Nessus.org Plugins
http://www.nessus.org/scripts.php
All the newest security checks for the Nessus scannerNessus Pluginshttp://www.nessus.org/images/RssLogo.jpg
http://www.nessus.org/
USN795-1 : nagios2, nagios3 vulnerability
These remote packages are missing security patches :
- nagios2
- nagios2-common
- nagios2-dbg
- nagios2-doc
- nagios3
- nagios3-common
- nagios3-dbg
- nagios3-doc
Description :
It was discovered that Nagios did not properly parse certain commands
submitted using the WAP web interface. An authenticated user could exploit
this flaw and execute arbitrary programs on the server.
It was discovered that the Compress::Raw::Zlib Perl module incorrectly
handled certain zlib compressed streams. If a user or automated system were
tricked into processing a specially crafted compressed stream or file, a
remote attacker could crash the application, leading to a denial of
service.
High
]]>
http://www.nessus.org/plugins/index.php?view=single&id=39600
?RHSA-2009-1140: ruby
The remote host is missing the patch for the advisory RHSA-2009-1140
Description :
Updated ruby packages that fix multiple security issues are now available
for Red Hat Enterprise Linux 4 and 5.
This update has been rated as having moderate security impact by the Red
Hat Security Response Team.
Ruby is an extensible, interpreted, object-oriented, scripting language. It
has features to process text files and to do system management tasks.
A flaw was found in the way the Ruby POP module processed certain APOP
authentication requests. By sending certain responses when the Ruby APOP
module attempted to authenticate using APOP against a POP server, a remote
attacker could, potentially, acquire certain portions of a user's
authentication credentials. (CVE-2007-1558)
It was discovered that Ruby did not properly check the return value when
verifying X.509 certificates. This could, potentially, allow a remote
attacker to present an invalid X.509 certificate, and have Ruby treat it as
valid. (CVE-2009-0642)
A flaw was found in the way Ruby converted BigDecimal objects to Float
numbers. If an attacker were able to provide certain input for the
BigDecimal object converter, they could crash an application using this
class. (CVE-2009-1904)
All Ruby users should upgrade to these updated packages, which contain
backported patches to resolve these issues.
Medium / CVSS Base Score : 6.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)
]]>
http://www.nessus.org/plugins/index.php?view=single&id=39599
?RHSA-2009-1139: finch
The remote host is missing the patch for the advisory RHSA-2009-1139
Description :
Updated pidgin packages that fix one security issue and one bug are now
available for Red Hat Enterprise Linux 4 and 5.
This update has been rated as having moderate security impact by the Red
Hat Security Response Team.
Pidgin is an instant messaging program which can log in to multiple
accounts on multiple instant messaging networks simultaneously. The AOL
Open System for CommunicAtion in Realtime (OSCAR) protocol is used by the
AOL ICQ and AIM instant messaging systems.
A denial of service flaw was found in the Pidgin OSCAR protocol
implementation. If a remote ICQ user sent a web message to a local Pidgin
user using this protocol, it would cause excessive memory usage, leading to
a denial of service (Pidgin crash). (CVE-2009-1889)
These updated packages also fix the following bug:
* the Yahoo! Messenger Protocol changed, making it incompatible (and
unusable) with Pidgin versions prior to 2.5.7. This update provides Pidgin
2.5.8, which implements version 16 of the Yahoo! Messenger Protocol, which
resolves this issue.
High
]]>
http://www.nessus.org/plugins/index.php?view=single&id=39598
?RHSA-2009-1138: openswan
The remote host is missing the patch for the advisory RHSA-2009-1138
Description :
Updated openswan packages that fix multiple security issues are now
available for Red Hat Enterprise Linux 5.
This update has been rated as having important security impact by the Red
Hat Security Response Team.
Openswan is a free implementation of Internet Protocol Security (IPsec)
and Internet Key Exchange (IKE). IPsec uses strong cryptography to provide
both authentication and encryption services. These services allow you to
build secure tunnels through untrusted networks. Everything passing through
the untrusted network is encrypted by the IPsec gateway machine, and
decrypted by the gateway at the other end of the tunnel. The resulting
tunnel is a virtual private network (VPN).
Multiple insufficient input validation flaws were found in the way
Openswan's pluto IKE daemon processed some fields of X.509 certificates. A
remote attacker could provide a specially-crafted X.509 certificate that
would crash the pluto daemon. (CVE-2009-2185)
All users of openswan are advised to upgrade to these updated packages,
which contain a backported patch to correct these issues. After installing
this update, the ipsec service will be restarted automatically.
High
]]>
http://www.nessus.org/plugins/index.php?view=single&id=39597
?[GLSA-200907-02] ModSecurity: Denial of Service
The remote host is missing the GLSA-200907-02 security update.
