Newest Plugins

Cisco Email Security Appliance Denial of Service Vulnerability


Synopsis:

The remote device is missing a vendor-supplied security patch.

Description:

According to its self-reported version, the Cisco Email Security Appliance (ESA) is affected
by one or more vulnerabilities.Please see the included Cisco BIDs
and the Cisco Security Advisory for more information.

See also :

http://www.nessus.org/u?0810e81f
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvd29354

Solution :

Upgrade to the relevant fixed version referenced in Cisco bug ID
CSCvd29354.

Risk factor :

High / CVSS Base Score :7.8
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C)

This script is Copyright (C) 2017 Tenable Network Security, Inc.

NVIDIA Windows GPU Display Driver 375.x / 384.x < 385.08 Multiple Vulnerabilities


Synopsis:

A display driver installed on the remote Windows host is affected by
multiple vulnerabilities.

Description:

NVIDIA GPU display driver vulnerabilities may lead to denial of
service or possible escalation of privileges.To exploit these
vulnerabilities an attacker would send a malicious request to an
affected application or interact with an affected application.If
successfully exploited, these vulnerabilities would allow an
attacker to cause a denial of service condition or elevated
privileges.

See also :

http://nvidia.custhelp.com/app/answers/detail/a_id/4544

Solution :

Upgrade the NVIDIA graphics driver to version 385.69 or
later in accordance with the vendor advisory.

Risk factor :

High / CVSS Base Score :7.2
(CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)

This script is Copyright (C) 2017 Tenable Network Security, Inc.

NVIDIA Linux GPU Display Driver 375.x < 375.88 / 384.x < 384.90 Multiple Vulnerabilities


Synopsis:

A display driver installed on the remote Linux host is affected by
multiple vulnerabilities.

Description:

NVIDIA GPU display driver vulnerabilities may lead to denial of
service or possible escalation of privileges.To exploit these
vulnerabilities an attacker would send a malicious request to an
affected application or interact with an affected application.If
successfully exploited, these vulnerabilities would allow an
attacker to cause a denial of service condition or elevated
privileges.

See also :

http://nvidia.custhelp.com/app/answers/detail/a_id/4544

Solution :

Upgrade the NVIDIA graphics driver to version 375.88 / 384.90 or later
in accordance with the vendor advisory.

Risk factor :

High / CVSS Base Score :7.2
(CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)

This script is Copyright (C) 2017 Tenable Network Security, Inc.

Security Updates for Outlook (2017年9月)


Synopsis:

The version of Outlook installed on the remote host is affected by multiple vulnerabilities.

Description:

The version of Microsoft Outlook installed on the remote host
is missing security updates.It is, therefore, affected by
multiple vulnerabilities :

- A remote code execution vulnerability exists in the
way that Microsoft Outlook parses specially crafted
email messages.An attacker who successfully exploited
the vulnerability could take control of an affected
system to then install programs; view, change, or
delete data; or create new accounts with full user
rights.(CVE-2017-0106)

- A security feature bypass vulnerability exists in
Microsoft Office software when it improperly handles the
parsing of file formats.To exploit the vulnerability,
an attacker would have to convince a user to open a
specially crafted file.(CVE-2017-0204)

- A remote code execution vulnerability exists when
Microsoft Office improperly validates input before
loading dynamic link library (DLL) files.An attacker
who successfully exploited this vulnerability could take
control of an affected system to then install programs;
view, change, or delete data; or create new accounts
with full user rights.(CVE-2017-8506)

- A remote code execution vulnerability exists in the way
that Microsoft Outlook parses specially crafted email
messages.An attacker who successfully exploited this
vulnerability could take control of an affected system.
(CVE-2017-8507)

- A security feature bypass vulnerability exists in
Microsoft Office software when it improperly handles the
parsing of file formats.(CVE-2017-8508)

- A security feature bypass vulnerability exists when
Microsoft Office Outlook improperly handles input.
An attacker who successfully exploited the vulnerability
could execute arbitrary commands.(CVE-2017-8571)

- An information disclosure vulnerability exists when
Microsoft Outlook fails to properly validate
authentication requests.(CVE-2017-8572)

- A remote code execution vulnerability exists in the way
that Microsoft Outlook parses specially crafted email
messages.An attacker who successfully exploited the
vulnerability could take control of an affected system.
(CVE-2017-8663)

See also :

http://www.nessus.org/u?8ac9b313
http://www.nessus.org/u?8f4ab525
http://www.nessus.org/u?e5d09682
http://www.nessus.org/u?92c027cb

Solution :

Microsoft has released a set of patches for Outlook 2007, 2010, 2013,
and 2016.

Risk factor :

High / CVSS Base Score :9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)

This script is Copyright (C) 2017 Tenable Network Security, Inc.

SUSE SLED12 / SLES12 Security Update :wireshark (SUSE-SU-2017:2555-1)


Synopsis:

The remote SUSE host is missing one or more security updates.

Description:

This update for wireshark to version 2.2.9 fixes several issues.These
security issues were fixed :

- CVE-2017-13767:The MSDP dissector could have gone into
an infinite loop.This was addressed by adding length
validation (bsc#1056248).

- CVE-2017-13766:The Profinet I/O dissector could have
crash with an out-of-bounds write.This was addressed by
adding string validation (bsc#1056249).

