Newest Plugins

Adobe Reader < 11.0.23 / 2015.006.30392 / 2017.011.30068 / 2018.009.20044 Multiple Vulnerabilities (APSB17-36) (macOS)


Synopsis:

The version of Adobe Reader installed on the remote host is affected
by multiple vulnerabilities.

Description:

The version of Adobe Reader installed on the remote macOS or Mac OS X
host is a version prior to 11.0.23, 2015.006.30392, 2017.011.30068,
or 2018.009.20044.It is, therefore, affected by multiple
vulnerabilities.

Note that Nessus has not tested for these issues but has instead
relied only on the application's self-reported version number.

See also :

https://helpx.adobe.com/security/products/acrobat/apsb17-36.html

Solution :

Upgrade to Adobe Reader 11.0.23 / 2015.006.30392 / 2017.011.30068
/ 2018.009.20044 or later.

Risk factor :

High / CVSS Base Score :9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)

This script is Copyright (C) 2017 Tenable Network Security, Inc.

Adobe Acrobat < 11.0.23 / 2015.006.30392 / 2017.011.30068 / 2018.009.20044 Multiple Vulnerabilities (APSB17-36) (macOS)


Synopsis:

The version of Adobe Acrobat installed on the remote host is affected
by multiple vulnerabilities.

Description:

The version of Adobe Acrobat installed on the remote macOS or Mac OS X
host is a version prior to 11.0.23, 2015.006.30392, 2017.011.30068,
or 2018.009.20044.It is, therefore, affected by multiple
vulnerabilities.

Note that Nessus has not tested for these issues but has instead
relied only on the application's self-reported version number.

See also :

https://helpx.adobe.com/security/products/acrobat/apsb17-36.html

Solution :

Upgrade to Adobe Acrobat 11.0.23 / 2015.006.30392 / 2017.011.30068
/ 2018.009.20044 or later.

Risk factor :

High / CVSS Base Score :9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)

This script is Copyright (C) 2017 Tenable Network Security, Inc.

Check Point Gaia Operating System Detection


Synopsis:

It is possible to obtain the operating system version number of the
remote device.

Description:

The remote host is a Check Point Gaia OS device.Gaia OS is an
operating system for network devices developed by Check Point.

It is possible to read the OS version number by logging into the
device via SSH.

See also :

https://sc1.checkpoint.com/documents/R76/CP_R76_Gaia_WebAdmin/73102.htm

Solution :

n/a

Risk factor :

None

This script is Copyright (C) 2017 Tenable Network Security, Inc.

Check Point Gaia Operating System DoS (sk115596)


Synopsis:

The remote host is missing a vendor-supplied security patch.

Description:

The remote host is running a version of Gaia Operating System
that is affected by a potential denial of service vulnerability.

See also :

http://www.nessus.org/u?1e12d991

Solution :

Apply the relevant patch referenced in the vendor advisory.

Risk factor :

Medium / CVSS Base Score :5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)

This script is Copyright (C) 2017 Tenable Network Security, Inc.

Microsoft .NET Core for Windows


Synopsis:

.NET Core runtime is installed on the remote Windows host.

Description:

.NET Core, a managed software framework, is installed on the remote
Windows host.

See also :

https://dotnet.github.io/

Solution :

n/a

Risk factor :

None

This script is Copyright (C) 2017 Tenable Network Security, Inc.

Microsoft ASP .NET Core for Windows


Synopsis:

ASP .NET Core runtime packages are installed on the remote
Windows host.

Description:

ASP .NET Core runtime, web application server side components,
are installed on the remote Windows host.

See also :

https://github.com/aspnet/Home

Solution :

n/a

Risk factor :

None

This script is Copyright (C) 2017 Tenable Network Security, Inc.

Microsoft .NET Core Installed (macOS)


Synopsis:

.NET Core runtime is installed on the remote macOS or Mac OS X
host.

Description:

.NET Core, a managed software framework, is installed on the remote
macOS or Mac OS X host.

See also :

https://dotnet.github.io/

Solution :

n/a

Risk factor :

None

This script is Copyright (C) 2017 Tenable Network Security, Inc.

Security Update ASP .NET Core 2017年9月


Synopsis:

The remote Windows host is affected by an ASP.NET Core runtime
vulnerability.

Description:

The remote Windows host has an installation of ASP.NET Core
runtime package store with a version less than 2.0.12219.0.
Therefore the host is affected by multiple vulnerabilities :

- An open redirect vulnerability
that can lead to an escalation of privilege.
(CVE-2017-11879)

- A flaw that is triggered as web requests are not properly
handled.This may allow a context-dependent attacker to cause
a denial of service.
(CVE-2017-11883)

See also :

https://github.com/aspnet/announcements/issues/278
https://github.com/aspnet/announcements/issues/277
http://www.nessus.org/u?76216cca
http://www.nessus.org/u?c82bcb0e

Solution :

Download and update ASP .NET Core 2.0.3 runtime packages.

Risk factor :

Medium / CVSS Base Score :6.9
(CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C)

This script is Copyright (C) 2017 Tenable Network Security, Inc.

Security Update for .NET Core (2017年11月) (macOS)


Synopsis:

An application installed on the remote macOS or Mac OS X host is
affected by a denial of service vulnerability.

Description:

The Microsoft .NET Core runtime installed on the remote macOS
or Mac OS X host is missing a security update.It is, therefore,
affected by a flaw due to a malformed certificate or other ASN.1
formatted data could lead to a denial of service via an infinite loop.
(CVE-2017-11770)

See also :

https://github.com/dotnet/announcements/issues/44
http://www.nessus.org/u?8087a4bb

Solution :

Upgrade to .NET core version 2.0.3 or later.

