	Nessus
	Download
	Plugins
	Newest Plugins
	Obtain an activation code
	View all plugins
	Search
	Documentation
	Register
	Buy Now
	ProfessionalFeed Support
	Bugs
	All the Tenable Products

Newest Plugins

USN795-1 : nagios2, nagios3 vulnerability:
Synopsis :

These remote packages are missing security patches :
- nagios2
- nagios2-common
- nagios2-dbg
- nagios2-doc
- nagios3
- nagios3-common
- nagios3-dbg
- nagios3-doc

Description :

It was discovered that Nagios did not properly parse certain commands
submitted using the WAP web interface. An authenticated user could exploit
this flaw and execute arbitrary programs on the server.

Solution :

Upgrade to :
- nagios2-2.11-1ubuntu1.5 (Ubuntu 8.04)
- nagios2-common-2.11-1ubuntu1.5 (Ubuntu 8.04)
- nagios2-dbg-2.11-1ubuntu1.5 (Ubuntu 8.04)
- nagios2-doc-2.11-1ubuntu1.5 (Ubuntu 8.04)
- nagios3-3.0.6-2ubuntu1.1 (Ubuntu 9.04)
- nagios3-common-3.0.6-2ubuntu1.1 (Ubuntu 9.04)
- nagios3-dbg-3.0.6-2ubuntu1.1 (Ubuntu 9.04)
- nagios3-doc-3.0.6-2ubuntu1.1 (Ubuntu 9.04)

Risk factor :

High

USN794-1 : libcompress-raw-zlib-perl, perl vulnerability:
Synopsis :

These remote packages are missing security patches :
- libcgi-fast-perl
- libcompress-raw-zlib-perl
- libperl-dev
- libperl5.10
- perl
- perl-base
- perl-debug
- perl-doc
- perl-modules
- perl-suid

Description :

It was discovered that the Compress::Raw::Zlib Perl module incorrectly
handled certain zlib compressed streams. If a user or automated system were
tricked into processing a specially crafted compressed stream or file, a
remote attacker could crash the application, leading to a denial of
service.

Solution :

Upgrade to :
- libcgi-fast-perl-5.10.0-19ubuntu1.1 (Ubuntu 9.04)
- libcompress-raw-zlib-perl-2.015-1ubuntu0.1 (Ubuntu 9.04)
- libperl-dev-5.10.0-19ubuntu1.1 (Ubuntu 9.04)
- libperl5.10-5.10.0-19ubuntu1.1 (Ubuntu 9.04)
- perl-5.10.0-19ubuntu1.1 (Ubuntu 9.04)
- perl-base-5.10.0-19ubuntu1.1 (Ubuntu 9.04)
- perl-debug-5.10.0-19ubuntu1.1 (Ubuntu 9.04)
- perl-doc-5.10.0-19ubuntu1.1 (Ubuntu 9.04)
- perl-modules-5.10.0-19ubuntu1.1 (Ubuntu 9.04)
- perl-suid-5.10.0-19ubuntu1.1 (Ubuntu 9.04)

Risk factor :

High

RHSA-2009-1140: ruby:
Synopsis :

The remote host is missing the patch for the advisory RHSA-2009-1140

Description :

Updated ruby packages that fix multiple security issues are now available
for Red Hat Enterprise Linux 4 and 5.

This update has been rated as having moderate security impact by the Red
Hat Security Response Team.

Ruby is an extensible, interpreted, object-oriented, scripting language. It
has features to process text files and to do system management tasks.

A flaw was found in the way the Ruby POP module processed certain APOP
authentication requests. By sending certain responses when the Ruby APOP
module attempted to authenticate using APOP against a POP server, a remote
attacker could, potentially, acquire certain portions of a user's
authentication credentials. (CVE-2007-1558)

It was discovered that Ruby did not properly check the return value when
verifying X.509 certificates. This could, potentially, allow a remote
attacker to present an invalid X.509 certificate, and have Ruby treat it as
valid. (CVE-2009-0642)

A flaw was found in the way Ruby converted BigDecimal objects to Float
numbers. If an attacker were able to provide certain input for the
BigDecimal object converter, they could crash an application using this
class. (CVE-2009-1904)

All Ruby users should upgrade to these updated packages, which contain
backported patches to resolve these issues.

See also :

http://rhn.redhat.com/errata/RHSA-2009-1140.html

Solution :

Get the newest RedHat Updates.

Risk factor :

Medium / CVSS Base Score : 6.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)

RHSA-2009-1139: finch:
Synopsis :

The remote host is missing the patch for the advisory RHSA-2009-1139

Description :

Updated pidgin packages that fix one security issue and one bug are now
available for Red Hat Enterprise Linux 4 and 5.

This update has been rated as having moderate security impact by the Red
Hat Security Response Team.

Pidgin is an instant messaging program which can log in to multiple
accounts on multiple instant messaging networks simultaneously. The AOL
Open System for CommunicAtion in Realtime (OSCAR) protocol is used by the
AOL ICQ and AIM instant messaging systems.

