ID SECURITYVULNS:DOC:28259 Type securityvulns Reporter Securityvulns Modified 2012-07-09T00:00:00
Description
Severity: important
Vendor: The Apache Software Foundation
Versions Affected:
Roller 4.0.0 to Roller 4.0.1
Roller 5.0
The unsupported Roller 3.1 release is also affected
Description:
Roller trusts bloggers to post HTML and JavaScript code in the weblog
and for some sites this can be a problem because users are untrusted
and could post malicious code and exploit XSS. This issue has be
addressed by added a new configiration property weblogAdminsUntrusted
flag that, when set to 'true' will cause all weblog content to be HTML
sanitized.
Mitigation
Roller 4.0 and 4.0.1 users should upgrade to Roller 5.0.1
Roller 5.0 users should upgrade to Roller 5.0.1
Roller 3.1 users should upgrade to Roller 5.0.1
Credit:
This issue was discovered by Jun Zhu, PhD student, University of North
Carolina, Charlotte
{"id": "SECURITYVULNS:DOC:28259", "bulletinFamily": "software", "title": "CVE-2012-2381: Apache Roller Cross-Site-Scripting (XSS) vulnerability", "description": "Severity: important\r\n\r\nVendor: The Apache Software Foundation\r\n\r\nVersions Affected:\r\nRoller 4.0.0 to Roller 4.0.1\r\nRoller 5.0\r\nThe unsupported Roller 3.1 release is also affected\r\n\r\nDescription:\r\nRoller trusts bloggers to post HTML and JavaScript code in the weblog\r\nand for some sites this can be a problem because users are untrusted\r\nand could post malicious code and exploit XSS. This issue has be\r\naddressed by added a new configiration property weblogAdminsUntrusted\r\nflag that, when set to 'true' will cause all weblog content to be HTML\r\nsanitized.\r\n\r\nMitigation\r\nRoller 4.0 and 4.0.1 users should upgrade to Roller 5.0.1\r\nRoller 5.0 users should upgrade to Roller 5.0.1\r\nRoller 3.1 users should upgrade to Roller 5.0.1\r\n\r\nCredit:\r\nThis issue was discovered by Jun Zhu, PhD student, University of North\r\nCarolina, Charlotte\r\n", "published": "2012-07-09T00:00:00", "modified": "2012-07-09T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:28259", "reporter": "Securityvulns", "references": [], "cvelist": [], "type": "securityvulns", "lastseen": "2018-08-31T11:10:45", "history": [], "edition": 1, "hashmap": [{"key": "affectedSoftware", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "bulletinFamily", "hash": "f9fa10ba956cacf91d7878861139efb9"}, {"key": "cvelist", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cvss", "hash": "8cd4821cb504d25572038ed182587d85"}, {"key": "description", "hash": "da2ddc7a0f1e4d5dcd0d5d45a0772fe3"}, {"key": "href", "hash": "fd163da3c9cc801151fbd338b98413e0"}, {"key": "modified", "hash": "bc7376e92010efc8591abf0949412955"}, {"key": "published", "hash": "bc7376e92010efc8591abf0949412955"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "a49ebb2e1a771348dfa0039e0d589df6"}, {"key": "title", "hash": "06680f54886c9d65adb972c308cf20df"}, {"key": "type", "hash": "d54751dd75af2ea0147b462b3e001cd0"}], "hash": "071b56a9f78f9abe0d33b8bd00c1ba16318ddff3ceed63e82236224db84a94d7", "viewCount": 0, "enchantments": {"score": {"value": 4.3, "vector": "NONE", "modified": "2018-08-31T11:10:45"}, "dependencies": {"references": [{"type": "nessus", "idList": ["REDHAT-RHSA-2016-1840.NASL", "PHOTONOS_PHSA-2016-0013.NASL", "PHOTONOS_PHSA-2017-0040.NASL", "F5_BIGIP_SOL16845.NASL", "SUSE_SU-2018-2275-1.NASL", "OPENSUSE-2018-846.NASL", "OPENSUSE-2018-809.NASL", "SUSE_SU-2018-2145-1.NASL", "SUSE_SU-2018-2084-1.NASL", "OPENSUSE-2018-771.NASL"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:149050", "PACKETSTORM:148811", "PACKETSTORM:148753"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2018:2287-1", "OPENSUSE-SU-2018:2212-1", "OPENSUSE-SU-2018:2133-1"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310851850"]}, {"type": "zdt", "idList": ["1337DAY-ID-30839", "1337DAY-ID-30805"]}, {"type": "exploitdb", "idList": ["EDB-ID:45149"]}], "modified": "2018-08-31T11:10:45"}, "vulnersScore": 4.3}, "objectVersion": "1.3", "affectedSoftware": []}
{"nessus": [{"lastseen": "2019-02-16T05:13:48", "bulletinFamily": "scanner", "description": "The version of the remote MongoDB server is 2.6.x prior to 2.6.9,\nis 3.0.x < 3.0.14 or is 3.2.x < 3.2.8. It is, therefore, affected by\nmultiple vulnerabilities.\n\n - A credentials disclosure vulnerability exists in the\n PEMKeyPassword, clusterPassword and Windows servicePassword. An\n unauthenticated local attacker can exploit this to get access \n to user credentials. (CVE-2014-2917)\n\n - A denial of service (DoS) vulnerability exist in the\n CmdAuthenticate::_authenticateX509 function in\n db/commands/authentication_commands.cpp in mongod. An\n unauthenticated remote attacker can exploit this to cause a denial\n of service (daemon crash) by attempting authentication with an\n invalid X.509 client certificate. (CVE-2014-3971)\n\n - A heap-based buffer overflow condition exists in PCRE. An \n unauthenticated remote attacker can exploit this via a crafted\n regular expression, related to an assertion that allows zero\n repeats to cause a denial of service or to cause other unspecified\n impact. (CVE-2014-8964)\n\n - A DoS vulnerability exists due to failure to check for missing\n values. An authenticated remote attacker can exploit this to\n cause the application to crash. The attacker needs write access\n to a database to be able to exploit this vulnerability.\n (CVE-2015-2705)\n\n - A breach of data integrity vulnerability exists in the WiredTiger\n storage engine. An authenticated remote attacker can exploit this\n by issuing an admin command to write statistic logs to a specific\n file and may compromise data integrity. (CVE-2017-12926)\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.", "modified": "2019-02-15T00:00:00", "published": "2019-02-15T00:00:00", "id": "MONGODB_3_2_8.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=122243", "title": "MongoDB 2.6.x < 2.6.9, 3.0.x < 3.0.14, 3.2.x < 3.2.8 mongod", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(122243);\n script_version(\"1.1\");\n script_cvs_date(\"Date: 2019/02/15 11:49:10\");\n\n script_cve_id(\n \"CVE-2014-2917\",\n \"CVE-2014-3971\",\n \"CVE-2014-8964\",\n \"CVE-2015-2705\",\n \"CVE-2017-12926\"\n );\n script_bugtraq_id(71206);\n\n script_name(english:\"MongoDB 2.6.x < 2.6.9, 3.0.x < 3.0.14, 3.2.x < 3.2.8 mongod\");\n script_summary(english:\"Checks the version of MongoDB.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote database server is affected by a vulnerability that may\nresult in a denial of service or in the compromise of the server\nmemory integrity.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of the remote MongoDB server is 2.6.x prior to 2.6.9,\nis 3.0.x < 3.0.14 or is 3.2.x < 3.2.8. It is, therefore, affected by\nmultiple vulnerabilities.