Risk factor :

Medium / CVSS Base Score :5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)

This script is Copyright (C) 2017 Tenable Network Security, Inc.

Cisco Unity Connection Voice Operating System-Based Products Unauthorized Access Vulnerability


Synopsis:

The remote device is missing a vendor-supplied security patch.

Description:

According to its self-reported version, the Cisco Unity Connection
is affected by one or more vulnerabilities.Please see the included
Cisco BIDs and the Cisco Security Advisory for more information.

See also :

http://www.nessus.org/u?3e2c1cc2
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvg55128

Solution :

Upgrade to the relevant fixed version referenced in Cisco bug ID(s)
CSCvg55128.

Risk factor :

Critical / CVSS Base Score :10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

This script is Copyright (C) 2017 Tenable Network Security, Inc.

Cisco Unity Presence Voice Operating System-Based Products Unauthorized Access Vulnerability


Synopsis:

The remote device is missing a vendor-supplied security patch.

Description:

According to its self-reported version, the Cisco Unity Presence
is affected by one or more vulnerabilities.Please see the included
Cisco BIDs and the Cisco Security Advisory for more information.

See also :

http://www.nessus.org/u?3e2c1cc2
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvg22923

Solution :

Upgrade to the relevant fixed version referenced in Cisco bug ID(s)
CSCvg22923.

Risk factor :

Critical / CVSS Base Score :10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

This script is Copyright (C) 2017 Tenable Network Security, Inc.

Cisco CUCM Voice Operating System-Based Products Unauthorized Access Vulnerability


Synopsis:

The remote device is missing a vendor-supplied security patch.

Description:

According to its self-reported version, the Cisco Unified
Communications Manager is affected by one or more vulnerabilities.
Please see the included Cisco BIDs and the Cisco Security Advisory
for more information.

See also :

http://www.nessus.org/u?3e2c1cc2
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvg22923

Solution :

Upgrade to the relevant fixed version referenced in Cisco bug ID(s)
CSCvg22923.

Risk factor :

Critical / CVSS Base Score :10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

This script is Copyright (C) 2017 Tenable Network Security, Inc.

Vanilla Forums Detection


Synopsis:

The remote web server hosts Vanilla Forums.

Description:

The remote web server hosts Vanilla Forums.

See also :

https://vanillaforums.com

Solution :

n/a

Risk factor :

None

This script is Copyright (C) 2017 Tenable Network Security, Inc.

Vanilla Forums Header Injection Remote Code Execution


Synopsis:

Vanilla Forums contains a flaw that may allow a remote attacker to
obtain sensitive information via password reset request.

Description:

The from method in library/core/class.email.php in Vanilla Forums
before 2.3.1 allows remote attackers to spoof the email domain in sent
messages and potentially obtain sensitive information via a crafted
HTTP Host header, as demonstrated by a password reset request.

See also :

http://www.nessus.org/u?fcce1c82
http://www.nessus.org/u?879a187f

Solution :

Upgrade to Vanilla 2.3.1 or later.

Risk factor :

Medium / CVSS Base Score :5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)

This script is Copyright (C) 2017 Tenable Network Security, Inc.

Asterisk 13.x < 13.18.1 / 14.x < 14.7.1 / 15.x < 15.1.1 / 13.13 < 13.13-cert7 Multiple Vulnerabilities (AST-2017-009 - AST-2017-011)


Synopsis:

A telephony application running on the remote host is affected by
multiple vulnerabilities.

Description:

According to its SIP banner, the version of Asterisk running on the
remote host is 13.x prior to 13.18.1, 14.x prior to 14.7.1, 15.x prior
to 15.1.1, or 13.13 prior to 13.13-cert7.It is therefore, affected by
multiple vulnerabilities as described in AST-2017-009, AST-2017-010,
and AST-2017-011.

Also note that Nessus has not tested for these issues but has instead
relied only on the application's self-reported version number.

See also :

http://downloads.asterisk.org/pub/security/AST-2017-009.html
http://downloads.asterisk.org/pub/security/AST-2017-010.html
http://downloads.asterisk.org/pub/security/AST-2017-011.html

Solution :

Upgrade to Asterisk version 13.18.1 / 14.7.1 / 15.1.1 / 13.13-cert7 or later.

Risk factor :

High / CVSS Base Score :9.0
(CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C)

This script is Copyright (C) 2017 Tenable Network Security, Inc.

Fortinet FortiOS 5.2.x < 5.2.23 / 5.4.x < 5.4.6 / 5.6.x < 5.6.1 Web Proxy Disclaimer Response Page Reflected XSS (FG-IR-17-168)


Synopsis:

The remote host is affected by a cross-site scripting vulnerability.

Description:

The version of Fortinet FortiOS running on the remote device is 5.2.x
prior to 5.2.12, 5.4.x prior to 5.4.6, or 5.6.x prior to 5.6.1.It is,
therefore, affected by a flaw in the web proxy disclaimer response
page input validation that allows a reflected cross-site scripting
(XSS) attack.

See also :

http://www.fortiguard.com/psirt/FG-IR-17-168

Solution :

Upgrade to Fortinet FortiOS version 5.2.12 / 5.4.6 / 5.6.1 or later.

Risk factor :

Medium / CVSS Base Score :4.3
(CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N)

This script is Copyright (C) 2017 Tenable Network Security, Inc.

