Tenable SecurityCenter < 5.4.0 Multiple Vulnerabilities (TNS-2016-12)

This script is Copyright (C) 2016-2017 Tenable Network Security, Inc.


Synopsis :

An application installed on the remote host is affected by multiple
vulnerabilities.

Description :

According to its self-reported version, the Tenable SecurityCenter
application installed on the remote host is prior to 5.4.0. It is,
therefore, affected by multiple vulnerabilities :

- An arbitrary code execution vulnerability exists in the
bundled version of libcurl due to using an insecure path
to look for specific libraries, including the current
working directory, which may not be under user control.
A remote attacker can exploit this to inject and execute
arbitrary code in the context of the current user.
(CVE-2016-4802)

- Multiple flaws exist in the bundled version of libssh
due to a failure to securely generate Diffie-Hellman
secret keys. A man-in-the-middle attacker can exploit
these flaws to intercept and decrypt SSH sessions.
(CVE-2016-0739, CVE-2016-0787)

- An integer overflow condition exists in the bundled
version of libcurl due to improper validation of
user-supplied input when handling 'timeval'. An attacker
can exploit this to have an unspecified impact.
(VulnDB 136238)

Note that Nessus has not tested for these issues but has instead
relied only on the application's self-reported version number.

See also :

http://www.tenable.com/security/tns-2016-12
https://curl.haxx.se/docs/adv_20160530.html
https://curl.haxx.se/changes.html#7_48_0
https://www.libssh2.org/adv_20160223.html

Solution :

Upgrade to Tenable SecurityCenter version 5.4.0 or later.

Risk factor :

High / CVSS Base Score : 7.1
(CVSS2#AV:N/AC:H/Au:S/C:C/I:C/A:C)
CVSS Temporal Score : 5.3
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

Family: Misc.

Nessus Plugin ID: 92558 ()

Bugtraq ID: 83186
83389
90997

CVE ID: CVE-2016-0739
CVE-2016-0787
CVE-2016-4802

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now