\n\n - A credentials disclosure vulnerability exists in the\n PEMKeyPassword, clusterPassword and Windows servicePassword. An\n unauthenticated local attacker can exploit this to get access \n to user credentials. (CVE-2014-2917)\n\n - A denial of service (DoS) vulnerability exist in the\n CmdAuthenticate::_authenticateX509 function in\n db/commands/authentication_commands.cpp in mongod. An\n unauthenticated remote attacker can exploit this to cause a denial\n of service (daemon crash) by attempting authentication with an\n invalid X.509 client certificate. (CVE-2014-3971)\n\n - A heap-based buffer overflow condition exists in PCRE. An \n unauthenticated remote attacker can exploit this via a crafted\n regular expression, related to an assertion that allows zero\n repeats to cause a denial of service or to cause other unspecified\n impact. (CVE-2014-8964)\n\n - A DoS vulnerability exists due to failure to check for missing\n values. An authenticated remote attacker can exploit this to\n cause the application to crash. The attacker needs write access\n to a database to be able to exploit this vulnerability.\n (CVE-2015-2705)\n\n - A breach of data integrity vulnerability exists in the WiredTiger\n storage engine. An authenticated remote attacker can exploit this\n by issuing an admin command to write statistic logs to a specific\n file and may compromise data integrity. (CVE-2017-12926)\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\n\");\n script_set_attribute(attribute:\"see_also\", value:\"https://jira.mongodb.org/browse/SERVER-13644\");\n script_set_attribute(attribute:\"see_also\", value:\"https://jira.mongodb.org/browse/SERVER-13753\");\n script_set_attribute(attribute:\"see_also\", value:\"https://jira.mongodb.org/browse/SERVER-17252\");\n script_set_attribute(attribute:\"see_also\", value:\"https://jira.mongodb.org/browse/SERVER-17521\");\n script_set_attribute(attribute:\"see_also\", value:\"https://jira.mongodb.org/browse/WT-2711\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mongodb.com/alerts\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to MongoDB version 2.6.9 / 3.0.14 / 3.2.8 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2014-2917\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/04/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/05/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/02/15\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:mongodb:mongodb\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Databases\");\n\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"mongodb_detect.nasl\");\n script_require_keys(\"Services/mongodb\");\n exit(0);\n}\n\ninclude('vcf.inc');\n\napp = 'MongoDB';\nport = get_service(svc:'mongodb', default:27017, exit_on_fail:TRUE);\nkbVer = 'mongodb/' + port + '/Version';\n\napp_info = vcf::get_app_info(app:app, kb_ver:kbVer, port: port);\n\nconstraints = [\n { 'min_version' : '2.6.0', 'fixed_version' : '2.6.9' },\n { 'min_version' : '3.0.0', 'fixed_version' : '3.0.14' },\n { 'min_version' : '3.2.0', 'fixed_version' : '3.2.8' }\n];\n\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-02-15T03:13:45", "bulletinFamily": "scanner", "description": "New mozilla-firefox packages are available for Slackware 14.2 and\n-current to fix security issues.", "modified": "2019-02-14T00:00:00", "published": "2019-02-14T00:00:00", "id": "SLACKWARE_SSA_2019-044-01.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=122176", "title": "Slackware 14.2 / current : mozilla-firefox (SSA:2019-044-01)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Slackware Security Advisory 2019-044-01. The text \n# itself is copyright (C) Slackware Linux, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(122176);\n script_version(\"1.1\");\n script_cvs_date(\"Date: 2019/02/14 10:37:32\");\n\n script_xref(name:\"SSA\", value:\"2019-044-01\");\n\n script_name(english:\"Slackware 14.2 / current : mozilla-firefox (SSA:2019-044-01)\");\n script_summary(english:\"Checks for updated package in /var/log/packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Slackware host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"New mozilla-firefox packages are available for Slackware 14.2 and\n-current to fix security issues.\"\n );\n # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2019&m=slackware-security.380697\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?127939cc\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected mozilla-firefox package.\"\n );\n script_set_attribute(attribute:\"risk_factor\", value:\"High\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:mozilla-firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:14.2\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/02/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/02/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/02/14\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Slackware Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Slackware/release\", \"Host/Slackware/packages\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"slackware.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Slackware/release\")) audit(AUDIT_OS_NOT, \"Slackware\");\nif (!get_kb_item(\"Host/Slackware/packages\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Slackware\", cpu);\n\n\nflag = 0;\nif (slackware_check(osver:\"14.2\", pkgname:\"mozilla-firefox\", pkgver:\"60.5.1esr\", pkgarch:\"i686\", pkgnum:\"1_slack14.2\")) flag++;\nif (slackware_check(osver:\"14.2\", arch:\"x86_64\", pkgname:\"mozilla-firefox\", pkgver:\"60.5.1esr\", pkgarch:\"x86_64\", pkgnum:\"1_slack14.2\")) flag++;\n\nif (slackware_check(osver:\"current\", pkgname:\"mozilla-firefox\", pkgver:\"60.5.1esr\", pkgarch:\"i686\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"current\", arch:\"x86_64\", pkgname:\"mozilla-firefox\", pkgver:\"60.5.1esr\", pkgarch:\"x86_64\", pkgnum:\"1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:slackware_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2019-02-15T07:10:21", "bulletinFamily": "scanner", "description": "An information disclosure vulnerability exists in Integrated \nLights-Out due to an unspecified vulnerability. \nAn unauthenticated, remote attacker can exploit this to \ndisclose potentially sensitive information.", "modified": "2019-02-14T00:00:00", "published": "2019-02-14T00:00:00", "id": "ILO_HPSBHF_02821.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=122189", "title": "iLO 3 < 1.50 / iLO 4 < 1.13 Information Disclosure Vulnerability", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(122189);\n script_version(\"1.1\");\n script_cvs_date(\"Date: 2019/02/14 14:04:59\");\n\n script_cve_id(\"CVE-2012-3271\");\n\n script_bugtraq_id(56597);\n\n script_name(english:\"iLO 3 < 1.50 / iLO 4 < 1.13 Information Disclosure Vulnerability\");\n script_summary(english:\"Checks version of HP Integrated Lights-Out (iLO).\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote HP Integrated Lights-Out (iLO) server's web interface is\naffected by an information disclosure vulnerability.\") ;\n script_set_attribute(attribute:\"description\", value:\n\"An information disclosure vulnerability exists in Integrated \nLights-Out due to an unspecified vulnerability. \nAn unauthenticated, remote attacker can exploit this to \ndisclose potentially sensitive information.