scip AG NASLDB http://www.scip.ch/ Nessus-Plugins de Wed, 04 May 2016 15:00:00 +0200 60 Saturday Sunday 0 1 2 3 4 5 6 20 21 22 23 (c) 2002-2016 by scip AG scip AG NASLDB http://www.scip.ch/_thm/rss-icon.png http://www.scip.ch/ USN-1611-1 : thunderbird vulnerabilities http://www.scip.ch/?nasldb.62548 http://www.scip.ch/?nasldb.62548 Tue, 16 Oct 2012 12:57:31 +0200 scip AG General

ID: 62548
Name: USN-1611-1 : thunderbird vulnerabilities

Summary: Checks dpkg output for updated package(s)

Credits: –

Classification

Risk: –

CVSS: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C
CVSS Base Vector: –
CVSS Temporal Vector: –

Port: 0
Family: Ubuntu Local Security Checks
Type: Local

Description

Henrik Skupin, Jesse Ruderman, Christian Holler, Soroush Dalili and
others discovered several memory corruption flaws in Thunderbird. If
a user were tricked into opening a malicious website and had
JavaScript enabled, an attacker could exploit these to execute
arbitrary JavaScript code within the context of another website or
arbitrary code as the user invoking the program. (CVE-2012-3982,
CVE-2012-3983, CVE-2012-3988, CVE-2012-3989, CVE-2012-4191)

David Bloom and Jordi Chancel discovered that Thunderbird did not
always properly handle the <select> element. If a user were tricked
into opening a malicious website and had JavaScript enabled, a remote
attacker could exploit this to conduct URL spoofing and clickjacking
attacks. (CVE-2012-3984)

Collin Jackson discovered that Thunderbird did not properly follow
the HTML5 specification for document.domain behavior. If a user were
tricked into opening a malicious website and had JavaScript enabled,
a remote attacker could exploit this to conduct cross-site scripting
(XSS) attacks via JavaScript execution. (CVE-2012-3985)

Johnny Stenback discovered that Thunderbird did not properly perform
security checks on test methods for DOMWindowUtils. (CVE-2012-3986)

Alice White discovered that the security checks for GetProperty could
be bypassed when using JSAPI. If a user were tricked into opening a
specially crafted web page and had JavaScript enabled, a remote
attacker could exploit this to execute arbitrary code as the user
invoking the program. (CVE-2012-3991)

Mariusz Mlynski discovered a history state error in Thunderbird. If a
user were tricked into opening a malicious website and had JavaScript
enabled, a remote attacker could exploit this to spoof the location
property to inject script or intercept posted data. (CVE-2012-3992)

Mariusz Mlynski and others discovered several flaws in Thunderbird
that allowed a remote attacker to conduct cross-site scripting (XSS)
attacks. With cross-site scripting vulnerabilities, if a user were
tricked into viewing a specially crafted page and had JavaScript
enabled, a remote attacker could exploit these to modify the
contents, or steal confidential data, within the same domain.
(CVE-2012-3993, CVE-2012-3994, CVE-2012-4184)

Abhishek Arya, Atte Kettunen and others discovered several memory
flaws in Thunderbird when using the Address Sanitizer tool. If a user
were tricked into opening a malicious website and had JavaScript
enabled, an attacker could exploit these to execute arbitrary
JavaScript code within the context of another website or execute
arbitrary code as the user invoking the program. (CVE-2012-3990,
CVE-2012-3995, CVE-2012-4179, CVE-2012-4180, CVE-2012-4181,
CVE-2012-4182, CVE-2012-4183, CVE-2012-4185, CVE-2012-4186,
CVE-2012-4187, CVE-2012-4188)

It was discovered that Thunderbird allowed improper access to the
Location object. An attacker could exploit this to obtain sensitive
information. Under certain circumstances, a remote attacker could use
this vulnerability to potentially execute arbitrary code as the user
invoking the program. (CVE-2012-4192, CVE-2012-4193)

Exploiting

Exploit Available: –
Exploitability Ease: –

Sources

CVE: CVE-2012-3982
OSVDB: –
Bugtraq: –
scipID: –

Timeline

Vulnerability Disclosure: –
Patch Release: 2012/10/12
Plugin Release: 2012/10/15

Plugin

Version: 1.1
Filename: ubuntu_USN-1611-1.nasl
Filesize: 6294 bytes
MD5 Hash: 88beca557026fab6513f9042d2c168e3

Identification: Host/local_checks_enabled
Require Keys: Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l
Dependencies: "ssh_get_info.nasl"

Copyright: –

]]>
USN-1610-1 : linux vulnerability http://www.scip.ch/?nasldb.62547 http://www.scip.ch/?nasldb.62547 Tue, 16 Oct 2012 12:57:31 +0200 scip AG General

ID: 62547
Name: USN-1610-1 : linux vulnerability

Summary: Checks dpkg output for updated package(s)

Credits: –

Classification

Risk: –

CVSS: CVSS2#AV:L/AC:M/Au:N/C:N/I:P/A:N
CVSS Base Vector: –
CVSS Temporal Vector: –

Port: 0
Family: Ubuntu Local Security Checks
Type: Local

Description

Pablo Neira Ayuso discovered a flaw in the credentials of netlink
messages. An unprivileged local attacker could exploit this by
getting a netlink based service, that relies on netlink credentials,
to perform privileged actions.

Exploiting

Exploit Available: –
Exploitability Ease: –

Sources

CVE: CVE-2012-3520
OSVDB: –
Bugtraq: –
scipID: –

Timeline

Vulnerability Disclosure: –
Patch Release: 2012/10/12
Plugin Release: 2012/10/15

Plugin

Version: 1.1
Filename: ubuntu_USN-1610-1.nasl
Filesize: 3286 bytes
MD5 Hash: 0d136b2a5bff7452495cbb8c213b51cf

Identification: Host/local_checks_enabled
Require Keys: Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l
Dependencies: "ssh_get_info.nasl"

Copyright: –

]]>
USN-1609-1 : linux-ti-omap4 vulnerability http://www.scip.ch/?nasldb.62546 http://www.scip.ch/?nasldb.62546 Tue, 16 Oct 2012 12:57:31 +0200 scip AG General

ID: 62546
Name: USN-1609-1 : linux-ti-omap4 vulnerability

Summary: Checks dpkg output for updated package(s)

Credits: –

Classification

Risk: –

CVSS: –
CVSS Base Vector: –
CVSS Temporal Vector: –

Port: 0
Family: Ubuntu Local Security Checks
Type: Local

Description

A flaw was found in how the Linux kernel’s KVM (Kernel-based Virtual
Machine) subsystem handled MSI (Message Signaled Interrupts). A local
unprivileged user could exploit this flaw to cause a denial of
service or potentially elevate privileges.

Exploiting

Exploit Available: –
Exploitability Ease: –

Sources

CVE: CVE-2012-2137
OSVDB: –
Bugtraq: –
scipID: –

Timeline

Vulnerability Disclosure: –
Patch Release: 2012/10/12
Plugin Release: 2012/10/15

Plugin

Version: 1.1
Filename: ubuntu_USN-1609-1.nasl
Filesize: 2655 bytes
MD5 Hash: 8c1d293ecfaa5fb709a57f9d76ed23c0

Identification: Host/local_checks_enabled
Require Keys: Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l
Dependencies: "ssh_get_info.nasl"

Copyright: –

]]>
SuSE 10 Security Update : PostgreSQL (ZYPP Patch Number 8311) http://www.scip.ch/?nasldb.62545 http://www.scip.ch/?nasldb.62545 Tue, 16 Oct 2012 12:52:18 +0200 scip AG General

ID: 62545
Name: SuSE 10 Security Update : PostgreSQL (ZYPP Patch Number 8311)

Summary: Checks rpm output for the updated packages

Credits: Tenable Network Security, Inc.

Classification

Risk: –

CVSS: –
CVSS Base Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N
CVSS Temporal Vector: –

Port: 0
Family: SuSE Local Security Checks
Type: Local

Description

PostgreSQL was updated to the latest stable release 8.1.23, fixing
various bugs and security issues.