- CVE-2017-13765:The IrCOMM dissector had a buffer
over-read and application crash.This was addressed by
adding length validation (bsc#1056251).

- CVE-2017-9766:PROFINET IO data with a high recursion
depth allowed remote attackers to cause a denial of
service (stack exhaustion) in the dissect_IODWriteReq
function (bsc#1045341).

- CVE-2017-9617:Deeply nested DAAP data may have cause
stack exhaustion (uncontrolled recursion) in the
dissect_daap_one_tag function in the DAAP dissector
(bsc#1044417).

Note that Tenable Network Security has extracted the preceding
description block directly from the SUSE security advisory.Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.

See also :

https://bugzilla.suse.com/1044417
https://bugzilla.suse.com/1045341
https://bugzilla.suse.com/1056248
https://bugzilla.suse.com/1056249
https://bugzilla.suse.com/1056251
https://www.suse.com/security/cve/CVE-2017-13765.html
https://www.suse.com/security/cve/CVE-2017-13766.html
https://www.suse.com/security/cve/CVE-2017-13767.html
https://www.suse.com/security/cve/CVE-2017-9617.html
https://www.suse.com/security/cve/CVE-2017-9766.html
http://www.nessus.org/u?dc7adf28

Solution :

To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product :

SUSE Linux Enterprise Software Development Kit 12-SP3:zypper in -t
patch SUSE-SLE-SDK-12-SP3-2017-1583=1

SUSE Linux Enterprise Software Development Kit 12-SP2:zypper in -t
patch SUSE-SLE-SDK-12-SP2-2017-1583=1

SUSE Linux Enterprise Server for Raspberry Pi 12-SP2:zypper in -t
patch SUSE-SLE-RPI-12-SP2-2017-1583=1

SUSE Linux Enterprise Server 12-SP3:zypper in -t patch
SUSE-SLE-SERVER-12-SP3-2017-1583=1

SUSE Linux Enterprise Server 12-SP2:zypper in -t patch
SUSE-SLE-SERVER-12-SP2-2017-1583=1

SUSE Linux Enterprise Desktop 12-SP3:zypper in -t patch
SUSE-SLE-DESKTOP-12-SP3-2017-1583=1

SUSE Linux Enterprise Desktop 12-SP2:zypper in -t patch
SUSE-SLE-DESKTOP-12-SP2-2017-1583=1

To bring your system up-to-date, use 'zypper patch'.

Risk factor :

High / CVSS Base Score :7.8
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C)
CVSS Temporal Score :6.1
(CVSS2#E:POC/RL:OF/RC:ND)
Public Exploit Available :true

This script is Copyright (C) 2017 Tenable Network Security, Inc.

SUSE SLED12 / SLES12 Security Update :spice (SUSE-SU-2017:2552-1)


Synopsis:

The remote SUSE host is missing one or more security updates.

Description:

This update for spice fixes the following security issues :

- CVE-2017-7506:Fixed an out-of-bounds memory access when
processing specially crafted messages from authenticated
attacker to the spice server resulting into crash and/or
server memory leak (bsc#1046779).

Note that Tenable Network Security has extracted the preceding
description block directly from the SUSE security advisory.Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.

See also :

https://bugzilla.suse.com/1046779
https://www.suse.com/security/cve/CVE-2017-7506.html
http://www.nessus.org/u?b2907dba

Solution :

To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product :

SUSE Linux Enterprise Software Development Kit 12-SP3:zypper in -t
patch SUSE-SLE-SDK-12-SP3-2017-1581=1

SUSE Linux Enterprise Server 12-SP3:zypper in -t patch
SUSE-SLE-SERVER-12-SP3-2017-1581=1

SUSE Linux Enterprise Desktop 12-SP3:zypper in -t patch
SUSE-SLE-DESKTOP-12-SP3-2017-1581=1

To bring your system up-to-date, use 'zypper patch'.

Risk factor :

Medium / CVSS Base Score :6.5
(CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P)
CVSS Temporal Score :5.2
(CVSS2#E:U/RL:ND/RC:UR)
Public Exploit Available :false

This script is Copyright (C) 2017 Tenable Network Security, Inc.

RHEL 6 :Storage Server (RHSA-2017:2778)


Synopsis:

The remote Red Hat host is missing one or more security updates.

Description:

An update for samba is now available for Red Hat Gluster Storage 3.3
for RHEL 6.

Red Hat Product Security has rated this update as having a security
impact of Moderate.A Common Vulnerability Scoring System (CVSS) base
score, which gives a detailed severity rating, is available for each
vulnerability from the CVE link(s) in the References section.

Samba is an open source implementation of the Server Message Block
(SMB) protocol and the related Common Internet File System (CIFS)
protocol, which allow PC-compatible machines to share files, printers,
and various information.

Security Fix(es) :

* A race condition was found in samba server.A malicious samba client
could use this flaw to access files and directories in areas of the
server file system not exported under the share definitions.
(CVE-2017-2619)

* A flaw was found in the way Samba handled dangling symlinks.An
authenticated malicious Samba client could use this flaw to cause the
smbd daemon to enter an infinite loop and use an excessive amount of
CPU and memory.(CVE-2017-9461)

Red Hat would like to thank the Samba project for reporting
CVE-2017-2619.Upstream acknowledges Jann Horn (Google) as the
original reporter of CVE-2017-2619.

