Nessus.org Plugins
http://www.nessus.org/scripts.php
All the newest security checks for the Nessus scannerNessus Pluginshttp://www.nessus.org/images/RssLogo.jpg
http://www.nessus.org/
Opera < 9.51 Multiple Vulnerabilities
Synopsis :
The remote host contains a web browser that is affected by several
issues.
Description :
The version of Opera installed on the remote host reportedly is
affected by several issues :
- Specially-crafted HTML canvas elements could reveal data from
random areas of memory.
- An unspecified arbitrary code execution vulnerability.
- Improperly set security status when navigating from HTTP to
HTTPS.
High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)]]>
http://www.nessus.org/plugins/index.php?view=single&id=33396
?Microsoft Dynamics GP < 10.0 Multiple Vulnerabilities
Synopsis :
The remote host contains an application that is affected by multiple
vulnerabilities.
Description :
Microsoft Dynamics GP (formerly known as Great Plains), is installed on
remote host.
The installed version of Microsoft Dynamics GP is affected by multiple
vulnerabilities.
- By sending a specially crafted DPS message with a very long IP address
or a string, to Distributed Process Server (DPS) or Distributed
Process Manager (DPM), it may be possible to overflow a buffer or
execute arbitrary code on the remote system.
- By sending a specially crafted DPS message, containing an invalid magic
number, it may be possible to cause a denial of service condition and
crash the remote system.
- By sending a specially crafted DPM message, it may be possible to
execute arbitrary code on the remote system.
It should be noted that code execution will generally result in system wide
compromise.
A web browser on the remote host is affected by multiple
vulnerabilities.
Description :
The installed version of SeaMonkey is affected by various security
issues :
- A stability problem that could result in a crash during
JavaScript garbage collection (MFSA 2008-20).
- Several stability bugs leading to crashes which, in
some cases, show traces of memory corruption
(MFSA 2008-21).
- A vulnerability involving violation of the same-origin
policy could allow for cross-site scripting attacks
(MFSA 2008-22).
- JavaScript can be injected into the context of signed
JARs and executed under the context of the JAR's signer
(MFSA 2008-23).
- By taking advantage of the privilege level stored in
the pre-compiled 'fastload' file. an attacker may be
able to run arbitrary JavaScript code with chrome
privileges (MFSA 2008-24).
- Arbitrary code execution is possible in
'mozIJSSubScriptLoader.loadSubScript()' (MFSA 2008-25).
- An attacker can steal files from known locations on a
victim's computer via originalTarget and DOM Range
(MFSA 2008-27).
- It is possible for a malicious Java applet to bypass
the same-origin policy and create arbitrary socket
connections to other domains (MFSA 2008-28).
- An improperly encoded '.properties' file in an add-on
can result in uninitialized memory being used, which
could lead to data formerly used by other programs
being exposed to the add-on code (MFSA 2008-29).
- File URLs in directory listings are not properly HTML-
escaped when the filenames contained particular
characters (MFSA 2008-30).
- A weakness in the trust model regarding alt names on
peer-trusted certs could lead to spoofing secure
connections to any other site (MFSA 2008-31).
- URL shortcut files on Windows (for example, saved IE
favorites) could be interpreted as if they were in the
local file context when opened by SeaMonkey, although
the referenced remote content would be downloaded and
displayed (MFSA 2008-32).
- A crash in Mozilla's block reflow code could be used
by an attacker to crash the browser and run arbitrary
code on the victim's computer (MFSA 2008-33).
High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)]]>
http://www.nessus.org/plugins/index.php?view=single&id=33394
?Firefox < 2.0.0.15
Synopsis :
The remote Windows host contains a web browser that is affected by
multiple vulnerabilities.
Description :
The installed version of Firefox is affected by various security
issues :
- Several stability bugs leading to crashes which, in
some cases, show traces of memory corruption
(MFSA 2008-21).
- A vulnerability involving violation of the same-origin
policy could allow for cross-site scripting attacks
(MFSA 2008-22).