Fortinet FortiOS < 5.2 / 5.4.x < 5.4.6 / 5.6.x < 5.6.1 SSL / TLS Renegotiation Handshakes MitM Plaintext Data Injection (FG-IR-17-137)


Synopsis:

The remote host is affected by a MITM vulnerability.

Description:

The version of Fortinet FortiOS running on the remote device is 5.2.x
or prior, 5.4.x prior to 5.4.6, or 5.6.x prior to 5.6.1.It is,
therefore, affected by a MITM vulnerability in SSL Deep-Inspection due
to insecure TLS renegotiation.

See also :

http://www.fortiguard.com/psirt/FG-IR-17-137

Solution :

Upgrade to Fortinet FortiOS version 5.4.6 / 5.6.1 or later.

Risk factor :

Medium / CVSS Base Score :4.0
(CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:N)

This script is Copyright (C) 2017 Tenable Network Security, Inc.

Zabbix 3.0.x < 3.0.13 / 3.2.x < 3.2.10 / 3.4.x < 3.4.4 Multiple Vulnerabilities


Synopsis:

A web application running on the remote host is affected by multiple
vulnerabilities.

Description:

According to its self-reported version number, the instance of Zabbix
running on the remote host is 3.0.x prior to 3.0.13, 3.2.x prior to
3.2.10, or 3.4.x prior to 3.4.4.It is, therefore, affected by
multiple unspecified vulnerabilities.

Note that Nessus has not tested for these issues but has instead
relied only on the application's self-reported version number.

See also :

https://www.zabbix.com/rn3.0.13
https://www.zabbix.com/rn3.2.10
https://www.zabbix.com/rn3.4.4

Solution :

Upgrade to Zabbix version 3.0.13 / 3.2.10 / 3.4.4 or later.

Risk factor :

High / CVSS Base Score :7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)

This script is Copyright (C) 2017 Tenable Network Security, Inc.

VMware vCenter Server 5.5.x < 5.5u3f / 6.0.x < 6.0u3c / 6.5.x < 6.5u1 Multiple Vulnerabilities (VMSA-2017-0017)


Synopsis:

A virtualization management application installed on the remote host
is affected by multiple vulnerabilities.

Description:

The version of VMware vCenter Server installed on the remote host is
5.5.x prior to 5.5u3f, 6.0.x prior to 6.0u3c, or 6.5.x prior to 6.5u1.It is,
therefore, affected by multiple vulnerabilities.See advisory for details.

See also :

https://www.vmware.com/security/advisories/VMSA-2017-0017.html

Solution :

Upgrade to VMware vCenter Server version 5.5.u3f (5.5.0 build-6520252)
/ 6.0u3c (6.0.0 build-5112506) / 6.5u1 (6.5.0 build-5973321) or later.

Risk factor :

High / CVSS Base Score :7.8
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C)

This script is Copyright (C) 2017 Tenable Network Security, Inc.

Ubuntu 16.04 LTS / 17.04 / 17.10 :webkit2gtk vulnerabilities (USN-3481-1)


Synopsis:

The remote Ubuntu host is missing one or more security-related
patches.

Description:

A large number of security issues were discovered in the WebKitGTK+
Web and JavaScript engines.If a user were tricked into viewing a
malicious website, a remote attacker could exploit a variety of issues
related to web browser security, including cross-site scripting
attacks, denial of service attacks, and arbitrary code execution.

Note that Tenable Network Security has extracted the preceding
description block directly from the Ubuntu security advisory.Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.

Solution :

Update the affected libjavascriptcoregtk-4.0-18 and / or
libwebkit2gtk-4.0-37 packages.

Risk factor :

High

This script is Copyright (C) 2017 Tenable Network Security, Inc.

Ubuntu 14.04 LTS / 16.04 LTS / 17.04 / 17.10 :firefox vulnerabilities (USN-3477-1)


Synopsis:

The remote Ubuntu host is missing a security-related patch.

Description:

Multiple security issues were discovered in Firefox.If a user were
tricked in to opening a specially crafted website, an attacker could
potentially exploit these to cause a denial of service, read
uninitialized memory, obtain sensitive information, bypass same-origin
restrictions, bypass CSP protections, bypass mixed content blocking,
spoof the addressbar, or execute arbitrary code.(CVE-2017-7826,
CVE-2017-7827, CVE-2017-7828, CVE-2017-7830, CVE-2017-7831,
CVE-2017-7832, CVE-2017-7833, CVE-2017-7834, CVE-2017-7835,
CVE-2017-7837, CVE-2017-7838, CVE-2017-7842)

It was discovered that javascript:URLs pasted in to the addressbar
would be executed instead of being blocked in some circumstances.If a
user were tricked in to copying a specially crafted URL in to the
addressbar, an attacker could potentially exploit this to conduct
cross-site scripting (XSS) attacks.(CVE-2017-7839)

It was discovered that exported bookmarks do not strip script elements
from user-supplied tags.If a user were tricked in to adding specially
crafted tags to bookmarks, exporting them and then opening the
resulting HTML file, an attacker could potentially exploit this to
conduct cross-site scripting (XSS) attacks.(CVE-2017-7840).

Note that Tenable Network Security has extracted the preceding
description block directly from the Ubuntu security advisory.Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.

Solution :

Update the affected firefox package.

Risk factor :

High

This script is Copyright (C) 2017 Tenable Network Security, Inc.

SUSE SLES11 Security Update :xorg-x11-server (SUSE-SU-2017:3025-1)


Synopsis:

The remote SUSE host is missing one or more security updates.

