Nessus.org Plugins
http://www.nessus.org/scripts.php
All the newest security checks for the Nessus scannerNessus Pluginshttp://www.nessus.org/images/RssLogo.jpg
http://www.nessus.org/
PHP 5.3.9 'php_register_variable_ex()' Code Execution
Synopsis :
The remote web server uses a version of PHP that is affected by a
code execution vulnerability.
Description :
According to its banner, the version of PHP installed on the remote
host is 5.3.9. This version reportedly is affected by a code
execution vulnerability.
Specifically, the fix for the hash collision denial of service
vulnerability (CVE-2011-4885) itself has introduced a remote code
execution vulnerability in the function 'php_register_variable_ex()' in
the file 'php_variables.c'. A new configuration variable,
'max_input_vars', was added as a part of the fix. If the number of
input variables exceeds this value and the variable being processed is
an array, code execution can occur.
Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
]]>
http://www.nessus.org/plugins/index.php?view=single&id=57825
?IBM solidDB < 7.0 Fix Pack 1 / 6.5.0.8 Interim Fix 5 Denial of Service
Synopsis :
The remote database server is affected by a denial of service
vulnerability.
Description :
According to its version number, the solidDB install on the remote
host is affected by a denial of service vulnerability due to a flaw in
the way the application handles 'SELECT' statements containing a
'rownum' condition with a subquery.
A remote, unauthenticated attacker can leverage this issue to cause
the application to crash.
The remote host is missing the patch for the advisory RHSA-2012-0096
Description :
Updated ghostscript packages that fix two security issues are now available
for Red Hat Enterprise Linux 4.
The Red Hat Security Response Team has rated this update as having moderate
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.
Ghostscript is a set of software that provides a PostScript interpreter, a
set of C procedures (the Ghostscript library, which implements the graphics
capabilities in the PostScript language) and an interpreter for Portable
Document Format (PDF) files.
Ghostscript included the current working directory in its library search
path by default. If a user ran Ghostscript without the "-P-" option in an
attacker-controlled directory containing a specially-crafted PostScript
library file, it could cause Ghostscript to execute arbitrary PostScript
code. With this update, Ghostscript no longer searches the current working
directory for library files by default. (CVE-2010-4820)
Note: The fix for CVE-2010-4820 could possibly break existing
configurations. To use the previous, vulnerable behavior, run Ghostscript
with the "-P" option (to always search the current working directory
first).
A flaw was found in the way Ghostscript interpreted PostScript Type 1 and
PostScript Type 2 font files. An attacker could create a specially-crafted
PostScript Type 1 or PostScript Type 2 font file that, when interpreted,
could cause Ghostscript to crash or, potentially, execute arbitrary code.
(CVE-2010-4054)
Users of Ghostscript are advised to upgrade to these updated packages,
which contain backported patches to correct these issues.
The remote host is missing the patch for the advisory RHSA-2012-0095
Description :
Updated ghostscript packages that fix multiple security issues are now
available for Red Hat Enterprise Linux 5 and 6.
The Red Hat Security Response Team has rated this update as having moderate
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.
Ghostscript is a set of software that provides a PostScript interpreter, a
set of C procedures (the Ghostscript library, which implements the graphics
capabilities in the PostScript language) and an interpreter for Portable
Document Format (PDF) files.
An integer overflow flaw was found in Ghostscript's TrueType bytecode
interpreter. An attacker could create a specially-crafted PostScript or PDF
file that, when interpreted, could cause Ghostscript to crash or,
potentially, execute arbitrary code. (CVE-2009-3743)
It was found that Ghostscript always tried to read Ghostscript system
initialization files from the current working directory before checking
other directories, even if a search path that did not contain the current
working directory was specified with the "-I" option, or the "-P-" option
was used (to prevent the current working directory being searched first).
If a user ran Ghostscript in an attacker-controlled directory containing a
system initialization file, it could cause Ghostscript to execute arbitrary
PostScript code. (CVE-2010-2055)
Ghostscript included the current working directory in its library search
path by default. If a user ran Ghostscript without the "-P-" option in an
attacker-controlled directory containing a specially-crafted PostScript
library file, it could cause Ghostscript to execute arbitrary PostScript
code. With this update, Ghostscript no longer searches the current working
directory for library files by default. (CVE-2010-4820)
Note: The fix for CVE-2010-4820 could possibly break existing
configurations. To use the previous, vulnerable behavior, run Ghostscript
with the "-P" option (to always search the current working directory
first).
A flaw was found in the way Ghostscript interpreted PostScript Type 1 and
PostScript Type 2 font files. An attacker could create a specially-crafted
PostScript Type 1 or PostScript Type 2 font file that, when interpreted,
could cause Ghostscript to crash or, potentially, execute arbitrary code.
(CVE-2010-4054)
Users of Ghostscript are advised to upgrade to these updated packages,
which contain backported patches to correct these issues.
The remote host is missing the patch for the advisory RHSA-2012-0093
Description :
Updated php packages that fix one security issue are now available for
Red Hat Enterprise Linux 4, 5 and 6.
The Red Hat Security Response Team has rated this update as having critical
security impact. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available from the CVE link in
the References section.
PHP is an HTML-embedded scripting language commonly used with the Apache
HTTP Server.
It was discovered that the fix for CVE-2011-4885 (released via
RHSA-2012:0071, RHSA-2012:0033, and RHSA-2012:0019 for php packages in Red
Hat Enterprise Linux 4, 5, and 6 respectively) introduced an uninitialized
memory use flaw. A remote attacker could send a specially-crafted HTTP
request to cause the PHP interpreter to crash or, possibly, execute
arbitrary code. (CVE-2012-0830)
All php users should upgrade to these updated packages, which contain a
backported patch to resolve this issue. After installing the updated
packages, the httpd daemon must be restarted for the update to take effect.