Bug Fix(es) :

* In the samba configuration, by default the 'posix locking' is
enabled and 'stat cache' is disabled.Enabling 'posix locking' sends
the file lock request to the bricks too, and disabling 'stat cache'
blocks samba to cache certain information at the samba layer.This led
to decrease in performance of SMB access of Red Hat Gluster Storage
volumes

As a fix, the following two options are included in the samba
configuration file:posix locking = No stat cache = Yes

Due to this, a slight improvement in the performance is observed.
(BZ#1436265)

See also :

http://rhn.redhat.com/errata/RHSA-2017-2778.html
https://www.redhat.com/security/data/cve/CVE-2017-2619.html
https://www.redhat.com/security/data/cve/CVE-2017-9461.html

Solution :

Update the affected packages.

Risk factor :

High / CVSS Base Score :7.8
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C)
CVSS Temporal Score :6.1
(CVSS2#E:POC/RL:OF/RC:ND)
Public Exploit Available :true

This script is Copyright (C) 2017 Tenable Network Security, Inc.

openSUSE Security Update :libraw (openSUSE-2017-1086)


Synopsis:

The remote openSUSE host is missing a security update.

Description:

This update for libraw fixes the following issues :

- CVE-2017-14348:A specially crafted file could have been
used to trigger a heap-based buffer overflow
(boo#1058467)

See also :

https://bugzilla.opensuse.org/show_bug.cgi?id=1058467

Solution :

Update the affected libraw packages.

Risk factor :

Medium / CVSS Base Score :6.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)

This script is Copyright (C) 2017 Tenable Network Security, Inc.

openSUSE Security Update :Chromium (openSUSE-2017-1085)


Synopsis:

The remote openSUSE host is missing a security update.

Description:

This update to Chromium 61.0.3163.100 fixes the following
vulnerabilities :

- CVE-2017-5121:Out-of-bounds access in V8

- CVE-2017-5122:Out-of-bounds access in V8

- Various fixes from internal audits, fuzzing and other
initiatives

See also :

https://bugzilla.opensuse.org/show_bug.cgi?id=1060019

Solution :

Update the affected Chromium packages.

Risk factor :

Medium

This script is Copyright (C) 2017 Tenable Network Security, Inc.

GLSA-201709-22 :Oracle JDK/JRE, IcedTea:Multiple vulnerabilities


Synopsis:

The remote Gentoo host is missing one or more security-related
patches.

Description:

The remote host is affected by the vulnerability described in GLSA-201709-22
(Oracle JDK/JRE, IcedTea:Multiple vulnerabilities)

Multiple vulnerabilities have been discovered in Oracle’s JRE, JDK and
IcedTea.Please review the referenced CVE identifiers for details.

Impact :

A remote attacker could possibly execute arbitrary code with the
privileges of the process, cause a Denial of Service condition, or gain
access to information.

Workaround :

There is no known workaround at this time.

See also :

https://security.gentoo.org/glsa/201709-22

Solution :

All Oracle JDK binary users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose
'>=dev-java/oracle-jdk-bin-1.8.0.141'
All Oracle JRE binary users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose
'>=dev-java/oracle-jre-bin-1.8.0.141'
All IcedTea binary 7.x users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose '>=dev-java/icedtea-bin-7.2.6.11'
All IcedTea binary 3.x users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose '>=dev-java/icedtea-bin-3.5.0'

Risk factor :

Medium / CVSS Base Score :6.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)

This script is Copyright (C) 2017 Tenable Network Security, Inc.

GLSA-201709-21 :PHP:Multiple vulnerabilities


Synopsis:

The remote Gentoo host is missing one or more security-related
patches.

Description:

The remote host is affected by the vulnerability described in GLSA-201709-21
(PHP:Multiple vulnerabilities)

Multiple vulnerabilities have been discovered in PHP.Please review the
referenced CVE identifiers for details.

Impact :

A remote attacker could execute arbitrary code with the privileges of
the process or cause a Denial of Service condition.

Workaround :

There is no known workaround at this time.

See also :

https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-11362
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-11628
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12932
https://security.gentoo.org/glsa/201709-21

Solution :

All PHP 5.6.x users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose '>=dev-lang/php-5.6.31'
All PHP 7.0.x users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose '>=dev-lang/php-7.0.23'

Risk factor :

Medium

This script is Copyright (C) 2017 Tenable Network Security, Inc.

GLSA-201709-20 :Postfix:Privilege escalation


Synopsis:

The remote Gentoo host is missing one or more security-related
patches.

Description:

The remote host is affected by the vulnerability described in GLSA-201709-20
(Postfix:Privilege escalation)

By default, Berkeley DB reads a DB_CONFIG configuration file from the
current working directory.This is an undocumented behavior.

Impact :

A local attacker, by using a specially crafted DG_CONFIG file, could
possibly escalate privileges to the root group.

Workaround :

There is no known workaround at this time.

See also :

http://www.postfix.org/announcements/postfix-3.2.2.html
https://security.gentoo.org/glsa/201709-20

Solution :

All Postfix users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose '>=mail-mta/postfix-3.1.6'

Risk factor :

High

This script is Copyright (C) 2017 Tenable Network Security, Inc.