Description:

This update for xorg-x11-server provides several fixes.These security
issues were fixed :

- CVE-2017-13723:Prevent local DoS via unusual characters
in XkbAtomText and XkbStringText (bsc#1051150).

- Improve the entropy when generating random data used in
X.org server authorization cookies generation by using
getentropy() and getrandom() when available
(bsc#1025084)

-
CVE-2017-12184,CVE-2017-12185,CVE-2017-12186,CVE-2017-12
187:Fixed unvalidated lengths in multiple extensions
(bsc#1063034)

- CVE-2017-12183:Fixed some unvalidated lengths in the
XFIXES extension. (bsc#1063035)

- CVE-2017-12180,CVE-2017-12181,CVE-2017-12182:Fixed
various unvalidated lengths in the
XFree86-VidMode/XFree86-DGA/XFree86-DRI extensions
(bsc#1063037)

- CVE-2017-12179:Fixed an integer overflow and
unvalidated length in (S)ProcXIBarrierReleasePointer in
Xi (bsc#1063038)

- CVE-2017-12178:Fixed a wrong extra length check in
ProcXIChangeHierarchy in Xi (bsc#1063039)

- CVE-2017-12177:Fixed an unvalidated variable-length
request in ProcDbeGetVisualInfo (bsc#1063040)

- CVE-2017-12176:Fixed an unvalidated extra length in
ProcEstablishConnection (bsc#1063041)

Note that Tenable Network Security has extracted the preceding
description block directly from the SUSE security advisory.Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.

See also :

https://bugzilla.suse.com/1025084
https://bugzilla.suse.com/1051150
https://bugzilla.suse.com/1063034
https://bugzilla.suse.com/1063035
https://bugzilla.suse.com/1063037
https://bugzilla.suse.com/1063038
https://bugzilla.suse.com/1063039
https://bugzilla.suse.com/1063040
https://bugzilla.suse.com/1063041
https://www.suse.com/security/cve/CVE-2017-12176.html
https://www.suse.com/security/cve/CVE-2017-12177.html
https://www.suse.com/security/cve/CVE-2017-12178.html
https://www.suse.com/security/cve/CVE-2017-12179.html
https://www.suse.com/security/cve/CVE-2017-12180.html
https://www.suse.com/security/cve/CVE-2017-12181.html
https://www.suse.com/security/cve/CVE-2017-12182.html
https://www.suse.com/security/cve/CVE-2017-12183.html
https://www.suse.com/security/cve/CVE-2017-12184.html
https://www.suse.com/security/cve/CVE-2017-12185.html
https://www.suse.com/security/cve/CVE-2017-12186.html
https://www.suse.com/security/cve/CVE-2017-12187.html
https://www.suse.com/security/cve/CVE-2017-13723.html
http://www.nessus.org/u?a21d43a8

Solution :

To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product :

SUSE Linux Enterprise Software Development Kit 11-SP4:zypper in -t
patch sdksp4-xorg-x11-server-13345=1

SUSE Linux Enterprise Server 11-SP4:zypper in -t patch
slessp4-xorg-x11-server-13345=1

SUSE Linux Enterprise Debuginfo 11-SP4:zypper in -t patch
dbgsp4-xorg-x11-server-13345=1

To bring your system up-to-date, use 'zypper patch'.

Risk factor :

Medium / CVSS Base Score :4.6
(CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P)
CVSS Temporal Score :3.4
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available :false

This script is Copyright (C) 2017 Tenable Network Security, Inc.

SUSE SLED12 / SLES12 Security Update :wget (SUSE-SU-2017:2871-2)


Synopsis:

The remote SUSE host is missing one or more security updates.

Description:

This update for wget fixes the following security issues :

- CVE-2017-13089,CVE-2017-13090:Missing checks for
negative remaining_chunk_size in skip_short_body and
fd_read_body could cause stack-based buffer overflows,
which could have been exploited by malicious servers.
(bsc#1064715,bsc#1064716)

Note that Tenable Network Security has extracted the preceding
description block directly from the SUSE security advisory.Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.

See also :

https://bugzilla.suse.com/1064715
https://bugzilla.suse.com/1064716
https://www.suse.com/security/cve/CVE-2017-13089.html
https://www.suse.com/security/cve/CVE-2017-13090.html
http://www.nessus.org/u?59b1dd41

Solution :

To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product :

SUSE OpenStack Cloud 6:zypper in -t patch
SUSE-OpenStack-Cloud-6-2017-1794=1

SUSE Linux Enterprise Server for SAP 12-SP1:zypper in -t patch
SUSE-SLE-SAP-12-SP1-2017-1794=1

SUSE Linux Enterprise Server 12-SP3:zypper in -t patch
SUSE-SLE-SERVER-12-SP3-2017-1794=1

SUSE Linux Enterprise Server 12-SP2:zypper in -t patch
SUSE-SLE-SERVER-12-SP2-2017-1794=1

SUSE Linux Enterprise Server 12-SP1-LTSS:zypper in -t patch
SUSE-SLE-SERVER-12-SP1-2017-1794=1

SUSE Linux Enterprise Server 12-LTSS:zypper in -t patch
SUSE-SLE-SERVER-12-2017-1794=1

SUSE Linux Enterprise Desktop 12-SP3:zypper in -t patch
SUSE-SLE-DESKTOP-12-SP3-2017-1794=1

SUSE Linux Enterprise Desktop 12-SP2:zypper in -t patch
SUSE-SLE-DESKTOP-12-SP2-2017-1794=1

To bring your system up-to-date, use 'zypper patch'.