The following security issues have been fixed :

– This update fixes arbitrary read and write of files via
XSL functionality. (CVE-2012-3488)

– postgresql: denial of service (stack exhaustion) via
specially-crafted SQL. (CVE-2012-2655)

– crypt_blowfish was mishandling 8 bit characters.
(CVE-2011-2483)

Exploiting

Exploit Available: –
Exploitability Ease: –

Sources

CVE: CVE-2011-2483
OSVDB: –
Bugtraq: –
scipID: –

Timeline

Vulnerability Disclosure: –
Patch Release: 2012/10/01
Plugin Release: 2012/10/15

Plugin

Version: 1.1
Filename: suse_postgresql-8311.nasl
Filesize: 4107 bytes
MD5 Hash: 401febd492f4ef74341d35e39a05ca88

Identification: Host/local_checks_enabled
Require Keys: Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list
Dependencies: "ssh_get_info.nasl"

Copyright: This script is Copyright© 2012 Tenable Network Security, Inc.

]]>
RHSA-2012-1364: bind97 http://www.scip.ch/?nasldb.62544 http://www.scip.ch/?nasldb.62544 Tue, 16 Oct 2012 12:21:36 +0200 scip AG General

ID: 62544
Name: RHSA-2012-1364: bind97

Summary: Check for the version of the bind97 packages

Credits: Tenable Network Security, Inc.

Classification

Risk: –

CVSS: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C
CVSS Base Vector: –
CVSS Temporal Vector: –

Port: 0
Family: Red Hat Local Security Checks
Type: Local

Description

Updated bind97 packages that fix one security issue are now available for
Red Hat Enterprise Linux 5.

The Red Hat Security Response Team has rated this update as having
important security impact. A Common Vulnerability Scoring System (CVSS)
base score, which gives a detailed severity rating, is available from the
CVE link in the References section.

The Berkeley Internet Name Domain (BIND) is an implementation of the
Domain Name System (DNS) protocols. BIND includes a DNS server (named); a
resolver library (routines for applications to use when interfacing with
DNS); and tools for verifying that the DNS server is operating correctly.

A flaw was found in the way BIND handled certain combinations of resource
records. A remote attacker could use this flaw to cause a recursive
resolver, or an authoritative server in certain configurations, to lockup.
(CVE-2012-5166)

Users of bind97 are advised to upgrade to these updated packages, which
correct this issue. After installing the update, the BIND daemon (named)
will be restarted automatically.

Exploiting

Exploit Available: –
Exploitability Ease: –

Sources

CVE: CVE-2012-5166
OSVDB: –
Bugtraq: –
scipID: –

Timeline

Vulnerability Disclosure: –
Patch Release: –
Plugin Release: 2012/10/15

Plugin

Version: 1.1
Filename: redhat-RHSA-2012-1364.nasl
Filesize: 3141 bytes
MD5 Hash: d7443c994da2760d4333177a3acacbe9

Identification: Host/RedHat/rpm-list
Require Keys: Host/RedHat/rpm-list
Dependencies: "ssh_get_info.nasl"

Copyright: This script is Copyright© 2012 Tenable Network Security, Inc.

]]>
RHSA-2012-1363: bind http://www.scip.ch/?nasldb.62543 http://www.scip.ch/?nasldb.62543 Tue, 16 Oct 2012 12:21:36 +0200 scip AG General

ID: 62543
Name: RHSA-2012-1363: bind

Summary: Check for the version of the bind packages

Credits: Tenable Network Security, Inc.

Classification

Risk: –

CVSS: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C
CVSS Base Vector: –
CVSS Temporal Vector: –

Port: 0
Family: Red Hat Local Security Checks
Type: Local

Description

Updated bind packages that fix one security issue are now available for
Red Hat Enterprise Linux 5 and 6.

The Red Hat Security Response Team has rated this update as having
important security impact. A Common Vulnerability Scoring System (CVSS)
base score, which gives a detailed severity rating, is available from the
CVE link in the References section.

The Berkeley Internet Name Domain (BIND) is an implementation of the
Domain Name System (DNS) protocols. BIND includes a DNS server (named); a
resolver library (routines for applications to use when interfacing with
DNS); and tools for verifying that the DNS server is operating correctly.

A flaw was found in the way BIND handled certain combinations of resource
records. A remote attacker could use this flaw to cause a recursive
resolver, or an authoritative server in certain configurations, to lockup.
(CVE-2012-5166)

Users of bind are advised to upgrade to these updated packages, which
correct this issue. After installing the update, the BIND daemon (named)
will be restarted automatically.

Exploiting

Exploit Available: –
Exploitability Ease: –

Sources

CVE: CVE-2012-5166
OSVDB: –
Bugtraq: –
scipID: –

Timeline

Vulnerability Disclosure: –
Patch Release: –
Plugin Release: 2012/10/15

Plugin

Version: 1.1
Filename: redhat-RHSA-2012-1363.nasl
Filesize: 4040 bytes
MD5 Hash: 134e24ebfb97e96f8f1a7f7b8980b5d1

Identification: Host/RedHat/rpm-list
Require Keys: Host/RedHat/rpm-list
Dependencies: "ssh_get_info.nasl"

Copyright: This script is Copyright© 2012 Tenable Network Security, Inc.

]]>
RHSA-2012-1362: thunderbird http://www.scip.ch/?nasldb.62542 http://www.scip.ch/?nasldb.62542 Tue, 16 Oct 2012 12:21:36 +0200 scip AG General

ID: 62542
Name: RHSA-2012-1362: thunderbird

Summary: Check for the version of the thunderbird packages

Credits: Tenable Network Security, Inc.

Classification

Risk: –

CVSS: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C
CVSS Base Vector: –
CVSS Temporal Vector: –

Port: 0
Family: Red Hat Local Security Checks
Type: Local

Description

An updated thunderbird package that fixes one security issue is now
available for Red Hat Enterprise Linux 5 and 6.

The Red Hat Security Response Team has rated this update as having critical
security impact. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available from the CVE link in
the References section.

Mozilla Thunderbird is a standalone mail and newsgroup client.

A flaw was found in the way Thunderbird handled security wrappers.
Malicious content could cause Thunderbird to execute arbitrary code with
the privileges of the user running Thunderbird. (CVE-2012-4193)

Red Hat would like to thank the Mozilla project for reporting this issue.
Upstream acknowledges moz_bug_r_a4 as the original reporter.

Note: This issue cannot be exploited by a specially-crafted HTML mail
message as JavaScript is disabled by default for mail messages. It could be
exploited another way in Thunderbird, for example, when viewing the full
remote content of an RSS feed.

All Thunderbird users should upgrade to this updated package, which
corrects this issue. After installing the update, Thunderbird must be
restarted for the changes to take effect.

Exploiting

Exploit Available: –
Exploitability Ease: –

Sources

CVE: CVE-2012-4193
OSVDB: –
Bugtraq: –
scipID: –

Timeline

Vulnerability Disclosure: –
Patch Release: –
Plugin Release: 2012/10/15

Plugin

Version: 1.1
Filename: redhat-RHSA-2012-1362.nasl
Filesize: 3115 bytes
MD5 Hash: 07d483687adcc8940635942d3de00fdf

Identification: Host/RedHat/rpm-list
Require Keys: Host/RedHat/rpm-list
Dependencies: "ssh_get_info.nasl"

Copyright: This script is Copyright© 2012 Tenable Network Security, Inc.

]]>
RHSA-2012-1361: xulrunner http://www.scip.ch/?nasldb.62541 http://www.scip.ch/?nasldb.62541 Tue, 16 Oct 2012 12:21:36 +0200 scip AG General

ID: 62541
Name: RHSA-2012-1361: xulrunner

Summary: Check for the version of the xulrunner packages

Credits: Tenable Network Security, Inc.

Classification

Risk: –

CVSS: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C
CVSS Base Vector: –
CVSS Temporal Vector: –

Port: 0
Family: Red Hat Local Security Checks
Type: Local

Description

Updated xulrunner packages that fix one security issue are now available
for Red Hat Enterprise Linux 5 and 6.

The Red Hat Security Response Team has rated this update as having critical
security impact. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available from the CVE link in
the References section.

XULRunner provides the XUL Runtime environment for applications using the
Gecko layout engine.

A flaw was found in the way XULRunner handled security wrappers. A web page
containing malicious content could possibly cause an application linked
against XULRunner (such as Mozilla Firefox) to execute arbitrary code with
the privileges of the user running the application. (CVE-2012-4193)

For technical details regarding this flaw, refer to the Mozilla security
advisories. You can find a link to the Mozilla advisories in the References
section of this erratum.

Red Hat would like to thank the Mozilla project for reporting this issue.
Upstream acknowledges moz_bug_r_a4 as the original reporter.

