[AFFECTED PRODUCTS]
This security vulnerability affects the following products and firmware
versions:
* D-Link DIR-645, firmware version < 1.03
Other products and firmware versions could also be vulnerable, but they were
not checked.
[VULNERABILITY DETAILS]
The web interface of D-Link DIR-645 routers expose several pages accessible
with no authentication. These pages can be abused to access sensitive
information concerning the device configuration, including the clear-text
password for the administrative user. In other words, by exploiting this
vulnerability unauthenticated remote attackers can retrieve the administrator
password and then access the device with full privileges.
More in detail, the following HTTP request fetches the administrator password:
curl -d SERVICES=DEVICE.ACCOUNT http://<device ip>/getcfg.php
For those that are not familiar with "curl" syntax, the above command-line
requests the "getcfg.php" page, supplying the HTTP POST data
"SERVICES=DEVICE.ACCOUNT".
The lack of proper authentication checks is not limited to the "getcfg.php" web
page. As an example, the following requests can also be performed with no
authentication:
1. Read system log
curl http://<device ip>/log_get.php
Get DDNS statistics
curl -d act=getreport http://<device ip>/ddns_act.php
[REMEDIATION]
D-Link has released an updated firmware version (1.03) that addresses this
issue. The firmware is already available on D-Link web site, and introduces
additional restrictions to forbid unauthenticated access to page "getcfg.php".
[DISCLAIMER]
The author is not responsible for the misuse of the information provided in
this security advisory. The advisory is a service to the professional security
community. There are NO WARRANTIES with regard to this information. Any
application or distribution of this information constitutes acceptance AS IS,
at the user's own risk. This information is subject to change without notice.
{"id": "SECURITYVULNS:DOC:29113", "bulletinFamily": "software", "title": "Unauthenticated remote access to D-Link DIR-645 devices", "description": "\r\n\r\nUnauthenticated remote access to D-Link DIR-645 devices\r\n=======================================================\r\n\r\n[ADVISORY INFORMATION]\r\nTitle:\t\tUnauthenticated remote access to D-Link DIR-645 devices\r\nDiscovery date: 20/02/2013\r\nRelease date: 27/02/2013\r\nCredits: Roberto Paleari (roberto@greyhats.it, twitter: @rpaleari)\r\n\r\n[VULNERABILITY INFORMATION]\r\nClass: \t Authentication bypass\r\n\r\n[AFFECTED PRODUCTS]\r\nThis security vulnerability affects the following products and firmware\r\nversions:\r\n * D-Link DIR-645, firmware version < 1.03\r\nOther products and firmware versions could also be vulnerable, but they were\r\nnot checked.\r\n\r\n[VULNERABILITY DETAILS]\r\nThe web interface of D-Link DIR-645 routers expose several pages accessible\r\nwith no authentication. These pages can be abused to access sensitive\r\ninformation concerning the device configuration, including the clear-text\r\npassword for the administrative user. In other words, by exploiting this\r\nvulnerability unauthenticated remote attackers can retrieve the administrator\r\npassword and then access the device with full privileges.\r\n\r\nMore in detail, the following HTTP request fetches the administrator password:\r\n curl -d SERVICES=DEVICE.ACCOUNT http://<device ip>/getcfg.php\r\n\r\nFor those that are not familiar with "curl" syntax, the above command-line\r\nrequests the "getcfg.php" page, supplying the HTTP POST data\r\n"SERVICES=DEVICE.ACCOUNT".\r\n\r\nThe lack of proper authentication checks is not limited to the "getcfg.php" web\r\npage. As an example, the following requests can also be performed with no\r\nauthentication:\r\n1. Read system log\r\n curl http://<device ip>/log_get.php\r\n\r\n2. Get DDNS statistics\r\n curl -d act=getreport http://<device ip>/ddns_act.php\r\n\r\n3. Dump device details\r\n curl http://<device ip>/DevInfo.php\r\n\r\n[REMEDIATION]\r\nD-Link has released an updated firmware version (1.03) that addresses this\r\nissue. The firmware is already available on D-Link web site, and introduces\r\nadditional restrictions to forbid unauthenticated access to page "getcfg.php".\r\n\r\n[DISCLAIMER]\r\nThe author is not responsible for the misuse of the information provided in\r\nthis security advisory. The advisory is a service to the professional security\r\ncommunity. There are NO WARRANTIES with regard to this information. Any\r\napplication or distribution of this information constitutes acceptance AS IS,\r\nat the user's own risk. This information is subject to change without notice.