The remote host is missing the patch for the advisory RHSA-2012-0092
Description :
Updated php53 packages that fix one security issue are now available for
Red Hat Enterprise Linux 5.
The Red Hat Security Response Team has rated this update as having critical
security impact. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available from the CVE link in
the References section.
PHP is an HTML-embedded scripting language commonly used with the Apache
HTTP Server.
It was discovered that the fix for CVE-2011-4885 (released via
RHSA-2012:0019 for php53 packages in Red Hat Enterprise Linux 5) introduced
an uninitialized memory use flaw. A remote attacker could send a specially-
crafted HTTP request to cause the PHP interpreter to crash or, possibly,
execute arbitrary code. (CVE-2012-0830)
All php53 users should upgrade to these updated packages, which contain a
backported patch to resolve this issue. After installing the updated
packages, the httpd daemon must be restarted for the update to take effect.
The remote Mandriva host is missing one or more security-related
patches.
Description :
Multiple vulnerabilities has been found and corrected in apache (ASF
HTTPD):
The log_cookie function in mod_log_config.c in the mod_log_config
module in the Apache HTTP Server 2.2.17 through 2.2.21, when a
threaded MPM is used, does not properly handle a %{}C format string,
which allows remote attackers to cause a denial of service (daemon
crash) via a cookie that lacks both a name and a value
(CVE-2012-0021).
scoreboard.c in the Apache HTTP Server 2.2.21 and earlier might allow
local users to cause a denial of service (daemon crash during
shutdown) or possibly have unspecified other impact by modifying a
certain type field within a scoreboard shared memory segment, leading
to an invalid call to the free function (CVE-2012-0031).
protocol.c in the Apache HTTP Server 2.2.x through 2.2.21 does not
properly restrict header information during construction of Bad
Request (aka 400) error documents, which allows remote attackers to
obtain the values of HTTPOnly cookies via vectors involving a (1)
long or (2) malformed header in conjunction with crafted web script
(CVE-2012-0053).
The updated packages have been upgraded to the latest 2.2.22 version
which is not vulnerable to this issue.
Additionally APR and APR-UTIL has been upgraded to the latest
versions 1.4.5 and 1.4.1 respectively which holds many improvments
over the previous versions.
The remote host is missing the patch for the advisory FEDORA-2012-0939.
Description :
Moodle is a course management system (CMS) - a free, Open Source software
package designed using sound pedagogical principles, to help educators create
effective online learning communities.
The remote host is missing the patch for the advisory FEDORA-2012-0913.
Description :
Moodle is a course management system (CMS) - a free, Open Source software
package designed using sound pedagogical principles, to help educators create
effective online learning communities.
The remote Debian host is missing a security-related update.
Description :
Stefan Esser discovered that the implementation of the max_input_vars
configuration variable in a recent PHP security update was flawed such
that it allows remote attackers to crash PHP or potentially execute
code.
The remote Debian host is missing a security-related update.
Description :
Several vulnerabilities have been found in the Iceape internet suite,
an unbranded version of Seamonkey :
- CVE-2011-3670
Gregory Fleischer discovered that IPv6 URLs were
incorrectly parsed, resulting in potential information
disclosure.
- CVE-2012-0442
Jesse Ruderman and Bob Clary discovered memory
corruption bugs, which may lead to the execution of
arbitrary code.
- CVE-2012-0444
'regenrecht' discovered that missing input sanitising in
the Ogg Vorbis parser may lead to the execution of
arbitrary code.
- CVE-2012-0449
Nicolas Gregoire and Aki Helin discovered that missing
input sanitising in XSLT processing may lead to the
execution of arbitrary code.
The remote Debian host is missing a security-related update.
Description :
Several vulnerabilities have been found in Tomcat, a servlet and JSP
engine :
- CVE-2011-1184 CVE-2011-5062 CVE-2011-5063 CVE-2011-5064
The HTTP Digest Access Authentication implementation
performed insufficient countermeasures against replay
attacks.
- CVE-2011-2204
In rare setups passwords were written into a logfile.
- CVE-2011-2526
Missing input sanitising in the HTTP APR or HTTP NIO
connectors could lead to denial of service.
- CVE-2011-3190
AJP requests could be spoofed in some setups.
- CVE-2011-3375
Incorrect request caching could lead to information
disclosure.
- CVE-2011-4858 CVE-2012-0022
This update adds countermeasures against a collision
denial of service vulnerability in the Java hashtable
implementation and addresses denial of service
potentials when processing large amounts of requests.
The remote Debian host is missing a security-related update.
Description :
Several vulnerabilities have been discovered in Iceweasel, a web
browser based on Firefox. The included XULRunner library provides
rendering services for several other applications included in Debian.
- CVE-2011-3670
Gregory Fleischer discovered that IPv6 URLs were
incorrectly parsed, resulting in potential information
disclosure.
- CVE-2012-0442
Jesse Ruderman and Bob Clary discovered memory
corruption bugs, which may lead to the execution of
arbitrary code.
- CVE-2012-0444
'regenrecht' discovered that missing input sanitising in
the Ogg Vorbis parser may lead to the execution of
arbitrary code.
- CVE-2012-0449
Nicolas Gregoire and Aki Helin discovered that missing
input sanitising in XSLT processing may lead to the
execution of arbitrary code.