Description :
The remote host is affected by the vulnerability described in GLSA-200907-02
(ModSecurity: Denial of Service)
Multiple vulnerabilities were discovered in ModSecurity:
Juan Galiana Lara of ISecAuditors discovered a NULL pointer
dereference when processing multipart requests without a part header
name (CVE-2009-1902).
Steve Grubb of Red Hat reported that the
"PDF XSS protection" feature does not properly handle HTTP requests to
a PDF file that do not use the GET method (CVE-2009-1903).
Impact
A remote attacker might send requests containing specially crafted
multipart data or send certain requests to access a PDF file, possibly
resulting in a Denial of Service (crash) of the Apache HTTP daemon.
NOTE: The PDF XSS protection is not enabled by default.
All ModSecurity users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=www-apache/mod_security-2.5.9"
Risk factor :
Medium
]]>
http://www.nessus.org/plugins/index.php?view=single&id=39596
?[GLSA-200907-01] libwmf: User-assisted execution of arbitrary code
The remote host is missing the GLSA-200907-01 security update.
Description :
The remote host is affected by the vulnerability described in GLSA-200907-01
(libwmf: User-assisted execution of arbitrary code)
The embedded fork of the GD library introduced a "use-after-free"
vulnerability in a modification which is specific to libwmf.
Impact
A remote attacker could entice a user to open a specially crafted WMF
file, possibly resulting in the execution of arbitrary code with the
privileges of the user running the application, or a Denial of Service.
All libwmf users should upgrade to the latest version which no longer
builds the GD library:
# emerge --sync
# emerge --ask --oneshot --verbose ">=media-libs/libwmf-0.2.8.4-r3"
Risk factor :
Medium
]]>
http://www.nessus.org/plugins/index.php?view=single&id=39595
?FreeBSD : nfsen -- remote command execution (5143)
The remote host is missing a security update
High
]]>
http://www.nessus.org/plugins/index.php?view=single&id=39594
?Fedora 9 2009-3666: xorg-x11-xfs
The remote host is missing the patch for the advisory FEDORA-2009-3666 (xorg-x11-xfs)
Description :
X.Org X11 xfs font server
-
ChangeLog:
Update information :
* Mon Apr 13 2009 Adam Jackson <ajax redhat com> 1.0.5-2.1
- xfs.init: Fix mkdir race (#492517)
Solution :
Get the newest Fedora Updates
Risk factor :
Medium / CVSS Base Score : 6.2
(CVSS2#AV:L/AC:H/Au:N/C:C/I:C/A:C)
]]>
http://www.nessus.org/plugins/index.php?view=single&id=39593
?Fedora 10 2009-3651: xorg-x11-xfs
The remote host is missing the patch for the advisory FEDORA-2009-3651 (xorg-x11-xfs)
Description :
X.Org X11 xfs font server
-
ChangeLog:
Update information :
* Mon Apr 13 2009 Adam Jackson <ajax redhat com> 1.0.5-3.1
- xfs.init: Fix mkdir race (#492517)
Solution :
Get the newest Fedora Updates
Risk factor :
Medium / CVSS Base Score : 6.2
(CVSS2#AV:L/AC:H/Au:N/C:C/I:C/A:C)
]]>
http://www.nessus.org/plugins/index.php?view=single&id=39592
?IBM Rational ClearQuest Multiple XSS Flaws
The remote web server is affected by multiple flaws.
Description :
IBM Rational ClearQuest CQWeb Server is installed on the remote host.
The installed version is affected by multiple cross-site scripting
flaws. Specifically, the application fails to sanitize input passed
to parameter 'contextid', 'schema', 'userNameVal' and 'username'
before using it to generate dynamic HTML content. An unauthenticated
remote attacker may be able to leverage this issue to inject arbitrary
HTML or script code into a user's browser to be executed within the
security context of the affected site.
Apply patch 2003.06.16 Patch 2008A, 7.0.0.2_iFix01, or 7.0.1.1_iFix01.
Risk factor :
Medium / CVSS Base Score : 4.3
(CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N)
]]>
http://www.nessus.org/plugins/index.php?view=single&id=39591
?Sun Java Web Console 'helpwindow.jsp' Multiple Cross-Site Scripting Vulnerabilities
The remote web application has multiple cross-site scripting
vulnerabilities.
Description :
The version of Sun Java Web Console running on the remote host has
multiple cross-site scripting vulnerabilities in 'helpwindow.jsp'.
A remote attacker could exploit these to trick a user into executing
arbitrary HTML or script code in the context of the web server.
This version reportedly has other cross-site scripting vulnerabilities
in a different help file, though Nessus did not check for those issues.
Apply the relevant patch referenced in the vendor's advisory.