\r\n", "published": "2013-03-02T00:00:00", "modified": "2013-03-02T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:29113", "reporter": "Securityvulns", "references": [], "cvelist": [], "type": "securityvulns", "lastseen": "2018-08-31T11:10:47", "history": [], "edition": 1, "hashmap": [{"key": "affectedSoftware", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "bulletinFamily", "hash": "f9fa10ba956cacf91d7878861139efb9"}, {"key": "cvelist", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cvss", "hash": "8cd4821cb504d25572038ed182587d85"}, {"key": "description", "hash": "82ca9c887d4e5f44fdde84852b00ff6a"}, {"key": "href", "hash": "32d44b0250195f8a58e0b15796a393e4"}, {"key": "modified", "hash": "33698e5dda332f050ce38ddfb1e89999"}, {"key": "published", "hash": "33698e5dda332f050ce38ddfb1e89999"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "a49ebb2e1a771348dfa0039e0d589df6"}, {"key": "title", "hash": "17242cc4db5703ee3a58dbf2bb5cff53"}, {"key": "type", "hash": "d54751dd75af2ea0147b462b3e001cd0"}], "hash": "97c64f91ba316ceb4d47b3d4af8b2453df38dee20a1df7abeff26849cbb22d03", "viewCount": 9, "enchantments": {"score": {"value": 5.0, "vector": "NONE", "modified": "2018-08-31T11:10:47"}, "dependencies": {"references": [{"type": "nessus", "idList": ["REDHAT-RHSA-2016-1840.NASL", "PHOTONOS_PHSA-2016-0013.NASL", "PHOTONOS_PHSA-2017-0040.NASL", "F5_BIGIP_SOL16845.NASL", "SUSE_SU-2018-2275-1.NASL", "OPENSUSE-2018-846.NASL", "OPENSUSE-2018-809.NASL", "SUSE_SU-2018-2145-1.NASL", "SUSE_SU-2018-2084-1.NASL", "OPENSUSE-2018-771.NASL"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:149050", "PACKETSTORM:148811", "PACKETSTORM:148753"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2018:2287-1", "OPENSUSE-SU-2018:2212-1", "OPENSUSE-SU-2018:2133-1"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310851850"]}, {"type": "zdt", "idList": ["1337DAY-ID-30839", "1337DAY-ID-30805"]}, {"type": "exploitdb", "idList": ["EDB-ID:45149"]}], "modified": "2018-08-31T11:10:47"}, "vulnersScore": 5.0}, "objectVersion": "1.3", "affectedSoftware": []}
{"nessus": [{"lastseen": "2019-02-16T05:13:48", "bulletinFamily": "scanner", "description": "The version of the remote MongoDB server is 2.6.x prior to 2.6.9,\nis 3.0.x < 3.0.14 or is 3.2.x < 3.2.8. It is, therefore, affected by\nmultiple vulnerabilities.\n\n - A credentials disclosure vulnerability exists in the\n PEMKeyPassword, clusterPassword and Windows servicePassword. An\n unauthenticated local attacker can exploit this to get access \n to user credentials. (CVE-2014-2917)\n\n - A denial of service (DoS) vulnerability exist in the\n CmdAuthenticate::_authenticateX509 function in\n db/commands/authentication_commands.cpp in mongod. An\n unauthenticated remote attacker can exploit this to cause a denial\n of service (daemon crash) by attempting authentication with an\n invalid X.509 client certificate. (CVE-2014-3971)\n\n - A heap-based buffer overflow condition exists in PCRE. An \n unauthenticated remote attacker can exploit this via a crafted\n regular expression, related to an assertion that allows zero\n repeats to cause a denial of service or to cause other unspecified\n impact. (CVE-2014-8964)\n\n - A DoS vulnerability exists due to failure to check for missing\n values. An authenticated remote attacker can exploit this to\n cause the application to crash. The attacker needs write access\n to a database to be able to exploit this vulnerability.\n (CVE-2015-2705)\n\n - A breach of data integrity vulnerability exists in the WiredTiger\n storage engine. An authenticated remote attacker can exploit this\n by issuing an admin command to write statistic logs to a specific\n file and may compromise data integrity. (CVE-2017-12926)\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.", "modified": "2019-02-15T00:00:00", "published": "2019-02-15T00:00:00", "id": "MONGODB_3_2_8.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=122243", "title": "MongoDB 2.6.x < 2.6.9, 3.0.x < 3.0.14, 3.2.x < 3.2.8 mongod", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(122243);\n script_version(\"1.1\");\n script_cvs_date(\"Date: 2019/02/15 11:49:10\");\n\n script_cve_id(\n \"CVE-2014-2917\",\n \"CVE-2014-3971\",\n \"CVE-2014-8964\",\n \"CVE-2015-2705\",\n \"CVE-2017-12926\"\n );\n script_bugtraq_id(71206);\n\n script_name(english:\"MongoDB 2.6.x < 2.6.9, 3.0.x < 3.0.14, 3.2.x < 3.2.8 mongod\");\n script_summary(english:\"Checks the version of MongoDB.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote database server is affected by a vulnerability that may\nresult in a denial of service or in the compromise of the server\nmemory integrity.