A denial of service flaw was found in the Pidgin OSCAR protocol
implementation. If a remote ICQ user sent a web message to a local Pidgin
user using this protocol, it would cause excessive memory usage, leading to
a denial of service (Pidgin crash). (CVE-2009-1889)

These updated packages also fix the following bug:

* the Yahoo! Messenger Protocol changed, making it incompatible (and
unusable) with Pidgin versions prior to 2.5.7. This update provides Pidgin
2.5.8, which implements version 16 of the Yahoo! Messenger Protocol, which
resolves this issue.

Note: These packages upgrade Pidgin to version 2.5.8. Refer to the Pidgin
release notes for a full list of changes:
http://developer.pidgin.im/wiki/ChangeLog

All Pidgin users should upgrade to these updated packages, which correct
these issues. Pidgin must be restarted for this update to take effect.

See also :

http://rhn.redhat.com/errata/RHSA-2009-1139.html

Solution :

Get the newest RedHat Updates.

Risk factor :

High

RHSA-2009-1138: openswan:
Synopsis :

The remote host is missing the patch for the advisory RHSA-2009-1138

Description :

Updated openswan packages that fix multiple security issues are now
available for Red Hat Enterprise Linux 5.

This update has been rated as having important security impact by the Red
Hat Security Response Team.

Openswan is a free implementation of Internet Protocol Security (IPsec)
and Internet Key Exchange (IKE). IPsec uses strong cryptography to provide
both authentication and encryption services. These services allow you to
build secure tunnels through untrusted networks. Everything passing through
the untrusted network is encrypted by the IPsec gateway machine, and
decrypted by the gateway at the other end of the tunnel. The resulting
tunnel is a virtual private network (VPN).

Multiple insufficient input validation flaws were found in the way
Openswan's pluto IKE daemon processed some fields of X.509 certificates. A
remote attacker could provide a specially-crafted X.509 certificate that
would crash the pluto daemon. (CVE-2009-2185)

All users of openswan are advised to upgrade to these updated packages,
which contain a backported patch to correct these issues. After installing
this update, the ipsec service will be restarted automatically.

See also :

http://rhn.redhat.com/errata/RHSA-2009-1138.html

Solution :

Get the newest RedHat Updates.

Risk factor :

High

[GLSA-200907-02] ModSecurity: Denial of Service:
Synopsis :

The remote host is missing the GLSA-200907-02 security update.

Description :

The remote host is affected by the vulnerability described in GLSA-200907-02
(ModSecurity: Denial of Service)

Multiple vulnerabilities were discovered in ModSecurity:
Juan Galiana Lara of ISecAuditors discovered a NULL pointer
dereference when processing multipart requests without a part header
name (CVE-2009-1902).
Steve Grubb of Red Hat reported that the
"PDF XSS protection" feature does not properly handle HTTP requests to
a PDF file that do not use the GET method (CVE-2009-1903).

Impact

A remote attacker might send requests containing specially crafted
multipart data or send certain requests to access a PDF file, possibly
resulting in a Denial of Service (crash) of the Apache HTTP daemon.
NOTE: The PDF XSS protection is not enabled by default.

Workaround

There is no known workaround at this time.

See also :

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1902
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1903
http://www.gentoo.org/security/en/glsa/glsa-200907-02.xml

Solution :

All ModSecurity users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=www-apache/mod_security-2.5.9"

Risk factor :

Medium

[GLSA-200907-01] libwmf: User-assisted execution of arbitrary code:
Synopsis :

The remote host is missing the GLSA-200907-01 security update.

Description :

The remote host is affected by the vulnerability described in GLSA-200907-01
(libwmf: User-assisted execution of arbitrary code)

The embedded fork of the GD library introduced a "use-after-free"
vulnerability in a modification which is specific to libwmf.

Impact

A remote attacker could entice a user to open a specially crafted WMF
file, possibly resulting in the execution of arbitrary code with the
privileges of the user running the application, or a Denial of Service.

Workaround

There is no known workaround at this time.

See also :

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1364
http://www.gentoo.org/security/en/glsa/glsa-200907-01.xml

Solution :

All libwmf users should upgrade to the latest version which no longer
builds the GD library:
# emerge --sync
# emerge --ask --oneshot --verbose ">=media-libs/libwmf-0.2.8.4-r3"

Risk factor :

Medium

FreeBSD : nfsen -- remote command execution (5143):
Synopsis :

The remote host is missing a security update

Description :

The following package needs to be updated: nfsen

See also :

http://sourceforge.net/forum/forum.php?forum_id=967583
http://www.FreeBSD.org/ports/portaudit/70372cda-6771-11de-883a-00e0815b8da8.html

Solution :

Update the package on the remote host

Risk factor :

High

Fedora 9 2009-3666: xorg-x11-xfs:
Synopsis :

The remote host is missing the patch for the advisory FEDORA-2009-3666 (xorg-x11-xfs)

Description :

X.Org X11 xfs font server

-
ChangeLog:

Update information :

* Mon Apr 13 2009 Adam Jackson <ajax redhat com> 1.0.5-2.1
- xfs.init: Fix mkdir race (#492517)

Solution :

Get the newest Fedora Updates

Risk factor :

Medium / CVSS Base Score : 6.2
(CVSS2#AV:L/AC:H/Au:N/C:C/I:C/A:C)

Fedora 10 2009-3651: xorg-x11-xfs:
Synopsis :

The remote host is missing the patch for the advisory FEDORA-2009-3651 (xorg-x11-xfs)

Description :

X.Org X11 xfs font server

-
ChangeLog:

Update information :

* Mon Apr 13 2009 Adam Jackson <ajax redhat com> 1.0.5-3.1
- xfs.init: Fix mkdir race (#492517)

Solution :

Get the newest Fedora Updates

Risk factor :

Medium / CVSS Base Score : 6.2
(CVSS2#AV:L/AC:H/Au:N/C:C/I:C/A:C)

IBM Rational ClearQuest Multiple XSS Flaws:
Synopsis :

The remote web server is affected by multiple flaws.