All XULRunner users should upgrade to these updated packages, which correct
this issue. After installing the update, applications using XULRunner must
be restarted for the changes to take effect.

Exploiting

Exploit Available: –
Exploitability Ease: –

Sources

CVE: CVE-2012-4193
OSVDB: –
Bugtraq: –
scipID: –

Timeline

Vulnerability Disclosure: –
Patch Release: –
Plugin Release: 2012/10/15

Plugin

Version: 1.1
Filename: redhat-RHSA-2012-1361.nasl
Filesize: 3335 bytes
MD5 Hash: 58de7b5b132f31ba231c46650fbc7e50

Identification: Host/RedHat/rpm-list
Require Keys: Host/RedHat/rpm-list
Dependencies: "ssh_get_info.nasl"

Copyright: This script is Copyright© 2012 Tenable Network Security, Inc.

]]>
Mandriva Linux Security Advisory : graphicsmagick (MDVSA-2012:165) http://www.scip.ch/?nasldb.62540 http://www.scip.ch/?nasldb.62540 Tue, 16 Oct 2012 12:09:13 +0200 scip AG General

ID: 62540
Name: Mandriva Linux Security Advisory : graphicsmagick (MDVSA-2012:165)

Summary: Checks rpm output for the updated packages

Credits: Tenable Network Security, Inc.

Classification

Risk: –

CVSS: –
CVSS Base Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P
CVSS Temporal Vector: –

Port: 0
Family: Mandriva Local Security Checks
Type: Local

Description

A vulnerability has been found and corrected in graphicsmagick :

The Magick_png_malloc function in coders/png.c in GraphicsMagick
6.7.8-6 does not use the proper variable type for the allocation size,
which might allow remote attackers to cause a denial of service
(crash) via a crafted PNG file that triggers incorrect memory
allocation (CVE-2012-3438).

The updated packages have been patched to correct this issue.

Exploiting

Exploit Available: –
Exploitability Ease: –

Sources

CVE: CVE-2012-3438
OSVDB: –
Bugtraq: –
scipID: –

Timeline

Vulnerability Disclosure: –
Patch Release: 2012/10/12
Plugin Release: 2012/10/15

Plugin

Version: 1.1
Filename: mandriva_MDVSA-2012-165.nasl
Filesize: 3931 bytes
MD5 Hash: e93686d9b661d5104a945822a261172d

Identification: Host/local_checks_enabled
Require Keys: Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list
Dependencies: "ssh_get_info.nasl"

Copyright: This script is Copyright© 2012 Tenable Network Security, Inc.

]]>
FreeBSD : phpMyAdmin -- Multiple XSS due to unescaped HTML output in Trigger, Procedure and Event pages and Fetching the version information from a non-SSL site is vulnerable to a MITM attack (ef417da3-1640-11e2-999b-e0cb4e266481) http://www.scip.ch/?nasldb.62539 http://www.scip.ch/?nasldb.62539 Tue, 16 Oct 2012 11:42:38 +0200 scip AG General

ID: 62539
Name: FreeBSD : phpMyAdmin — Multiple XSS due to unescaped HTML output in Trigger, Procedure and Event pages and Fetching the version information from a non-SSL site is vulnerable to a MITM attack (ef417da3-1640-11e2-999b-e0cb4e266481)

Summary: Checks for updated package in pkg_info output

Credits: Tenable Network Security, Inc.

Classification

Risk: –

CVSS: –
CVSS Base Vector: –
CVSS Temporal Vector: –

Port: 0
Family: FreeBSD Local Security Checks
Type: Local

Description

The phpMyAdmin development team reports :

When creating/modifying a trigger, event or procedure with a crafted
name, it is possible to trigger an XSS.

To display information about the current phpMyAdmin version on the
main page, a piece of JavaScript is fetched from the phpmyadmin.net
website in non-SSL mode. A man-in-the-middle could modify this script
on the wire to cause mischief.

Exploiting

Exploit Available: –
Exploitability Ease: –

Sources

CVE: CVE-2012-5339
OSVDB: –
Bugtraq: –
scipID: –

Timeline

Vulnerability Disclosure: 2012/10/08
Patch Release: 2012/10/14
Plugin Release: 2012/10/15

Plugin

Version: 1.1
Filename: freebsd_pkg_ef417da3164011e2999be0cb4e266481.nasl
Filesize: 4744 bytes
MD5 Hash: 585f77e7f3a0b7a045be4a4b0f3bf478

Identification: Host/local_checks_enabled
Require Keys: Host/local_checks_enabled", "Host/FreeBSD/release", "Host/FreeBSD/pkg_info
Dependencies: "ssh_get_info.nasl"

Copyright: This script is© 2012 Tenable Network Security, Inc.

]]>
Fedora 16 : firefox-16.0.1-1.fc16 / xulrunner-16.0.1-1.fc16 (2012-15986) http://www.scip.ch/?nasldb.62538 http://www.scip.ch/?nasldb.62538 Tue, 16 Oct 2012 11:35:04 +0200 scip AG General

ID: 62538
Name: Fedora 16 : firefox-16.0.1-1.fc16 / xulrunner-16.0.1-1.fc16 (2012-15986)

Summary: Checks rpm output for the updated packages

Credits: Tenable Network Security, Inc.

Classification

Risk: –

CVSS: –
CVSS Base Vector: –
CVSS Temporal Vector: –

Port: 0
Family: Fedora Local Security Checks
Type: Local

Description

Update to 16.0.1

Exploiting

Exploit Available: –
Exploitability Ease: –

Sources

CVE: –
OSVDB: –
Bugtraq: –
scipID: –

Timeline

Vulnerability Disclosure: –
Patch Release: 2012/10/12
Plugin Release: 2012/10/15

Plugin

Version: 1.1
Filename: fedora_2012-15986.nasl
Filesize: 2832 bytes
MD5 Hash: 978114462f3e02327c8552eca51c8e8a

Identification: Host/local_checks_enabled
Require Keys: Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list
Dependencies: "ssh_get_info.nasl"

Copyright: This script is Copyright© 2012 Tenable Network Security, Inc.

]]>
Fedora 17 : firefox-16.0.1-1.fc17 / xulrunner-16.0.1-1.fc17 (2012-15985) http://www.scip.ch/?nasldb.62537 http://www.scip.ch/?nasldb.62537 Tue, 16 Oct 2012 11:35:04 +0200 scip AG General

ID: 62537
Name: Fedora 17 : firefox-16.0.1-1.fc17 / xulrunner-16.0.1-1.fc17 (2012-15985)

Summary: Checks rpm output for the updated packages

Credits: Tenable Network Security, Inc.

Classification

Risk: –

CVSS: –
CVSS Base Vector: –
CVSS Temporal Vector: –

Port: 0
Family: Fedora Local Security Checks
Type: Local

Description

Update to 16.0.1

Exploiting

Exploit Available: –
Exploitability Ease: –

Sources

CVE: –
OSVDB: –
Bugtraq: –
scipID: –

Timeline

Vulnerability Disclosure: –
Patch Release: 2012/10/12
Plugin Release: 2012/10/15

Plugin

Version: 1.1
Filename: fedora_2012-15985.nasl
Filesize: 2832 bytes
MD5 Hash: fed13781cd10747cb38d755765b5d365

Identification: Host/local_checks_enabled
Require Keys: Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list
Dependencies: "ssh_get_info.nasl"

Copyright: This script is Copyright© 2012 Tenable Network Security, Inc.

]]>
Fedora 18 : drupal7-feeds-2.0-0.5.alpha6.fc18 (2012-15891) http://www.scip.ch/?nasldb.62536 http://www.scip.ch/?nasldb.62536 Tue, 16 Oct 2012 11:35:04 +0200 scip AG General

ID: 62536
Name: Fedora 18 : drupal7-feeds-2.0-0.5.alpha6.fc18 (2012-15891)

Summary: Checks rpm output for the updated package

Credits: Tenable Network Security, Inc.

Classification

Risk: –

CVSS: –
CVSS Base Vector: –
CVSS Temporal Vector: –

Port: 0
Family: Fedora Local Security Checks
Type: Local

Description

Security fix release, https://drupal.org/node/1808832,
http://drupal.org/node/1808282.