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of the remote MongoDB server is 2.6.x prior to 2.6.9,\nis 3.0.x < 3.0.14 or is 3.2.x < 3.2.8. It is, therefore, affected by\nmultiple vulnerabilities.\n\n - A credentials disclosure vulnerability exists in the\n PEMKeyPassword, clusterPassword and Windows servicePassword. An\n unauthenticated local attacker can exploit this to get access \n to user credentials. (CVE-2014-2917)\n\n - A denial of service (DoS) vulnerability exist in the\n CmdAuthenticate::_authenticateX509 function in\n db/commands/authentication_commands.cpp in mongod. An\n unauthenticated remote attacker can exploit this to cause a denial\n of service (daemon crash) by attempting authentication with an\n invalid X.509 client certificate. (CVE-2014-3971)\n\n - A heap-based buffer overflow condition exists in PCRE. An \n unauthenticated remote attacker can exploit this via a crafted\n regular expression, related to an assertion that allows zero\n repeats to cause a denial of service or to cause other unspecified\n impact. (CVE-2014-8964)\n\n - A DoS vulnerability exists due to failure to check for missing\n values. An authenticated remote attacker can exploit this to\n cause the application to crash. The attacker needs write access\n to a database to be able to exploit this vulnerability.\n (CVE-2015-2705)\n\n - A breach of data integrity vulnerability exists in the WiredTiger\n storage engine. An authenticated remote attacker can exploit this\n by issuing an admin command to write statistic logs to a specific\n file and may compromise data integrity. (CVE-2017-12926)\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\n\");\n script_set_attribute(attribute:\"see_also\", value:\"https://jira.mongodb.org/browse/SERVER-13644\");\n script_set_attribute(attribute:\"see_also\", value:\"https://jira.mongodb.org/browse/SERVER-13753\");\n script_set_attribute(attribute:\"see_also\", value:\"https://jira.mongodb.org/browse/SERVER-17252\");\n script_set_attribute(attribute:\"see_also\", value:\"https://jira.mongodb.org/browse/SERVER-17521\");\n script_set_attribute(attribute:\"see_also\", value:\"https://jira.mongodb.org/browse/WT-2711\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mongodb.com/alerts\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to MongoDB version 2.6.9 / 3.0.14 / 3.2.8 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2014-2917\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/04/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/05/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/02/15\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:mongodb:mongodb\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Databases\");\n\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"mongodb_detect.nasl\");\n script_require_keys(\"Services/mongodb\");\n exit(0);\n}\n\ninclude('vcf.inc');\n\napp = 'MongoDB';\nport = get_service(svc:'mongodb', default:27017, exit_on_fail:TRUE);\nkbVer = 'mongodb/' + port + '/Version';\n\napp_info = vcf::get_app_info(app:app, kb_ver:kbVer, port: port);\n\nconstraints = [\n { 'min_version' : '2.6.0', 'fixed_version' : '2.6.9' },\n { 'min_version' : '3.0.0', 'fixed_version' : '3.0.14' },\n { 'min_version' : '3.2.0', 'fixed_version' : '3.2.8' }\n];\n\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-02-15T03:13:45", "bulletinFamily": "scanner", "description": "New mozilla-firefox packages are available for Slackware 14.2 and\n-current to fix security issues.", "modified": "2019-02-14T00:00:00", "published": "2019-02-14T00:00:00", "id": "SLACKWARE_SSA_2019-044-01.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=122176", "title": "Slackware 14.2 / current : mozilla-firefox (SSA:2019-044-01)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Slackware Security Advisory 2019-044-01. The text \n# itself is copyright (C) Slackware Linux, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(122176);\n script_version(\"1.1\");\n script_cvs_date(\"Date: 2019/02/14 10:37:32\");\n\n script_xref(name:\"SSA\", value:\"2019-044-01\");\n\n script_name(english:\"Slackware 14.2 / current : mozilla-firefox (SSA:2019-044-01)\");\n script_summary(english:\"Checks for updated package in /var/log/packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Slackware host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"New mozilla-firefox packages are available for Slackware 14.2 and\n-current to fix security issues.\"\n );\n # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2019&m=slackware-security.380697\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?127939cc\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected mozilla-firefox package.