- JavaScript can be injected into the context of signed
JARs and executed under the context of the JAR's signer
(MFSA 2008-23).
- By taking advantage of the privilege level stored in
the pre-compiled 'fastload' file. an attacker may be
able to run arbitrary JavaScript code with chrome
privileges (MFSA 2008-24).
- Arbitrary code execution is possible in
'mozIJSSubScriptLoader.loadSubScript()' (MFSA 2008-25).
- An attacker can steal files from known locations on a
victim's computer via originalTarget and DOM Range
(MFSA 2008-27).
- It is possible for a malicious Java applet to bypass
the same-origin policy and create arbitrary socket
connections to other domains (MFSA 2008-28).
- An improperly encoded '.properties' file in an add-on
can result in uninitialized memory being used, which
could lead to data formerly used by other programs
being exposed to the add-on code (MFSA 2008-29).
- File URLs in directory listings are not properly HTML-
escaped when the filenames contained particular
characters (MFSA 2008-30).
- A weakness in the trust model regarding alt names on
peer-trusted certs could lead to spoofing secure
connections to any other site (MFSA 2008-31).
- URL shortcut files on Windows (for example, saved IE
favorites) could be interpreted as if they were in the
local file context when opened by Firefox, although
the referenced remote content would be downloaded and
displayed (MFSA 2008-32).
- A crash in Mozilla's block reflow code could be used
by an attacker to crash the browser and run arbitrary
code on the victim's computer (MFSA 2008-33).
High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)]]>
http://www.nessus.org/plugins/index.php?view=single&id=33393
?Microsoft Dynamics GP Distributed Process Manager Detection
Synopsis :
There is a business accounting software installed on the remote host.
Description :
The remote host is running Microsoft Dynamics GP Distributed Process
Manager. Dynamics GP is a business accounting and management software
solution from Microsoft.
The remote web server contains a PHP script that allows arbitrary
command execution.
Description :
The remote host is running wordtrans-web, a web-based front-end for
wordtrans, for translating words.
The version of wordtrans-web installed on the remote host fails to
sanitize input to the 'advanced' parameter of the 'wordtrans.php'
script before using it in an 'passthru()' statement to execute PHP
code. Provided PHP's 'magic_quotes_gpc' setting is disabled, an
unauthenticated attacker can leverage this issue to execute arbitrary
code on the remote host subject to the privileges of the web server
user id.
Drew Yao discovered several vulnerabilities in Ruby which lead to integer
overflows. If a user or automated system were tricked into running a
malicious script, an attacker could cause a denial of service or execute
arbitrary code with the privileges of the user invoking the program.
(CVE-2008-2662, CVE-2008-2663, CVE-2008-2725, CVE-2008-2726)
Drew Yao discovered that Ruby did not sanitize its input when using ALLOCA.
If a user or automated system were tricked into running a malicious script,
an attacker could cause a denial of service via memory corruption.
(CVE-2008-2664)
These remote packages are missing security patches :
- libssl-dev
- libssl0.9.8
- libssl0.9.8-dbg
- openssl
- openssl-doc
Description :
It was discovered that OpenSSL was vulnerable to a double-free
when using TLS server extensions. A remote attacker could send a
crafted packet and cause a denial of service via application crash
in applications linked against OpenSSL. Ubuntu 8.04 LTS does not
compile TLS server extensions by default. (CVE-2008-0891)
It was discovered that OpenSSL could dereference a NULL pointer.
If a user or automated system were tricked into connecting to a
malicious server with particular cipher suites, a remote attacker
could cause a denial of service via application crash.
(CVE-2008-1672)
USN-617-1 fixed vulnerabilities in Samba. The upstream patch
introduced a regression where under certain circumstances accessing
large files might cause the client to report an invalid packet
length error. This update fixes the problem.
We apologize for the inconvenience.
Original advisory details:
Samba developers discovered that nmbd could be made to overrun
a buffer during the processing of GETDC logon server requests.