GLSA-201709-19 :Exim:Local privilege escalation


Synopsis:

The remote Gentoo host is missing one or more security-related
patches.

Description:

The remote host is affected by the vulnerability described in GLSA-201709-19
(Exim:Local privilege escalation)

Exim supports the use of multiple “-p” command line arguments
causing a memory leak.This could lead to a stack-clash in user-space and
as result the attacker can, “clash” or “smash” the stack or
another memory region, or “jump” over the stack guard-page.

Impact :

A local attacker could obtain root privileges.

Workaround :

There is no known workaround at this time.

See also :

https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-1000369
https://security.gentoo.org/glsa/201709-19

Solution :

All Exim users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose '>=mail-mta/exim-4.89-r1'

Risk factor :

Medium

This script is Copyright (C) 2017 Tenable Network Security, Inc.

GLSA-201709-18 :Mercurial:Multiple vulnerabilities


Synopsis:

The remote Gentoo host is missing one or more security-related
patches.

Description:

The remote host is affected by the vulnerability described in GLSA-201709-18
(Mercurial:Multiple vulnerabilities)

Multiple vulnerabilities have been discovered in Mercurial.Please
review the referenced CVE identifiers for details.

Impact :

A remote attacker could possibly execute arbitrary code with the
privileges of the process.

Workaround :

There is no known workaround at this time.

See also :

https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-1000115
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-1000116
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-9462
https://security.gentoo.org/glsa/201709-18

Solution :

All Mercurial users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose '>=dev-vcs/mercurial-4.3'

Risk factor :

Medium

This script is Copyright (C) 2017 Tenable Network Security, Inc.

GLSA-201709-17 :CVS:Command injection


Synopsis:

The remote Gentoo host is missing one or more security-related
patches.

Description:

The remote host is affected by the vulnerability described in GLSA-201709-17
(CVS:Command injection)

It was discovered that when CVS is configured to use SSH for remote
repositories it allows remote attackers to execute arbitrary code through
a repository URL with a specially crafted hostname.

Impact :

A remote attacker, by enticing a user to clone a specially crafted
repository, could possibly execute arbitrary code with the privileges of
the process.

Workaround :

There is no known workaround at this time.

See also :

https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12836
https://security.gentoo.org/glsa/201709-17

Solution :

All CVS users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose '>=dev-vcs/cvs-1.12.12-r12'

Risk factor :

Medium

This script is Copyright (C) 2017 Tenable Network Security, Inc.

GLSA-201709-16 :Adobe Flash Player:Multiple vulnerabilities


Synopsis:

The remote Gentoo host is missing one or more security-related
patches.

Description:

The remote host is affected by the vulnerability described in GLSA-201709-16
(Adobe Flash Player:Multiple vulnerabilities)

Multiple vulnerabilities have been discovered in Adobe Flash Player.
Please review the referenced CVE identifiers for details.

Impact :

A remote attacker could possibly execute arbitrary code with the
privileges of the process or bypass security restrictions.

Workaround :

There is no known workaround at this time.

See also :

https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-11281
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-11282
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3085
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3106
https://security.gentoo.org/glsa/201709-16

Solution :

All Adobe Flash Player users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose
'>=www-plugins/adobe-flash-26.0.0.151'

Risk factor :

High

This script is Copyright (C) 2017 Tenable Network Security, Inc.

GLSA-201709-15 :Chromium:Multiple vulnerabilities


Synopsis:

The remote Gentoo host is missing one or more security-related
patches.

Description:

The remote host is affected by the vulnerability described in GLSA-201709-15
(Chromium:Multiple vulnerabilities)

Multiple vulnerabilities have been discovered in Chromium.Please review
the referenced CVE identifiers for details.

Impact :

A remote attacker could possibly execute arbitrary code with the
privileges of the process, cause a Denial of Service condition, obtain
sensitive information, bypass security restrictions, or spoof content.

Workaround :

There is no known workaround at this time.

See also :

https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5091
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5092
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5093
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5094
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5095
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5096
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5097
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5098
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5099
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5100
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5101
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5102
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5103
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5104
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5105
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5106
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5107
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5108
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5109
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5110
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5111
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5112
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5113
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5114
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5115
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5116
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5117
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5118
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5119
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5120
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7000
https://security.gentoo.org/glsa/201709-15

Solution :

All Chromium users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose
'>=www-client/chromium-61.0.3163.79'

Risk factor :

Medium

This script is Copyright (C) 2017 Tenable Network Security, Inc.

FreeBSD :perl -- multiple vulnerabilities (d9e82328-a129-11e7-987e-4f174049b30a)


Synopsis:

The remote FreeBSD host is missing one or more security-related
updates.

Description:

SO-AND-SO reports :

CVE-2017-12814:$ENV{$key} stack-based buffer overflow on Windows

A possible stack-based buffer overflow in the %ENV code on Windows has been
fixed by removing the buffer completely since it was superfluous
anyway.

CVE-2017-12837:Heap buffer overflow in regular expression compiler

Compiling certain regular expression patterns with the
case-insensitive modifier could cause a heap buffer overflow and crash
perl.This has now been fixed.