\");\n # https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-c03515413&docLocale=en_US\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?6d1b5324\");\n script_set_attribute(attribute:\"solution\", value:\n \"For iLO 3, upgrade firmware to 1.50 or later. \n For iLO 4, upgrade firmware to 1.13 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2012-3271\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/11/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/11/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/02/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:hp:integrated_lights-out_firmware\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ilo_detect.nasl\");\n script_require_keys(\"www/ilo\", \"ilo/generation\", \"ilo/firmware\");\n script_require_ports(\"Services/www\", 80);\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('http.inc');\ninclude('install_func.inc');\ninclude('misc_func.inc');\ninclude('vcf.inc');\n\ngeneration = get_kb_item_or_exit('ilo/generation');\nport = get_http_port(default:80, embedded: TRUE);\napp_info = vcf::get_app_info(app:'ilo', port:port, webapp:TRUE);\n\n# Firmware versions are different across generations so additional if check is required.\nif (generation == 3)\n fixed_version = '1.50';\nelse if (generation == 4)\n fixed_version = '1.13';\nelse\n audit(\n AUDIT_WEB_APP_NOT_AFFECTED,\n 'iLO ' + generation, \n build_url2(qs:app_info.path, port:port),\n app_info.version);\n\nconstraints = [{'fixed_version':fixed_version}];\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);\n\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-15T03:13:45", "bulletinFamily": "scanner", "description": "A service banner response from the remote host indicates a Linux \nkernel install at a level that may no longer be supported, where\nkernel development and security patching has ceased.\n\nThis plugin only runs when 'Check for PCI-DSS compliance' is enabled\nin the scan policy. It does not run if local security checks are\nenabled. It runs off of self-reported kernel versions in banners.", "modified": "2019-02-14T00:00:00", "published": "2019-02-14T00:00:00", "id": "KERNEL_BANNER_UNSUPPORTED.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=122157", "title": "Unsupported linux kernel version detected in banner reporting (PCI-DSS check)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(122157);\n script_version(\"1.1\");\n script_cvs_date(\"Date: 2019/02/14 10:31:47\");\n\n script_name(english:\"Unsupported linux kernel version detected in banner reporting (PCI-DSS check)\");\n script_summary(english:\"Checks banners for unsupported kernel levels\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The Linux kernel version reported in banners is no longer supported.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"A service banner response from the remote host indicates a Linux \nkernel install at a level that may no longer be supported, where\nkernel development and security patching has ceased.\n\nThis plugin only runs when 'Check for PCI-DSS compliance' is enabled\nin the scan policy. It does not run if local security checks are\nenabled. It runs off of self-reported kernel versions in banners.\"\n );\n script_set_attribute(attribute:\"see_also\", value:\"https://www.kernel.org/category/releases.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://en.wikipedia.org/wiki/Linux_kernel\");\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"Update the version of the Linux kernel running on the system.\"\n );\n script_set_attribute(attribute: \"risk_factor\", value: \"High\");\n\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/02/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Web Servers\");\n\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_require_keys(\"Settings/PCI_DSS\");\n script_exclude_keys(\"Host/local_checks_enabled\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"kernel_cves.inc\");\ninclude(\"lists.inc\");\n\nif (!get_kb_item(\"Settings/PCI_DSS\")) audit(AUDIT_PCI);\nif (get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are enabled.\");\n\nunsupported_kernel_version = make_array();\nunsupported_kernel_version[\"supported_levels\"] = \"3.16 / 4.4 / 4.9 / 4.14 / 4.19 / 5.0\";\nunsupported_kernel_version[\"0.01\"][\"eol_date\"] = \"1991-11-01\";\nunsupported_kernel_version[\"0.01\"][\"eol_url\"] = \"https://www.kernel.org/category/releases.html\";\nunsupported_kernel_version[\"0.1\"][\"eol_date\"] = \"1992-03-08\";\nunsupported_kernel_version[\"0.1\"][\"eol_url\"] = \"https://www.kernel.org/category/releases.html\";\nunsupported_kernel_version[\"0.95\"][\"eol_date\"] = \"1994-03-14\";\nunsupported_kernel_version[\"0.95\"][\"eol_url\"] = \"https://www.kernel.org/category/releases.html\";\nunsupported_kernel_version[\"1.0\"][\"eol_date\"] = \"1994-04-06\";\nunsupported_kernel_version[\"1.0\"][\"eol_url\"] = \"https://www.kernel.org/category/releases.html\";\nunsupported_kernel_version[\"1.1\"][\"eol_date\"] = \"1995-03-07\";\nunsupported_kernel_version[\"1.1\"][\"eol_url\"] = \"https://www.kernel.org/category/releases.html\";\nunsupported_kernel_version[\"1.2\"][\"eol_date\"] = \"1995-06-12\";\nunsupported_kernel_version[\"1.2\"][\"eol_url\"] = \"https://www.kernel.org/category/releases.html\";\nunsupported_kernel_version[\"1.3\"][\"eol_date\"] = \"1996-06-09\";\nunsupported_kernel_version[\"1.3\"][\"eol_url\"] = \"https://www.kernel.org/category/releases.html\";\nunsupported_kernel_version[\"2.0\"][\"eol_date\"] = \"1999-01-26\";\nunsupported_kernel_version[\"2.0\"][\"eol_url\"] = \"http://lkml.iu.edu/hypermail/linux/kernel/9901.2/1084.html\";\nunsupported_kernel_version[\"2.2\"][\"eol_date\"] = \"2005-01-13\";\nunsupported_kernel_version[\"2.2\"][\"eol_url\"] = \"https://web.archive.org/web/20070630014451/http://kerneltrap.org/node/4533\";\nunsupported_kernel_version[\"2.4\"][\"eol_date\"] = \"2011-12-31\";\nunsupported_kernel_version[\"2.4\"][\"eol_url\"] = \"https://lkml.org/lkml/2010/12/18/73\";\nunsupported_kernel_version[\"2.6\"][\"eol_date\"] = \"2004-12-24\";\nunsupported_kernel_version[\"2.6\"][\"eol_url\"] = \"http://lkml.iu.edu/hypermail/linux/kernel/0412.3/0072.html\";\nunsupported_kernel_version[\"2.6.11\"][\"eol_date\"] = \"2005-06-18\";\nunsupported_kernel_version[\"2.6.11\"][\"eol_url\"] = \"https://archive.is/20150228154849/http://lkml.iu.edu/hypermail/linux/kernel/0506.2/0404.html\";\nunsupported_kernel_version[\"2.6.12\"][\"eol_date\"] = \"2005-08-28\";\nunsupported_kernel_version[\"2.6.12\"][\"eol_url\"] = \"http://lkml.iu.edu/hypermail/linux/kernel/0508.3/1073.html\";\nunsupported_kernel_version[\"2.6.13\"][\"eol_date\"] = \"2005-12-15\";\nunsupported_kernel_version[\"2.6.13\"][\"eol_url\"] = \"http://lkml.iu.edu/hypermail/linux/kernel/0512.1/2520.html\";\nunsupported_kernel_version[\"2.6.14\"][\"eol_date\"] = \"2006-01-02\";\nunsupported_kernel_version[\"2.6.14\"][\"eol_url\"] = \"http://lkml.iu.edu/hypermail/linux/kernel/0601.0/0281.html\";\nunsupported_kernel_version[\"2.6.15\"][\"eol_date\"] = \"2006-03-28\";\nunsupported_kernel_version[\"2.6.15\"][\"eol_url\"] = \"http://lkml.iu.edu/hypermail/linux/kernel/0603.3/1141.html\";\nunsupported_kernel_version[\"2.6.16\"][\"eol_date\"] = \"2008-07-21\";\nunsupported_kernel_version[\"2.6.16\"][\"eol_url\"] = \"http://lkml.iu.edu/hypermail/linux/kernel/0807.2/2508.html\";\nunsupported_kernel_version[\"2.6.17\"][\"eol_date\"] = \"2006-10-16\";\nunsupported_kernel_version[\"2.6.17\"][\"eol_url\"] = \"http://lkml.iu.edu/hypermail/linux/kernel/0610.2/0295.html\";\nunsupported_kernel_version[\"2.6.18\"][\"eol_date\"] = \"2007-02-23\";\nunsupported_kernel_version[\"2.6.18\"][\"eol_url\"] = \"http://lkml.iu.edu/hypermail/linux/kernel/0702.2/3139.html\";\nunsupported_kernel_version[\"2.6.19\"][\"eol_date\"] = \"2007-03-03\";\nunsupported_kernel_version[\"2.6.19\"][\"eol_url\"] = \"http://lkml.iu.edu/hypermail/linux/kernel/0703.0/0965.html\";\nunsupported_kernel_version[\"2.6.20\"][\"eol_date\"] = \"2007-10-17\";\nunsupported_kernel_version[\"2.6.20\"][\"eol_url\"] = \"http://lkml.iu.edu/hypermail/linux/kernel/0710.2/0891.html\";\nunsupported_kernel_version[\"2.6.21\"][\"eol_date\"] = \"2007-08-04\";\nunsupported_kernel_version[\"2.6.21\"][\"eol_url\"] = \"http://lkml.iu.edu/hypermail/linux/kernel/0708.0/1438.html\";\nunsupported_kernel_version[\"2.6.22\"][\"eol_date\"] = \"2008-02-25\";\nunsupported_kernel_version[\"2.6.22\"][\"eol_url\"] = \"http://lkml.iu.edu/hypermail/linux/kernel/0802.3/0774.html\";\nunsupported_kernel_version[\"2.6.23\"][\"eol_date\"] = \"2008-02-25\";\nunsupported_kernel_version[\"2.6.23\"][\"eol_url\"] = \"http://lkml.iu.edu/hypermail/linux/kernel/0802.3/0772.html\";\nunsupported_kernel_version[\"2.6.24\"][\"eol_date\"] = \"2008-05-06\";\nunsupported_kernel_version[\"2.6.24\"][\"eol_url\"] = \"http://lkml.iu.edu/hypermail/linux/kernel/0805.0/3106.html\";\nunsupported_kernel_version[\"2.6.25\"][\"eol_date\"] = \"2008-11-10\";\nunsupported_kernel_version[\"2.6.25\"][\"eol_url\"] = \"http://lkml.iu.edu/hypermail/linux/kernel/0811.1/00748.html\";\nunsupported_kernel_version[\"2.6.26\"][\"eol_date\"] = \"2008-11-10\";\nunsupported_kernel_version[\"2.6.26\"][\"eol_url\"] = \"http://lkml.iu.edu/hypermail/linux/kernel/0811.1/00751.html\";\nunsupported_kernel_version[\"2.6.27\"][\"eol_date\"] = \"2012-03-17\";\nunsupported_kernel_version[\"2.6.27\"][\"eol_url\"] = \"https://lkml.org/lkml/2012/3/17/38\";\nunsupported_kernel_version[\"2.6.28\"][\"eol_date\"] = \"2009-05-02\";\nunsupported_kernel_version[\"2.6.28\"][\"eol_url\"] = \"http://lkml.iu.edu/hypermail/linux/kernel/0905.0/00587.html\";\nunsupported_kernel_version[\"2.6.29\"][\"eol_date\"] = \"2009-07-02\";\nunsupported_kernel_version[\"2.6.29\"][\"eol_url\"] = \"http://lkml.iu.edu/hypermail/linux/kernel/0907.0/01080.html\";\nunsupported_kernel_version[\"2.6.30\"][\"eol_date\"] = \"2009-10-05\";\nunsupported_kernel_version[\"2.6.30\"][\"eol_url\"] = \"http://lkml.iu.edu/hypermail/linux/kernel/0910.0/01918.html\";\nunsupported_kernel_version[\"2.6.31\"][\"eol_date\"] = \"2010-07-05\";\nunsupported_kernel_version[\"2.6.31\"][\"eol_url\"] = \"http://lkml.iu.edu/hypermail/linux/kernel/1007.0/01836.html\";\nunsupported_kernel_version[\"2.6.32\"][\"eol_date\"] = \"2016-03-12\";\nunsupported_kernel_version[\"2.6.32\"][\"eol_url\"] = \"https://lkml.org/lkml/2016/3/12/78\";\nunsupported_kernel_version[\"2.6.33\"][\"eol_date\"] = \"2011-11-07\";\nunsupported_kernel_version[\"2.6.33\"][\"eol_url\"] = \"https://lwn.net/Articles/466233/\";\nunsupported_kernel_version[\"2.6.34\"][\"eol_date\"] = \"2014-02-11\";\nunsupported_kernel_version[\"2.6.34\"][\"eol_url\"] = \"https://lkml.org/lkml/2014/2/11/368\";\nunsupported_kernel_version[\"2.6.35\"][\"eol_date\"] = \"2011-08-01\";\nunsupported_kernel_version[\"2.6.35\"][\"eol_url\"] = \"https://lkml.org/lkml/2011/8/1/324\";\nunsupported_kernel_version[\"2.6.36\"][\"eol_date\"] = \"2011-02-17\";\nunsupported_kernel_version[\"2.6.36\"][\"eol_url\"] = \"http://lkml.iu.edu/hypermail/linux/kernel/1102.2/01003.html\";\nunsupported_kernel_version[\"2.6.37\"][\"eol_date\"] = \"2011-03-27\";\nunsupported_kernel_version[\"2.6.37\"][\"eol_url\"] = \"http://lkml.iu.edu/hypermail/linux/kernel/1103.3/01699.html\";\nunsupported_kernel_version[\"2.6.38\"][\"eol_date\"] = \"2011-06-02\";\nunsupported_kernel_version[\"2.6.38\"][\"eol_url\"] = \"http://lkml.iu.edu/hypermail/linux/kernel/1106.0/01226.html\";\nunsupported_kernel_version[\"2.6.39\"][\"eol_date\"] = \"2011-08-03\";\nunsupported_kernel_version[\"2.6.39\"][\"eol_url\"] = \"http://lkml.iu.edu/hypermail/linux/kernel/1108.0/01203.html\";\nunsupported_kernel_version[\"3.0\"][\"eol_date\"] = \"2013-10-22\";\nunsupported_kernel_version[\"3.0\"][\"eol_url\"] = \"https://lkml.org/lkml/2013/10/22/125\";\nunsupported_kernel_version[\"3.1\"][\"eol_date\"] = \"2012-01-18\";\nunsupported_kernel_version[\"3.1\"][\"eol_url\"] = \"http://lkml.iu.edu/hypermail/linux/kernel/1201.2/01340.html\";\nunsupported_kernel_version[\"3.2\"][\"eol_date\"] = \"2018-06-01\";\nunsupported_kernel_version[\"3.2\"][\"eol_url\"] = \"http://lkml.iu.edu/hypermail/linux/kernel/1806.0/00251.html\";\nunsupported_kernel_version[\"3.3\"][\"eol_date\"] = \"2012-06-04\";\nunsupported_kernel_version[\"3.3\"][\"eol_url\"] = \"http://lkml.iu.edu/hypermail/linux/kernel/1206.0/01162.html\";\nunsupported_kernel_version[\"3.4\"][\"eol_date\"] = \"2016-10-26\";\nunsupported_kernel_version[\"3.4\"][\"eol_url\"] = \"https://www.spinics.net/lists/announce-kernel/msg01708.html\";\nunsupported_kernel_version[\"3.5\"][\"eol_date\"] = \"2012-10-12\";\nunsupported_kernel_version[\"3.5\"][\"eol_url\"] = \"http://lkml.iu.edu/hypermail/linux/kernel/1210.1/03204.html\";\nunsupported_kernel_version[\"3.6\"][\"eol_date\"] = \"2012-12-17\";\nunsupported_kernel_version[\"3.6\"][\"eol_url\"] = \"https://lkml.org/lkml/2012/12/17/353\";\nunsupported_kernel_version[\"3.7\"][\"eol_date\"] = \"2013-02-27\";\nunsupported_kernel_version[\"3.7\"][\"eol_url\"] = \"http://lkml.iu.edu/hypermail/linux/kernel/1302.3/01806.html\";\nunsupported_kernel_version[\"3.8\"][\"eol_date\"] = \"2013-05-11\";\nunsupported_kernel_version[\"3.8\"][\"eol_url\"] = \"http://lkml.iu.edu/hypermail/linux/kernel/1305.1/02171.html\";\nunsupported_kernel_version[\"3.9\"][\"eol_date\"] = \"2013-07-21\";\nunsupported_kernel_version[\"3.9\"][\"eol_url\"] = \"https://lkml.org/lkml/2013/7/21/178\";\nunsupported_kernel_version[\"3.10\"][\"eol_date\"] = \"2017-11-05\";\nunsupported_kernel_version[\"3.10\"][\"eol_url\"] = \"https://lkml.org/lkml/2017/11/4/178\";\nunsupported_kernel_version[\"3.11\"][\"eol_date\"] = \"2013-11-29\";\nunsupported_kernel_version[\"3.11\"][\"eol_url\"] = \"https://lkml.org/lkml/2013/11/29/327\";\nunsupported_kernel_version[\"3.12\"][\"eol_date\"] = \"2017-05-10\";\nunsupported_kernel_version[\"3.12\"][\"eol_url\"] = \"http://lkml.iu.edu/hypermail/linux/kernel/1705.1/01464.html\";\nunsupported_kernel_version[\"3.13\"][\"eol_date\"] = \"2014-04-23\";\nunsupported_kernel_version[\"3.13\"][\"eol_url\"] = \"http://lkml.iu.edu/hypermail/linux/kernel/1705.1/01464.html\";\nunsupported_kernel_version[\"3.14\"][\"eol_date\"] = \"2016-09-11\";\nunsupported_kernel_version[\"3.14\"][\"eol_url\"] = \"https://lkml.org/lkml/2016/9/11/28\";\nunsupported_kernel_version[\"3.15\"][\"eol_date\"] = \"2014-08-14\";\nunsupported_kernel_version[\"3.15\"][\"eol_url\"] = \"https://lkml.org/lkml/2014/8/14/7\";\n# unsupported_kernel_version[\"3.16\"][\"eol_date\"] = \"2020-04-01\";\n# unsupported_kernel_version[\"3.16\"][\"eol_url\"] = \"https://www.kernel.org/category/releases.html\";\nunsupported_kernel_version[\"3.17\"][\"eol_date\"] = \"2015-01-08\";\nunsupported_kernel_version[\"3.17\"][\"eol_url\"] = \"https://lkml.org/lkml/2015/1/8/544\";\n#unsupported_kernel_version[\"3.18\"][\"eol_date\"] = \"Officially was supposed to be 2017-02-08 but they are still updating it, so...