Risk factor :

Critical / CVSS Base Score :10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score :7.4
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available :false

This script is Copyright (C) 2017 Tenable Network Security, Inc.

SUSE SLES12 Security Update :xen (SUSE-SU-2017:2327-2)


Synopsis:

The remote SUSE host is missing one or more security updates.

Description:

This update for xen fixes several issues.These security issues were
fixed :

- CVE-2017-12135:Unbounded recursion in grant table code
allowed a malicious guest to crash the host or
potentially escalate privileges/leak information
(XSA-226, bsc#1051787).

- CVE-2017-12137:Incorrectly-aligned updates to
pagetables allowed for privilege escalation (XSA-227,
bsc#1051788).

- CVE-2017-12136:Race conditions with maptrack free list
handling allows a malicious guest administrator to crash
the host or escalate their privilege to that of the host
(XSA-228, bsc#1051789).

- CVE-2017-11434:The dhcp_decode function in
slirp/bootp.c allowed local guest OS users to cause a
denial of service (out-of-bounds read) via a crafted
DHCP options string (bsc#1049578).

- CVE-2017-10664:qemu-nbd did not ignore SIGPIPE, which
allowed remote attackers to cause a denial of service
(daemon crash) by disconnecting during a
server-to-client reply attempt (bsc#1046637).

- CVE-2017-12855:Premature clearing of GTF_writing /
GTF_reading lead to potentially leaking sensitive
information (XSA-230 bsc#1052686.These non-security
issues were fixed :

- bsc#1055695:XEN:11SP4 and 12SP3 HVM guests can not be
restored after the save using xl stack

- bsc#1035231:Migration of HVM domU did not use
superpages on destination dom0

- bsc#1002573:Optimized LVM functions in block-dmmd
block-dmmd

Note that Tenable Network Security has extracted the preceding
description block directly from the SUSE security advisory.Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.

See also :

https://bugzilla.suse.com/1002573
https://bugzilla.suse.com/1026236
https://bugzilla.suse.com/1027519
https://bugzilla.suse.com/1035231
https://bugzilla.suse.com/1046637
https://bugzilla.suse.com/1049578
https://bugzilla.suse.com/1051787
https://bugzilla.suse.com/1051788
https://bugzilla.suse.com/1051789
https://bugzilla.suse.com/1052686
https://bugzilla.suse.com/1055695
https://www.suse.com/security/cve/CVE-2017-10664.html
https://www.suse.com/security/cve/CVE-2017-11434.html
https://www.suse.com/security/cve/CVE-2017-12135.html
https://www.suse.com/security/cve/CVE-2017-12136.html
https://www.suse.com/security/cve/CVE-2017-12137.html
https://www.suse.com/security/cve/CVE-2017-12855.html
http://www.nessus.org/u?98c73f3c

Solution :

To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product :

SUSE Linux Enterprise Server 12-SP3:zypper in -t patch
SUSE-SLE-SERVER-12-SP3-2017-1437=1

To bring your system up-to-date, use 'zypper patch'.

Risk factor :

High / CVSS Base Score :7.2
(CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score :5.3
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available :false

This script is Copyright (C) 2017 Tenable Network Security, Inc.

openSUSE Security Update :MozillaFirefox (openSUSE-2017-1279)


Synopsis:

The remote openSUSE host is missing a security update.

Description:

MozillaFirefox was updated to 52.5.0esr (boo#1068101)

MFSA 2017-25

- CVE-2017-7828:Fixed a use-after-free of PressShell
while restyling layout

- CVE-2017-7830:Cross-origin URL information leak through
Resource Timing API

- CVE-2017-7826:Memory safety bugs fixed in Firefox 57
and Firefox ESR 52.5

Also fixed :

- Correct plugin directory for aarch64 (boo#1061207).The
wrapper script was not detecting aarch64 as a 64 bit
architecture, thus used /usr/lib/browser-plugins/.

See also :

https://bugzilla.opensuse.org/show_bug.cgi?id=1061207
https://bugzilla.opensuse.org/show_bug.cgi?id=1068101

Solution :

Update the affected MozillaFirefox packages.

Risk factor :

High

This script is Copyright (C) 2017 Tenable Network Security, Inc.

FreeBSD :Flash Player -- multiple vulnerabilities (52f10525-caff-11e7-b590-6451062f0f7a)


Synopsis:

The remote FreeBSD host is missing a security-related update.

Description:

Adobe reports :

- These updates resolve out-of-bounds read vulnerabilities that could
lead to remote code execution (CVE-2017-3112, CVE-2017-3114,
CVE-2017-11213).

- These updates resolve use after free vulnerabilities that could lead
to remote code execution (CVE-2017-11215, CVE-2017-11225).

See also :

https://helpx.adobe.com/security/products/flash-player/apsb17-33.html
http://www.nessus.org/u?c8ad70ec

Solution :

Update the affected package.

Risk factor :

High

This script is Copyright (C) 2017 Tenable Network Security, Inc.

Fedora 26 :knot / knot-resolver (2017-31519ecf40)


Synopsis:

The remote Fedora host is missing one or more security updates.

Description:

Major updates for Knot DNS and Knot Resolver:Knot Resolver 1.5.0
(2017-11-02) ================================

Bugfixes

--------

- fix loading modules on Darwin

Improvements

------------

- new module ta_signal_query supporting Signaling Trust
Anchor Knowledge using Keytag Query (RFC 8145 section
5); it is enabled by default

- attempt validation for more records but require it for
fewer of them (e.g. avoids SERVFAIL when server adds
extra records but omits RRSIGs)

Knot Resolver 1.4.0 (2017-09-22) ================================

Incompatible changes

--------------------

- lua:query flag-sets are no longer represented as plain
integers. kres.query.* no longer works, and kr_query_t
lost trivial methods 'hasflag' and 'resolved'.You can
instead write code like qry.flags.NO_0X20 = true.