When samba is configured as a Primary or Backup Domain Controller,
a remote attacker could send malicious logon requests and possibly
cause a denial of service. (CVE-2007-4572)
Alin Rad Pop of Secunia Research discovered that Samba did not
properly perform bounds checking when parsing SMB replies. A remote
attacker could send crafted SMB packets and execute arbitrary code.
(CVE-2008-1105)
The remote SuSE system is missing the security patch clamav-5359.
Description :
Clamav was updated to version 0.93.1. It fixes various bugs
and one security issue:
CVE-2008-2713: libclamav/petite.c in ClamAV before 0.93.1
allows remote attackers to cause a denial of service via a
crafted Petite file that triggers an out-of-bounds read.
The remote SuSE system is missing the security patch clamav-5356.
Description :
This update brings clamav to version 0.93.1. It fixes
various bugs and one security issue:
CVE-2008-2713: libclamav/petite.c in ClamAV before 0.93.1
allows remote attackers to cause a denial of service via a
crafted Petite file that triggers an out-of-bounds read.
The remote SuSE system is missing the security patch ImageMagick-5278.
Description :
ImageMagick and GraphicsMagick are affected by two security
problems:
CVE-2008-1096: Buffer overflow in the handling of XCF files
CVE-2008-1097: Heap buffer overflow in the handling of PCX
files
Solution :
Install the security patch ImageMagick-5278.
Risk factor :
High]]>
http://www.nessus.org/plugins/index.php?view=single&id=33380
?SuSE Security Update: ImageMagick: Fix security problems in XCF and PCX decoders (ImageMagick-5277)
Synopsis :
The remote SuSE system is missing the security patch ImageMagick-5277.
Description :
ImageMagick is affected by two security problems:
CVE-2008-1096: Buffer overflow in the handling of XCF files
CVE-2008-1097: Heap buffer overflow in the handling of PCX
files
Solution :
Install the security patch ImageMagick-5277.
Risk factor :
High]]>
http://www.nessus.org/plugins/index.php?view=single&id=33379
?SuSE Security Update: GraphicsMagick: Fix security problems in XCF and PCX decoders (GraphicsMagick-5276)
Synopsis :
The remote SuSE system is missing the security patch GraphicsMagick-5276.
Description :
GraphicsMagick is affected by two security problems:
CVE-2008-1096: Buffer overflow in the handling of XCF files
CVE-2008-1097: Heap buffer overflow in the handling of PCX
files
Solution :
Install the security patch GraphicsMagick-5276.
Risk factor :
High]]>
http://www.nessus.org/plugins/index.php?view=single&id=33378
?RHSA-2008-0519: kernel
Updated kernel packages that fix various security issues and a bug are now
available for Red Hat Enterprise Linux 5.
This update has been rated as having important security impact by the Red
Hat Security Response Team.
The kernel packages contain the Linux kernel, the core of any Linux
operating system.
These updated packages fix the following security issues:
* A security flaw was found in the Linux kernel memory copy routines, when
running on certain AMD64 systems. If an unsuccessful attempt to copy kernel
memory from source to destination memory locations occurred, the copy
routines did not zero the content at the destination memory location. This
could allow a local unprivileged user to view potentially sensitive data.
(CVE-2008-2729, Important)
* Tavis Ormandy discovered a deficiency in the Linux kernel 32-bit and
64-bit emulation. This could allow a local unprivileged user to prepare and
run a specially crafted binary, which would use this deficiency to leak
uninitialized and potentially sensitive data. (CVE-2008-0598, Important)
* Brandon Edwards discovered a missing length validation check in the Linux
kernel DCCP module reconciliation feature. This could allow a local
unprivileged user to cause a heap overflow, gaining privileges for
arbitrary code execution. (CVE-2008-2358, Moderate)
As well, these updated packages fix the following bug:
* Due to a regression, "gettimeofday" may have gone backwards on certain
x86 hardware. This issue was quite dangerous for time-sensitive systems,
such as those used for transaction systems and databases, and may have
caused applications to produce incorrect results, or even crash.
Red Hat Enterprise Linux 5 users are advised to upgrade to these updated
packages, which contain backported patches to resolve these issues.