\";\n#unsupported_kernel_version[\"3.18\"][\"eol_url\"] = \"https://www.kernel.org/category/releases.html\";\nunsupported_kernel_version[\"3.19\"][\"eol_date\"] = \"2015-05-11\";\nunsupported_kernel_version[\"3.19\"][\"eol_url\"] = \"https://lkml.org/lkml/2015/5/11/389\";\nunsupported_kernel_version[\"4.0\"][\"eol_date\"] = \"2015-07-21\";\nunsupported_kernel_version[\"4.0\"][\"eol_url\"] = \"https://lkml.org/lkml/2015/7/21/965\";\nunsupported_kernel_version[\"4.1\"][\"eol_date\"] = \"2018-05-29\";\nunsupported_kernel_version[\"4.1\"][\"eol_url\"] = \"https://www.spinics.net/lists/announce-kernel/msg02259.html\";\nunsupported_kernel_version[\"4.2\"][\"eol_date\"] = \"2015-12-15\";\nunsupported_kernel_version[\"4.2\"][\"eol_url\"] = \"https://lkml.org/lkml/2015/12/15/51\";\nunsupported_kernel_version[\"4.3\"][\"eol_date\"] = \"2016-02-19\";\nunsupported_kernel_version[\"4.3\"][\"eol_url\"] = \"https://lkml.org/lkml/2016/2/19/699\";\n# unsupported_kernel_version[\"4.4\"][\"eol_date\"] = \"2022-02-01\";\n# unsupported_kernel_version[\"4.4\"][\"eol_url\"] = \"https://www.kernel.org/category/releases.html\";\nunsupported_kernel_version[\"4.5\"][\"eol_date\"] = \"2016-06-07\";\nunsupported_kernel_version[\"4.5\"][\"eol_url\"] = \"http://www.mail-archive.com/linux-kernel@vger.kernel.org/msg1161793.html\";\nunsupported_kernel_version[\"4.6\"][\"eol_date\"] = \"2016-08-16\";\nunsupported_kernel_version[\"4.6\"][\"eol_url\"] = \"https://lkml.org/lkml/2016/8/16/682\";\nunsupported_kernel_version[\"4.7\"][\"eol_date\"] = \"2016-10-22\";\nunsupported_kernel_version[\"4.7\"][\"eol_url\"] = \"https://lkml.org/lkml/2016/10/22/112\";\nunsupported_kernel_version[\"4.8\"][\"eol_date\"] = \"2017-01-09\";\nunsupported_kernel_version[\"4.8\"][\"eol_url\"] = \"https://lkml.org/lkml/2017/1/9/99\";\n# unsupported_kernel_version[\"4.9\"][\"eol_date\"] = \"2023-01-01\";\n# unsupported_kernel_version[\"4.9\"][\"eol_url\"] = \"https://www.kernel.org/category/releases.html\";\nunsupported_kernel_version[\"4.10\"][\"eol_date\"] = \"2017-05-20\";\nunsupported_kernel_version[\"4.10\"][\"eol_url\"] = \"https://lkml.org/lkml/2017/5/20/64\";\nunsupported_kernel_version[\"4.11\"][\"eol_date\"] = \"2017-07-21\";\nunsupported_kernel_version[\"4.11\"][\"eol_url\"] = \"http://lkml.iu.edu/hypermail/linux/kernel/1707.2/05562.html\";\nunsupported_kernel_version[\"4.12\"][\"eol_date\"] = \"2017-09-20\";\nunsupported_kernel_version[\"4.12\"][\"eol_url\"] = \"http://lkml.iu.edu/hypermail/linux/kernel/1709.2/02589.html\";\nunsupported_kernel_version[\"4.13\"][\"eol_date\"] = \"2017-11-24\";\nunsupported_kernel_version[\"4.13\"][\"eol_url\"] = \"http://lkml.iu.edu/hypermail/linux/kernel/1711.3/00073.html\";\n# unsupported_kernel_version[\"4.14\"][\"eol_date\"] = \"2020-01-01\";\n# unsupported_kernel_version[\"4.14\"][\"eol_url\"] = \"https://www.kernel.org/category/releases.html\";\nunsupported_kernel_version[\"4.15\"][\"eol_date\"] = \"2018-04-19\";\nunsupported_kernel_version[\"4.15\"][\"eol_url\"] = \"http://lkml.iu.edu/hypermail/linux/kernel/1804.2/03399.html\";\nunsupported_kernel_version[\"4.16\"][\"eol_date\"] = \"2018-06-25\";\nunsupported_kernel_version[\"4.16\"][\"eol_url\"] = \"http://lkml.iu.edu/hypermail/linux/kernel/1806.3/01553.html\";\nunsupported_kernel_version[\"4.17\"][\"eol_date\"] = \"2018-08-24\";\nunsupported_kernel_version[\"4.17\"][\"eol_url\"] = \"http://lkml.iu.edu/hypermail/linux/kernel/1808.3/00244.html\";\nunsupported_kernel_version[\"4.18\"][\"eol_date\"] = \"2018-11-21\";\nunsupported_kernel_version[\"4.18\"][\"eol_url\"] = \"http://lkml.iu.edu/hypermail/linux/kernel/1811.2/04972.html\";\n# unsupported_kernel_version[\"4.19\"][\"eol_date\"] = \"2020-12-01\";\n# unsupported_kernel_version[\"4.19\"][\"eol_url\"] = \"https://www.kernel.org/category/releases.html\";\n# unsupported_kernel_version[\"4.20\"][\"eol_date\"] = \"\";\n# unsupported_kernel_version[\"4.20\"][\"eol_url\"] = \"https://www.kernel.org/category/releases.html\";\n# unsupported_kernel_version[\"5.0\"][\"eol_date\"] = \"\";\n# unsupported_kernel_version[\"5.0\"][\"eol_url\"] = \"https://www.kernel.org/category/releases.html\";\n\n# Check all relevant banner KBs\nbanners = get_kb_list(\"*/banner/*\");\nhost_os = get_kb_item(\"Host/OS\");\nif (isnull(banners) && isnull(host_os)) exit(0, \"Relevant banners and Host/OS keys not present for this scan.\");\n\n# Determine if a kernel version is present in the banners and extract it\nport = 0;\nversion = NULL;\nforeach banner_kb (sort(keys(banners)))\n{\n banner_value = banners[banner_kb];\n regex = \"(?:kernel|linux) (\\d+\\.\\d+\\.\\d+[^\\s]*)\";\n kernel_version = pregmatch(string:banner_value, pattern:regex, icase:TRUE);\n if(!isnull(kernel_version))\n {\n version = kernel_version[1];\n version -= \".EL\";\n # Try and extract port from banner_kb\n portmatch = pregmatch(pattern:\"\\/(\\d+)(?:\\/|$)\", string:banner_kb);\n if (portmatch)\n {\n port = portmatch[1];\n }\n break;\n }\n}\n\nif (isnull(version))\n{\n # Try to get the value from Host/OS\n if (!empty_or_null(host_os))\n {\n regex = \"Linux Kernel (\\d+\\.\\d+[^\\s]*)\";\n kernel_version = pregmatch(string:host_os, pattern:regex, icase:TRUE);\n if(!isnull(kernel_version))\n {\n version = kernel_version[1];\n }\n }\n}\n\nif (isnull(version))\n{\n exit(0, \"Unable to find kernel version strings in banner(s) or Host/OS KB entries.\");\n}\n\n# Trim 2.6 versions down to #.#.#, trim everything else down to #.#\ntwo_six_match = pregmatch(string:version, pattern:\"^(2\\.6\\.\\d+)\", icase:TRUE);\nif(!isnull(two_six_match))\n{\n version = two_six_match[1];\n}\nelse\n{\n version_match = pregmatch(string:version, pattern:\"^(\\d+.\\d+)\", icase:TRUE);\n if(!isnull(version_match))\n {\n version = version_match[1];\n }\n}\n\nif (isnull(unsupported_kernel_version[version]))\n{\n exit(0, \"The remote host's Linux kernel version \" + version + \" is still supported.\");\n}\nelse\n{\n eol_date = unsupported_kernel_version[version][\"eol_date\"];\n eol_url = unsupported_kernel_version[version][\"eol_url\"];\n supported_levels = unsupported_kernel_version[\"supported_levels\"];\n report = 'Kernel Version: ' + version + '\\n';\n report += 'End of support date: ' + eol_date + '\\n';\n report += 'Details available from: ' + eol_url + '\\n';\n report += 'Currently supported kernel versions: ' + supported_levels + '\\n';\n security_report_v4(\n port : port,\n severity : SECURITY_HOLE,\n extra : report\n );\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2019-02-15T07:10:21", "bulletinFamily": "scanner", "description": "According to its version number, the firmware of Integrated Lights-Out\nrunning on the remote web server is iLO 3 prior to 1.65 or iLO 4 \nprior to 1.32. It is, therefore, affected by multiple vulnerabilities:\n - A cross-site scripting (XSS) vulnerability exists due to improper\n validation of user-supplied input before returning it to users. \n An unauthenticated, remote attacker can exploit this, by convincing\n a user to click a specially crafted URL, to execute arbitrary script\n code in a user's browser session (CVE-2013-4842).\n\n - An information disclosure vulnerability exists in Integrated \n Lights-Out (iLO) 3 & 4 due to an undisclosed vulnerability. \n An unauthenticated, remote attacker can exploit this to disclose\n potentially sensitive information (CVE-2013-4843).", "modified": "2019-02-14T00:00:00", "published": "2019-02-14T00:00:00", "id": "ILO_HPSBHF_02939.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=122188", "title": "iLO 3 < 1.65 / iLO 4 < 1.32 Multiple Vulnerabilities", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(122188);\n script_version(\"1.1\");\n script_cvs_date(\"Date: 2019/02/14 13:48:00\");\n\n script_cve_id(\n \"CVE-2013-4842\",\n \"CVE-2013-4843\"\n );\n\n script_bugtraq_id(\n 63689,\n 63691\n );\n\n script_name(english:\"iLO 3 < 1.65 / iLO 4 < 1.32 Multiple Vulnerabilities\");\n script_summary(english:\"Checks version of HP Integrated Lights-Out (iLO).