Description :

IBM Rational ClearQuest CQWeb Server is installed on the remote host.
The installed version is affected by multiple cross-site scripting
flaws. Specifically, the application fails to sanitize input passed
to parameter 'contextid', 'schema', 'userNameVal' and 'username'
before using it to generate dynamic HTML content. An unauthenticated
remote attacker may be able to leverage this issue to inject arbitrary
HTML or script code into a user's browser to be executed within the
security context of the affected site.

See also :

http://www.securityfocus.com/archive/1/archive/1/489861/100/0/threaded

Solution :

Apply patch 2003.06.16 Patch 2008A, 7.0.0.2_iFix01, or 7.0.1.1_iFix01.

Risk factor :

Medium / CVSS Base Score : 4.3
(CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N)

Sun Java Web Console 'helpwindow.jsp' Multiple Cross-Site Scripting Vulnerabilities:
Synopsis :

The remote web application has multiple cross-site scripting
vulnerabilities.

Description :

The version of Sun Java Web Console running on the remote host has
multiple cross-site scripting vulnerabilities in 'helpwindow.jsp'.
A remote attacker could exploit these to trick a user into executing
arbitrary HTML or script code in the context of the web server.

This version reportedly has other cross-site scripting vulnerabilities
in a different help file, though Nessus did not check for those issues.

See also :

http://sunsolve.sun.com/search/document.do?assetkey=1-66-262428-1

Solution :

Apply the relevant patch referenced in the vendor's advisory.

Risk factor :

Medium / CVSS Base Score : 4.3
(CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N)

RIP-2 Poisoning:
Synopsis :

It might be possible to hijack connections on this network.

Description :

This host is running a RIP-2 agent.

RIP-2 requests can be authenticated but Nessus cannot check this in
the current configuration.

If authentication is not implemented, an attacker on the same network
may feed the target machine bogus routes and hijack network
connections.

Note that this may be a false positive.

Solution :

Either disable the RIP agent if it is not used or implement RIP-2
authentication.

Risk factor :

Medium / CVSS Base Score : 5.4
(CVSS2#AV:A/AC:M/Au:N/C:P/I:P/A:P)

RIP-1 Poisoning:
Synopsis :

It may be possible to hijack connections on this network.

Description :

This host is running a RIP-1 agent.

RIP-1 does not implement authentication. An attacker on the same
network may feed the target machine bogus routes and hijack network
connections.

Note that Nessus cannot test this flaw as it is not running on the
same network.

Solution :

Either disable the RIP agent if it is not used or use RIP-2 and
implement authentication.

Risk factor :

Medium / CVSS Base Score : 5.8
(CVSS2#AV:A/AC:L/Au:N/C:P/I:P/A:P)

RIP Poisoning (Adjacent Network):
Synopsis :

Routing tables can be modified.

Description :

It was possible to poison the remote host routing tables through the
RIP protocol.

An attacker may use this to hijack network connections.

Several RIP agents reject routes that are not sent by a neighbor, so
this flaw may not be exploitable from a non-adjacent network.

Solution :

Either disable the RIP listener if it is not used, use RIP-2 in
conjunction with authentication, or use another routing protocol.

Risk factor :

Medium / CVSS Base Score : 5.8
(CVSS2#AV:A/AC:L/Au:N/C:P/I:P/A:P)

USN793-1 : linux, linux-source-2.6.15 vulnerabilities:
Synopsis :

These remote packages are missing security patches :
- linux-doc-2.6.15
- linux-doc-2.6.24
- linux-doc-2.6.27
- linux-doc-2.6.28
- linux-headers-2.6.15-54
- linux-headers-2.6.15-54-386
- linux-headers-2.6.15-54-686
- linux-headers-2.6.15-54-amd64-generic
- linux-headers-2.6.15-54-amd64-k8
- linux-headers-2.6.15-54-amd64-server
- linux-headers-2.6.15-54-amd64-xeon
- linux-headers-2.6.15-54-k7
- linux-headers-2.6.15-54-powerpc
- linux-headers-2.6.15-54-powerpc-smp
- linux-headers-2.6.15-54-powe
[...]

Description :

Igor Zhbanov discovered that NFS clients were able to create device nodes
even when root_squash was enabled. An authenticated remote attacker
could create device nodes with open permissions, leading to a loss of
privacy or escalation of privileges. Only Ubuntu 8.10 and 9.04 were
affected. (CVE-2009-1072)

Dan Carpenter discovered that SELinux did not correctly handle
certain network checks when running with compat_net=1. A local
attacker could exploit this to bypass network checks. Default Ubuntu
installations do not enable SELinux, and only Ubuntu 8.10 and 9.04 were
affected. (CVE-2009-1184)

Shaohua Li discovered that memory was not correctly initialized in the
AGP subsystem. A local attacker could potentially read kernel memory,
leading to a loss of privacy. (CVE-2009-1192)

Benjamin Gilbert discovered that the VMX implementation of KVM did
not correctly handle certain registers. An attacker in a guest VM
could exploit this to cause a host system crash, leading to a denial
of service. This only affe
[...]