CVE-2017-12883:Buffer over-read in regular expression parser

For certain types of syntax error in a regular expression pattern, the
error message could either contain the contents of a random, possibly
large, chunk of memory, or could crash perl.This has now been fixed.

See also :

https://metacpan.org/changes/release/SHAY/perl-5.24.3
https://metacpan.org/changes/release/SHAY/perl-5.26.1
http://www.nessus.org/u?cfaa9e60

Solution :

Update the affected packages.

Risk factor :

High

This script is Copyright (C) 2017 Tenable Network Security, Inc.

FreeBSD :chromium -- multiple vulnerabilities (917e5519-9fdd-11e7-8b58-e8e0b747a45a)


Synopsis:

The remote FreeBSD host is missing a security-related update.

Description:

Google Chrome releases reports :

3 security fixes in this release, including :

- [765433] High CVE-2017-5121:Out-of-bounds access in V8.Reported by
Jordan Rabet, Microsoft Offensive Security Research and Microsoft
ChakraCore team on 2017-09-14

- [752423] High CVE-2017-5122:Out-of-bounds access in V8.Reported by
Choongwoo Han of Naver Corporation on 2017-08-04

- [767508] Various fixes from internal audits, fuzzing and other
initiatives

See also :

http://www.nessus.org/u?39b75732
http://www.nessus.org/u?0f5027c4

Solution :

Update the affected package.

Risk factor :

High

This script is Copyright (C) 2017 Tenable Network Security, Inc.

Fedora 26 :gnome-shell (2017-ebc4d197b2)


Synopsis:

The remote Fedora host is missing a security update.

Description:

Fix crash on fast status icon remapping

Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as
possible without introducing additional issues.

See also :

https://bodhi.fedoraproject.org/updates/FEDORA-2017-ebc4d197b2

Solution :

Update the affected gnome-shell package.

Risk factor :

High

This script is Copyright (C) 2017 Tenable Network Security, Inc.

Fedora 26 :python-jwt (2017-b9f07dfaca)


Synopsis:

The remote Fedora host is missing a security update.

Description:

Upgrade to 1.5.3 and also note that 1.5.1 fixed CVE-2017-11424.

Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as
possible without introducing additional issues.

See also :

https://bodhi.fedoraproject.org/updates/FEDORA-2017-b9f07dfaca

Solution :

Update the affected python-jwt package.

Risk factor :

Medium / CVSS Base Score :5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)

This script is Copyright (C) 2017 Tenable Network Security, Inc.

Fedora 26 :httpd (2017-a52f252521) (Optionsbleed)


Synopsis:

The remote Fedora host is missing a security update.

Description:

This is a release fixing a security fix applied upstream, known as
'optionsbleed' in popular parlance.

It is relevant for hosted and co-located instances of Fedora (and why
wouldn't you?).

Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as
possible without introducing additional issues.

See also :

https://bodhi.fedoraproject.org/updates/FEDORA-2017-a52f252521

Solution :

Update the affected httpd package.

Risk factor :

High

This script is Copyright (C) 2017 Tenable Network Security, Inc.

Fedora 26 :libmspack (2017-982bfabc4e)


Synopsis:

The remote Fedora host is missing a security update.

Description:

Security fix for CVE-2017-6419 and CVE-2017-11423

Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as
possible without introducing additional issues.

See also :

https://bodhi.fedoraproject.org/updates/FEDORA-2017-982bfabc4e

Solution :

Update the affected libmspack package.

Risk factor :

Medium / CVSS Base Score :6.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)

This script is Copyright (C) 2017 Tenable Network Security, Inc.

Fedora 26 :LibRaw (2017-90500f87f3)


Synopsis:

The remote Fedora host is missing a security update.

Description:

Fix for possible buffer overrun in kodak_65000 decoder Fix for
possible heap overrun in Canon makernotes parser Fix for
CVE-2017-13735 CVE-2017-14265:Additional check for X-Trans CFA
pattern data

----

Patch for CVE-2017-14348

Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as
possible without introducing additional issues.

See also :

https://bodhi.fedoraproject.org/updates/FEDORA-2017-90500f87f3

Solution :

Update the affected LibRaw package.

Risk factor :

High / CVSS Base Score :7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)

This script is Copyright (C) 2017 Tenable Network Security, Inc.

Fedora 26 :drupal7-views (2017-63f99b3977)


Synopsis:

The remote Fedora host is missing a security update.

Description:

-
[7.x-3.18](https://www.drupal.org/project/views/releases
/7.x-3.18)

-
[7.x-3.17](https://www.drupal.org/project/views/releases
/7.x-3.17)

- [Moderately Critical - Access Bypass -
DRUPAL-SA-CONTRIB-2017-068](https://www.drupal.org/node/
2902604)

Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as
possible without introducing additional issues.

See also :

https://bodhi.fedoraproject.org/updates/FEDORA-2017-63f99b3977
https://www.drupal.org/node/2902604

Solution :

Update the affected drupal7-views package.

Risk factor :

High

This script is Copyright (C) 2017 Tenable Network Security, Inc.

Fedora 26 :2:samba (2017-5a0a31c04e)


Synopsis:

The remote Fedora host is missing a security update.