Exploiting

Exploit Available: –
Exploitability Ease: –

Sources

CVE: –
OSVDB: –
Bugtraq: –
scipID: –

Timeline

Vulnerability Disclosure: –
Patch Release: 2012/10/11
Plugin Release: 2012/10/15

Plugin

Version: 1.1
Filename: fedora_2012-15891.nasl
Filesize: 2824 bytes
MD5 Hash: 1623dc08f5f564c655744656d43d89cc

Identification: Host/local_checks_enabled
Require Keys: Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list
Dependencies: "ssh_get_info.nasl"

Copyright: This script is Copyright© 2012 Tenable Network Security, Inc.

]]>
Fedora 17 : qemu-1.0.1-2.fc17 (2012-15740) http://www.scip.ch/?nasldb.62535 http://www.scip.ch/?nasldb.62535 Tue, 16 Oct 2012 11:35:03 +0200 scip AG General

ID: 62535
Name: Fedora 17 : qemu-1.0.1-2.fc17 (2012-15740)

Summary: Checks rpm output for the updated package

Credits: Tenable Network Security, Inc.

Classification

Risk: –

CVSS: –
CVSS Base Vector: –
CVSS Temporal Vector: –

Port: 0
Family: Fedora Local Security Checks
Type: Local

Description

- Remove comma from 1.0.1 version number

– CVE-2012-3515 VT100 emulation vulnerability (bz
#854600, bz #851252)

– Fix slirp crash (bz #845795)

– Fix KVM module permissions after install (bz #863374)

Exploiting

Exploit Available: –
Exploitability Ease: –

Sources

CVE: CVE-2012-3515
OSVDB: –
Bugtraq: –
scipID: –

Timeline

Vulnerability Disclosure: –
Patch Release: 2012/10/10
Plugin Release: 2012/10/15

Plugin

Version: 1.1
Filename: fedora_2012-15740.nasl
Filesize: 2858 bytes
MD5 Hash: f4e1913a5f2f2ffdbf47c12c1ff05015

Identification: Host/local_checks_enabled
Require Keys: Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list
Dependencies: "ssh_get_info.nasl"

Copyright: This script is Copyright© 2012 Tenable Network Security, Inc.

]]>
Fedora 18 : gitolite3-3.04-4.fc18 (2012-15709) http://www.scip.ch/?nasldb.62534 http://www.scip.ch/?nasldb.62534 Tue, 16 Oct 2012 11:35:03 +0200 scip AG General

ID: 62534
Name: Fedora 18 : gitolite3-3.04-4.fc18 (2012-15709)

Summary: Checks rpm output for the updated package

Credits: Tenable Network Security, Inc.

Classification

Risk: –

CVSS: –
CVSS Base Vector: –
CVSS Temporal Vector: –

Port: 0
Family: Fedora Local Security Checks
Type: Local

Description

Fix for path traversal vulnerability.

Exploiting

Exploit Available: –
Exploitability Ease: –

Sources

CVE: –
OSVDB: –
Bugtraq: –
scipID: –

Timeline

Vulnerability Disclosure: –
Patch Release: 2012/10/09
Plugin Release: 2012/10/15

Plugin

Version: 1.1
Filename: fedora_2012-15709.nasl
Filesize: 2547 bytes
MD5 Hash: 68ee586402fe3e965c0ca00f2922be52

Identification: Host/local_checks_enabled
Require Keys: Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list
Dependencies: "ssh_get_info.nasl"

Copyright: This script is Copyright© 2012 Tenable Network Security, Inc.

]]>
Fedora 18 : phpMyAdmin-3.5.3-1.fc18 (2012-15691) http://www.scip.ch/?nasldb.62533 http://www.scip.ch/?nasldb.62533 Tue, 16 Oct 2012 11:35:03 +0200 scip AG General

ID: 62533
Name: Fedora 18 : phpMyAdmin-3.5.3-1.fc18 (2012-15691)

Summary: Checks rpm output for the updated package

Credits: Tenable Network Security, Inc.

Classification

Risk: –

CVSS: –
CVSS Base Vector: –
CVSS Temporal Vector: –

Port: 0
Family: Fedora Local Security Checks
Type: Local

Description

phpMyAdmin 3.5.3.0 (2012-10-08) ===========================

– [interface] Browse mode ‘Show’ button gives blank page
if no results anymore

– [interface] Copy Database Ajax feedback vanishes long
before copying is done

– [interface] GC-maxlifetime warning incorrectly
displayed

– [interface] Search fails with JS error when tooltips
disabled

– [interface] Event comments not saved

– [edit] Can’t enter date directly when editing inline

– [interface] Inline query editor doesn’t work from
search results

– [edit] BLOB download no longer works

– [config] Error in generated configuration arrray

– [GUI] Invalid HTML code in multi submits confirmation
form

– [interface] Designer sometimes places tables on the
top menu

– [core] Call to undefined function __() when config
file has wrong permissions

– [edit] Error searching table with many fields

– [edit] Cannot copy a DB with table and views

– [privileges] Incorrect updating of the list of users

– [edit] cell edit date field with empty date fills in
current date

– [edit] current_date from function drop down fails on
update

– [compatibility] add support for Solaris and FreeBSD
system load and memory display in server status

– [import] Table import from XML file fails

– [display] replace Highcharts with jqplot for Display
chart

– [edit] Pasting value doesn’t clear null checkbox

– [edit] Datepicker for date and datetime fields is
broken

– [security] Unspecified minor security fix by upstream,
see PMASA-2012-6
(http://www.phpmyadmin.net/home_page/security/PMASA-20
12-6.php)

– [security] Unspecified minor security fix by upstream,
see PMASA-2012-7
(http://www.phpmyadmin.net/home_page/security/PMASA-20
12-7.php)

Exploiting

Exploit Available: –
Exploitability Ease: –

Sources

CVE: –
OSVDB: –
Bugtraq: –
scipID: –

Timeline

Vulnerability Disclosure: –
Patch Release: 2012/10/09
Plugin Release: 2012/10/15

Plugin

Version: 1.1
Filename: fedora_2012-15691.nasl
Filesize: 4678 bytes
MD5 Hash: 1704f5dc82749601a5a6727718ea0a80

Identification: Host/local_checks_enabled
Require Keys: Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list
Dependencies: "ssh_get_info.nasl"

Copyright: This script is Copyright© 2012 Tenable Network Security, Inc.

]]>
Fedora 18 : hostapd-1.0-3.fc18 (2012-15680) http://www.scip.ch/?nasldb.62532 http://www.scip.ch/?nasldb.62532 Tue, 16 Oct 2012 11:35:03 +0200 scip AG General

ID: 62532
Name: Fedora 18 : hostapd-1.0-3.fc18 (2012-15680)

Summary: Checks rpm output for the updated package

Credits: Tenable Network Security, Inc.

Classification

Risk: –

CVSS: –
CVSS Base Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P
CVSS Temporal Vector: –

Port: 0
Family: Fedora Local Security Checks
Type: Local

Description

EAP-TLS server: Fix TLS Message Length validation

Exploiting

Exploit Available: –
Exploitability Ease: –

Sources

CVE: CVE-2012-4445
OSVDB: –
Bugtraq: –
scipID: –

Timeline

Vulnerability Disclosure: –
Patch Release: 2012/10/08
Plugin Release: 2012/10/15

Plugin

Version: 1.1
Filename: fedora_2012-15680.nasl
Filesize: 2713 bytes
MD5 Hash: 4554f006753e4e104943435003a63daf

Identification: Host/local_checks_enabled
Require Keys: Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list
Dependencies: "ssh_get_info.nasl"

Copyright: This script is Copyright© 2012 Tenable Network Security, Inc.

]]>
Fedora 16 : ruby-1.8.7.358-4.fc16 (2012-15507) http://www.scip.ch/?nasldb.62531 http://www.scip.ch/?nasldb.62531 Tue, 16 Oct 2012 11:35:02 +0200 scip AG General

ID: 62531
Name: Fedora 16 : ruby-1.8.7.358-4.fc16 (2012-15507)

Summary: Checks rpm output for the updated package

Credits: Tenable Network Security, Inc.

Classification

Risk: –

CVSS: –
CVSS Base Vector: –
CVSS Temporal Vector: –

Port: 0
Family: Fedora Local Security Checks
Type: Local

Description

Some security flaws were found on ruby currently shipped on Fedora 17
where malicious user can bypass safe mechanize by raising exception
intentionally and make arbitrary strings tainted. This flaw were now
registered as CVE-2012-4464 and CVE-2012-4466.

Note that CVE-2012-4464 is basically the same as CVE-2011-1005, which
was supposed to be already fixed on ruby 1.8.x branch but it proved
that the fix was incomplete.