Solution :

Upgrade to :
- linux-doc-2.6.15-2.6.15-54.77 (Ubuntu 6.06)
- linux-doc-2.6.24-2.6.24-24.55 (Ubuntu 8.04)
- linux-doc-2.6.27-2.6.27-14.35 (Ubuntu 8.10)
- linux-doc-2.6.28-2.6.28-13.45 (Ubuntu 9.04)
- linux-headers-2.6.15-54-2.6.15-54.77 (Ubuntu 6.06)
- linux-headers-2.6.15-54-386-2.6.15-54.77 (Ubuntu 6.06)
- linux-headers-2.6.15-54-686-2.6.15-54.77 (Ubuntu 6.06)
- linux-headers-2.6.15-54-amd64-generic-2.6.15-54.77 (Ubuntu 6.06)
- linux-headers-2.6.15-54-amd64-k8-2.6.15-54.77 (Ubuntu 6.06)
- linux-headers-2
[...]

Risk factor :

High / CVSS Base Score : 7.8
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C)

CentOS : RHSA-2009-1134:
Synopsis :

The remote host is missing a security update.

Description :

The remote CentOS system is missing a security update which has been
documented in Red Hat advisory RHSA-2009-1134.

See also :

https://rhn.redhat.com/errata/RHSA-2009-1134.html

Solution :

Upgrade to the newest packages by doing :

yum update

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)

RHSA-2009-1134: seamonkey:
Synopsis :

The remote host is missing the patch for the advisory RHSA-2009-1134

Description :

Updated seamonkey packages that fix a security issue are now available for
Red Hat Enterprise Linux 3 and 4.

This update has been rated as having important security impact by the Red
Hat Security Response Team.

SeaMonkey is an open source Web browser, email and newsgroup client, IRC
chat client, and HTML editor.

A flaw was found in the way that SeaMonkey parsed malformed HTML mail
messages. If a user opened a specially-crafted HTML mail message, it could
cause SeaMonkey to crash or, possibly, to execute arbitrary code as the
user running SeaMonkey. (CVE-2009-2210)

All SeaMonkey users should upgrade to these updated packages, which correct
this issue. After installing the update, SeaMonkey must be restarted for
the changes to take effect.

See also :

http://rhn.redhat.com/errata/RHSA-2009-1134.html

Solution :

Get the newest RedHat Updates.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)

RHSA-2009-1132: kernel:
Synopsis :

The remote host is missing the patch for the advisory RHSA-2009-1132

Description :

Updated kernel packages that fix several security issues and various bugs
are now available for Red Hat Enterprise Linux 4.

This update has been rated as having important security impact by the Red
Hat Security Response Team.

The kernel packages contain the Linux kernel, the core of any Linux
operating system.

These updated packages fix the following security issues:

* a flaw was found in the Intel PRO/1000 network driver in the Linux
kernel. Frames with sizes near the MTU of an interface may be split across
multiple hardware receive descriptors. Receipt of such a frame could leak
through a validation check, leading to a corruption of the length check. A
remote attacker could use this flaw to send a specially-crafted packet that
would cause a denial of service. (CVE-2009-1385, Important)

* the Linux kernel Network File System daemon (nfsd) implementation did not
drop the CAP_MKNOD capability when handling requests from local,
unprivileged users. This flaw could possibly lead to an information leak or
privilege escalation. (CVE-2009-1072, Moderate)

* Frank Filz reported the NFSv4 client was missing a file permission check
for the execute bit in some situations. This could allow local,
unprivileged users to run non-executable files on NFSv4 mounted file
systems. (CVE-2009-1630, Moderate)

* a missing check was found in the hypervisor_callback() function in the
Linux kernel provided by the kernel-xen package. This could cause a denial
of service of a 32-bit guest if an application running in that guest
accesses a certain memory location in the kernel. (CVE-2009-1758, Moderate)

* a flaw was found in the AGPGART driver. The agp_generic_alloc_page() and
agp_generic_alloc_pages() functions did not zero out the memory pages they
allocate, which may later be available to user-space processes. This flaw
could possibly lead to an information leak. (CVE-2009-1192, Low)

These updated packages also fix the following bugs:

* "/proc/[pid]/maps" and "/proc/[pid]/smaps" can only be read by processes
able to use the ptrace() call on a given process
however, certain
information from "/proc/[pid]/stat" and "/proc/[pid]/wchan" could be used
to reconstruct memory maps, making it possible to bypass the Address Space
Layout Randomization (ASLR) security feature. This update addresses this
issue. (BZ#499549)

* in some situations, the link count was not decreased when renaming unused
files on NFS mounted file systems. This may have resulted in poor
performance. With this update, the link count is decreased in these
situations, the same as is done for other file operations, such as unlink
and rmdir. (BZ#501802)

