The Passive Vulnerability Scanner (PVS) Plugins
http://www.tenablesecurity.com/tenable_plugins.pdf
All the newest security checks for the Tenable Passive Vulnerability Scanner (PVS)PVS Pluginshttp://www.tenablesecurity.com/images/RssLogo.jpg
http://www.tenablesecurity.com/
OpenSSH < 5.7 Multiple Vulnerabilities
Synopsis :\n\nThe remote SSH service may be affected by multiple vulnerabilities.\n\nFor your information, the observed version of OpenSSH installed on the remote host is : \n %L \n\nVersions of OpenSSH server before 5.7 may be affected by the following vulnerabilities :\n\n - A security bypass vulnerability because OpenSSH does not properly validate the public parameters in the J-PAKE protocol. This could allow an attacker to authenticate without the shared secret. Note that this issue is only exploitable when OpenSSH is built with J-PAKE support, which is currently experimental and disabled by default. (CVE-2010-4478)\n\n - The auth_parse options function in auth-options.c in sshd provides debug messages containing authorized_keys command options, which allows remote authenticated users to obtain potentially sensitive information by reading these messages. (CVE-2012-0841)
Copyright Tenable Network Security Inc. 2012]]>2012-02-01T19:31:00-05:00
http://www.tenablesecurity.com/6300.html
Samba 3.6.x < 3.6.3 Denial of Service
Synopsis :\n\nThe remote Samba server is affected by a denial of service vulnerability.\n\nFor your information, the observed version of Samba is :\n %L \n\nAccording to its banner, the version of Samba 3.6.x running on the remote host is earlier than 3.6.3. Errors exist in the files 'source3/lib/substitute.c' and 'source3/smbd/server.c' that leak small amounts of memory when processing every connection attempt.\n\nAn attacker can continually make connections to the server and cause a denial of service attack against the affected smbd service.
Copyright Tenable Network Security Inc. 2012]]>2012-02-01T15:28:00-05:00
http://www.tenablesecurity.com/6299.html
PCAnywhere Detection
The remote host is running PCAnywhere, an application that allows remote users to connect to a Windows desktop and work remotely.
Solution :
Ensure that you are running the latest version of PCAnywhere.
Risk factor :
INFO
Copyright Tenable Network Security Inc. 2012]]>2012-02-01T15:28:00-05:00
http://www.tenablesecurity.com/6298.html
Android 2.3 < 2.3.6 Information Disclosure
Synopsis :\n\nThe remote host is affected by an information disclosure vulnerability.\n\nFor your information, the observed version of Android OS installed on the remote device is : \n %L \n\nVersions of Android OS earlier than 2.3.6 are potentially affected by an information disclosure vulnerability. The bluetooth stack used by Android 2.3 allows a physically proximate attacker to obtain contact information from a target device via AT phonebook transfer.
Copyright Tenable Network Security Inc. 2012]]>2012-01-31T15:27:00-05:00
http://www.tenablesecurity.com/6297.html
CentOS version detection
The remote host is running CentOS version: %L.
Solution :
Ensure that host is up to date on security updates and in accordance to company policy.
Risk factor :
INFO
Copyright Tenable Network Security Inc. 2012]]>2012-01-25T17:51:00-05:00
http://www.tenablesecurity.com/6296.html
Opera < 11.61 Multiple Vulnerabilities
Synopsis :\n\nThe remote host has a web browser installed that is vulnerable to multiple attack vectors.\n\nThe remote host is running the Opera web browser. For your information, the observed version of Opera is : \n %L \n\nVersions of Opera earlier than 11.61 are potentially affected by multiple vulnerabilities :\n\n - It is possible to manipulate framed content in a way that allows cross-site scripting. (Issue 1007)\n\n - Script events can be used to reveal the presence of local files. (Issue 1008)
Copyright Tenable Network Security Inc. 2012]]>2012-01-25T17:51:00-05:00
http://www.tenablesecurity.com/6295.html
Google Chrome < 16.0.912.77 Multiple Vulnerabilities
Synopsis :\n\nThe remote host contains a web browser that is vulnerable to multiple attack vectors.\n\nFor your information, the observed version of Google Chrome is :\n %L \n\nVersions of Google Chrome earlier than 16.0.912.77 are potentially affected by multiple vulnerabilities :\n\n - Use-after-free errors exist related to DOM selections, DOM handling, and Safe Browsing functionality. (CVE-2011-3924, CVE-2011-3925, CVE-2011-3928)\n\n - A heap-based buffer overflow exists in the 'tree builder'. (CVE-2011-3926)\n\n - An error exists related to an uninitialized value in 'Skia'. (CVE-2011-3927)
Copyright Tenable Network Security Inc. 2012]]>2012-01-25T17:51:00-05:00
http://www.tenablesecurity.com/6294.html
Schweitzer Engineering Laboratories (SEL) Management Server Detection (SCADA) default level 1 credentials
Synopsis :\n\nThe remote SCADA device is configured with default credentials\n\nThe remote server is a SCHWEITZER ENGINEERING LABORATORIES (SEL) management server. The server is configured with the default password of 'OTTER' for level 1 access.
Solution :
Change default passwords
Risk factor :
MEDIUM
Copyright Tenable Network Security Inc. 2012]]>2012-01-24T11:32:00-05:00
http://www.tenablesecurity.com/6293.html
Netwave Video server detection
Synopsis:\n\nThe remote server is used as an audio/video device.\n\nThe remote host is a Netwave video server. The exact product name is : %L
Solution :
Ensure that this service is authorized for your network
Risk factor :
INFO
Copyright Tenable Network Security Inc. 2012]]>2012-01-23T19:30:00-05:00
http://www.tenablesecurity.com/6292.html
SIP server deteciton
Synopsis:\n\nThe remote server is used as an audio/video device.\n\nThe remote host is using the Session Initiation Protocol (SIP) which is a communication protocol for video and voice calls over the Internet.
Solution :
Ensure that this service is authorized for your network
Risk factor :
INFO
Copyright Tenable Network Security Inc. 2012]]>2012-01-23T15:29:00-05:00
http://www.tenablesecurity.com/6291.html