the non-vulnerable versions listed in the F5
Solution SOL95698826.

Risk factor :

Medium / CVSS Base Score : 5.1
(CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 4.4
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

This script is Copyright (C) 2016 Tenable Network Security, Inc.

Debian DSA-3465-1 : openjdk-6 - security update


Synopsis:

The remote Debian host is missing a security-related update.

Description:

Several vulnerabilities have been discovered in OpenJDK, an
implementation of the Oracle Java platform, resulting in breakouts of
the Java sandbox, information disclosure, denial of service and
insecure cryptography.

See also :

https://packages.debian.org/source/wheezy/openjdk-6
http://www.debian.org/security/2016/dsa-3465

Solution :

Upgrade the openjdk-6 packages.

For the oldstable distribution (wheezy), these problems have been
fixed in version 6b38-1.13.10-1~deb7u1.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

This script is Copyright (C) 2016 Tenable Network Security, Inc.

Slackware 14.0 / 14.1 / current : php (SSA:2016-034-04)


Synopsis:

The remote Slackware host is missing a security update.

Description:

New php packages are available for Slackware 14.0, 14.1, and -current
to fix security issues.

See also :

http://www.nessus.org/u?1a6ea70a

Solution :

Update the affected php package.

Risk factor :

Medium / CVSS Base Score : 6.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)

This script is Copyright (C) 2016 Tenable Network Security, Inc.

Slackware 14.0 / 14.1 / current : openssl (SSA:2016-034-03)


Synopsis:

The remote Slackware host is missing a security update.

Description:

New openssl packages are available for Slackware 14.0, 14.1, and
-current to fix a security issue.

See also :

http://www.nessus.org/u?6b9ea27c

Solution :

Update the affected openssl and / or openssl-solibs packages.

Risk factor :

High

This script is Copyright (C) 2016 Tenable Network Security, Inc.

Slackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / current : MPlayer (SSA:2016-034-02)


Synopsis:

The remote Slackware host is missing a security update.

Description:

New MPlayer packages are available for Slackware 13.0, 13.1, 13.37,
14.0, 14.1, and -current to fix security issues.

See also :

http://www.nessus.org/u?ace973bf

Solution :

Update the affected MPlayer package.

Risk factor :

Medium / CVSS Base Score : 4.3
(CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N)

This script is Copyright (C) 2016 Tenable Network Security, Inc.

Slackware 14.1 / current : mozilla-firefox (SSA:2016-034-01)


Synopsis:

The remote Slackware host is missing a security update.

Description:

New mozilla-firefox packages are available for Slackware 14.1 and
-current to fix security issues.

See also :

http://www.nessus.org/u?1db3cca5

Solution :

Update the affected mozilla-firefox package.

Risk factor :

High

This script is Copyright (C) 2016 Tenable Network Security, Inc.

HP Operations Manager for Windows Installed


Synopsis:

The remote host has infrastructure monitoring software installed.

Description:

HP Operations Manager for Windows, an infrastructure monitoring
application, is installed on the remote host.

See also :

http://www.nessus.org/u?9f63d88b

Solution :

n/a

Risk factor :

None

This script is Copyright (C) 2016 Tenable Network Security, Inc.

HP Operations Manager for Windows 8.x and 9.0 Java Object Unserialization RCE


Synopsis:

The remote host is affected by a remote code execution vulnerability.

Description:

The version of HP Operations Manager installed on the remote host has
the Sam Admin Adapter installed. This package is no longer supported
by HP and is affected by a remote code execution vulnerability due to
unsafe unserialize calls of unauthenticated Java objects to the Apache
Commons Collections (ACC) library. An unauthenticated, remote attacker
can exploit this, by sending a crafted SOAP request, to execute
arbitrary code on the target host.

See also :

http://www.nessus.org/u?f33d8ea9

Solution :

Remove the Sam Admin Adapter package since it is unsupported.

Risk factor :

High / CVSS Base Score : 9.0
(CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C)

This script is Copyright (C) 2016 Tenable Network Security, Inc.

Microsoft Windows 8 Unsupported Installation Detection


Synopsis:

The remote operating system is no longer supported.

Description:

The remote host is running Microsoft Windows 8. Support for this
operating system by Microsoft ended January 12th, 2016.

Lack of support implies that no new security patches for the product
will be released by the vendor. As a result, it is likely to contain
security vulnerabilities. Furthermore, Microsoft is unlikely to
investigate or acknowledge reports of vulnerabilities.

See also :

https://support.microsoft.com/en-us/gp/lifecycle-windows81-faq

Solution :

Upgrade to a version of Microsoft Windows that is currently supported.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

This script is Copyright (C) 2016 Tenable Network Security, Inc.

SUSE SLED12 / SLES12 Security Update : libvirt (SUSE-SU-2016:0304-1)


Synopsis:

The remote SUSE host is missing one or more security updates.

Description:

libvirt was updated to fix one security issue and several non-security
issues.

This security issue was fixed :

- CVE-2015-0236: libvirt allowed remote authenticated
users to obtain the VNC password by using the
VIR_DOMAIN_XML_SECURE flag with a crafted (1) snapshot
to the virDomainSnapshotGetXMLDesc interface or (2)
image to the virDomainSaveImageGetXMLDesc interface.
(bsc#914693)

- CVE-2015-5313: path traversal vulnerability allowed
libvirtd process to write arbitrary files into file
system using root permissions (bsc#953110)

Theses non-security issues were fixed :

- bsc#948686: Use PAUSED state for domains that are
starting up.