\"\n );\n script_set_attribute(attribute:\"risk_factor\", value:\"High\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:mozilla-firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:14.2\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/02/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/02/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/02/14\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Slackware Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Slackware/release\", \"Host/Slackware/packages\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"slackware.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Slackware/release\")) audit(AUDIT_OS_NOT, \"Slackware\");\nif (!get_kb_item(\"Host/Slackware/packages\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Slackware\", cpu);\n\n\nflag = 0;\nif (slackware_check(osver:\"14.2\", pkgname:\"mozilla-firefox\", pkgver:\"60.5.1esr\", pkgarch:\"i686\", pkgnum:\"1_slack14.2\")) flag++;\nif (slackware_check(osver:\"14.2\", arch:\"x86_64\", pkgname:\"mozilla-firefox\", pkgver:\"60.5.1esr\", pkgarch:\"x86_64\", pkgnum:\"1_slack14.2\")) flag++;\n\nif (slackware_check(osver:\"current\", pkgname:\"mozilla-firefox\", pkgver:\"60.5.1esr\", pkgarch:\"i686\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"current\", arch:\"x86_64\", pkgname:\"mozilla-firefox\", pkgver:\"60.5.1esr\", pkgarch:\"x86_64\", pkgnum:\"1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:slackware_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2019-02-15T07:10:21", "bulletinFamily": "scanner", "description": "An information disclosure vulnerability exists in Integrated \nLights-Out due to an unspecified vulnerability. \nAn unauthenticated, remote attacker can exploit this to \ndisclose potentially sensitive information.", "modified": "2019-02-14T00:00:00", "published": "2019-02-14T00:00:00", "id": "ILO_HPSBHF_02821.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=122189", "title": "iLO 3 < 1.50 / iLO 4 < 1.13 Information Disclosure Vulnerability", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(122189);\n script_version(\"1.1\");\n script_cvs_date(\"Date: 2019/02/14 14:04:59\");\n\n script_cve_id(\"CVE-2012-3271\");\n\n script_bugtraq_id(56597);\n\n script_name(english:\"iLO 3 < 1.50 / iLO 4 < 1.13 Information Disclosure Vulnerability\");\n script_summary(english:\"Checks version of HP Integrated Lights-Out (iLO).\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote HP Integrated Lights-Out (iLO) server's web interface is\naffected by an information disclosure vulnerability.\") ;\n script_set_attribute(attribute:\"description\", value:\n\"An information disclosure vulnerability exists in Integrated \nLights-Out due to an unspecified vulnerability. \nAn unauthenticated, remote attacker can exploit this to \ndisclose potentially sensitive information.\");\n # https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-c03515413&docLocale=en_US\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?6d1b5324\");\n script_set_attribute(attribute:\"solution\", value:\n \"For iLO 3, upgrade firmware to 1.50 or later. \n For iLO 4, upgrade firmware to 1.13 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2012-3271\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/11/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/11/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/02/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:hp:integrated_lights-out_firmware\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ilo_detect.nasl\");\n script_require_keys(\"www/ilo\", \"ilo/generation\", \"ilo/firmware\");\n script_require_ports(\"Services/www\", 80);\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('http.inc');\ninclude('install_func.inc');\ninclude('misc_func.inc');\ninclude('vcf.inc');\n\ngeneration = get_kb_item_or_exit('ilo/generation');\nport = get_http_port(default:80, embedded: TRUE);\napp_info = vcf::get_app_info(app:'ilo', port:port, webapp:TRUE);\n\n# Firmware versions are different across generations so additional if check is required.\nif (generation == 3)\n fixed_version = '1.50';\nelse if (generation == 4)\n fixed_version = '1.13';\nelse\n audit(\n AUDIT_WEB_APP_NOT_AFFECTED,\n 'iLO ' + generation, \n build_url2(qs:app_info.path, port:port),\n app_info.version);\n\nconstraints = [{'fixed_version':fixed_version}];\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);\n\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-15T03:13:45", "bulletinFamily": "scanner", "description": "A service banner response from the remote host indicates a Linux \nkernel install at a level that may no longer be supported, where\nkernel development and security patching has ceased.