Nessus.org Plugins
http://www.nessus.org/scripts.php
All the newest security checks for the Nessus scannerNessus Pluginshttp://www.nessus.org/images/RssLogo.jpg
http://www.nessus.org/
awstatstotals.php remote command execution
Synopsis :
The remote web server contains a PHP script that is prone to arbitrary
code execution.
Description :
The remote web server is running a version of awstatstotals.php which
does not properly sanitize its 'sort' argument.
An attacker can run arbitrary commands on the remote host within the
context of the web server.
High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)]]>
http://www.nessus.org/plugins/index.php?view=single&id=34055
?RHSA-2008-0849: ipsec
An updated ipsec-tools package that fixes two security issues is now
available for Red Hat Enterprise Linux 3, 4, and 5.
This update has been rated as having important security impact by the Red
Hat Security Response Team.
The ipsec-tools package is used in conjunction with the IPsec functionality
in the Linux kernel and includes racoon, an IKEv1 keying daemon.
Two denial of service flaws were found in the ipsec-tools racoon daemon. It
was possible for a remote attacker to cause the racoon daemon to consume
all available memory. (CVE-2008-3651, CVE-2008-3652)
Users of ipsec-tools should upgrade to this updated package, which contains
backported patches that resolve these issues.
Solution : http://rhn.redhat.com/errata/RHSA-2008-0849.html
Risk factor : High]]>
http://www.nessus.org/plugins/index.php?view=single&id=34054
?[DSA1632] DSA-1632-1 tiff
Drew Yao discovered that libTIFF, a library for handling the Tagged Image
File Format, is vulnerable to a programming error allowing malformed
tiff files to lead to a crash or execution of arbitrary code.
For the stable distribution (etch), this problem has been fixed in
version 3.8.2-7+etch1.
The remote Windows host contains an application that is affected by a
security bypass vulnerability.
Description :
The remote host is either running Trend Micro OfficeScan or Worry-Free
Business Security. The installed version is affected by a security
bypass vulnerability, because it reportedly implements a weak algorithm
to generate random session token typically assigned to a successful
authentication request. An attacker can easily brute force the
authentication token and gain access to the web console.
In some cases it may be possible to execute arbitrary code on the remote
system.
- Trend Micro OfficeScan 8.0 Build 1351 or 2402 or 3307
depending on the current OfficeScan patch level.
- Worry-Free Business Security 5.0 Build 1404.
Risk factor :
Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)]]>
http://www.nessus.org/plugins/index.php?view=single&id=34050
?Novell iPrint Client ActiveX Control Multiple Vulnerabilities
Synopsis :
The remote Windows host has an ActiveX control that is affected by
multiple vulnerabilities.
Description :
Novell iPrint Client is installed on the remote host.
An ActiveX control included with Novell iPrint Client is affected
by multiple vulnerabilities.
- Vulnerabilities affecting GetDriverFile(), GetDriverSettings()
GetPrinterURLList(), GetFileList(), GetServerVersion(),
UploadResource(), ExecuteRequest(), UploadResource(), and
UploadResourceToRMS() methods in 'ienipp.ocx' could be exploited to
perform stack based buffer overflows and execute arbitrary code on
the remote system.
- A vulnerability in IppGetDriverSettings() method in nipplib.dll
could be exploited to perform a stack based buffer overflow.
- A vulnerability in GetFileList() method may disclose sensitive
information.
It was discovered that there were multiple NULL-pointer function
dereferences in the Linux kernel terminal handling code. A local attacker
could exploit this to execute arbitrary code as root, or crash the system,
leading to a denial of service. (CVE-2008-2812)
The do_change_type routine did not correctly validation administrative
users. A local attacker could exploit this to block mount points or cause
private mounts to be shared, leading to denial of service or a possible
loss of privacy. (CVE-2008-2931)
Tobias Klein discovered that the OSS interface through ALSA did not
correctly validate the device number. A local attacker could exploit this
to access sensitive kernel memory, leading to a denial of service or a loss
of privacy. (CVE-2008-3272)
Zoltan Sogor discovered that new directory entries could be added to
already deleted directories. A local attacker could exploit this, filling
up available memory and disk space, leading to a denial of service.
(CVE-2008-3275)
Risk factor : High
]]>
http://www.nessus.org/plugins/index.php?view=single&id=34048
?SuSE Security Update: wireshark: various vulnerabilities (wireshark-5515)
Synopsis :
The remote SuSE system is missing the security patch wireshark-5515.