This new rpm will fix the above issue.

Exploiting

Exploit Available: –
Exploitability Ease: –

Sources

CVE: CVE-2012-4464
OSVDB: –
Bugtraq: –
scipID: –

Timeline

Vulnerability Disclosure: –
Patch Release: 2012/10/06
Plugin Release: 2012/10/15

Plugin

Version: 1.1
Filename: fedora_2012-15507.nasl
Filesize: 3123 bytes
MD5 Hash: ecccf0f050c1aa1d02f63dedbe11251d

Identification: Host/local_checks_enabled
Require Keys: Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list
Dependencies: "ssh_get_info.nasl"

Copyright: This script is Copyright© 2012 Tenable Network Security, Inc.

]]>
Fedora 17 : perl-HTML-Template-Pro-0.9509-1.fc17 (2012-15490) http://www.scip.ch/?nasldb.62530 http://www.scip.ch/?nasldb.62530 Tue, 16 Oct 2012 11:35:02 +0200 scip AG General

ID: 62530
Name: Fedora 17 : perl-HTML-Template-Pro-0.9509-1.fc17 (2012-15490)

Summary: Checks rpm output for the updated package

Credits: Tenable Network Security, Inc.

Classification

Risk: –

CVSS: –
CVSS Base Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N
CVSS Temporal Vector: –

Port: 0
Family: Fedora Local Security Checks
Type: Local

Description

This version of HTML::Template::Pro fixes a cross-site scripting (XSS)
vulnerability in the module.

http://www.openwall.com/lists/oss-security/2011/12/19/1
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=652587
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4616

Exploiting

Exploit Available: –
Exploitability Ease: –

Sources

CVE: CVE-2011-4616
OSVDB: –
Bugtraq: –
scipID: –

Timeline

Vulnerability Disclosure: –
Patch Release: 2012/10/06
Plugin Release: 2012/10/15

Plugin

Version: 1.1
Filename: fedora_2012-15490.nasl
Filesize: 3234 bytes
MD5 Hash: d668ef14630f7dd9b979c49c9f3dcc6f

Identification: Host/local_checks_enabled
Require Keys: Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list
Dependencies: "ssh_get_info.nasl"

Copyright: This script is Copyright© 2012 Tenable Network Security, Inc.

]]>
Fedora 16 : perl-HTML-Template-Pro-0.9509-1.fc16 (2012-15482) http://www.scip.ch/?nasldb.62529 http://www.scip.ch/?nasldb.62529 Tue, 16 Oct 2012 11:35:02 +0200 scip AG General

ID: 62529
Name: Fedora 16 : perl-HTML-Template-Pro-0.9509-1.fc16 (2012-15482)

Summary: Checks rpm output for the updated package

Credits: Tenable Network Security, Inc.

Classification

Risk: –

CVSS: –
CVSS Base Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N
CVSS Temporal Vector: –

Port: 0
Family: Fedora Local Security Checks
Type: Local

Description

This version of HTML::Template::Pro fixes a cross-site scripting (XSS)
vulnerability in the module.

http://www.openwall.com/lists/oss-security/2011/12/19/1
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=652587
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4616

Exploiting

Exploit Available: –
Exploitability Ease: –

Sources

CVE: CVE-2011-4616
OSVDB: –
Bugtraq: –
scipID: –

Timeline

Vulnerability Disclosure: –
Patch Release: 2012/10/06
Plugin Release: 2012/10/15

Plugin

Version: 1.1
Filename: fedora_2012-15482.nasl
Filesize: 3234 bytes
MD5 Hash: 2d95907fa14afa3c06f6ff656233bca4

Identification: Host/local_checks_enabled
Require Keys: Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list
Dependencies: "ssh_get_info.nasl"

Copyright: This script is Copyright© 2012 Tenable Network Security, Inc.

]]>
Fedora 17 : ruby-1.9.3.194-17.fc17 (2012-15395) http://www.scip.ch/?nasldb.62528 http://www.scip.ch/?nasldb.62528 Tue, 16 Oct 2012 11:35:02 +0200 scip AG General

ID: 62528
Name: Fedora 17 : ruby-1.9.3.194-17.fc17 (2012-15395)

Summary: Checks rpm output for the updated package

Credits: Tenable Network Security, Inc.

Classification

Risk: –

CVSS: –
CVSS Base Vector: –
CVSS Temporal Vector: –

Port: 0
Family: Fedora Local Security Checks
Type: Local

Description

Some security flaws were found on ruby currently shipped on Fedora 17
where malicious user can bypass safe mechanize by raising exception
intentionally and make arbitrary strings tainted. This flaw were now
registered as CVE-2012-4464 and CVE-2012-4466.

This update rpm will fix this issue.

Exploiting

Exploit Available: –
Exploitability Ease: –

Sources

CVE: CVE-2012-4464
OSVDB: –
Bugtraq: –
scipID: –

Timeline

Vulnerability Disclosure: –
Patch Release: 2012/10/05
Plugin Release: 2012/10/15

Plugin

Version: 1.1
Filename: fedora_2012-15395.nasl
Filesize: 2955 bytes
MD5 Hash: 72393f150e409ef5a0480a3513e8ecbb

Identification: Host/local_checks_enabled
Require Keys: Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list
Dependencies: "ssh_get_info.nasl"

Copyright: This script is Copyright© 2012 Tenable Network Security, Inc.

]]>
Fedora 17 : qt-4.8.2-7.fc17 (2012-15194) http://www.scip.ch/?nasldb.62527 http://www.scip.ch/?nasldb.62527 Tue, 16 Oct 2012 11:35:01 +0200 scip AG General

ID: 62527
Name: Fedora 17 : qt-4.8.2-7.fc17 (2012-15194)

Summary: Checks rpm output for the updated package

Credits: Tenable Network Security, Inc.

Classification

Risk: –

CVSS: –
CVSS Base Vector: –
CVSS Temporal Vector: –

Port: 0
Family: Fedora Local Security Checks
Type: Local

Description

Build patched to disable SSL/TLS compression by default avoiding CRIME
attacks, see also
http://qt.digia.com/Release-Notes/security-issue-september-2012/

Exploiting

Exploit Available: –
Exploitability Ease: –

Sources

CVE: –
OSVDB: –
Bugtraq: –
scipID: –

Timeline

Vulnerability Disclosure: –
Patch Release: 2012/10/02
Plugin Release: 2012/10/15

Plugin

Version: 1.1
Filename: fedora_2012-15194.nasl
Filesize: 2764 bytes
MD5 Hash: d56eb275672e07eefcd3d65afae78148

Identification: Host/local_checks_enabled
Require Keys: Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list
Dependencies: "ssh_get_info.nasl"

Copyright: This script is Copyright© 2012 Tenable Network Security, Inc.

]]>
Fedora 16 : dracut-018-60.git20120927.fc16 (2012-14959) http://www.scip.ch/?nasldb.62526 http://www.scip.ch/?nasldb.62526 Tue, 16 Oct 2012 11:35:00 +0200 scip AG General

ID: 62526
Name: Fedora 16 : dracut-018-60.git20120927.fc16 (2012-14959)

Summary: Checks rpm output for the updated package

Credits: Tenable Network Security, Inc.

Classification

Risk: –

CVSS: –
CVSS Base Vector: CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N
CVSS Temporal Vector: –

Port: 0
Family: Fedora Local Security Checks
Type: Local

Description

dracut-018-60.git20120927

– run dracut-shutdown.service before shutdown.target
Resolves: rhbz#840120

– do not create the initramfs world readable Resolves:
rhbz#859448

– mdraid: do the dracut shutdown, if a md raid is found

– mdraid: handle nested md raids

– mdraid: wait until devices are clean on shutdown
Resolves: rhbz#732297 rhbz#840562

Exploiting

Exploit Available: –
Exploitability Ease: –

Sources

CVE: CVE-2012-4453
OSVDB: –
Bugtraq: –
scipID: –

Timeline

Vulnerability Disclosure: –
Patch Release: 2012/09/28
Plugin Release: 2012/10/15

Plugin

Version: 1.1
Filename: fedora_2012-14959.nasl
Filesize: 3056 bytes
MD5 Hash: 5d92f73456145e87678f09fb1c787c40

Identification: Host/local_checks_enabled
Require Keys: Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list
Dependencies: "ssh_get_info.nasl"

Copyright: This script is Copyright© 2012 Tenable Network Security, Inc.