* tcp_ack() cleared the probes_out variable even if there were outstanding
packets. When low TCP keepalive intervals were used, this bug may have
caused problems, such as connections terminating, when using remote tools
such as rsh and rlogin. (BZ#501754)

* off-by-one errors in the time normalization code could have caused
clock_gettime() to return one billion nanoseconds, rather than adding an
extra second. This bug could have caused the name service cache daemon
(nscd) to consume excessive CPU resources. (BZ#501800)

* a system panic could occur when one thread read "/proc/bus/input/devices"
while another was removing a device. With this update, a mutex has been
added to protect the input_dev_list and input_handler_list variables, which
resolves this issue. (BZ#501804)

* using netdump may have caused a kernel deadlock on some systems.
(BZ#504565)

* the file system mask, which lists capabilities for users with a file
system user ID (fsuid) of 0, was missing the CAP_MKNOD and
CAP_LINUX_IMMUTABLE capabilities. This could, potentially, allow users with
an fsuid other than 0 to perform actions on some file system types that
would otherwise be prevented. This update adds these capabilities. (BZ#497269)

All Red Hat Enterprise Linux 4 users should upgrade to these updated
packages, which contain backported patches to resolve these issues. Note:
The system must be rebooted for this update to take effect.

See also :

http://rhn.redhat.com/errata/RHSA-2009-1132.html

Solution :

Get the newest RedHat Updates.

Risk factor :

High / CVSS Base Score : 7.8
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C)

MDVSA-2009:147: pidgin:
Synopsis :

The remote host is missing the patch for the advisory MDVSA-2009:147 (pidgin).

Description :

Security vulnerabilities has been identified and fixed in pidgin:
Buffer overflow in the XMPP SOCKS5 bytestream server in Pidgin
(formerly Gaim) before 2.5.6 allows remote authenticated users to
execute arbitrary code via vectors involving an outbound XMPP file
transfer. NOTE: some of these details are obtained from third party
information (CVE-2009-1373).
Buffer overflow in the decrypt_out function in Pidgin (formerly Gaim)
before 2.5.6 allows remote attackers to cause a denial of service
(application crash) via a QQ packet (CVE-2009-1374).
The PurpleCircBuffer implementation in Pidgin (formerly Gaim) before
2.5.6 does not properly maintain a certain buffer, which allows
remote attackers to cause a denial of service (memory corruption
and application crash) via vectors involving the (1) XMPP or (2)
Sametime protocol (CVE-2009-1375).
Multiple integer overflows in the msn_slplink_process_msg functions in
the MSN protocol handler in (1) libpurple/protocols/msn/slplink.c and
(2) libpurple/protocols/msnp9/slplink.c in Pidgin (formerly Gaim)
before 2.5.6 on 32-bit platforms allow remote attackers to execute
arbitrary code via a malformed SLP message with a crafted offset
value, leading to buffer overflows. NOTE: this issue exists because
of an incomplete fix for CVE-2008-2927 (CVE-2009-1376).
This update provides pidgin 2.5.8, which is not vulnerable to these
issues.

See also :

http://wwwnew.mandriva.com/security/advisories?name=MDVSA-2009:147

Solution :

Apply the newest security patches from Mandriva.

Risk factor :

Medium / CVSS Base Score : 6.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)

MDVSA-2009:141: mozilla-thunderbird:
Synopsis :

The remote host is missing the patch for the advisory MDVSA-2009:141 (mozilla-thunderbird).

Description :

A number of security vulnerabilities have been discovered for
Mozilla Thunderbird version 2.0.0.21 (CVE-2009-1302, CVE-2009-1303,
CVE-2009-1304, CVE-2009-1305, CVE-2009-1306, CVE-2009-1307,
CVE-2009-1308, CVE-2009-1309, CVE-2009-2210, CVE-2009-1392,
CVE-2009-1832, CVE-2009-1833, CVE-2009-1838, CVE-2009-1836,
CVE-2009-1840, CVE-2009-1841).
This update provides the latest Thunderbird to correct these issues.

See also :

http://wwwnew.mandriva.com/security/advisories?name=MDVSA-2009:141

Solution :

Apply the newest security patches from Mandriva.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)

[GLSA-200906-05] Wireshark: Multiple vulnerabilities:
Synopsis :

The remote host is missing the GLSA-200906-05 security update.

Description :

The remote host is affected by the vulnerability described in GLSA-200906-05
(Wireshark: Multiple vulnerabilities)