Bugfixes

--------

- fix exiting one of multiple forks (#150)

- cache:change the way of using LMDB transactions.That
in particular fixes some cases of using too much space
with multiple kresd forks (#240).

Improvements

------------

- policy.suffix:update the aho-corasick code (#200)

- root hints are now loaded from a zonefile; exposed as
hints.root_file().You can override the path by defining
ROOTHINTS during compilation.

- policy.FORWARD:work around resolvers adding unsigned NS
records (#248)

- reduce unneeded records previously put into authority in
wildcarded answers

Knot Resolver 1.3.3 (2017-08-09) ================================

Security

--------

- Fix a critical DNSSEC flaw.Signatures might be accepted
as valid even if the signed data was not in bailiwick of
the DNSKEY used to sign it, assuming the trust chain to
that DNSKEY was valid.

Bugfixes

--------

- iterate:skip RRSIGs with bad label count instead of
immediate SERVFAIL

- utils:fix possible incorrect seeding of the random
generator

- modules/http:fix compatibility with the Prometheus text
format

Improvements

------------

- policy:implement remaining special-use domain names
from RFC6761 (#205), and make these rules apply only if
no other non-chain rule applies

Knot DNS 2.6.1 (2017-11-02) ===========================

Features :

---------

- NSEC3 Opt-Out support in the DNSSEC signing

- New CDS/CDNSKEY publish configuration option

Improvements :

-------------

- Simplified DNSSEC log message with DNSKEY details

- +tls-hostname in kdig implies +tls-ca if neither +tls-ca
nor +tls-pin is given

- New documentation sections for DNSSEC key rollovers and
shared keys

- Keymgr no longer prints useless algorithm number for
generated key

- Kdig prints unknown RCODE in a numeric format

- Better support for LLVM libFuzzer

Bugfixes :

---------

- Faulty DNAME semantic check if present in the zone apex
and NSEC3 is used

- Immediate zone flush not scheduled during the zone load
event

- Server crashes upon dynamic zone addition if a query
module is loaded

- Kdig fails to connect over TLS due to SNI is set to
server IP address

- Possible out-of-bounds memory access at the end of the
input

- TCP Fast Open enabled by default in kdig breaks TLS
connection

Knot DNS 2.6.0 (2017-09-29) ===========================

Features :

---------

- On-slave (inline) signing support

- Automatic DNSSEC key algorithm rollover

- Ed25519 algorithm support in DNSSEC (requires GnuTLS
3.6.0)

- New 'journal-content' and 'zonefile-load' configuration
options

- keymgr tries to run as user/group set in the
configuration

- Public-only DNSSEC key import into KASP DB via keymgr

- NSEC3 resalt and parent DS query events are persistent
in timer DB

- New processing state for a response suppression within a
query module

- Enabled server side TCP Fast Open if supported

- TCP Fast Open support in kdig

Improvements :

-------------

- Better record owner compression if related to the
previous rdata dname

- NSEC(3) chain is no longer recomputed whole on every
update

- Remove inconsistent and unnecessary quoting in log files

- Avoiding of overlapping key rollovers at a time

- More DNSSSEC-related semantic checks

- Extended timestamp format in keymgr

Bugfixes :

---------

- Incorrect journal free space computation causing
inefficient space handling

- Interface-automatic broken on Linux in the presence of
asymmetric routing

Knot DNS 2.5.6 (2017-11-02) ===========================

Improvements :

-------------

- Keymgr no longer prints useless algorithm number for
generated key

Bugfixes :

---------

- Faulty DNAME semantic check if present in the zone apex
and NSEC3 is used

- Immediate zone flush not scheduled during the zone load
event

- Server crashes upon dynamic zone addition if a query
module is loaded

- Kdig fails to connect over TLS due to SNI is set to
server IP address

Knot DNS 2.5.5 (2017-09-29) ===========================

Improvements :

-------------

- Constant time memory comparison in the TSIG processing

- Proper use of the ctype functions

- Generated RRSIG records have inception time 90 minutes
in the past

Bugfixes :

---------

- Incorrect online signature for NSEC in the case of a
CNAME record

- Incorrect timestamps in dnstap records

- EDNS Subnet Client validation rejects valid payloads

- Module configuration semantic checks are not executed

- Kzonecheck segfaults with unusual inputs

Knot DNS 2.5.4 (2017-08-31) ===========================

Improvements :

-------------

- New minimum and maximum refresh interval config options
(Thanks to Manabu Sonoda)

- New warning when unforced flush with disabled zone file
synchronization

- New 'dnskey' keymgr command

- Linking with libatomic on architectures that require it
(Thanks to Pierre-Olivier Mercier)

- Removed 'OK' from listing keymgr command outputs

- Extended journal and keymgr documentation and logging

Bugfixes :

---------

- Incorrect handling of specific corner-cases with
zone-in-journal

- The 'share' keymgr command doesn't work

- Server crashes if configured with query-size and
reply-size statistics options

- Malformed big integer configuration values on some
32-bit platforms

- Keymgr uses local time when parsing date inputs

- Memory leak in kdig upon IXFR query

Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as
possible without introducing additional issues.

See also :

https://bodhi.fedoraproject.org/updates/FEDORA-2017-31519ecf40

Solution :

Update the affected knot and / or knot-resolver packages.