\n\nThis plugin only runs when 'Check for PCI-DSS compliance' is enabled\nin the scan policy. It does not run if local security checks are\nenabled. It runs off of self-reported kernel versions in banners.", "modified": "2019-02-14T00:00:00", "published": "2019-02-14T00:00:00", "id": "KERNEL_BANNER_UNSUPPORTED.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=122157", "title": "Unsupported linux kernel version detected in banner reporting (PCI-DSS check)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(122157);\n script_version(\"1.1\");\n script_cvs_date(\"Date: 2019/02/14 10:31:47\");\n\n script_name(english:\"Unsupported linux kernel version detected in banner reporting (PCI-DSS check)\");\n script_summary(english:\"Checks banners for unsupported kernel levels\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The Linux kernel version reported in banners is no longer supported.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"A service banner response from the remote host indicates a Linux \nkernel install at a level that may no longer be supported, where\nkernel development and security patching has ceased.\n\nThis plugin only runs when 'Check for PCI-DSS compliance' is enabled\nin the scan policy. It does not run if local security checks are\nenabled. It runs off of self-reported kernel versions in banners.\"\n );\n script_set_attribute(attribute:\"see_also\", value:\"https://www.kernel.org/category/releases.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://en.wikipedia.org/wiki/Linux_kernel\");\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"Update the version of the Linux kernel running on the system.\"\n );\n script_set_attribute(attribute: \"risk_factor\", value: \"High\");\n\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/02/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Web Servers\");\n\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_require_keys(\"Settings/PCI_DSS\");\n script_exclude_keys(\"Host/local_checks_enabled\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"kernel_cves.inc\");\ninclude(\"lists.inc\");\n\nif (!get_kb_item(\"Settings/PCI_DSS\")) audit(AUDIT_PCI);\nif (get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are enabled.\");\n\nunsupported_kernel_version = make_array();\nunsupported_kernel_version[\"supported_levels\"] = \"3.16 / 4.4 / 4.9 / 4.14 / 4.19 / 5.0\";\nunsupported_kernel_version[\"0.01\"][\"eol_date\"] = \"1991-11-01\";\nunsupported_kernel_version[\"0.01\"][\"eol_url\"] = \"https://www.kernel.org/category/releases.html\";\nunsupported_kernel_version[\"0.1\"][\"eol_date\"] = \"1992-03-08\";\nunsupported_kernel_version[\"0.1\"][\"eol_url\"] = \"https://www.kernel.org/category/releases.html\";\nunsupported_kernel_version[\"0.95\"][\"eol_date\"] = \"1994-03-14\";\nunsupported_kernel_version[\"0.95\"][\"eol_url\"] = \"https://www.kernel.org/category/releases.html\";\nunsupported_kernel_version[\"1.0\"][\"eol_date\"] = \"1994-04-06\";\nunsupported_kernel_version[\"1.0\"][\"eol_url\"] = \"https://www.kernel.org/category/releases.html\";\nunsupported_kernel_version[\"1.1\"][\"eol_date\"] = \"1995-03-07\";\nunsupported_kernel_version[\"1.1\"][\"eol_url\"] = \"https://www.kernel.org/category/releases.html\";\nunsupported_kernel_version[\"1.2\"][\"eol_date\"] = \"1995-06-12\";\nunsupported_kernel_version[\"1.2\"][\"eol_url\"] = \"https://www.kernel.org/category/releases.html\";\nunsupported_kernel_version[\"1.3\"][\"eol_date\"] = \"1996-06-09\";\nunsupported_kernel_version[\"1.3\"][\"eol_url\"] = \"https://www.kernel.org/category/releases.html\";\nunsupported_kernel_version[\"2.0\"][\"eol_date\"] = \"1999-01-26\";\nunsupported_kernel_version[\"2.0\"][\"eol_url\"] = \"http://lkml.iu.edu/hypermail/linux/kernel/9901.2/1084.html\";\nunsupported_kernel_version[\"2.2\"][\"eol_date\"] = \"2005-01-13\";\nunsupported_kernel_version[\"2.2\"][\"eol_url\"] = \"https://web.archive.org/web/20070630014451/http://kerneltrap.org/node/4533\";\nunsupported_kernel_version[\"2.4\"][\"eol_date\"] = \"2011-12-31\";\nunsupported_kernel_version[\"2.4\"][\"eol_url\"] = \"https://lkml.org/lkml/2010/12/18/73\";\nunsupported_kernel_version[\"2.6\"][\"eol_date\"] = \"2004-12-24\";\nunsupported_kernel_version[\"2.6\"][\"eol_url\"] = \"http://lkml.iu.edu/hypermail/linux/kernel/0412.3/0072.html\";\nunsupported_kernel_version[\"2.6.11\"][\"eol_date\"] = \"2005-06-18\";\nunsupported_kernel_version[\"2.6.11\"][\"eol_url\"] = \"https://archive.is/20150228154849/http://lkml.iu.edu/hypermail/linux/kernel/0506.2/0404.html\";\nunsupported_kernel_version[\"2.6.12\"][\"eol_date\"] = \"2005-08-28\";\