Multiple vulnerabilities have been discovered in Wireshark:
David Maciejak discovered a vulnerability in packet-usb.c in the USB
dissector via a malformed USB Request Block (URB) (CVE-2008-4680).
Florent Drouin and David Maciejak reported an unspecified vulnerability
in the Bluetooth RFCOMM dissector (CVE-2008-4681).
A malformed Tamos CommView capture file (aka .ncf file) with an
"unknown/unexpected packet type" triggers a failed assertion in wtap.c
(CVE-2008-4682).
An unchecked packet length parameter in the dissect_btacl() function in
packet-bthci_acl.c in the Bluetooth ACL dissector causes an erroneous
tvb_memcpy() call (CVE-2008-4683).
A vulnerability where packet-frame does not properly handle exceptions
thrown by post dissectors caused by a certain series of packets
(CVE-2008-4684).
Mike Davies reported a use-after-free vulnerability in the
dissect_q931_cause_ie() function in packet-q931.c in the Q.931
dissector via certain packets that trigger an exception
(CVE-2008-4685).
The Security Vulnerability Research Team of Bkis reported that the SMTP
dissector could consume excessive amounts of CPU and memory
(CVE-2008-5285).
The vendor reported that the WLCCP dissector could go into an infinite
loop (CVE-2008-6472).
babi discovered a buffer overflow in wiretap/netscreen.c via a
malformed NetScreen snoop file (CVE-2009-0599).
A specially crafted Tektronix K12 text capture file can cause an
application crash (CVE-2009-0600).
A format string vulnerability via format string specifiers in the HOME
environment variable (CVE-2009-0601).
THCX Labs reported a format string vulnerability in the
PROFINET/DCP (PN-DCP) dissector via a PN-DCP packet with format string
specifiers in the station name (CVE-2009-1210).
An unspecified vulnerability with unknown impact and attack vectors
(CVE-2009-1266).
Marty Adkins and Chris Maynard discovered a parsing error in the
dissector for the Check Point High-Availability Protocol (CPHAP)
(CVE-2009-1268).
Magnus Homann discovered a parsing error when loading a Tektronix .rf5
file (CVE-2009-1269).
The vendor reported that the PCNFSD dissector could crash
(CVE-2009-1829).

Impact

A remote attacker could exploit these vulnerabilities by sending
specially crafted packets on a network being monitored by Wireshark or
by enticing a user to read a malformed packet trace file which can
trigger a Denial of Service (application crash or excessive CPU and
memory usage) and possibly allow for the execution of arbitrary code
with the privileges of the user running Wireshark.

Workaround

There is no known workaround at this time.

See also :

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4680
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4681
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4682
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4683
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4684
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4685
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5285
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-6472
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0599
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0600
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0601
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1210
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1266
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1268
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1269
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1829
http://www.gentoo.org/security/en/glsa/glsa-200906-05.xml

Solution :

All Wireshark users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-analyzer/wireshark-1.0.8"

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

FreeBSD : phpmyadmin -- XSS vulnerability (5142):
Synopsis :

The remote host is missing a security update

Description :

The following package needs to be updated: phpMyAdmin

See also :

http://www.phpmyadmin.net/home_page/security/PMASA-2009-5.php
http://www.FreeBSD.org/ports/portaudit/ba73f494-65a8-11de-aef5-001c2514716c.html

Solution :

Update the package on the remote host

Risk factor :

High

FreeBSD : nagios -- Command Injection Vulnerability (5141):
Synopsis :

The remote host is missing a security update

Description :

The following package needs to be updated: nagios-devel

See also :

http://secunia.com/advisories/35543
http://tracker.nagios.org/view.php?id=15
http://www.FreeBSD.org/ports/portaudit/3ebd4cb5-657f-11de-883a-00e0815b8da8.html

Solution :

Update the package on the remote host

Risk factor :

High

Solaris 9 (x86) : 141397-01:
Synopsis :

The remote host is missing Sun Security Patch number 141397-01

Description :

SunOS 5.9_x86: usr/sbin/ntpq patch.
Date this patch was last updated by Sun : Jun/29/09

See also :

http://sunsolve.sun.com/search/document.do?assetkey=1-21-141397-01-1

Solution :

You should install this patch for your system to be up-to-date.

Risk factor :

Medium

Solaris 9 (sparc) : 141396-01:
Synopsis :

The remote host is missing Sun Security Patch number 141396-01

Description :

SunOS 5.9: usr/sbin/ntpq patch.
Date this patch was last updated by Sun : Jun/29/09

See also :

http://sunsolve.sun.com/search/document.do?assetkey=1-21-141396-01-1

Solution :

You should install this patch for your system to be up-to-date.

Risk factor :

Medium

Solaris 10 (x86) : 141021-01:
Synopsis :

The remote host is missing Sun Security Patch number 141021-01

Description :

SunOS 5.10_x86: ipf ipftest patch.
Date this patch was last updated by Sun : Jun/29/09

See also :

http://sunsolve.sun.com/search/document.do?assetkey=1-21-141021-01-1

Solution :

You should install this patch for your system to be up-to-date.

Risk factor :

High

Solaris 10 (sparc) : 141020-01:
Synopsis :

The remote host is missing Sun Security Patch number 141020-01

Description :

SunOS 5.10: ipf ipftest patch.
Date this patch was last updated by Sun : Jun/29/09

See also :

http://sunsolve.sun.com/search/document.do?assetkey=1-21-141020-01-1

Solution :

You should install this patch for your system to be up-to-date.

Risk factor :

High

MDVSA-2009:146: imap:
Synopsis :

The remote host is missing the patch for the advisory MDVSA-2009:146 (imap).