\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote HP Integrated Lights-Out (iLO) server's web interface is\naffected by multiple vulnerabilities.\") ;\n script_set_attribute(attribute:\"description\", value:\n\"According to its version number, the firmware of Integrated Lights-Out\nrunning on the remote web server is iLO 3 prior to 1.65 or iLO 4 \nprior to 1.32. It is, therefore, affected by multiple vulnerabilities:\n - A cross-site scripting (XSS) vulnerability exists due to improper\n validation of user-supplied input before returning it to users. \n An unauthenticated, remote attacker can exploit this, by convincing\n a user to click a specially crafted URL, to execute arbitrary script\n code in a user's browser session (CVE-2013-4842).\n\n - An information disclosure vulnerability exists in Integrated \n Lights-Out (iLO) 3 & 4 due to an undisclosed vulnerability. \n An unauthenticated, remote attacker can exploit this to disclose\n potentially sensitive information (CVE-2013-4843).\");\n # https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-c03996804&docLocale=en_US\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?aaf46ad1\");\n script_set_attribute(attribute:\"solution\", value:\n \"For iLO 3, upgrade firmware to 1.65 or later. \n For iLO 4, upgrade firmware to 1.32 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2013-4842\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/12/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/11/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/02/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:hp:integrated_lights-out_firmware\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ilo_detect.nasl\");\n script_require_keys(\"www/ilo\", \"ilo/generation\", \"ilo/firmware\");\n script_require_ports(\"Services/www\", 80);\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('http.inc');\ninclude('install_func.inc');\ninclude('misc_func.inc');\ninclude('vcf.inc');\n\ngeneration = get_kb_item_or_exit('ilo/generation');\nport = get_http_port(default:80, embedded: TRUE);\napp_info = vcf::get_app_info(app:'ilo', port:port, webapp:TRUE);\n\n# Firmware versions are different across generations so additional if check is required.\nif (generation == 3)\n fixed_version = '1.65';\nelse if (generation == 4)\n fixed_version = '1.32';\nelse\n audit(\n AUDIT_WEB_APP_NOT_AFFECTED,\n 'iLO ' + generation, \n build_url2(qs:app_info.path, port:port),\n app_info.version);\n\nconstraints = [{'fixed_version':fixed_version}];\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);\n\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:NONE/A:NONE/"}}, {"lastseen": "2019-02-14T03:08:43", "bulletinFamily": "scanner", "description": "New lxc packages are available for Slackware 14.2 and -current to fix\na security issue.", "modified": "2019-02-13T00:00:00", "published": "2019-02-13T00:00:00", "id": "SLACKWARE_SSA_2019-043-01.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=122143", "title": "Slackware 14.2 / current : lxc (SSA:2019-043-01)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Slackware Security Advisory 2019-043-01. The text \n# itself is copyright (C) Slackware Linux, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(122143);\n script_version(\"1.1\");\n script_cvs_date(\"Date: 2019/02/13 9:26:32\");\n\n script_xref(name:\"SSA\", value:\"2019-043-01\");\n\n script_name(english:\"Slackware 14.2 / current : lxc (SSA:2019-043-01)\");\n script_summary(english:\"Checks for updated package in /var/log/packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Slackware host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"New lxc packages are available for Slackware 14.2 and -current to fix\na security issue.\"\n );\n # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2019&m=slackware-security.394423\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?8c1d2197\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected lxc package.\");\n script_set_attribute(attribute:\"risk_factor\", value:\"High\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:lxc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:14.2\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/02/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/02/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/02/13\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Slackware Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Slackware/release\", \"Host/Slackware/packages\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"slackware.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Slackware/release\")) audit(AUDIT_OS_NOT, \"Slackware\");\nif (!get_kb_item(\"Host/Slackware/packages\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Slackware\", cpu);\n\n\nflag = 0;\nif (slackware_check(osver:\"14.2\", pkgname:\"lxc\", pkgver:\"2.0.9_d3a03247\", pkgarch:\"i586\", pkgnum:\"1_slack14.2\")) flag++;\nif (slackware_check(osver:\"14.2\", arch:\"x86_64\", pkgname:\"lxc\", pkgver:\"2.0.9_d3a03247\", pkgarch:\"x86_64\", pkgnum:\"1_slack14.2\")) flag++;\n\nif (slackware_check(osver:\"current\", pkgname:\"lxc\", pkgver:\"2.0.9_d3a03247\", pkgarch:\"i586\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"current\", arch:\"x86_64\", pkgname:\"lxc\", pkgver:\"2.0.9_d3a03247\", pkgarch:\"x86_64\", pkgnum:\"1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:slackware_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2019-02-12T03:01:03", "bulletinFamily": "scanner", "description": "- Fix large memory usage by systemd-journald (#1665931)\n\n - Some minor fixes to systemd-nspawn, udevadm,\n documentation and logging\n\nNo need to log out or reboot.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "modified": "2019-02-11T00:00:00", "published": "2019-02-11T00:00:00", "id": "FEDORA_2019-1FB1547321.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=122071", "title": "Fedora 29 : systemd (2019-1fb1547321)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2019-1fb1547321.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(122071);\n script_version(\"1.1\");\n script_cvs_date(\"Date: 2019/02/11 11:26:49\");\n\n script_xref(name:\"FEDORA\", value:\"2019-1fb1547321\");\n\n script_name(english:\"Fedora 29 : systemd (2019-1fb1547321)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - Fix large memory usage by systemd-journald (#1665931)\n\n - Some minor fixes to systemd-nspawn, udevadm,\n documentation and logging\n\nNo need to log out or reboot.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2019-1fb1547321\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected systemd package.