Nessus.org Plugins
http://www.nessus.org/scripts.php
All the newest security checks for the Nessus scannerNessus Pluginshttp://www.nessus.org/images/RssLogo.jpg
http://www.nessus.org/
Samba Symlink Traversal Arbitrary File Access
The remote file server is prone to a symlink attack.
Description :
The remote Samba server is configured insecurely and allows a remote
attacker to gain read or possibly write access to arbitrary files on
the affected host. Specifically, if an attacker has a valid Samba
account for a share that is writable or there is a writable share that
is configured to be a guest account share, he can create a symlink
using directory traversal sequences and gain access to files and
directories outside that share.
Note that successful exploitation requires that the Samba server's
'wide links' parameter be set to 'yes', which is the default.
High
]]>
http://www.nessus.org/plugins/index.php?view=single&id=44404
?SuSE 11.2 Security Update: libsnmp15 (2010-02-04)
The remote SuSE system is missing a security patch for libsnmp15
Description :
This update of net-snmp fixes the following bugs:
- truncated walk of hrSWRunPath (bnc#565586)
- crash when 64-bit counters wrap (bnc#523553)
- unknown host names in snmp traps (bnc#514333)
- sensitive host information disclosure (bnc#475532,
CVE-2008-6123)
Run yast to install the security patch for libsnmp15
Risk factor :
Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)
]]>
http://www.nessus.org/plugins/index.php?view=single&id=44403
?MDVSA-2010:033: squid
The remote host is missing the patch for the advisory MDVSA-2010:033 (squid).
Description :
A vulnerability have been discovered and corrected in Squid 2.x,
3.0 through 3.0.STABLE22, and 3.1 through 3.1.0.15, which allows
remote attackers to cause a denial of service (assertion failure)
via a crafted DNS packet that only contains a header (CVE-2010-0308).
This update provides a fix to this vulnerability.
Medium / CVSS Base Score : 4.0
(CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P)
]]>
http://www.nessus.org/plugins/index.php?view=single&id=44402
?SMB Service Config Enumeration
It is possible to enumerate configuration parameters of remote
services.
Description :
This plugin implements the QueryServiceConfig() calls to obtain,
using the SMB protocol, the launch parameters of each active service
on the remote host (executable path, log on type, etc).
Solution :
Ensure that each service is configured properly.
Risk factor :
None
]]>
http://www.nessus.org/plugins/index.php?view=single&id=44401
?Squid < 3.0.STABLE19 / 3.1.0.14 / 2.6.STABLE23 strListGetItem Function Remote DoS
The remote proxy server is prone to a denial of service attack.
Description :
According to its banner, the version of the Squid proxy caching
server installed on the remote host is older than 3.0.STABLE19 /
3.1.0.14 / 2.6.STABLE23. A bug in the 'strListGetItem()' function in
'src/HttpHeaderTools.c' can result in an infinite loop when processing
a specially crafted auth header with certain comma delimiters.
A remote attacker may be able to leverage this issue to cause a denial
of service.
Amerigo Wang and Eric Sesterhenn discovered that the HFS and ext4
filesystems did not correctly check certain disk structures. If a user
were tricked into mounting a specially crafted filesystem, a remote
attacker could crash the system or gain root privileges. (CVE-2009-4020,
CVE-2009-4308)
It was discovered that FUSE did not correctly check certain requests.
A local attacker with access to FUSE mounts could exploit this to
crash the system or possibly gain root privileges. Ubuntu 9.10 was not
affected. (CVE-2009-4021)
It was discovered that KVM did not correctly decode certain guest
instructions. A local attacker in a guest could exploit this to
trigger high scheduling latency in the host, leading to a denial of
service. Ubuntu 6.06 was not affected. (CVE-2009-4031)
It was discovered that the OHCI fireware driver did not correctly
handle certain ioctls. A local attacker could exploit this to crash
the system, or possibly gain root privileges. Ubuntu 6.06 was not
affected. (CVE-2009-4138)
Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
]]>
http://www.nessus.org/plugins/index.php?view=single&id=44399
?SuSE Security Update: Security update for Linux kernel (kernel-6806)
The remote SuSE system is missing the security patch kernel-6806
Description :
This update fixes a several security issues and various bugs in the SUSE Linux
Enterprise 10 SP 2 kernel.