Risk factor :

High

This script is Copyright (C) 2017 Tenable Network Security, Inc.

Debian DSA-4039-1 :opensaml2 - security update


Synopsis:

The remote Debian host is missing a security-related update.

Description:

Rod Widdowson of Steading System Software LLP discovered a coding
error in the OpenSAML library, causing the DynamicMetadataProvider
class to fail configuring itself with the filters provided and
omitting whatever checks they are intended to perform.

See https://shibboleth.net/community/advisories/secadv_20171115.txt
for details.

See also :

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=881856
https://shibboleth.net/community/advisories/secadv_20171115.txt
https://packages.debian.org/source/jessie/opensaml2
https://packages.debian.org/source/stretch/opensaml2
http://www.debian.org/security/2017/dsa-4039

Solution :

Upgrade the opensaml2 packages.

For the oldstable distribution (jessie), this problem has been fixed
in version 2.5.3-2+deb8u2.

For the stable distribution (stretch), this problem has been fixed in
version 2.6.0-4+deb9u1.

Risk factor :

High

This script is Copyright (C) 2017 Tenable Network Security, Inc.

Debian DSA-4038-1 :shibboleth-sp2 - security update


Synopsis:

The remote Debian host is missing a security-related update.

Description:

Rod Widdowson of Steading System Software LLP discovered a coding
error in the 'Dynamic' metadata plugin of the Shibboleth Service
Provider, causing the plugin to fail configuring itself with the
filters provided and omitting whatever checks they are intended to
perform.

See https://shibboleth.net/community/advisories/secadv_20171115.txt
for details.

See also :

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=881857
https://shibboleth.net/community/advisories/secadv_20171115.txt
https://packages.debian.org/source/jessie/shibboleth-sp2
https://packages.debian.org/source/stretch/shibboleth-sp2
http://www.debian.org/security/2017/dsa-4038

Solution :

Upgrade the shibboleth-sp2 packages.

For the oldstable distribution (jessie), this problem has been fixed
in version 2.5.3+dfsg-2+deb8u1.

For the stable distribution (stretch), this problem has been fixed in
version 2.6.0+dfsg1-4+deb9u1.

Risk factor :

High

This script is Copyright (C) 2017 Tenable Network Security, Inc.

Debian DSA-4037-1 :jackson-databind - security update


Synopsis:

The remote Debian host is missing a security-related update.

Description:

It was discovered that jackson-databind, a Java library used to parse
JSON and other data formats, improperly validated user input prior to
deserializing:following DSA-4004-1 for CVE-2017-7525, an additional
set of classes was identified as unsafe for deserialization.

See also :

https://security-tracker.debian.org/tracker/CVE-2017-7525
https://packages.debian.org/source/jessie/jackson-databind
https://packages.debian.org/source/stretch/jackson-databind
http://www.debian.org/security/2017/dsa-4037

Solution :

Upgrade the jackson-databind packages.

For the oldstable distribution (jessie), this problem has been fixed
in version 2.4.2-2+deb8u2.

For the stable distribution (stretch), this problem has been fixed in
version 2.8.6-1+deb9u2.

Risk factor :

High

This script is Copyright (C) 2017 Tenable Network Security, Inc.

Slackware 14.2 / current :mozilla-firefox (SSA:2017-320-02)


Synopsis:

The remote Slackware host is missing a security update.

Description:

New mozilla-firefox packages are available for Slackware 14.2 and
-current to fix security issues.

See also :

http://www.nessus.org/u?b73b5fb8

Solution :

Update the affected mozilla-firefox package.

Risk factor :

High

This script is Copyright (C) 2017 Tenable Network Security, Inc.

Slackware 14.2 / current :libplist (SSA:2017-320-01)


Synopsis:

The remote Slackware host is missing a security update.

Description:

New libplist packages are available for Slackware 14.2 and -current
to fix security issues.

See also :

http://www.nessus.org/u?1ce5c586

Solution :

Update the affected libplist package.

Risk factor :

Medium / CVSS Base Score :6.4
(CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P)

This script is Copyright (C) 2017 Tenable Network Security, Inc.

Tenable SecurityCenter PHP < 5.6.32 PCRE DoS


Synopsis:

The Tenable SecurityCenter application on the remote host contains a
PHP library that is affected by a denial of service vulnerability.

Description:

The Tenable SecurityCenter application installed on the remote host
is missing a security patch.It is, therefore, affected by a PCRE
denial of service vulnerability in the bundled version of PHP.

See also :

http://www.nessus.org/u?fbaac4f6
http://php.net/ChangeLog-5.php#5.6.32
https://bugs.exim.org/show_bug.cgi?id=1767

Solution :

Upgrade to Tenable SecurityCenter version 5.6.0.1 or later.
Alternatively, apply SecurityCenter Patch SC-201711.1-5.x.

Risk factor :

High / CVSS Base Score :7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS Temporal Score :5.9
(CVSS2#E:POC/RL:OF/RC:ND)
Public Exploit Available :true

This script is Copyright (C) 2017 Tenable Network Security, Inc.

Tenable SecurityCenter OpenSSL 1.0.2 < 1.0.2m Multiple Vulnerabilities


Synopsis:

The Tenable SecurityCenter application on the remote host contains an
OpenSSL library that is affected by multiple vulnerabilities.

Description:

The Tenable SecurityCenter application installed on the remote host
is missing a security patch.It is, therefore, affected by multiple
vulnerabilities in the bundled version of OpenSSL.