nunsupported_kernel_version[\"2.6.12\"][\"eol_url\"] = \"http://lkml.iu.edu/hypermail/linux/kernel/0508.3/1073.html\";\nunsupported_kernel_version[\"2.6.13\"][\"eol_date\"] = \"2005-12-15\";\nunsupported_kernel_version[\"2.6.13\"][\"eol_url\"] = \"http://lkml.iu.edu/hypermail/linux/kernel/0512.1/2520.html\";\nunsupported_kernel_version[\"2.6.14\"][\"eol_date\"] = \"2006-01-02\";\nunsupported_kernel_version[\"2.6.14\"][\"eol_url\"] = \"http://lkml.iu.edu/hypermail/linux/kernel/0601.0/0281.html\";\nunsupported_kernel_version[\"2.6.15\"][\"eol_date\"] = \"2006-03-28\";\nunsupported_kernel_version[\"2.6.15\"][\"eol_url\"] = \"http://lkml.iu.edu/hypermail/linux/kernel/0603.3/1141.html\";\nunsupported_kernel_version[\"2.6.16\"][\"eol_date\"] = \"2008-07-21\";\nunsupported_kernel_version[\"2.6.16\"][\"eol_url\"] = \"http://lkml.iu.edu/hypermail/linux/kernel/0807.2/2508.html\";\nunsupported_kernel_version[\"2.6.17\"][\"eol_date\"] = \"2006-10-16\";\nunsupported_kernel_version[\"2.6.17\"][\"eol_url\"] = \"http://lkml.iu.edu/hypermail/linux/kernel/0610.2/0295.html\";\nunsupported_kernel_version[\"2.6.18\"][\"eol_date\"] = \"2007-02-23\";\nunsupported_kernel_version[\"2.6.18\"][\"eol_url\"] = \"http://lkml.iu.edu/hypermail/linux/kernel/0702.2/3139.html\";\nunsupported_kernel_version[\"2.6.19\"][\"eol_date\"] = \"2007-03-03\";\nunsupported_kernel_version[\"2.6.19\"][\"eol_url\"] = \"http://lkml.iu.edu/hypermail/linux/kernel/0703.0/0965.html\";\nunsupported_kernel_version[\"2.6.20\"][\"eol_date\"] = \"2007-10-17\";\nunsupported_kernel_version[\"2.6.20\"][\"eol_url\"] = \"http://lkml.iu.edu/hypermail/linux/kernel/0710.2/0891.html\";\nunsupported_kernel_version[\"2.6.21\"][\"eol_date\"] = \"2007-08-04\";\nunsupported_kernel_version[\"2.6.21\"][\"eol_url\"] = \"http://lkml.iu.edu/hypermail/linux/kernel/0708.0/1438.html\";\nunsupported_kernel_version[\"2.6.22\"][\"eol_date\"] = \"2008-02-25\";\nunsupported_kernel_version[\"2.6.22\"][\"eol_url\"] = \"http://lkml.iu.edu/hypermail/linux/kernel/0802.3/0774.html\";\nunsupported_kernel_version[\"2.6.23\"][\"eol_date\"] = \"2008-02-25\";\nunsupported_kernel_version[\"2.6.23\"][\"eol_url\"] = \"http://lkml.iu.edu/hypermail/linux/kernel/0802.3/0772.html\";\nunsupported_kernel_version[\"2.6.24\"][\"eol_date\"] = \"2008-05-06\";\nunsupported_kernel_version[\"2.6.24\"][\"eol_url\"] = \"http://lkml.iu.edu/hypermail/linux/kernel/0805.0/3106.html\";\nunsupported_kernel_version[\"2.6.25\"][\"eol_date\"] = \"2008-11-10\";\nunsupported_kernel_version[\"2.6.25\"][\"eol_url\"] = \"http://lkml.iu.edu/hypermail/linux/kernel/0811.1/00748.html\";\nunsupported_kernel_version[\"2.6.26\"][\"eol_date\"] = \"2008-11-10\";\nunsupported_kernel_version[\"2.6.26\"][\"eol_url\"] = \"http://lkml.iu.edu/hypermail/linux/kernel/0811.1/00751.html\";\nunsupported_kernel_version[\"2.6.27\"][\"eol_date\"] = \"2012-03-17\";\nunsupported_kernel_version[\"2.6.27\"][\"eol_url\"] = \"https://lkml.org/lkml/2012/3/17/38\";\nunsupported_kernel_version[\"2.6.28\"][\"eol_date\"] = \"2009-05-02\";\nunsupported_kernel_version[\"2.6.28\"][\"eol_url\"] = \"http://lkml.iu.edu/hypermail/linux/kernel/0905.0/00587.html\";\nunsupported_kernel_version[\"2.6.29\"][\"eol_date\"] = \"2009-07-02\";\nunsupported_kernel_version[\"2.6.29\"][\"eol_url\"] = \"http://lkml.iu.edu/hypermail/linux/kernel/0907.0/01080.html\";\nunsupported_kernel_version[\"2.6.30\"][\"eol_date\"] = \"2009-10-05\";\nunsupported_kernel_version[\"2.6.30\"][\"eol_url\"] = \"http://lkml.iu.edu/hypermail/linux/kernel/0910.0/01918.html\";\nunsupported_kernel_version[\"2.6.31\"][\"eol_date\"] = \"2010-07-05\";\nunsupported_kernel_version[\"2.6.31\"][\"eol_url\"] = \"http://lkml.iu.edu/hypermail/linux/kernel/1007.0/01836.html\";\nunsupported_kernel_version[\"2.6.32\"][\"eol_date\"] = \"2016-03-12\";\nunsupported_kernel_version[\"2.6.32\"][\"eol_url\"] = \"https://lkml.org/lkml/2016/3/12/78\";\nunsupported_kernel_version[\"2.6.33\"][\"eol_date\"] = \"2011-11-07\";\nunsupported_kernel_version[\"2.6.33\"][\"eol_url\"] = \"https://lwn.net/Articles/466233/\";\nunsupported_kernel_version[\"2.6.34\"][\"eol_date\"] = \"2014-02-11\";\nunsupported_kernel_version[\"2.6.34\"][\"eol_url\"] = \"https://lkml.org/lkml/2014/2/11/368\";\nunsupported_kernel_version[\"2.6.35\"][\"eol_date\"] = \"2011-08-01\";\nunsupported_kernel_version[\"2.6.35\"][\"eol_url\"] = \"https://lkml.org/lkml/2011/8/1/324\";\nunsupported_kernel_version[\"2.6.36\"][\"eol_date\"] = \"2011-02-17\";\nunsupported_kernel_version[\"2.6.36\"][\"eol_url\"] = \"http://lkml.iu.edu/hypermail/linux/kernel/1102.2/01003.html\";\nunsupported_kernel_version[\"2.6.37\"][\"eol_date\"] = \"2011-03-27\";\nunsupported_