Description :

Security vulnerabilities has been identified and fixed in University
of Washington IMAP Toolkit:
Multiple stack-based buffer overflows in (1) University of Washington
IMAP Toolkit 2002 through 2007c, (2) University of Washington Alpine
2.00 and earlier, and (3) Panda IMAP allow (a) local users to gain
privileges by specifying a long folder extension argument on the
command line to the tmail or dmail program
and (b) remote attackers to
execute arbitrary code by sending e-mail to a destination mailbox name
composed of a username and '+' character followed by a long string,
processed by the tmail or possibly dmail program (CVE-2008-5005).
smtp.c in the c-client library in University of Washington IMAP Toolkit
2007b allows remote SMTP servers to cause a denial of service (NULL
pointer dereference and application crash) by responding to the QUIT
command with a close of the TCP connection instead of the expected
221 response code (CVE-2008-5006).
Off-by-one error in the rfc822_output_char function in the RFC822BUFFER
routines in the University of Washington (UW) c-client library, as
used by the UW IMAP toolkit before imap-2007e and other applications,
allows context-dependent attackers to cause a denial of service (crash)
via an e-mail message that triggers a buffer overflow (CVE-2008-5514).
The updated packages have been patched to prevent this. Note that the
software was renamed to c-client starting from Mandriva Linux 2009.0
and only provides the shared c-client library for the imap functions
in PHP.

See also :

http://wwwnew.mandriva.com/security/advisories?name=MDVSA-2009:146

Solution :

Apply the newest security patches from Mandriva.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

MDVA-2009:122: timezone:
Synopsis :

The remote host is missing the patch for the advisory MDVA-2009:122 (timezone).

Description :

Updated timezone packages are being provided for older Mandriva Linux
systems that do not contain new Daylight Savings Time information
and Time Zone information for some locations. These updated packages
contain the new information.

See also :

http://wwwnew.mandriva.com/security/advisories?name=MDVA-2009:122

Solution :

Apply the newest security patches from Mandriva.

Risk factor :

High

[GLSA-200906-04] Apache Tomcat JK Connector: Information disclosure:
Synopsis :

The remote host is missing the GLSA-200906-04 security update.

Description :

The remote host is affected by the vulnerability described in GLSA-200906-04
(Apache Tomcat JK Connector: Information disclosure)

The Red Hat Security Response Team discovered that mod_jk does not
properly handle (1) requests setting the "Content-Length" header while
not providing data and (2) clients sending repeated requests very
quickly.

Impact

A remote attacker could send specially crafted requests or a large
number of requests at a time, possibly resulting in the disclosure of a
response intended for another client.

Workaround

There is no known workaround at this time.

See also :

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5519
http://www.gentoo.org/security/en/glsa/glsa-200906-04.xml

Solution :

All Apache Tomcat JK Connector users should upgrade to the latest
version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=www-apache/mod_jk-1.2.27"

Risk factor :

Low / CVSS Base Score : 2.6
(CVSS2#AV:N/AC:H/Au:N/C:P/I:N/A:N)

[GLSA-200906-03] phpMyAdmin: Multiple vulnerabilities:
Synopsis :

The remote host is missing the GLSA-200906-03 security update.

Description :

The remote host is affected by the vulnerability described in GLSA-200906-03
(phpMyAdmin: Multiple vulnerabilities)

Multiple vulnerabilities have been reported in phpMyAdmin:
Greg Ose discovered that the setup script does not sanitize input
properly, leading to the injection of arbitrary PHP code into the
configuration file (CVE-2009-1151).
Manuel Lopez Gallego and
Santiago Rodriguez Collazo reported that data from cookies used in the
"Export" page is not properly sanitized (CVE-2009-1150).

Impact

A remote unauthorized attacker could exploit the first vulnerability to
execute arbitrary code with the privileges of the user running
phpMyAdmin and conduct Cross-Site Scripting attacks using the second
vulnerability.

Workaround

Removing the "scripts/setup.php" file protects you from CVE-2009-1151.

See also :

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1150
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1151
http://www.gentoo.org/security/en/glsa/glsa-200906-03.xml

Solution :

All phpMyAdmin users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-db/phpmyadmin-2.11.9.5"

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)

[DSA1824] DSA-1824-1 phpmyadmin:
Synopsis :

The remote host is missing the DSA-1824 security update

Description :

Several remote vulnerabilities have been discovered in phpMyAdmin, a tool
to administer MySQL over the web. The Common Vulnerabilities and Exposures
project identifies the following problems:
CVE-2009-1150
Cross site scripting vulnerability in the export page allow for an
attacker that can place crafted cookies with the user to inject
arbitrary web script or HTML.
CVE-2009-1151
Static code injection allows for a remote attacker to inject arbitrary
code into phpMyAdmin via the setup.php script. This script is in Debian
under normal circumstances protected via Apache authentication.
However, because of a recent worm based on this exploit, we are patching
it regardless, to also protect installations that somehow still expose
the setup.php script.
For the old stable distribution (etch), these problems have been fixed in
version 2.9.1.1-11.
For the stable distribution (lenny), these problems have been fixed in
version 2.11.8.1-5+lenny1.