The following security issues were fixed:
CVE-2009-3556: Two sysfs filers in the qla2xxx driver were worldwriteable,
so users could change SCSI attributes of the qla2xxx driver.
CVE-2009-4536: drivers/net/e1000/e1000_main.c in the e1000 driver in the
Linux kernel handles Ethernet frames that exceed the MTU by processing
certain trailing payload data as if it were a complete frame, which
allows remote attackers to bypass packet filters via a large packet with
a crafted payload.
(The e1000e driver is not included in the SLES 10 SP2 kernel, so CVE-2009-4538
does not affect this kernel.)
Solution :
Install the security patch kernel-6806
Risk factor :
Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
]]>
http://www.nessus.org/plugins/index.php?view=single&id=44398
?Solaris Unbundled (sparc) : 138195-03
The remote host is missing Sun Security Patch number 138195-03
Description :
Service Tags 1.0: patch for Solaris 10.
Date this patch was last updated by Sun : Feb/04/10
You should install this patch for your system to be up-to-date.
Risk factor :
High
]]>
http://www.nessus.org/plugins/index.php?view=single&id=44397
?MDVSA-2010:032: rootcerts
The remote host is missing the patch for the advisory MDVSA-2010:032 (rootcerts).
Description :
It was brought to our attention by Ludwig Nussel at SUSE the md5
collision certificate should not be included. This update removes
the offending certificate.
Packages for 2008.0 are provided for Corporate Desktop 2008.0
customers.
The mozilla nss library has consequently been rebuilt to pickup these
changes and are also being provided.
High / CVSS Base Score : 7.8
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C)
]]>
http://www.nessus.org/plugins/index.php?view=single&id=44395
?IBM Tivoli Monitoring Service Console Detection
A system monitoring console was detected on the remote web server.
Description :
Tivoli Monitoring Service Console, a web interface for running system
diagnostics, is hosted on the remote web server. This software is
included with some IBM products, such as DB2.
None
]]>
http://www.nessus.org/plugins/index.php?view=single&id=44394
?OCS Inventory NG Server Administration Console header.php login Parameter SQL Injection
The remote web server is hosting a PHP application that is vulnerable
to a SQL-injection attack.
Description :
The version of the OCS Inventory NG Server Administration Console
hosted on the remote web server fails to properly sanitize user
supplied input to the 'login' parameter of the 'header.php' script.
Provided PHP's 'magic_quotes_gpc' setting is disabled, an attacker can
exploit this to bypass authentication and thereby gain access to the
administrative interface.
Upgrade to OCS Inventory NG Management Server version 1.3beta4 /
1.02.2 or later as those versions have been determined to address the
vulnerability.
Risk factor :
High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
]]>
http://www.nessus.org/plugins/index.php?view=single&id=44393
?OCS Inventory NG Server Administration Console Detection
The remote web server is hosting an asset management application
written in PHP.
Description :
The remote web server is hosting the OCS Inventory NG Server
Administration console, a PHP application for managing computing
assets.
High
]]>
http://www.nessus.org/plugins/index.php?view=single&id=44390
?SuSE Security Update: fuse (2010-01-26)
The remote SuSE system is missing a security patch for fuse
Description :
A race condition in fusermount allowed users to umount any filesystem (CVE-2009-3297). This has been fixed.
High
]]>
http://www.nessus.org/plugins/index.php?view=single&id=44389
?Solaris 10 (x86) : 140160-02
The remote host is missing Sun Security Patch number 140160-02
Description :
SunOS 5.10_x86: rsh/rlogin/rcp/rdist patch.
Date this patch was last updated by Sun : Feb/02/10
You should install this patch for your system to be up-to-date.
Risk factor :
High
]]>
http://www.nessus.org/plugins/index.php?view=single&id=44388
?Solaris 10 (sparc) : 140159-02
The remote host is missing Sun Security Patch number 140159-02
Description :
SunOS 5.10: rsh/rlogin/rcp/rdist patch.
Date this patch was last updated by Sun : Feb/02/10