kernel_version[\"2.6.37\"][\"eol_url\"] = \"http://lkml.iu.edu/hypermail/linux/kernel/1103.3/01699.html\";\nunsupported_kernel_version[\"2.6.38\"][\"eol_date\"] = \"2011-06-02\";\nunsupported_kernel_version[\"2.6.38\"][\"eol_url\"] = \"http://lkml.iu.edu/hypermail/linux/kernel/1106.0/01226.html\";\nunsupported_kernel_version[\"2.6.39\"][\"eol_date\"] = \"2011-08-03\";\nunsupported_kernel_version[\"2.6.39\"][\"eol_url\"] = \"http://lkml.iu.edu/hypermail/linux/kernel/1108.0/01203.html\";\nunsupported_kernel_version[\"3.0\"][\"eol_date\"] = \"2013-10-22\";\nunsupported_kernel_version[\"3.0\"][\"eol_url\"] = \"https://lkml.org/lkml/2013/10/22/125\";\nunsupported_kernel_version[\"3.1\"][\"eol_date\"] = \"2012-01-18\";\nunsupported_kernel_version[\"3.1\"][\"eol_url\"] = \"http://lkml.iu.edu/hypermail/linux/kernel/1201.2/01340.html\";\nunsupported_kernel_version[\"3.2\"][\"eol_date\"] = \"2018-06-01\";\nunsupported_kernel_version[\"3.2\"][\"eol_url\"] = \"http://lkml.iu.edu/hypermail/linux/kernel/1806.0/00251.html\";\nunsupported_kernel_version[\"3.3\"][\"eol_date\"] = \"2012-06-04\";\nunsupported_kernel_version[\"3.3\"][\"eol_url\"] = \"http://lkml.iu.edu/hypermail/linux/kernel/1206.0/01162.html\";\nunsupported_kernel_version[\"3.4\"][\"eol_date\"] = \"2016-10-26\";\nunsupported_kernel_version[\"3.4\"][\"eol_url\"] = \"https://www.spinics.net/lists/announce-kernel/msg01708.html\";\nunsupported_kernel_version[\"3.5\"][\"eol_date\"] = \"2012-10-12\";\nunsupported_kernel_version[\"3.5\"][\"eol_url\"] = \"http://lkml.iu.edu/hypermail/linux/kernel/1210.1/03204.html\";\nunsupported_kernel_version[\"3.6\"][\"eol_date\"] = \"2012-12-17\";\nunsupported_kernel_version[\"3.6\"][\"eol_url\"] = \"https://lkml.org/lkml/2012/12/17/353\";\nunsupported_kernel_version[\"3.7\"][\"eol_date\"] = \"2013-02-27\";\nunsupported_kernel_version[\"3.7\"][\"eol_url\"] = \"http://lkml.iu.edu/hypermail/linux/kernel/1302.3/01806.html\";\nunsupported_kernel_version[\"3.8\"][\"eol_date\"] = \"2013-05-11\";\nunsupported_kernel_version[\"3.8\"][\"eol_url\"] = \"http://lkml.iu.edu/hypermail/linux/kernel/1305.1/02171.html\";\nunsupported_kernel_version[\"3.9\"][\"eol_date\"] = \"2013-07-21\";\nunsupported_kernel_version[\"3.9\"][\"eol_url\"] = \"https://lkml.org/lkml/2013/7/21/178\";\nunsupported_kernel_version[\"3.10\"][\"eol_date\"] = \"2017-11-05\";\nunsupported_kernel_version[\"3.10\"][\"eol_url\"] = \"https://lkml.org/lkml/2017/11/4/178\";\nunsupported_kernel_version[\"3.11\"][\"eol_date\"] = \"2013-11-29\";\nunsupported_kernel_version[\"3.11\"][\"eol_url\"] = \"https://lkml.org/lkml/2013/11/29/327\";\nunsupported_kernel_version[\"3.12\"][\"eol_date\"] = \"2017-05-10\";\nunsupported_kernel_version[\"3.12\"][\"eol_url\"] = \"http://lkml.iu.edu/hypermail/linux/kernel/1705.1/01464.html\";\nunsupported_kernel_version[\"3.13\"][\"eol_date\"] = \"2014-04-23\";\nunsupported_kernel_version[\"3.13\"][\"eol_url\"] = \"http://lkml.iu.edu/hypermail/linux/kernel/1705.1/01464.html\";\nunsupported_kernel_version[\"3.14\"][\"eol_date\"] = \"2016-09-11\";\nunsupported_kernel_version[\"3.14\"][\"eol_url\"] = \"https://lkml.org/lkml/2016/9/11/28\";\nunsupported_kernel_version[\"3.15\"][\"eol_date\"] = \"2014-08-14\";\nunsupported_kernel_version[\"3.15\"][\"eol_url\"] = \"https://lkml.org/lkml/2014/8/14/7\";\n# unsupported_kernel_version[\"3.16\"][\"eol_date\"] = \"2020-04-01\";\n# unsupported_kernel_version[\"3.16\"][\"eol_url\"] = \"https://www.kernel.org/category/releases.html\";\nunsupported_kernel_version[\"3.17\"][\"eol_date\"] = \"2015-01-08\";\nunsupported_kernel_version[\"3.17\"][\"eol_url\"] = \"https://lkml.org/lkml/2015/1/8/544\";\n#unsupported_kernel_version[\"3.18\"][\"eol_date\"] = \"Officially was supposed to be 2017-02-08 but they are still updating it, so...\";\n#unsupported_kernel_version[\"3.18\"][\"eol_url\"] = \"https://www.kernel.org/category/releases.html\";\nunsupported_kernel_version[\"3.19\"][\"eol_date\"] = \"2015-05-11\";\nunsupported_kernel_version[\"3.19\"][\"eol_url\"] = \"https://lkml.org/lkml/2015/5/11/389\";\nunsupported_kernel_version[\"4.0\"][\"eol_date\"] = \"2015-07-21\";\nunsupported_kernel_version[\"4.0\"][\"eol_url\"] = \"https://lkml.org/lkml/2015/7/21/965\";\nunsupported_kernel_version[\"4.1\"][\"eol_date\"] = \"2018-05-29\";\nunsupported_kernel_version[\"4.1\"][\"eol_url\"] = \"https://www.spinics.net/lists/announce-kernel/msg02259.html\";\nunsupported_kernel_version[\"4.2\"][\"eol_date\"] = \"2015-12-15\";\nunsupported_kernel_version[\"4.2\"][\"eol_url\"] = \"https://lkml.org/lkml/2015/12/15/51\";\nunsupported_kernel_version[\"4.3\"][\"eol_date\"] = \"2016-02-19\";\nunsupported_kernel_version[\"4.3\"