]]>
Fedora 17 : dracut-018-105.git20120927.fc17 (2012-14953) http://www.scip.ch/?nasldb.62525 http://www.scip.ch/?nasldb.62525 Tue, 16 Oct 2012 11:35:00 +0200 scip AG General

ID: 62525
Name: Fedora 17 : dracut-018-105.git20120927.fc17 (2012-14953)

Summary: Checks rpm output for the updated package

Credits: Tenable Network Security, Inc.

Classification

Risk: –

CVSS: –
CVSS Base Vector: CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N
CVSS Temporal Vector: –

Port: 0
Family: Fedora Local Security Checks
Type: Local

Description

dracut-018-105.git20120927

– enable the use of the nbd port with e.g. ‘-N ltsp’

– actually make reset_overlay working for squash
overlays

– fixed FIPS

– if any mdraid found, make dracut run on shutdown

– make the initramfs non-world readable

Exploiting

Exploit Available: –
Exploitability Ease: –

Sources

CVE: CVE-2012-4453
OSVDB: –
Bugtraq: –
scipID: –

Timeline

Vulnerability Disclosure: –
Patch Release: 2012/09/28
Plugin Release: 2012/10/15

Plugin

Version: 1.1
Filename: fedora_2012-14953.nasl
Filesize: 2954 bytes
MD5 Hash: b6d097ed887b3e95440ed069325abc9f

Identification: Host/local_checks_enabled
Require Keys: Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list
Dependencies: "ssh_get_info.nasl"

Copyright: This script is Copyright© 2012 Tenable Network Security, Inc.

]]>
CentOS : RHSA-2012-1364 http://www.scip.ch/?nasldb.62524 http://www.scip.ch/?nasldb.62524 Tue, 16 Oct 2012 11:13:19 +0200 scip AG General

ID: 62524
Name: CentOS : RHSA-2012-1364

Summary: Checks for missing updates on the remote CentOS system

Credits: Tenable Network Security, Inc.

Classification

Risk: –

CVSS: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C
CVSS Base Vector: –
CVSS Temporal Vector: –

Port: 0
Family: CentOS Local Security Checks
Type: Local

Description

The remote CentOS system is missing a security update which has been
documented in Red Hat advisory RHSA-2012-1364.

Exploiting

Exploit Available: –
Exploitability Ease: –

Sources

CVE: CVE-2012-5166
OSVDB: –
Bugtraq: –
scipID: –

Timeline

Vulnerability Disclosure: –
Patch Release: –
Plugin Release: 2012/10/15

Plugin

Version: 1.1
Filename: centos_RHSA-2012-1364.nasl
Filesize: 2718 bytes
MD5 Hash: a733771e1bed6c23ed87a4f0ac23b742

Identification: Host/CentOS/rpm-list
Require Keys: Host/CentOS/rpm-list
Dependencies: "ssh_get_info.nasl"

Copyright: This script is© 2012 Tenable Network Security, Inc.

]]>
CentOS : RHSA-2012-1363 http://www.scip.ch/?nasldb.62523 http://www.scip.ch/?nasldb.62523 Tue, 16 Oct 2012 11:13:19 +0200 scip AG General

ID: 62523
Name: CentOS : RHSA-2012-1363

Summary: Checks for missing updates on the remote CentOS system

Credits: Tenable Network Security, Inc.

Classification

Risk: –

CVSS: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C
CVSS Base Vector: –
CVSS Temporal Vector: –

Port: 0
Family: CentOS Local Security Checks
Type: Local

Description

The remote CentOS system is missing a security update which has been
documented in Red Hat advisory RHSA-2012-1363.

Exploiting

Exploit Available: –
Exploitability Ease: –

Sources

CVE: CVE-2012-5166
OSVDB: –
Bugtraq: –
scipID: –

Timeline

Vulnerability Disclosure: –
Patch Release: –
Plugin Release: 2012/10/15

Plugin

Version: 1.1
Filename: centos_RHSA-2012-1363.nasl
Filesize: 4600 bytes
MD5 Hash: 2ab91459618f2a9911cb59b4e56a6439

Identification: Host/CentOS/rpm-list
Require Keys: Host/CentOS/rpm-list
Dependencies: "ssh_get_info.nasl"

Copyright: This script is© 2012 Tenable Network Security, Inc.

]]>
CentOS : RHSA-2012-1362 http://www.scip.ch/?nasldb.62522 http://www.scip.ch/?nasldb.62522 Tue, 16 Oct 2012 11:13:19 +0200 scip AG General

ID: 62522
Name: CentOS : RHSA-2012-1362

Summary: Checks for missing updates on the remote CentOS system

Credits: Tenable Network Security, Inc.

Classification

Risk: –

CVSS: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C
CVSS Base Vector: –
CVSS Temporal Vector: –

Port: 0
Family: CentOS Local Security Checks
Type: Local

Description

The remote CentOS system is missing a security update which has been
documented in Red Hat advisory RHSA-2012-1362.

Exploiting

Exploit Available: –
Exploitability Ease: –

Sources

CVE: CVE-2012-4193
OSVDB: –
Bugtraq: –
scipID: –

Timeline

Vulnerability Disclosure: –
Patch Release: –
Plugin Release: 2012/10/15

Plugin

Version: 1.1
Filename: centos_RHSA-2012-1362.nasl
Filesize: 2096 bytes
MD5 Hash: b0677bb07a122cc832c5634bbeb07e28

Identification: Host/CentOS/rpm-list
Require Keys: Host/CentOS/rpm-list
Dependencies: "ssh_get_info.nasl"

Copyright: This script is© 2012 Tenable Network Security, Inc.

]]>
CentOS : RHSA-2012-1361 http://www.scip.ch/?nasldb.62521 http://www.scip.ch/?nasldb.62521 Tue, 16 Oct 2012 11:13:19 +0200 scip AG General

ID: 62521
Name: CentOS : RHSA-2012-1361

Summary: Checks for missing updates on the remote CentOS system

Credits: Tenable Network Security, Inc.

Classification

Risk: –

CVSS: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C
CVSS Base Vector: –
CVSS Temporal Vector: –

Port: 0
Family: CentOS Local Security Checks
Type: Local

Description

The remote CentOS system is missing a security update which has been
documented in Red Hat advisory RHSA-2012-1361.

Exploiting

Exploit Available: –
Exploitability Ease: –

Sources

CVE: CVE-2012-4193
OSVDB: –
Bugtraq: –
scipID: –

Timeline

Vulnerability Disclosure: –
Patch Release: –
Plugin Release: 2012/10/15

Plugin

Version: 1.1
Filename: centos_RHSA-2012-1361.nasl
Filesize: 2080 bytes
MD5 Hash: 190571cd36bbc7ecc43910930fa63718

Identification: Host/CentOS/rpm-list
Require Keys: Host/CentOS/rpm-list
Dependencies: "ssh_get_info.nasl"

Copyright: This script is© 2012 Tenable Network Security, Inc.

]]>
CentOS : RHSA-2012-1359 http://www.scip.ch/?nasldb.62520 http://www.scip.ch/?nasldb.62520 Tue, 16 Oct 2012 11:13:19 +0200 scip AG General

ID: 62520
Name: CentOS : RHSA-2012-1359

Summary: Checks for missing updates on the remote CentOS system

Credits: Tenable Network Security, Inc.

Classification

Risk: –

CVSS: –
CVSS Base Vector: –
CVSS Temporal Vector: –

Port: 0
Family: CentOS Local Security Checks
Type: Local

Description

The remote CentOS system is missing a security update which has been
documented in Red Hat advisory RHSA-2012-1359.

Exploiting

Exploit Available: –
Exploitability Ease: –

Sources

CVE: CVE-2012-4423
OSVDB: –
Bugtraq: –
scipID: –

Timeline

Vulnerability Disclosure: –
Patch Release: –
Plugin Release: 2012/10/15

Plugin

Version: 1.1
Filename: centos_RHSA-2012-1359.nasl
Filesize: 2588 bytes
MD5 Hash: 4bf9d54cbfa6425bbbfa7551d376e194

Identification: Host/CentOS/rpm-list
Require Keys: Host/CentOS/rpm-list
Dependencies: "ssh_get_info.nasl"

Copyright: This script is© 2012 Tenable Network Security, Inc.