- bsc#903757: Provide nodeGetSecurityModel implementation
in libxl.

- bsc#938228: Set disk type to BLOCK when driver is not
tap or file.

- bsc#948516: Fix profile_status to distinguish between
errors and unconfined domains.

- bsc#936524: Fix error starting lxc containers with
direct interfaces.

- bsc#921555: Fixed apparmor generated profile for PCI
hostdevs.

- bsc#899334: Include additional upstream fixes for
systemd TerminateMachine.

- bsc#921586: Fix security driver default settings in
/etc/libvirt/qemu.conf.

- bsc#921355: Fixed a number of QEMU apparmor abstraction
problems.

- bsc#911737: Additional fix for the case where security
labels aren't automatically set.

- bsc#914297: Allow setting the URL of an SMT server to
use in place of SCC.

- bsc#904432: Backported route definition changes.

Note that Tenable Network Security has extracted the preceding
description block directly from the SUSE security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.

See also :

https://bugzilla.suse.com/899334
https://bugzilla.suse.com/903757
https://bugzilla.suse.com/904432
https://bugzilla.suse.com/911737
https://bugzilla.suse.com/914297
https://bugzilla.suse.com/914693
https://bugzilla.suse.com/921355
https://bugzilla.suse.com/921555
https://bugzilla.suse.com/921586
https://bugzilla.suse.com/936524
https://bugzilla.suse.com/938228
https://bugzilla.suse.com/948516
https://bugzilla.suse.com/948686
https://bugzilla.suse.com/953110
https://www.suse.com/security/cve/CVE-2015-0236.html
https://www.suse.com/security/cve/CVE-2015-5313.html
http://www.nessus.org/u?ad4633bf

Solution :

To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product :

SUSE Linux Enterprise Workstation Extension 12 :

zypper in -t patch SUSE-SLE-WE-12-2016-189=1

SUSE Linux Enterprise Software Development Kit 12 :

zypper in -t patch SUSE-SLE-SDK-12-2016-189=1

SUSE Linux Enterprise Server for SAP 12 :

zypper in -t patch SUSE-SLE-SAP-12-2016-189=1

SUSE Linux Enterprise Server 12 :

zypper in -t patch SUSE-SLE-SERVER-12-2016-189=1

SUSE Linux Enterprise Desktop 12 :

zypper in -t patch SUSE-SLE-DESKTOP-12-2016-189=1

To bring your system up-to-date, use 'zypper patch'.

Risk factor :

Low / CVSS Base Score : 3.5
(CVSS2#AV:N/AC:M/Au:S/C:P/I:N/A:N)
CVSS Temporal Score : 3.0
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

This script is Copyright (C) 2016 Tenable Network Security, Inc.

SUSE SLED11 / SLES11 Security Update : kdebase4-workspace (SUSE-SU-2016:0303-1)


Synopsis:

The remote SUSE host is missing one or more security updates.

Description:

This update for kdebase4-workspace fixes the following issues :

- CVE-2014-8651: Privilege escalation via KDE Clock KCM
helper when non-default polkit settings are used
(bsc#904625)

The following non-security bugs were fixed :

- bsc#929718: Make kdm recognize an IPv6 localhost address
as localhost

Note that Tenable Network Security has extracted the preceding
description block directly from the SUSE security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.

See also :

https://bugzilla.suse.com/904625
https://bugzilla.suse.com/929718
https://www.suse.com/security/cve/CVE-2014-8651.html
http://www.nessus.org/u?66fb8bf7

Solution :

To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product :

SUSE Linux Enterprise Software Development Kit 11-SP4 :

zypper in -t patch sdksp4-kdebase4-workspace-20160115-12380=1

SUSE Linux Enterprise Software Development Kit 11-SP3 :

zypper in -t patch sdksp3-kdebase4-workspace-20160115-12380=1

SUSE Linux Enterprise Server for VMWare 11-SP3 :

zypper in -t patch slessp3-kdebase4-workspace-20160115-12380=1

SUSE Linux Enterprise Server 11-SP4 :

zypper in -t patch slessp4-kdebase4-workspace-20160115-12380=1

SUSE Linux Enterprise Server 11-SP3 :

zypper in -t patch slessp3-kdebase4-workspace-20160115-12380=1

SUSE Linux Enterprise Desktop 11-SP4 :

zypper in -t patch sledsp4-kdebase4-workspace-20160115-12380=1

SUSE Linux Enterprise Desktop 11-SP3 :

zypper in -t patch sledsp3-kdebase4-workspace-20160115-12380=1

SUSE Linux Enterprise Debuginfo 11-SP4 :

zypper in -t patch dbgsp4-kdebase4-workspace-20160115-12380=1

SUSE Linux Enterprise Debuginfo 11-SP3 :

zypper in -t patch dbgsp3-kdebase4-workspace-20160115-12380=1

To bring your system up-to-date, use 'zypper patch'.

Risk factor :

High / CVSS Base Score : 7.2
(CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 6.3
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

This script is Copyright (C) 2016 Tenable Network Security, Inc.