Risk factor :
Medium / CVSS Base Score : 4.3
(CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N)
]]>
http://www.nessus.org/plugins/index.php?view=single&id=39590
?RIP-2 Poisoning
It might be possible to hijack connections on this network.
Description :
This host is running a RIP-2 agent.
RIP-2 requests can be authenticated but Nessus cannot check this in
the current configuration.
If authentication is not implemented, an attacker on the same network
may feed the target machine bogus routes and hijack network
connections.
Note that this may be a false positive.
Solution :
Either disable the RIP agent if it is not used or implement RIP-2
authentication.
Risk factor :
Medium / CVSS Base Score : 5.4
(CVSS2#AV:A/AC:M/Au:N/C:P/I:P/A:P)
]]>
http://www.nessus.org/plugins/index.php?view=single&id=39589
?RIP-1 Poisoning
It may be possible to hijack connections on this network.
Description :
This host is running a RIP-1 agent.
RIP-1 does not implement authentication. An attacker on the same
network may feed the target machine bogus routes and hijack network
connections.
Note that Nessus cannot test this flaw as it is not running on the
same network.
Solution :
Either disable the RIP agent if it is not used or use RIP-2 and
implement authentication.
Risk factor :
Medium / CVSS Base Score : 5.8
(CVSS2#AV:A/AC:L/Au:N/C:P/I:P/A:P)
]]>
http://www.nessus.org/plugins/index.php?view=single&id=39588
?RIP Poisoning (Adjacent Network)
Routing tables can be modified.
Description :
It was possible to poison the remote host routing tables through the
RIP protocol.
An attacker may use this to hijack network connections.
Several RIP agents reject routes that are not sent by a neighbor, so
this flaw may not be exploitable from a non-adjacent network.
Solution :
Either disable the RIP listener if it is not used, use RIP-2 in
conjunction with authentication, or use another routing protocol.
Igor Zhbanov discovered that NFS clients were able to create device nodes
even when root_squash was enabled. An authenticated remote attacker
could create device nodes with open permissions, leading to a loss of
privacy or escalation of privileges. Only Ubuntu 8.10 and 9.04 were
affected. (CVE-2009-1072)
Dan Carpenter discovered that SELinux did not correctly handle
certain network checks when running with compat_net=1. A local
attacker could exploit this to bypass network checks. Default Ubuntu
installations do not enable SELinux, and only Ubuntu 8.10 and 9.04 were
affected. (CVE-2009-1184)
Shaohua Li discovered that memory was not correctly initialized in the
AGP subsystem. A local attacker could potentially read kernel memory,
leading to a loss of privacy. (CVE-2009-1192)
Benjamin Gilbert discovered that the VMX implementation of KVM did
not correctly handle certain registers. An attacker in a guest VM
could exploit this to cause a host system crash, leading to a denial
of service. This only affe
[...]
High / CVSS Base Score : 7.8
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C)
]]>
http://www.nessus.org/plugins/index.php?view=single&id=39586
?CentOS : RHSA-2009-1134
The remote host is missing a security update.
Description :
The remote CentOS system is missing a security update which has been
documented in Red Hat advisory RHSA-2009-1134.
High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
]]>
http://www.nessus.org/plugins/index.php?view=single&id=39585
?RHSA-2009-1134: seamonkey
The remote host is missing the patch for the advisory RHSA-2009-1134
Description :
Updated seamonkey packages that fix a security issue are now available for
Red Hat Enterprise Linux 3 and 4.
This update has been rated as having important security impact by the Red
Hat Security Response Team.
SeaMonkey is an open source Web browser, email and newsgroup client, IRC
chat client, and HTML editor.
A flaw was found in the way that SeaMonkey parsed malformed HTML mail
messages. If a user opened a specially-crafted HTML mail message, it could
cause SeaMonkey to crash or, possibly, to execute arbitrary code as the
user running SeaMonkey. (CVE-2009-2210)
All SeaMonkey users should upgrade to these updated packages, which correct
this issue. After installing the update, SeaMonkey must be restarted for
the changes to take effect.
High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
]]>
http://www.nessus.org/plugins/index.php?view=single&id=39584
?RHSA-2009-1132: kernel
The remote host is missing the patch for the advisory RHSA-2009-1132
Description :
Updated kernel packages that fix several security issues and various bugs
are now available for Red Hat Enterprise Linux 4.
This update has been rated as having important security impact by the Red
Hat Security Response Team.
The kernel packages contain the Linux kernel, the core of any Linux
operating system.