Description :
Various vulnerabilities have been fixed in wireshark:
CVE-2008-3137, CVE-2008-3138, CVE-2008-3139, CVE-2008-3140,
CVE-2008-3141, CVE-2008-3145 and CVE-2008-3146.
The remote SuSE system is missing the security patch ethereal-5520.
Description :
Various vulnerabilities have been fixed in wireshark:
CVE-2008-3137, CVE-2008-3138, CVE-2008-3139, CVE-2008-3140,
CVE-2008-3141, CVE-2008-3145 and CVE-2008-3146.
Solution :
Install the security patch ethereal-5520.
Risk factor :
High]]>
http://www.nessus.org/plugins/index.php?view=single&id=34046
?FreeBSD : opera -- multiple vulnerabilities (1153)
The remote host is missing an update to the system
The following package is affected: linux-opera
Solution : Update the package on the remote host
See also :
]]>
http://www.nessus.org/plugins/index.php?view=single&id=34045
?PowerDNS recursor cache poisoning
Synopsis :
The remote DNS recursor is vulnerable to cache poisoning.
Description :
The remote PowerDNS recursor is vulnerable to a cache poisoning
attack although it uses random source ports for the UDP queries.
Version below 3.1.6 rely upon the random() library function, which is
often implemented as a Linear Feedback Shift Register.
Such generators have good statistical properties and long cycle but
their internal state can be computed from few samples, so an attacker
would thus be able to predict the next values.
Solution :
Update to PowerDNS recursor 3.1.6.
Risk factor :
High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)]]>
http://www.nessus.org/plugins/index.php?view=single&id=34044
?Version of PowerDNS
Synopsis :
It is possible to obtain the version number of the remote DNS server.
Description :
The remote host is running PowerDNS, an open-source DNS server. It is possible
to extract the version number of the remote installation by sending
a special DNS request for the text 'version.pdns' in the domain 'chaos'.
Solution :
It is possible to hide the version number of PowerDNS by setting the
'version-string' option in pdns.conf or recursor.conf
The remote SuSE system is missing the security patch rxvt-unicode-5541.
Description :
It was possible to open a terminal on :0 when the
environment variable was not set. This could be exploited
by local users to hijack X11 connections (CVE-2008-1142).
The remote SuSE system is missing the security patch java-1_6_0-sun-5435.
Description :
This update brings the SUN JDK 6 to update level 7.
CVE-2008-3115: Secure Static Versioning in Sun Java JDK and
JRE 6 Update 6 and earlier, and 5.0 Update 6 through 15,
does not properly prevent execution of applets on older JRE
releases, which might allow remote attackers to exploit
vulnerabilities in these older releases.
CVE-2008-3114: Unspecified vulnerability in Sun Java Web
Start in JDK and JRE 6 before Update 7, JDK and JRE 5.0
before Update 16, and SDK and JRE 1.4.x before 1.4.2_18
allows context-dependent attackers to obtain sensitive
information (the cache location) via an untrusted
application, aka CR 6704074.
CVE-2008-3112: Unspecified vulnerability in Sun Java Web
Start in JDK and JRE 6 before Update 7, JDK and JRE 5.0
before Update 16, and SDK and JRE 1.4.x before 1.4.2_18
allows remote attackers to create arbitrary files via an
untrusted application, aka CR 6703909.
CVE-2008-3111: Multiple buffer overflows in Sun Java Web
Start in JDK and JRE 6 before Update 4, JDK and JRE 5.0
before Update 16, and SDK and JRE 1.4.x before 1.4.2_18
allow context-dependent attackers to gain privileges via an
untrusted application, as demonstrated by an application
that grants itself privileges to (1) read local files, (2)
write to local files, or (3) execute local programs, aka CR
6557220.
CVE-2008-3110: Unspecified vulnerability in scripting
language support in Sun Java Runtime Environment (JRE) in
JDK and JRE 6 Update 6 and earlier allows remote attackers
to obtain sensitive information by using an applet to read
information from another applet.
CVE-2008-3109: Unspecified vulnerability in scripting
language support in Sun Java Runtime Environment (JRE) in
JDK and JRE 6 Update 6 and earlier allows context-dependent
attackers to gain privileges via an untrusted (1)
application or (2) applet, as demonstrated by an
application or applet that grants itself privileges to (a)
read local files, (b) write to local files, or (c) execute
local programs.