\"\n );\n script_set_attribute(attribute:\"risk_factor\", value:\"High\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:systemd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:29\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/02/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/02/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/02/11\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^29([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 29\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC29\", reference:\"systemd-239-11.git4dc7dce.fc29\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"systemd\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2019-02-12T03:01:03", "bulletinFamily": "scanner", "description": "- Updated to latest version (60.5.0) \n\n- https://www.thunderbird.net/en-US/thunderbird/60.5.0/releasenotes/\n\n - Backported Wayland patches from Firefox 65.0\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "modified": "2019-02-11T00:00:00", "published": "2019-02-11T00:00:00", "id": "FEDORA_2019-526EF126CD.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=122072", "title": "Fedora 29 : thunderbird (2019-526ef126cd)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2019-526ef126cd.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(122072);\n script_version(\"1.1\");\n script_cvs_date(\"Date: 2019/02/11 11:26:49\");\n\n script_xref(name:\"FEDORA\", value:\"2019-526ef126cd\");\n\n script_name(english:\"Fedora 29 : thunderbird (2019-526ef126cd)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - Updated to latest version (60.5.0) \n\n- https://www.thunderbird.net/en-US/thunderbird/60.5.0/releasenotes/\n\n - Backported Wayland patches from Firefox 65.0\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2019-526ef126cd\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected thunderbird package.\"\n );\n script_set_attribute(attribute:\"risk_factor\", value:\"High\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:thunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:29\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/02/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/02/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/02/11\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^29([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 29\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC29\", reference:\"thunderbird-60.5.0-4.fc29\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"thunderbird\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2019-02-10T15:00:38", "bulletinFamily": "scanner", "description": "The version of Samba running on the remote host is prior to\n3.4.0. It is, therefore, affected by a remote code execution\nvulnerability in process.c due to a heap-based buffer overflow. An \nunauthenticated, remote attacker can exploit this to bypass authentication \nand execute arbitrary commands via Batched / AndX request.\n\nNote that Nessus has not tested for this issue but has instead relied\nonly on the application's self-reported version number.", "modified": "2019-02-08T00:00:00", "published": "2019-02-08T00:00:00", "id": "SAMBA_3_4_0.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=122058", "title": "Samba < 3.4.0 Remote Code Execution Vulnerability", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(122058);\n script_version(\"1.1\");\n script_cvs_date(\"Date: 2019/02/08 15:02:57\");\n\n script_cve_id(\n \"CVE-2012-0870\"\n );\n script_bugtraq_id(52103);\n\n script_name(english:\"Samba < 3.4.0 Remote Code Execution Vulnerability\");\n script_summary(english:\"Checks the version of Samba.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Samba server is affected by a remote code execution vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Samba running on the remote host is prior to\n3.4.0. It is, therefore, affected by a remote code execution\nvulnerability in process.c due to a heap-based buffer overflow. An \nunauthenticated, remote attacker can exploit this to bypass authentication \nand execute arbitrary commands via Batched / AndX request.\n\nNote that Nessus has not tested for this issue but has instead relied\nonly on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.samba.org/samba/security/CVE-2012-0870.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Samba version 3.4.0 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2012-0870\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2008/08/22\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/08/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/02/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:samba:samba\");\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_nativelanman.nasl\");\n script_require_keys(\"SMB/NativeLanManager\", \"SMB/samba\", \"Settings/ParanoidReport\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"vcf.inc\");\ninclude(\"vcf_extras.inc\");\n\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\napp = vcf::samba::get_app_info();\nvcf::check_granularity(app_info:app, sig_segments:3);\n\nconstraints = \n[\n {\"fixed_version\" : \"3.4.0\"}\n];\n\nvcf::check_version_and_report(app_info:app, constraints:constraints, severity:SECURITY_HOLE, strict:FALSE);\n", "cvss": {"score": 7.9, "vector": "AV:ADJACENT_NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-10T15:00:37", "bulletinFamily": "scanner", "description": "New php packages are available for Slackware 14.0, 14.1, 14.2 to fix\nsecurity issues. A bugfix release for -current is also available.", "modified": "2019-02-08T00:00:00", "published": "2019-02-08T00:00:00", "id": "SLACKWARE_SSA_2019-038-01.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=122046", "title": "Slackware 14.0 / 14.1 / 14.2 / current : php (SSA:2019-038-01)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Slackware Security Advisory 2019-038-01. The text \n# itself is copyright (C) Slackware Linux, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(122046);\n script_version(\"1.1\");\n script_cvs_date(\"Date: 2019/02/08 10:06:13\");\n\n script_xref(name:\"SSA\", value:\"2019-038-01\");\n\n script_name(english:\"Slackware 14.0 / 14.1 / 14.2 / current : php (SSA:2019-038-01)\");\n script_summary(english:\"Checks for updated package in /var/log/packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Slackware host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"New php packages are available for Slackware 14.0, 14.1, 14.2 to fix\nsecurity issues. A bugfix release for -current is also available.\"\n );\n # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2019&m=slackware-security.489648\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?2a579508\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected php package.\");\n script_set_attribute(attribute:\"risk_factor\", value:\"High\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:php\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:14.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:14.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:14.2\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/02/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/02/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/02/08\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Slackware Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Slackware/release\", \"Host/Slackware/packages\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"slackware.