Description:

Security fix for CVE-2017-12150 CVE-2017-12151 CVE-2017-12163

Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as
possible without introducing additional issues.

See also :

https://bodhi.fedoraproject.org/updates/FEDORA-2017-5a0a31c04e

Solution :

Update the affected 2:samba package.

Risk factor :

High

This script is Copyright (C) 2017 Tenable Network Security, Inc.

Fedora 26 :pkgconf (2017-11afc3cde9)


Synopsis:

The remote Fedora host is missing a security update.

Description:

# Security fixes

- fix crash in edge case where a .pc file has misquoting
in a fragment list.

# Other bug fixes :

- fix logic edge case when comparing relocated paths

Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as
possible without introducing additional issues.

See also :

https://bodhi.fedoraproject.org/updates/FEDORA-2017-11afc3cde9

Solution :

Update the affected pkgconf package.

Risk factor :

High

This script is Copyright (C) 2017 Tenable Network Security, Inc.

Debian DSA-3983-1 :samba - security update


Synopsis:

The remote Debian host is missing a security-related update.

Description:

Multiple security issues have been discoverd in Samba, a SMB/CIFS
file, print, and login server for Unix :

- CVE-2017-12150
Stefan Metzmacher discovered multiple code paths where
SMB signing was not enforced.

- CVE-2017-12151
Stefan Metzmacher discovered that tools using
libsmbclient did not enforce encryption when following
DFS redirects, which could allow a man-in-the-middle
attacker to read or modify connections which were meant
to be encrypted.

- CVE-2017-12163
Yihan Lian and Zhibin Hu discovered that insufficient
range checks in the processing of SMB1 write requests
could result in disclosure of server memory.

See also :

https://security-tracker.debian.org/tracker/CVE-2017-12150
https://security-tracker.debian.org/tracker/CVE-2017-12151
https://security-tracker.debian.org/tracker/CVE-2017-12163
https://packages.debian.org/source/jessie/samba
https://packages.debian.org/source/stretch/samba
http://www.debian.org/security/2017/dsa-3983

Solution :

Upgrade the samba packages.

For the oldstable distribution (jessie), these problems have been
fixed in version 2:4.2.14+dfsg-0+deb8u8.

For the stable distribution (stretch), these problems have been fixed
in version 2:4.5.8+dfsg-2+deb9u2.

Risk factor :

High

This script is Copyright (C) 2017 Tenable Network Security, Inc.

Debian DLA-1109-1 :libraw security update


Synopsis:

The remote Debian host is missing a security update.

Description:

CVE-2017-14608 An out of bounds read flaw related to
kodak_65000_load_raw has been reported in dcraw/dcraw.c and
internal/dcraw_common.cpp.An attacker could possibly exploit this
flaw to disclose potentially sensitive memory or cause an application
crash.

For Debian 7 'Wheezy', these problems have been fixed in version
0.14.6-2+deb7u3.

We recommend that you upgrade your libraw packages.

NOTE:Tenable Network Security has extracted the preceding description
block directly from the DLA security advisory.Tenable has attempted
to automatically clean and format it as much as possible without
introducing additional issues.

See also :

https://lists.debian.org/debian-lts-announce/2017/09/msg00026.html
https://packages.debian.org/source/wheezy/libraw

Solution :

Upgrade the affected packages.

Risk factor :

High / CVSS Base Score :7.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:C)
CVSS Temporal Score :6.1
(CVSS2#E:POC/RL:OF/RC:ND)
Public Exploit Available :true

This script is Copyright (C) 2017 Tenable Network Security, Inc.

Debian DLA-1108-1 :tomcat7 security update


Synopsis:

The remote Debian host is missing a security update.

Description:

The Tomcat security team discovered that when using a
VirtualDirContext it was possible to bypass security constraints
and/or view the source code of JSPs for resources served by the
VirtualDirContext using a specially crafted request.

For Debian 7 'Wheezy', these problems have been fixed in version
7.0.28-4+deb7u15.

We recommend that you upgrade your tomcat7 packages.

NOTE:Tenable Network Security has extracted the preceding description
block directly from the DLA security advisory.Tenable has attempted
to automatically clean and format it as much as possible without
introducing additional issues.

See also :

https://lists.debian.org/debian-lts-announce/2017/09/msg00025.html
https://packages.debian.org/source/wheezy/tomcat7

Solution :

Upgrade the affected packages.

Risk factor :

Medium / CVSS Base Score :5.0
(CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)
CVSS Temporal Score :4.1
(CVSS2#E:F/RL:OF/RC:ND)
Public Exploit Available :true

This script is Copyright (C) 2017 Tenable Network Security, Inc.

Debian DLA-1107-1 :bzr security update


Synopsis:

The remote Debian host is missing a security update.

Description:

CVE-2013-2099

Bazaar bundles SSL certificate checking code from Python, which had a
bug that could cause a denial of service via resource consumption
through multiple wildcards in certificate hostnames.

CVE-2017-14176

Adam Collard found that host names in 'bzr+ssh' URLs were not parsed
correctly by Bazaar, allowing remote attackers to run arbitrary code
by tricking a user into a maliciously crafted URL.

For Debian 7 'Wheezy', these problems have been fixed in version
2.6.0~bzr6526-1+deb7u1.

We recommend that you upgrade your bzr packages.