See also :

http://www.debian.org/security/2009/dsa-1824

Solution :

The Debian project recommends that you upgrade your phpmyadmin package.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)

[DSA1823] DSA-1823-1 samba:
Synopsis :

The remote host is missing the DSA-1823 security update

Description :

Several vulnerabilities have been discovered in Samba, a SMB/CIFS file,
print, and login server. The Common Vulnerabilities and Exposures project
identifies the following problems:
CVE-2009-1886
The smbclient utility contains a formatstring vulnerability where
commands dealing with file names treat user input as format strings
to asprintf.
CVE-2009-1888
In the smbd daemon, if a user is trying to modify an access control
list (ACL) and is denied permission, this deny may be overridden if
the parameter "dos filemode" is set to "yes" in the smb.conf and the
user already has write access to the file.
The old stable distribution (etch) is not affected by these problems.
For the stable distribution (lenny), these problems have been fixed in
version 3.2.5-4lenny6.

See also :

http://www.debian.org/security/2009/dsa-1823

Solution :

The Debian project recommends that you upgrade your samba package.

Risk factor :

High

SSA-2009-181-01 ghostscript :
Synopsis :

The remote host is missing the SSA-2009-181-01 security update

Description :

New ghostscript packages are available for Slackware 12.1, 12.2, and -current
to fix security issues.

More details about this issue may be found in the Common
Vulnerabilities and Exposures (CVE) database:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0196
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0583
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0584
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0792

Solution :

Update the packages that are referenced in the security advisory.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)

MDVSA-2009:145: php:
Synopsis :

The remote host is missing the patch for the advisory MDVSA-2009:145 (php).

Description :

A vulnerability has been found and corrected in PHP:
- Fixed upstream bug #48378 (exif_read_data() segfaults on certain
corrupted .jpeg files).
The updated packages have been patched to correct these issues.

See also :

http://wwwnew.mandriva.com/security/advisories?name=MDVSA-2009:145

Solution :

Apply the newest security patches from Mandriva.

Risk factor :

High

[GLSA-200906-02] Ruby: Denial of Service:
Synopsis :

The remote host is missing the GLSA-200906-02 security update.

Description :

The remote host is affected by the vulnerability described in GLSA-200906-02
(Ruby: Denial of Service)

Tadayoshi Funaba reported that BigDecimal in
ext/bigdecimal/bigdecimal.c does not properly handle string arguments
containing overly long numbers.

Impact

A remote attacker could exploit this issue to remotely cause a Denial
of Service attack.

Workaround

There is no known workaround at this time.

See also :

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1904
http://www.gentoo.org/security/en/glsa/glsa-200906-02.xml

Solution :

All Ruby users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-lang/ruby-1.8.6_p369"

Risk factor :

Medium

Shockwave Player APSB09-08:
Synopsis :

The remote Windows host contains a browser plugin that is affected by
a pointer overwrite vulnerability.

Description :

The remote Windows host contains a version of Adobe's Shockwave Player
that is earlier than 11.5.0.600. Such versions are reportedly
affected by a vulnerability that can be triggered using a specially
crafted Adobe Director File to overwrite a 4-byte memory location
during a memory dereference. If an attacker can trick a user of the
affected software into opening such a file, he can leverage this issue
to execute arbitrary code with the privileges of that user.

See also :

http://www.zerodayinitiative.com/advisories/ZDI-09-044/
http://www.adobe.com/support/security/bulletins/apsb09-08.html

Solution :

Uninstall all instances of Shockwave Player version 11.5.0.596 and
earlier, restart the system, and then install version 11.5.0.600 or
later.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)

Timbuktu Pro < 8.6.7 PlughNTCommand Named Pipe Remote Stack Buffer Overflow:
Synopsis :

The remote Windows host contains a program that is prone to a remote
buffer overflow attack.

Description :

The remote Windows host contains a version of Motorola Inc.'s Timbuktu
Pro that is earlier than 8.6.7. Timbuktu Pro allows remote access to
a computer's desktop, and versions before 8.6.7 reportedly contain a
stack buffer overflow that can be triggered when the 'PlughNTCommand'
named pipe receives an overly large character string. An
unauthenticated remote attacker can leverage this issue to crash the
affected application or to execute arbitrary code with SYSTEM
privileges.

See also :

http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=809
http://www.securityfocus.com/archive/1/504554/30/0/threaded
http://www.nessus.org/u?41cf5a58

Solution :

Upgrade to Timbuktu Pro for Windows version 8.6.7 or later.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

MDVSA-2009:144: ghostscript:
Synopsis :

The remote host is missing the patch for the advisory MDVSA-2009:144 (ghostscript).

Description :

Multiple security vulnerabilities has been identified and fixed
in ghostscript:
Multiple integer overflows in JasPer 1.900.1 might allow
context-dependent attackers to have an unknown impact via a crafted
image file, related to integer multiplication for memory allocation
(CVE-2008-3520).
Buffer overflow in the jas_stream_printf function in
libjasper/base/jas_stream.c in JasPer 1.900.1 might allow
context-dependent attackers to have an unknown impact via
vectors related to the mif_hdr_put function and use of vsprintf
(CVE-2008-3522).
Previousely the ghostscript packages were statically built against
a bundled and private copy of the jasper library. This update makes
ghostscript link against the shared system jasper library which
makes it easier to address presumptive future security issues in the
jasper library.

See also :

http://wwwnew.mandriva.com/security/advisories?name=MDVSA-2009:144

Solution :

Apply the newest security patches from Mandriva.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

This is the web site for the Nessus Vulnerability Scanner from Tenable Network Security. If you are looking for the probabilistic analysis software from Southwest Research Institute, please visit www.nessus.swri.org