]]>
Google Chrome < 22.0.1229.94 Multiple Vulnerabilities http://www.scip.ch/?nasldb.62519 http://www.scip.ch/?nasldb.62519 Tue, 16 Oct 2012 11:49:11 +0200 scip AG General

ID: 62519
Name: Google Chrome < 22.0.1229.94 Multiple Vulnerabilities

Summary: Checks version number of Google Chrome

Credits: Tenable Network Security, Inc.

Classification

Risk: –

CVSS: –
CVSS Base Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C
CVSS Temporal Vector: CVSS2#E:U/RL:OF/RC:C

Port: –
Family: Windows
Type: Local

Description

The version of Google Chrome installed on the remote host is earlier
than 22.0.1229.94 and is, therefore, affected by the following
vulnerabilities :

– A use-after-free error exists related to SVG handling
that can be used to exploit the renderer process.
(Issue #154983)

– An unspecified error exists related to IPC handling
that can allow an attacker to escape the application
sandbox. (Issue #154987)

Successful exploitation of any of these issues could lead to an
application crash or even allow arbitrary code execution, subject to the
user’s privileges.

Exploiting

Exploit Available: False
Exploitability Ease: No known exploits are available

Sources

CVE: CVE-2012-5112
OSVDB: –
Bugtraq: –
scipID: –

Timeline

Vulnerability Disclosure: 2012/10/10
Patch Release: 2012/10/10
Plugin Release: 2012/10/12

Plugin

Version: 1.2
Filename: google_chrome_22_0_1229_94.nasl
Filesize: 4185 bytes
MD5 Hash: 3e37fca34605cddbe04dcc5ea9fa4be9

Identification: SMB/transport
Require Keys: SMB/Google_Chrome/Installed
Dependencies: "google_chrome_installed.nasl"

Copyright: This script is Copyright© 2012 Tenable Network Security, Inc.

]]>
Google Chrome < 22.0.1229.92 Multiple Vulnerabilities http://www.scip.ch/?nasldb.62518 http://www.scip.ch/?nasldb.62518 Tue, 16 Oct 2012 11:49:11 +0200 scip AG General

ID: 62518
Name: Google Chrome < 22.0.1229.92 Multiple Vulnerabilities

Summary: Checks version number of Google Chrome

Credits: Tenable Network Security, Inc.

Classification

Risk: –

CVSS: –
CVSS Base Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C
CVSS Temporal Vector: CVSS2#E:U/RL:OF/RC:C

Port: –
Family: Windows
Type: Local

Description

The version of Google Chrome installed on the remote host is earlier
than 22.0.1229.92 and is, therefore, affected by the following
vulnerabilities :

– An unspecified error exists related to Skia text
rendering can cause the application to crash.
(CVE-2012-2900)

– A race condition exists related to audio device
handling. (CVE-2012-5108)

– Out-of-bounds read errors exist related to ‘ICU’
regular expressions and the compositor.
(CVE-2012-5109, CVE-2012-5110)

– The ‘Pepper’ plugins are missing crash monitoring.
(CVE-2012-5111)

Successful exploitation of any of these issues could lead to an
application crash or even allow arbitrary code execution, subject to the
user’s privileges.

Exploiting

Exploit Available: False
Exploitability Ease: No known exploits are available

Sources

CVE: CVE-2012-2900
OSVDB: –
Bugtraq: –
scipID: –

Timeline

Vulnerability Disclosure: 2012/10/08
Patch Release: 2012/10/08
Plugin Release: 2012/10/12

Plugin

Version: 1.2
Filename: google_chrome_22_0_1229_92.nasl
Filesize: 4273 bytes
MD5 Hash: 8d71f21a78fdb0638d47b62dce4e7d30

Identification: SMB/transport
Require Keys: SMB/Google_Chrome/Installed
Dependencies: "google_chrome_installed.nasl"

Copyright: This script is Copyright© 2012 Tenable Network Security, Inc.

]]>
USN-1608-1 : firefox vulnerabilities http://www.scip.ch/?nasldb.62515 http://www.scip.ch/?nasldb.62515 Tue, 16 Oct 2012 12:57:31 +0200 scip AG General

ID: 62515
Name: USN-1608-1 : firefox vulnerabilities

Summary: Checks dpkg output for updated package(s)

Credits: –

Classification

Risk: –

CVSS: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C
CVSS Base Vector: –
CVSS Temporal Vector: –

Port: 0
Family: Ubuntu Local Security Checks
Type: Local

Description

It was discovered that the browser engine used in Firefox contained a
memory corruption flaw. If a user were tricked into opening a
specially crafted web page, a remote attacker could cause Firefox to
crash or potentially execute arbitrary code as the user invoking the
program. (CVE-2012-4191)

It was discovered that Firefox allowed improper access to the
Location object. An attacker could exploit this to obtain sensitive
information. (CVE-2012-4192)

Exploiting

Exploit Available: –
Exploitability Ease: –

Sources

CVE: CVE-2012-4191
OSVDB: –
Bugtraq: –
scipID: –

Timeline

Vulnerability Disclosure: –
Patch Release: 2012/10/11
Plugin Release: 2012/10/12

Plugin

Version: 1.2
Filename: ubuntu_USN-1608-1.nasl
Filesize: 3207 bytes
MD5 Hash: 60e288bb2e6d82a0c63958550aa9d261

Identification: Host/local_checks_enabled
Require Keys: Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l
Dependencies: "ssh_get_info.nasl"

Copyright: –

]]>
USN-1607-1 : linux vulnerabilities http://www.scip.ch/?nasldb.62514 http://www.scip.ch/?nasldb.62514 Tue, 16 Oct 2012 12:57:31 +0200 scip AG General

ID: 62514
Name: USN-1607-1 : linux vulnerabilities

Summary: Checks dpkg output for updated package(s)

Credits: –

Classification

Risk: –

CVSS: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P
CVSS Base Vector: –
CVSS Temporal Vector: –

Port: 0
Family: Ubuntu Local Security Checks
Type: Local

Description

Vadim Ponomarev discovered a flaw in the Linux kernel causing a
reference leak when PID namespaces are used. A remote attacker could
exploit this flaw causing a denial of service. (CVE-2012-2127)

A flaw was found in how the Linux kernel’s KVM (Kernel-based Virtual
Machine) subsystem handled MSI (Message Signaled Interrupts). A local
unprivileged user could exploit this flaw to cause a denial of
service or potentially elevate privileges. (CVE-2012-2137)

Exploiting

Exploit Available: –
Exploitability Ease: –

Sources

CVE: CVE-2012-2127
OSVDB: –
Bugtraq: –
scipID: –

Timeline

Vulnerability Disclosure: –
Patch Release: 2012/10/11
Plugin Release: 2012/10/12

Plugin

Version: 1.1
Filename: ubuntu_USN-1607-1.nasl
Filesize: 3641 bytes
MD5 Hash: 5d78beb9e5714cdec78aa81138a014f4

Identification: Host/local_checks_enabled
Require Keys: Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l
Dependencies: "ssh_get_info.nasl"

Copyright: –

]]>
USN-1606-1 : linux vulnerabilities http://www.scip.ch/?nasldb.62513 http://www.scip.ch/?nasldb.62513 Tue, 16 Oct 2012 12:57:31 +0200 scip AG General

ID: 62513
Name: USN-1606-1 : linux vulnerabilities

Summary: Checks dpkg output for updated package(s)

Credits: –

Classification

Risk: –

CVSS: CVSS2#AV:L/AC:M/Au:N/C:N/I:N/A:C
CVSS Base Vector: –
CVSS Temporal Vector: –

Port: 0
Family: Ubuntu Local Security Checks
Type: Local

Description

A flaw was found in how the Linux kernel’s KVM (Kernel-based Virtual
Machine) subsystem handled MSI (Message Signaled Interrupts). A local
unprivileged user could exploit this flaw to cause a denial of
service or potentially elevate privileges. (CVE-2012-2137)

A flaw was found in how the Linux kernel passed the replacement
session keyring to a child process. An unprivileged local user could
exploit this flaw to cause a denial of service (panic).
(CVE-2012-2745)

Exploiting

Exploit Available: –
Exploitability Ease: –

Sources

CVE: CVE-2012-2137
OSVDB: –
Bugtraq: –
scipID: –

Timeline

Vulnerability Disclosure: –
Patch Release: 2012/10/11
Plugin Release: 2012/10/12

Plugin

Version: 1.1
Filename: ubuntu_USN-1606-1.nasl
Filesize: 4295 bytes
MD5 Hash: 45d1c17bd5c91b230062f3572f3e3984

Identification: Host/local_checks_enabled
Require Keys: Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l
Dependencies: "ssh_get_info.nasl"

Copyright: –

]]>
USN-1605-1 : quagga vulnerability http://www.scip.ch/?nasldb.62512 http://www.scip.ch/?nasldb.62512 Tue, 16 Oct 2012 12:57:31 +0200 scip AG General

ID: 62512
Name: USN-1605-1 : quagga vulnerability

Summary: Checks dpkg output for updated package(s)

Credits: –

Classification

Risk: –

CVSS: CVSS2#AV:A/AC:M/Au:N/C:N/I:N/A:P
CVSS Base Vector: –
CVSS Temporal Vector: –

Port: 0
Family: Ubuntu Local Security Checks
Type: Local

Description

It was discovered that Quagga incorrectly handled certain malformed
messages. A remote attacker could use this flaw to cause Quagga to
crash, resulting in a denial of service.