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Slackware/release\")) audit(AUDIT_OS_NOT, \"Slackware\");\nif (!get_kb_item(\"Host/Slackware/packages\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Slackware\", cpu);\n\n\nflag = 0;\nif (slackware_check(osver:\"14.0\", pkgname:\"php\", pkgver:\"5.6.40\", pkgarch:\"i486\", pkgnum:\"1_slack14.0\")) flag++;\nif (slackware_check(osver:\"14.0\", arch:\"x86_64\", pkgname:\"php\", pkgver:\"5.6.40\", pkgarch:\"x86_64\", pkgnum:\"1_slack14.0\")) flag++;\n\nif (slackware_check(osver:\"14.1\", pkgname:\"php\", pkgver:\"5.6.40\", pkgarch:\"i486\", pkgnum:\"1_slack14.1\")) flag++;\nif (slackware_check(osver:\"14.1\", arch:\"x86_64\", pkgname:\"php\", pkgver:\"5.6.40\", pkgarch:\"x86_64\", pkgnum:\"1_slack14.1\")) flag++;\n\nif (slackware_check(osver:\"14.2\", pkgname:\"php\", pkgver:\"5.6.40\", pkgarch:\"i586\", pkgnum:\"1_slack14.2\")) flag++;\nif (slackware_check(osver:\"14.2\", arch:\"x86_64\", pkgname:\"php\", pkgver:\"5.6.40\", pkgarch:\"x86_64\", pkgnum:\"1_slack14.2\")) flag++;\n\nif (slackware_check(osver:\"current\", pkgname:\"php\", pkgver:\"7.2.15\", pkgarch:\"i586\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"current\", arch:\"x86_64\", pkgname:\"php\", pkgver:\"7.2.15\", pkgarch:\"x86_64\", pkgnum:\"1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:slackware_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}], "mozilla": [{"lastseen": "2019-02-14T22:27:17", "bulletinFamily": "software", "description": "A use-after-free vulnerability in the Skia library can occur when creating a path, leading to a potentially exploitable crash.\nAn integer overflow vulnerability in the Skia library can occur after specific transform operations, leading to a potentially exploitable crash.\nA buffer overflow vulnerability in the Skia library can occur with Canvas 2D acceleration on macOS. This issue was addressed by disabling Canvas 2D acceleration in Firefox ESR. Note: this does not affect other versions and platforms where Canvas 2D acceleration is already disabled by default. \nA flaw during verification of certain S/MIME signatures causes emails to be shown in Thunderbird as having a valid digital signature, even if the shown message contents aren't covered by the signature. The flaw allows an attacker to reuse a valid S/MIME signature to craft an email message with arbitrary content.", "modified": "2019-02-14T00:00:00", "published": "2019-02-14T00:00:00", "id": "MFSA2019-06", "href": "http://www.mozilla.org/en-US/security/advisories/mfsa2019-06/", "title": "Security vulnerabilities fixed in Thunderbird 60.5.1", "type": "mozilla", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2019-02-13T00:22:25", "bulletinFamily": "software", "description": "A use-after-free vulnerability in the Skia library can occur when creating a path, leading to a potentially exploitable crash.\nAn integer overflow vulnerability in the Skia library can occur after specific transform operations, leading to a potentially exploitable crash.\nCross-origin images can be read from a canvas element in violation of the same-origin policy using the transferFromImageBitmap method. Note: This only affects Firefox 65. Previous versions are unaffected.", "modified": "2019-02-12T00:00:00", "published": "2019-02-12T00:00:00", "id": "MFSA2019-04", "href": "http://www.mozilla.org/en-US/security/advisories/mfsa2019-04/", "title": "Security vulnerabilities fixed in Firefox 65.0.1", "type": "mozilla", "cvss": {"score": 0.0, "vector": "NONE"}}], "f5": [{"lastseen": "2019-02-16T20:39:28", "bulletinFamily": "software", "description": "\nF5 Product Development has evaluated the currently supported releases for potential vulnerability, and no F5 products were found to be vulnerable.\n\nNone\n\n * [K51812227: Understanding Security Advisory versioning](<https://support.f5.com/csp/article/K51812227>)\n * [K41942608: Overview of AskF5 Security Advisory articles](<https://support.f5.com/csp/article/K41942608>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n", "modified": "2019-02-11T23:55:00", "published": "2019-02-11T23:55:00", "id": "F5:K07052904", "href": "https://support.f5.com/csp/article/K07052904", "title": "PHP vulnerability CVE-2015-3307", "type": "f5", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-02-16T20:39:36", "bulletinFamily": "software", "description": "\nF5 Product Development has evaluated the currently supported releases for potential vulnerability, and no F5 products were found to be vulnerable.\n\nNone\n\n * [K51812227: Understanding Security Advisory versioning](<https://support.f5.com/csp/article/K51812227>)\n * [K41942608: Overview of AskF5 Security Advisory articles](<https://support.f5.com/csp/article/K41942608>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n", "modified": "2019-02-07T23:23:00", "published": "2019-02-07T23:23:00", "id": "F5:K19916307", "href": "https://support.f5.com/csp/article/K19916307", "title": "glibc vulnerability CVE-2015-1473", "type": "f5", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}], "debian": [{"lastseen": "2019-02-07T01:57:13", "bulletinFamily": "unix", "description": "Package : libav\nVersion : 6:11.12-1~deb8u5\nCVE ID : CVE-2014-8542 CVE-2015-1207 CVE-2017-7863 CVE-2017-7865 \n CVE-2017-14169 CVE-2017-14223\n\n\nSeveral security issues have been corrected in multiple demuxers and\ndecoders of the libav multimedia library.\n\nCVE-2014-8542\n\n libavcodec/utils.c omitted a certain codec ID during enforcement of\n alignment, which allowed remote attackers to cause a denial of ervice\n (out-of-bounds access) or possibly have unspecified other impact via\n crafted JV data.\n\nCVE-2015-1207\n\n Double-free vulnerability in libavformat/mov.c allowed remote\n attackers to cause a denial of service (memory corruption and crash)\n via a crafted .m4a file.\n\nCVE-2017-7863\n\n libav had an out-of-bounds write caused by a heap-based buffer\n overflow related to the decode_frame_common function in\n libavcodec/pngdec.c.\n\nCVE-2017-7865\n\n libav had an out-of-bounds write caused by a heap-based buffer\n overflow related to the ipvideo_decode_block_opcode_0xA function in\n libavcodec/interplayvideo.c and the avcodec_align_dimensions2\n function in libavcodec/utils.c.\n\nCVE-2017-14169\n\n In the mxf_read_primer_pack function in libavformat/mxfdec.c in, an\n integer signedness error might have occured when a crafted file,\n claiming a large "item_num" field such as 0xffffffff, was provided.\n As a result, the variable "item_num" turned negative, bypassing the\n check for a large value.\n\nCVE-2017-14223\n\n In libavformat/asfdec_f.c a DoS in asf_build_simple_index() due to\n lack of an EOF (End of File) check might have caused huge CPU\n consumption. When a crafted ASF file, claiming a large "ict" field in\n the header but not containing sufficient backing data, was provided,\n the for loop would have consumed huge CPU and memory resources, since\n there was no EOF check inside the loop.\n\nFor Debian 8 "Jessie", these problems have been fixed in version\n6:11.12-1~deb8u5.\n\nWe recommend that you upgrade your libav packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS\n\n-- \n\nmike gabriel aka sunweaver (Debian Developer)\nfon: +49 (1520) 1976 148\n\nGnuPG Fingerprint: 9BFB AEE8 6C0A A5FF BF22 0782 9AF4 6B30 2577 1B31\nmail: sunweaver@debian.org, http://sunweavers.net\n", "modified": "2019-02-06T12:42:33", "published": "2019-02-06T12:42:33", "id": "DEBIAN:DLA-1654-1:B472E", "href": "https://lists.debian.org/debian-lts-announce/2019/debian-lts-announce-201902/msg00005.html", "title": "[SECURITY] [DLA 1654-1] libav security update", "type": "debian", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}]}