CVE-2008-3107: Unspecified vulnerability in the Virtual
Machine in Sun Java Runtime Environment (JRE) in JDK and
JRE 6 before Update 7, JDK and JRE 5.0 before Update 16,
and SDK and JRE 1.4.x before 1.4.2_18 allows
context-dependent attackers to gain privileges via an
untrusted (1) application or (2) applet, as demonstrated by
an application or applet that grants itself privileges to
(a) read local files, (b) write to local files, or (c)
execute local programs.
CVE-2008-3106: Unspecified vulnerability in Sun Java
Runtime Environment (JRE) in JDK and JRE 6 Update 6 and
earlier and JDK and JRE 5.0 Update 15 and earlier allows
remote attackers to access URLs via unknown vectors
involving processing of XML data by an untrusted (1)
application or (2) applet, a different vulnerability than
CVE-2008-3105.
CVE-2008-3105: Unspecified vulnerability in the JAX-WS
client and service in Sun Java Runtime Environment (JRE) in
JDK and JRE 6 Update 6 and earlier allows remote attackers
to access URLs or cause a denial of service via unknown
vectors involving 'processing of XML data' by a trusted
application.
CVE-2008-3104: Multiple unspecified vulnerabilities in Sun
Java Runtime Environment (JRE) in JDK and JRE 6 before
Update 7, JDK and JRE 5.0 before Update 16, SDK and JRE
1.4.x before 1.4.2_18, and SDK and JRE 1.3.x before
1.3.1_23 allow remote attackers to violate the security
model for an applet's outbound connections by connecting to
localhost services running on the machine that loaded the
applet.
CVE-2008-3103: Unspecified vulnerability in the Java
Management Extensions (JMX) management agent in Sun Java
Runtime Environment (JRE) in JDK and JRE 6 Update 6 and
earlier and JDK and JRE 5.0 Update 15 and earlier, when
local monitoring is enabled, allows remote attackers to
'perform unauthorized operations' via unspecified vectors.
The remote SuSE system is missing the security patch java-1_5_0-sun-5434.
Description :
Sun Java was updated to 1.5.0u16 to fix following security
vulnerabilities:
CVE-2008-3115: Secure Static Versioning in Sun Java JDK and
JRE 6 Update 6 and earlier, and 5.0 Update 6 through 15,
does not properly prevent execution of applets on older JRE
releases, which might allow remote attackers to exploit
vulnerabilities in these older releases.
CVE-2008-3114: Unspecified vulnerability in Sun Java Web
Start in JDK and JRE 6 before Update 7, JDK and JRE 5.0
before Update 16, and SDK and JRE 1.4.x before 1.4.2_18
allows context-dependent attackers to obtain sensitive
information (the cache location) via an untrusted
application, aka CR 6704074.
CVE-2008-3113: Unspecified vulnerability in Sun Java Web
Start in JDK and JRE 5.0 before Update 16 and SDK and JRE
1.4.x before 1.4.2_18 allows remote attackers to create or
delete arbitrary files via an untrusted application, aka CR
6704077.
CVE-2008-3112: Unspecified vulnerability in Sun Java Web
Start in JDK and JRE 6 before Update 7, JDK and JRE 5.0
before Update 16, and SDK and JRE 1.4.x before 1.4.2_18
allows remote attackers to create arbitrary files via an
untrusted application, aka CR 6703909.
CVE-2008-3111: Multiple buffer overflows in Sun Java Web
Start in JDK and JRE 6 before Update 4, JDK and JRE 5.0
before Update 16, and SDK and JRE 1.4.x before 1.4.2_18
allow context-dependent attackers to gain privileges via an
untrusted application, as demonstrated by an application
that grants itself privileges to (1) read local files, (2)
write to local files, or (3) execute local programs, aka CR
6557220.
CVE-2008-3108: Buffer overflow in Sun Java Runtime
Environment (JRE) in JDK and JRE 5.0 before Update 10, SDK
and JRE 1.4.x before 1.4.2_18, and SDK and JRE 1.3.x before
1.3.1_23 allows context-dependent attackers to gain
privileges via unspecified vectors related to font
processing.