Exploiting

Exploit Available: –
Exploitability Ease: –

Sources

CVE: CVE-2012-1820
OSVDB: –
Bugtraq: –
scipID: –

Timeline

Vulnerability Disclosure: –
Patch Release: 2012/10/11
Plugin Release: 2012/10/12

Plugin

Version: 1.1
Filename: ubuntu_USN-1605-1.nasl
Filesize: 2888 bytes
MD5 Hash: 7ee672394202fd6d538fb3f98e472149

Identification: Host/local_checks_enabled
Require Keys: Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l
Dependencies: "ssh_get_info.nasl"

Copyright: –

]]>
USN-1604-1 : moin vulnerabilities http://www.scip.ch/?nasldb.62511 http://www.scip.ch/?nasldb.62511 Tue, 16 Oct 2012 12:57:31 +0200 scip AG General

ID: 62511
Name: USN-1604-1 : moin vulnerabilities

Summary: Checks dpkg output for updated package(s)

Credits: –

Classification

Risk: –

CVSS: CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:P
CVSS Base Vector: –
CVSS Temporal Vector: –

Port: 0
Family: Ubuntu Local Security Checks
Type: Local

Description

It was discovered that MoinMoin did not properly sanitize certain
input, resulting in a cross-site scripting (XSS) vulnerability. With
cross-site scripting vulnerabilities, if a user were tricked into
viewing server output during a crafted server request, a remote
attacker could exploit this to modify the contents, or steal
confidential data, within the same domain. (CVE-2011-1058)

It was discovered that MoinMoin incorrectly handled group names that
contain virtual group names such as ‘All’, ‘Known’ or ‘Trusted’. This
could result in a remote user having incorrect permissions.
(CVE-2012-4404)

Exploiting

Exploit Available: –
Exploitability Ease: –

Sources

CVE: CVE-2011-1058
OSVDB: –
Bugtraq: –
scipID: –

Timeline

Vulnerability Disclosure: –
Patch Release: 2012/10/11
Plugin Release: 2012/10/12

Plugin

Version: 1.1
Filename: ubuntu_USN-1604-1.nasl
Filesize: 3344 bytes
MD5 Hash: 272e84cd8674994055da0374fe21c77b

Identification: Host/local_checks_enabled
Require Keys: Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l
Dependencies: "ssh_get_info.nasl"

Copyright: –

]]>
Solaris 10 (x86) : 137098-02 http://www.scip.ch/?nasldb.62510 http://www.scip.ch/?nasldb.62510 Tue, 16 Oct 2012 12:33:42 +0200 scip AG General

ID: 62510
Name: Solaris 10 (x86) : 137098-02

Summary: Check for patch 137098-02

Credits: Tenable Network Security, Inc.

Classification

Risk: –

CVSS: –
CVSS Base Vector: –
CVSS Temporal Vector: –

Port: 0
Family: Solaris Local Security Checks
Type: Local

Description

SunOS 5.10_x86: inetd-upgrade patch.
Date this patch was last updated by Sun : Oct/10/12

Exploiting

Exploit Available: –
Exploitability Ease: –

Sources

CVE: –
OSVDB: –
Bugtraq: –
scipID: –

Timeline

Vulnerability Disclosure: –
Patch Release: 2012/10/10
Plugin Release: 2012/10/12

Plugin

Version: 1.1
Filename: solaris10_x86_137098.nasl
Filesize: 1914 bytes
MD5 Hash: f1f447efb435b44ce764dd8792968f0f

Identification: –
Require Keys: Host/Solaris/showrev
Dependencies: "ssh_get_info.nasl"

Copyright: This script is Copyright© 2012 Tenable Network Security, Inc.

]]>
Solaris 10 (x86) : 127873-02 http://www.scip.ch/?nasldb.62509 http://www.scip.ch/?nasldb.62509 Tue, 16 Oct 2012 12:33:39 +0200 scip AG General

ID: 62509
Name: Solaris 10 (x86) : 127873-02

Summary: Check for patch 127873-02

Credits: Tenable Network Security, Inc.

Classification

Risk: –

CVSS: –
CVSS Base Vector: –
CVSS Temporal Vector: –

Port: 0
Family: Solaris Local Security Checks
Type: Local

Description

SunOS 5.10_x86: mailx patch.
Date this patch was last updated by Sun : Oct/10/12

Exploiting

Exploit Available: –
Exploitability Ease: –

Sources

CVE: –
OSVDB: –
Bugtraq: –
scipID: –

Timeline

Vulnerability Disclosure: –
Patch Release: 2012/10/10
Plugin Release: 2012/10/12

Plugin

Version: 1.1
Filename: solaris10_x86_127873.nasl
Filesize: 1906 bytes
MD5 Hash: 4fb696d44431b7d3188bb5972fa4e396

Identification: –
Require Keys: Host/Solaris/showrev
Dependencies: "ssh_get_info.nasl"

Copyright: This script is Copyright© 2012 Tenable Network Security, Inc.

]]>
Solaris 10 (sparc) : 137097-02 http://www.scip.ch/?nasldb.62508 http://www.scip.ch/?nasldb.62508 Tue, 16 Oct 2012 12:32:26 +0200 scip AG General

ID: 62508
Name: Solaris 10 (sparc) : 137097-02

Summary: Check for patch 137097-02

Credits: Tenable Network Security, Inc.

Classification

Risk: –

CVSS: –
CVSS Base Vector: –
CVSS Temporal Vector: –

Port: 0
Family: Solaris Local Security Checks
Type: Local

Description

SunOS 5.10: inetd-upgrade patch.
Date this patch was last updated by Sun : Oct/10/12

Exploiting

Exploit Available: –
Exploitability Ease: –

Sources

CVE: –
OSVDB: –
Bugtraq: –
scipID: –

Timeline

Vulnerability Disclosure: –
Patch Release: 2012/10/10
Plugin Release: 2012/10/12

Plugin

Version: 1.1
Filename: solaris10_137097.nasl
Filesize: 1909 bytes
MD5 Hash: c4e31bf256f5fb4d1244f7fdad6fe880

Identification: –
Require Keys: Host/Solaris/showrev
Dependencies: "ssh_get_info.nasl"

Copyright: This script is Copyright© 2012 Tenable Network Security, Inc.

]]>
Solaris 10 (sparc) : 127872-02 http://www.scip.ch/?nasldb.62507 http://www.scip.ch/?nasldb.62507 Tue, 16 Oct 2012 12:32:23 +0200 scip AG General

ID: 62507
Name: Solaris 10 (sparc) : 127872-02

Summary: Check for patch 127872-02

Credits: Tenable Network Security, Inc.

Classification

Risk: –

CVSS: –
CVSS Base Vector: –
CVSS Temporal Vector: –

Port: 0
Family: Solaris Local Security Checks
Type: Local

Description

SunOS 5.10: mailx patch.
Date this patch was last updated by Sun : Oct/10/12

Exploiting

Exploit Available: –
Exploitability Ease: –

Sources

CVE: –
OSVDB: –
Bugtraq: –
scipID: –

Timeline

Vulnerability Disclosure: –
Patch Release: 2012/10/10
Plugin Release: 2012/10/12

Plugin

Version: 1.1
Filename: solaris10_127872.nasl
Filesize: 1901 bytes
MD5 Hash: 338a2d44c90d16c9897f126406e558b3

Identification: –
Require Keys: Host/Solaris/showrev
Dependencies: "ssh_get_info.nasl"

Copyright: This script is Copyright© 2012 Tenable Network Security, Inc.

]]>