NOTE:Tenable Network Security has extracted the preceding description
block directly from the DLA security advisory.Tenable has attempted
to automatically clean and format it as much as possible without
introducing additional issues.

See also :

https://lists.debian.org/debian-lts-announce/2017/09/msg00024.html
https://packages.debian.org/source/wheezy/bzr

Solution :

Upgrade the affected packages.

Risk factor :

Medium / CVSS Base Score :4.3
(CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P)
CVSS Temporal Score :4.1
(CVSS2#E:F/RL:U/RC:ND)
Public Exploit Available :true

This script is Copyright (C) 2017 Tenable Network Security, Inc.

Debian DLA-1106-1 :libgd2 security update


Synopsis:

The remote Debian host is missing a security update.

Description:

A double-free vulnerability was discovered in the gdImagePngPtr()
function in libgd2, a library for programmatic graphics creation and
manipulation, which may result in denial of service or potentially the
execution of arbitrary code if a specially crafted file is processed.

For Debian 7 'Wheezy', these problems have been fixed in version
2.0.36~rc1~dfsg-6.1+deb7u10.

We recommend that you upgrade your libgd2 packages.

NOTE:Tenable Network Security has extracted the preceding description
block directly from the DLA security advisory.Tenable has attempted
to automatically clean and format it as much as possible without
introducing additional issues.

See also :

https://lists.debian.org/debian-lts-announce/2017/09/msg00022.html
https://packages.debian.org/source/wheezy/libgd2

Solution :

Upgrade the affected packages.

Risk factor :

Medium / CVSS Base Score :5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVSS Temporal Score :3.9
(CVSS2#E:POC/RL:OF/RC:ND)
Public Exploit Available :true

This script is Copyright (C) 2017 Tenable Network Security, Inc.

Debian DLA-1105-1 :clamav security update


Synopsis:

The remote Debian host is missing a security update.

Description:

clamav is vulnerable to multiple issues that can lead to denial of
service when processing untrusted content.

CVE-2017-6418

out-of-bounds read in libclamav/message.c, allowing remote attackers
to cause a denial of service via a crafted e-mail message.

CVE-2017-6420

use-after-free in the wwunpack function (libclamav/wwunpack.c),
allowing remote attackers to cause a denial of service via a crafted
PE file with WWPack compression.

For Debian 7 'Wheezy', these problems have been fixed in version
0.99.2+dfsg-0+deb7u3.

We recommend that you upgrade your clamav packages.

NOTE:Tenable Network Security has extracted the preceding description
block directly from the DLA security advisory.Tenable has attempted
to automatically clean and format it as much as possible without
introducing additional issues.

See also :

https://lists.debian.org/debian-lts-announce/2017/09/msg00023.html
https://packages.debian.org/source/wheezy/clamav

Solution :

Upgrade the affected packages.

Risk factor :

Medium / CVSS Base Score :4.3
(CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P)
CVSS Temporal Score :3.2
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available :false

This script is Copyright (C) 2017 Tenable Network Security, Inc.

Virtuozzo 7 :readykernel-patch (VZA-2017-083)


Synopsis:

The remote Virtuozzo host is missing a security update.

Description:

According to the version of the vzkernel package and the
readykernel-patch installed, the Virtuozzo installation on the remote
host is affected by the following vulnerabilities :

- ChunYu Wang from Red Hat found a netlink use-after-free
issue by syzkaller.Access to already freed memory
(groups in struct netlink_sock) could cause host crash
or memory corruption.

- An unprivileged user inside a container could cause a
denial of service (kernel crash in user_read()
function) using a specially crafted sequence of system
calls.

- The iscsi_if_rx function in
drivers/scsi/scsi_transport_iscsi.c in the Linux kernel
through 4.13.2 allows local users to cause a denial of
service (panic) by leveraging incorrect length
validation.

Note that Tenable Network Security has extracted the preceding
description block directly from the Virtuozzo security advisory.
Tenable has attempted to automatically clean and format it as much as
possible without introducing additional issues.

See also :

https://help.virtuozzo.com/customer/portal/articles/2878783
http://www.nessus.org/u?108c3980
http://www.nessus.org/u?3feb80ce
http://www.nessus.org/u?22e57864
http://www.nessus.org/u?4ac0fd0e
http://www.nessus.org/u?c85a3bea

Solution :

Update the readykernel patch.

Risk factor :

Medium / CVSS Base Score :4.9
(CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:C)
CVSS Temporal Score :4.2
(CVSS2#E:U/RL:ND/RC:C)
Public Exploit Available :false

This script is Copyright (C) 2017 Tenable Network Security, Inc.

Virtuozzo 7 :readykernel-patch (VZA-2017-082)


Synopsis:

The remote Virtuozzo host is missing a security update.

Description:

According to the version of the vzkernel package and the
readykernel-patch installed, the Virtuozzo installation on the remote
host is affected by the following vulnerabilities :

- An unprivileged user inside a container could cause a
denial of service (kernel crash in user_read()
function) using a specially crafted sequence of system
calls.

- The iscsi_if_rx function in
drivers/scsi/scsi_transport_iscsi.c in the Linux kernel
through 4.13.2 allows local users to cause a denial of
service (panic) by leveraging incorrect length
validation.