CVE-2008-3107: Unspecified vulnerability in the Virtual
Machine in Sun Java Runtime Environment (JRE) in JDK and
JRE 6 before Update 7, JDK and JRE 5.0 before Update 16,
and SDK and JRE 1.4.x before 1.4.2_18 allows
context-dependent attackers to gain privileges via an
untrusted (1) application or (2) applet, as demonstrated by
an application or applet that grants itself privileges to
(a) read local files, (b) write to local files, or (c)
execute local programs.
CVE-2008-3106: Unspecified vulnerability in Sun Java
Runtime Environment (JRE) in JDK and JRE 6 Update 6 and
earlier and JDK and JRE 5.0 Update 15 and earlier allows
remote attackers to access URLs via unknown vectors
involving processing of XML data by an untrusted (1)
application or (2) applet, a different vulnerability than
CVE-2008-3105.
CVE-2008-3104: Multiple unspecified vulnerabilities in Sun
Java Runtime Environment (JRE) in JDK and JRE 6 before
Update 7, JDK and JRE 5.0 before Update 16, SDK and JRE
1.4.x before 1.4.2_18, and SDK and JRE 1.3.x before
1.3.1_23 allow remote attackers to violate the security
model for an applet's outbound connections by connecting to
localhost services running on the machine that loaded the
applet.
CVE-2008-3103: Unspecified vulnerability in the Java
Management Extensions (JMX) management agent in Sun Java
Runtime Environment (JRE) in JDK and JRE 6 Update 6 and
earlier and JDK and JRE 5.0 Update 15 and earlier, when
local monitoring is enabled, allows remote attackers to
'perform unauthorized operations' via unspecified vectors.
The remote SuSE system is missing the security patch java-1_4_2-sun-5431.
Description :
Sun Java was updated to 1.4.2u18 to fix following security
vulnerabilities:
CVE-2008-3114: Unspecified vulnerability in Sun Java Web
Start in JDK and JRE 6 before Update 7, JDK and JRE 5.0
before Update 16, and SDK and JRE 1.4.x before 1.4.2_18
allows context-dependent attackers to obtain sensitive
information (the cache location) via an untrusted
application, aka CR 6704074.
CVE-2008-3113: Unspecified vulnerability in Sun Java Web
Start in JDK and JRE 5.0 before Update 16 and SDK and JRE
1.4.x before 1.4.2_18 allows remote attackers to create or
delete arbitrary files via an untrusted application, aka CR
6704077.
CVE-2008-3112: Unspecified vulnerability in Sun Java Web
Start in JDK and JRE 6 before Update 7, JDK and JRE 5.0
before Update 16, and SDK and JRE 1.4.x before 1.4.2_18
allows remote attackers to create arbitrary files via an
untrusted application, aka CR 6703909.
CVE-2008-3111: Multiple buffer overflows in Sun Java Web
Start in JDK and JRE 6 before Update 4, JDK and JRE 5.0
before Update 16, and SDK and JRE 1.4.x before 1.4.2_18
allow context-dependent attackers to gain privileges via an
untrusted application, as demonstrated by an application
that grants itself privileges to (1) read local files, (2)
write to local files, or (3) execute local programs, aka CR
6557220.
CVE-2008-3108: Buffer overflow in Sun Java Runtime
Environment (JRE) in JDK and JRE 5.0 before Update 10, SDK
and JRE 1.4.x before 1.4.2_18, and SDK and JRE 1.3.x before
1.3.1_23 allows context-dependent attackers to gain
privileges via unspecified vectors related to font
processing.
CVE-2008-3107: Unspecified vulnerability in the Virtual
Machine in Sun Java Runtime Environment (JRE) in JDK and
JRE 6 before Update 7, JDK and JRE 5.0 before Update 16,
and SDK and JRE 1.4.x before 1.4.2_18 allows
context-dependent attackers to gain privileges via an
untrusted (1) application or (2) applet, as demonstrated by
an application or applet that grants itself privileges to
(a) read local files, (b) write to local files, or (c)
execute local programs.
CVE-2008-3104: Multiple unspecified vulnerabilities in Sun
Java Runtime Environment (JRE) in JDK and JRE 6 before
Update 7, JDK and JRE 5.0 before Update 16, SDK and JRE
1.4.x before 1.4.2_18, and SDK and JRE 1.3.x before
1.3.1_23 allow remote attackers to violate the security
model for an applet's outbound connections by connecting to
localhost services running on the machine that loaded the
applet.