These updated packages fix the following security issues:
* a flaw was found in the Intel PRO/1000 network driver in the Linux
kernel. Frames with sizes near the MTU of an interface may be split across
multiple hardware receive descriptors. Receipt of such a frame could leak
through a validation check, leading to a corruption of the length check. A
remote attacker could use this flaw to send a specially-crafted packet that
would cause a denial of service. (CVE-2009-1385, Important)
* the Linux kernel Network File System daemon (nfsd) implementation did not
drop the CAP_MKNOD capability when handling requests from local,
unprivileged users. This flaw could possibly lead to an information leak or
privilege escalation. (CVE-2009-1072, Moderate)
* Frank Filz reported the NFSv4 client was missing a file permission check
for the execute bit in some situations. This could allow local,
unprivileged users to run non-executable files on NFSv4 mounted file
systems. (CVE-2009-1630, Moderate)
* a missing check was found in the hypervisor_callback() function in the
Linux kernel provided by the kernel-xen package. This could cause a denial
of service of a 32-bit guest if an application running in that guest
accesses a certain memory location in the kernel. (CVE-2009-1758, Moderate)
* a flaw was found in the AGPGART driver. The agp_generic_alloc_page() and
agp_generic_alloc_pages() functions did not zero out the memory pages they
allocate, which may later be available to user-space processes. This flaw
could possibly lead to an information leak. (CVE-2009-1192, Low)
These updated packages also fix the following bugs:
* "/proc/[pid]/maps" and "/proc/[pid]/smaps" can only be read by processes
able to use the ptrace() call on a given process
however, certain
information from "/proc/[pid]/stat" and "/proc/[pid]/wchan" could be used
to reconstruct memory maps, making it possible to bypass the Address Space
Layout Randomization (ASLR) security feature. This update addresses this
issue. (BZ#499549)
* in some situations, the link count was not decreased when renaming unused
files on NFS mounted file systems. This may have resulted in poor
performance. With this update, the link count is decreased in these
situations, the same as is done for other file operations, such as unlink
and rmdir. (BZ#501802)
* tcp_ack() cleared the probes_out variable even if there were outstanding
packets. When low TCP keepalive intervals were used, this bug may have
caused problems, such as connections terminating, when using remote tools
such as rsh and rlogin. (BZ#501754)
* off-by-one errors in the time normalization code could have caused
clock_gettime() to return one billion nanoseconds, rather than adding an
extra second. This bug could have caused the name service cache daemon
(nscd) to consume excessive CPU resources. (BZ#501800)
* a system panic could occur when one thread read "/proc/bus/input/devices"
while another was removing a device. With this update, a mutex has been
added to protect the input_dev_list and input_handler_list variables, which
resolves this issue. (BZ#501804)
* using netdump may have caused a kernel deadlock on some systems.
(BZ#504565)
* the file system mask, which lists capabilities for users with a file
system user ID (fsuid) of 0, was missing the CAP_MKNOD and
CAP_LINUX_IMMUTABLE capabilities. This could, potentially, allow users with
an fsuid other than 0 to perform actions on some file system types that
would otherwise be prevented. This update adds these capabilities. (BZ#497269)
All Red Hat Enterprise Linux 4 users should upgrade to these updated
packages, which contain backported patches to resolve these issues. Note:
The system must be rebooted for this update to take effect.
High / CVSS Base Score : 7.8
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C)
]]>
http://www.nessus.org/plugins/index.php?view=single&id=39583
?MDVSA-2009:147: pidgin
The remote host is missing the patch for the advisory MDVSA-2009:147 (pidgin).
Description :
Security vulnerabilities has been identified and fixed in pidgin:
Buffer overflow in the XMPP SOCKS5 bytestream server in Pidgin
(formerly Gaim) before 2.5.6 allows remote authenticated users to
execute arbitrary code via vectors involving an outbound XMPP file
transfer. NOTE: some of these details are obtained from third party
information (CVE-2009-1373).
Buffer overflow in the decrypt_out function in Pidgin (formerly Gaim)
before 2.5.6 allows remote attackers to cause a denial of service
(application crash) via a QQ packet (CVE-2009-1374).
The PurpleCircBuffer implementation in Pidgin (formerly Gaim) before
2.5.6 does not properly maintain a certain buffer, which allows
remote attackers to cause a denial of service (memory corruption
and application crash) via vectors involving the (1) XMPP or (2)
Sametime protocol (CVE-2009-1375).
Multiple integer overflows in the msn_slplink_process_msg functions in
the MSN protocol handler in (1) libpurple/protocols/msn/slplink.c and
(2) libpurple/protocols/msnp9/slplink.c in Pidgin (formerly Gaim)
before 2.5.6 on 32-bit platforms allow remote attackers to execute
arbitrary code via a malformed SLP message with a crafted offset
value, leading to buffer overflows. NOTE: this issue exists because
of an incomplete fix for CVE-2008-2927 (CVE-2009-1376).
This update provides pidgin 2.5.8, which is not vulnerable to these
issues.