Note that Tenable Network Security has extracted the preceding
description block directly from the Virtuozzo security advisory.
Tenable has attempted to automatically clean and format it as much as
possible without introducing additional issues.

See also :

https://help.virtuozzo.com/customer/portal/articles/2878782
http://www.nessus.org/u?a144d02b

Solution :

Update the readykernel patch.

Risk factor :

Medium / CVSS Base Score :4.9
(CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:C)
CVSS Temporal Score :4.2
(CVSS2#E:U/RL:ND/RC:C)
Public Exploit Available :false

This script is Copyright (C) 2017 Tenable Network Security, Inc.

Slackware 14.0 / 14.1 / 14.2 / current :python (SSA:2017-266-02)


Synopsis:

The remote Slackware host is missing a security update.

Description:

New python packages are available for Slackware 14.0, 14.1, 14.2, and
-current to fix a security issue.

See also :

http://www.nessus.org/u?9e0c1fdd

Solution :

Update the affected python package.

Risk factor :

High / CVSS Base Score :7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)

This script is Copyright (C) 2017 Tenable Network Security, Inc.

Slackware 14.0 / 14.1 / 14.2 / current :libxml2 (SSA:2017-266-01)


Synopsis:

The remote Slackware host is missing a security update.

Description:

New libxml2 packages are available for Slackware 14.0, 14.1, 14.2,
and -current to fix security issues.

See also :

http://www.nessus.org/u?b7f043ed

Solution :

Update the affected libxml2 package.

Risk factor :

High

This script is Copyright (C) 2017 Tenable Network Security, Inc.

Google Chrome < 61.0.3163.100 Multiple Vulnerabilities (macOS)


Synopsis:

A web browser installed on the remote macOS or Mac OS X host is
affected by multiple vulnerabilities.

Description:

The version of Google Chrome installed on the remote macOS or Mac OS X
host is prior to 61.0.3163.100.It is, therefore, affected by two out-of-
bounds access flaws related to the V8 JavaScript engine that have
unspecified impact.

Note that Nessus has not attempted to exploit these issues but has
instead relied only on the application's self-reported version number.

See also :

http://www.nessus.org/u?39b75732

Solution :

Upgrade to Google Chrome version 61.0.3163.100 or later.

Risk factor :

High / CVSS Base Score :9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score :6.9
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available :false

This script is Copyright (C) 2017 Tenable Network Security, Inc.

Google Chrome < 61.0.3163.100 Multiple Vulnerabilities


Synopsis:

A web browser installed on the remote Windows host is affected by
multiple vulnerabilities.

Description:

The version of Google Chrome installed on the remote Windows host is
prior to 61.0.3163.100.It is, therefore, affected by two out-of-
bounds access flaws related to the V8 JavaScript engine that have
unspecified impact.

Note that Nessus has not attempted to exploit these issues but has
instead relied only on the application's self-reported version number.

See also :

http://www.nessus.org/u?39b75732

Solution :

Upgrade to Google Chrome version 61.0.3163.100 or later.

Risk factor :

High / CVSS Base Score :9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score :6.9
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available :false

This script is Copyright (C) 2017 Tenable Network Security, Inc.

Apple iOS < 11 Multiple Vulnerabilities


Synopsis:

The version of Apple iOS running on the mobile device is affected by
multiple vulnerabilities.

Description:

The version of Apple iOS running on the mobile device is prior to
11.It is, therefore, affected by multiple vulnerabilities :

- A flaw exists in Exchange ActiveSync which is triggered
by improperly validated input in AutoDiscover V1.An
attacker may be able to perform a man-in-the-middle
attack to erase a device while setting up an exchange
account.(CVE-2017-7088)

- A flaw exists in iBooks due to the handling of specially
crafted iBooks files.An attacker may use this
vulnerability to cause a persistent denial of service.
(CVE-2017-7072)

- Flaws exist in Mail MessageUI and Messages which are
triggered when handling a specially crafted image
file.An attacker may be able to corrupt memory or cause
a denial of service.(CVE-2017-7097, CVE-2017-7118)

- A flaw exists in MobileBackup which could allow an
unencrypted backup to be performed despite a requirement
for encrypted backups.(CVE-2017-7133)

- Flaws exist that may allow an attacker to spoof an
address bar by using a specially crafted website.
(CVE-2017-7085, CVE-2017-7106)

- A flaw that may allow universal cross-site scripting
attack exists in WebKit.An attacker could use this
vulnerability to execute script code in a user's browser
session with a trust relationship of any website.
(CVE-2017-7089)

- Multiple flaws exist within the Wi-Fi functionality of
iOS products.An attacker could use these flaws to cause
a denial of service or execute arbitrary code.In one
case arbitrary code may be executed with kernel
permissions.(CVE-2017-7103, CVE-2017-7105,
CVE-2017-7108, CVE-2017-7110, CVE-2017-7112,
CVE-2017-7115, CVE-2017-7116)

See also :

https://support.apple.com/en-us/HT208112
http://www.nessus.org/u?d780c106

Solution :

Upgrade to Apple iOS version 11.0 or later.

Risk factor :

High / CVSS Base Score :7.2
(CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)

This script is Copyright (C) 2017 Tenable Network Security, Inc.

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now