See also :

http://www.nessus.org/u?fbaac4f6
https://www.openssl.org/news/secadv/20170828.txt
https://www.openssl.org/news/secadv/20171102.txt

Solution :

Upgrade to Tenable SecurityCenter version 5.6.0.1 or later.
Alternatively, apply SecurityCenter Patch SC-201711.1-5.x.

Risk factor :

Critical / CVSS Base Score :10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score :7.4
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available :false

This script is Copyright (C) 2017 Tenable Network Security, Inc.

Mozilla Firefox < 57 Multiple Vulnerabilities


Synopsis:

A web browser installed on the remote Windows host is affected by
multiple vulnerabilities.

Description:

The version of Mozilla Firefox installed on the remote Windows host is
prior to 57.It is, therefore, affected by multiple vulnerabilities,
some of which allow code execution and potentially exploitable
crashes.

See also :

https://www.mozilla.org/en-US/security/advisories/mfsa2017-24/

Solution :

Upgrade to Mozilla Firefox version 57 or later.

Risk factor :

High / CVSS Base Score :9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score :6.9
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available :false

This script is Copyright (C) 2017 Tenable Network Security, Inc.

Mozilla Firefox ESR < 52.5 Multiple Vulnerabilities


Synopsis:

A web browser installed on the remote Windows host is affected by
multiple vulnerabilities.

Description:

The version of Mozilla Firefox ESR installed on the remote Windows
host is prior to 52.5.It is, therefore, affected by multiple
vulnerabilities, some of which allow code execution and potentially
exploitable crashes.

See also :

https://www.mozilla.org/en-US/security/advisories/mfsa2017-25/

Solution :

Upgrade to Mozilla Firefox ESR version 52.5 or later.

Risk factor :

High / CVSS Base Score :9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score :6.9
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available :false

This script is Copyright (C) 2017 Tenable Network Security, Inc.

Mozilla Firefox < 57 Multiple Vulnerabilities (macOS)


Synopsis:

A web browser installed on the remote macOS or Mac OS X host is
affected by multiple vulnerabilities.

Description:

The version of Mozilla Firefox installed on the remote macOS or Mac
OS X host is prior to 57.It is, therefore, affected by multiple
vulnerabilities, some of which allow code execution and potentially
exploitable application crashes.

See also :

https://www.mozilla.org/en-US/security/advisories/mfsa2017-24/

Solution :

Upgrade to Mozilla Firefox version 57 or later.

Risk factor :

High / CVSS Base Score :9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score :6.9
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available :false

This script is Copyright (C) 2017 Tenable Network Security, Inc.

Mozilla Firefox ESR < 52.5 Multiple Vulnerabilities (macOS)


Synopsis:

A web browser installed on the remote macOS or Mac OS X host is
affected by multiple vulnerabilities.

Description:

The version of Mozilla Firefox ESR installed on the remote macOS or
Mac OS X host is prior to 52.5.It is, therefore, affected by multiple
vulnerabilities, some of which allow code execution and potentially
exploitable crashes.

See also :

https://www.mozilla.org/en-US/security/advisories/mfsa2017-25/

Solution :

Upgrade to Mozilla Firefox ESR version 52.5 or later.

Risk factor :

High / CVSS Base Score :9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score :6.9
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available :false

This script is Copyright (C) 2017 Tenable Network Security, Inc.

Jenkins < 2.73.3 / 2.89 Multiple Vulnerabilities


Synopsis:

A job scheduling and management system hosted on the remote web server
is affected by multiple vulnerabilities.

Description:

The version of Jenkins running on the remote web server is prior to
2.89 or is a version of Jenkins LTS prior to 2.73.3.
It is, therefore, affected by multiple vulnerabilities :

- Jenkins contains a flaw that allows traversing outside of a
restricted path.The issue is due to the program not properly
sanitizing user input, specifically slashes and path traversal
style attacks (e.g. '../') supplied via usernames.With a
specially crafted username, a remote attacker can overwrite
arbitrary files on the system.

- Jenkins contains a flaw that allows a stored cross-site
scripting (XSS) attack.This flaw exists because the program
does not validate autocomplete suggestions before returning it
to users.This may allow a remote attacker to create a specially
crafted request that will execute arbitrary script code in a
user's browser session within the trust relationship between
their browser and the server.

Note that Nessus has not tested for these issues but has instead
relied only on the application's self-reported version number.

See also :

https://jenkins.io/security/advisory/2017-11-08/

Solution :

Upgrade Jenkins to version 2.89 or later, Jenkins LTS to version
2.73.3 or later.

Risk factor :

Medium / CVSS Base Score :4.6
(CVSS2#AV:N/AC:H/Au:S/C:P/I:P/A:P)
CVSS Temporal Score :3.8
(CVSS2#E:F/RL:OF/RC:ND)
Public Exploit Available :true

This script is Copyright (C) 2017 Tenable Network Security, Inc.

PHP 7.1.x < 7.1.11 Multiple Vulnerabilities


Synopsis:

The version of PHP running on the remote web server is affected by
multiple vulnerabilities.

Description:

According to its banner, the version of PHP running on the remote
web server is 7.1.x prior to 7.1.11.It is, therefore, affected by
multiple vulnerabilities.

See also :

http://php.net/ChangeLog-7.php#7.1.11

Solution :

Upgrade to PHP version 7.1.11 or later.

Risk factor :

High / CVSS Base Score :9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score :7.3
(CVSS2#E:POC/RL:OF/RC:ND)
Public Exploit Available :true

This script is Copyright (C) 2017 Tenable Network Security, Inc.

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now