][\"eol_url\"] = \"https://lkml.org/lkml/2016/2/19/699\";\n# unsupported_kernel_version[\"4.4\"][\"eol_date\"] = \"2022-02-01\";\n# unsupported_kernel_version[\"4.4\"][\"eol_url\"] = \"https://www.kernel.org/category/releases.html\";\nunsupported_kernel_version[\"4.5\"][\"eol_date\"] = \"2016-06-07\";\nunsupported_kernel_version[\"4.5\"][\"eol_url\"] = \"http://www.mail-archive.com/linux-kernel@vger.kernel.org/msg1161793.html\";\nunsupported_kernel_version[\"4.6\"][\"eol_date\"] = \"2016-08-16\";\nunsupported_kernel_version[\"4.6\"][\"eol_url\"] = \"https://lkml.org/lkml/2016/8/16/682\";\nunsupported_kernel_version[\"4.7\"][\"eol_date\"] = \"2016-10-22\";\nunsupported_kernel_version[\"4.7\"][\"eol_url\"] = \"https://lkml.org/lkml/2016/10/22/112\";\nunsupported_kernel_version[\"4.8\"][\"eol_date\"] = \"2017-01-09\";\nunsupported_kernel_version[\"4.8\"][\"eol_url\"] = \"https://lkml.org/lkml/2017/1/9/99\";\n# unsupported_kernel_version[\"4.9\"][\"eol_date\"] = \"2023-01-01\";\n# unsupported_kernel_version[\"4.9\"][\"eol_url\"] = \"https://www.kernel.org/category/releases.html\";\nunsupported_kernel_version[\"4.10\"][\"eol_date\"] = \"2017-05-20\";\nunsupported_kernel_version[\"4.10\"][\"eol_url\"] = \"https://lkml.org/lkml/2017/5/20/64\";\nunsupported_kernel_version[\"4.11\"][\"eol_date\"] = \"2017-07-21\";\nunsupported_kernel_version[\"4.11\"][\"eol_url\"] = \"http://lkml.iu.edu/hypermail/linux/kernel/1707.2/05562.html\";\nunsupported_kernel_version[\"4.12\"][\"eol_date\"] = \"2017-09-20\";\nunsupported_kernel_version[\"4.12\"][\"eol_url\"] = \"http://lkml.iu.edu/hypermail/linux/kernel/1709.2/02589.html\";\nunsupported_kernel_version[\"4.13\"][\"eol_date\"] = \"2017-11-24\";\nunsupported_kernel_version[\"4.13\"][\"eol_url\"] = \"http://lkml.iu.edu/hypermail/linux/kernel/1711.3/00073.html\";\n# unsupported_kernel_version[\"4.14\"][\"eol_date\"] = \"2020-01-01\";\n# unsupported_kernel_version[\"4.14\"][\"eol_url\"] = \"https://www.kernel.org/category/releases.html\";\nunsupported_kernel_version[\"4.15\"][\"eol_date\"] = \"2018-04-19\";\nunsupported_kernel_version[\"4.15\"][\"eol_url\"] = \"http://lkml.iu.edu/hypermail/linux/kernel/1804.2/03399.html\";\nunsupported_kernel_version[\"4.16\"][\"eol_date\"] = \"2018-06-25\";\nunsupported_kernel_version[\"4.16\"][\"eol_url\"] = \"http://lkml.iu.edu/hypermail/linux/kernel/1806.3/01553.html\";\nunsupported_kernel_version[\"4.17\"][\"eol_date\"] = \"2018-08-24\";\nunsupported_kernel_version[\"4.17\"][\"eol_url\"] = \"http://lkml.iu.edu/hypermail/linux/kernel/1808.3/00244.html\";\nunsupported_kernel_version[\"4.18\"][\"eol_date\"] = \"2018-11-21\";\nunsupported_kernel_version[\"4.18\"][\"eol_url\"] = \"http://lkml.iu.edu/hypermail/linux/kernel/1811.2/04972.html\";\n# unsupported_kernel_version[\"4.19\"][\"eol_date\"] = \"2020-12-01\";\n# unsupported_kernel_version[\"4.19\"][\"eol_url\"] = \"https://www.kernel.org/category/releases.html\";\n# unsupported_kernel_version[\"4.20\"][\"eol_date\"] = \"\";\n# unsupported_kernel_version[\"4.20\"][\"eol_url\"] = \"https://www.kernel.org/category/releases.html\";\n# unsupported_kernel_version[\"5.0\"][\"eol_date\"] = \"\";\n# unsupported_kernel_version[\"5.0\"][\"eol_url\"] = \"https://www.kernel.org/category/releases.html\";\n\n# Check all relevant banner KBs\nbanners = get_kb_list(\"*/banner/*\");\nhost_os = get_kb_item(\"Host/OS\");\nif (isnull(banners) && isnull(host_os)) exit(0, \"Relevant banners and Host/OS keys not present for this scan.\");\n\n# Determine if a kernel version is present in the banners and extract it\nport = 0;\nversion = NULL;\nforeach banner_kb (sort(keys(banners)))\n{\n banner_value = banners[banner_kb];\n regex = \"(?:kernel|linux) (\\d+\\.\\d+\\.\\d+[^\\s]*)\";\n kernel_version = pregmatch(string:banner_value, pattern:regex, icase:TRUE);\n if(!isnull(kernel_version))\n {\n version = kernel_version[1];\n version -= \".EL\";\n # Try and extract port from banner_kb\n portmatch = pregmatch(pattern:\"\\/(\\d+)(?:\\/|$)\", string:banner_kb);\n if (portmatch)\n {\n port = portmatch[1];\n }\n break;\n }\n}\n\nif (isnull(version))\n{\n # Try to get the value from Host/OS\n if (!empty_or_null(host_os))\n {\n regex = \"Linux Kernel (\\d+\\.\\d+[^\\s]*)\";\n kernel_version = pregmatch(string:host_os, pattern:regex, icase:TRUE);\n if(!isnull(kernel_version))\n {\n version = kernel_version[1];\n }\n }\n}\n\nif (isnull(version))\n{\n exit(0, \"Unable to find kernel version strings in banner(s) or Host/OS KB entries.\");\n}\n\n# Trim 2.6 versions down to #.#.#, trim everything else down to #.#\ntwo_six_match = pregmatch(string:version, pattern:\"^(2\\.6\\.\\d+)\", icase:TRUE);\nif(!isnull(two_six_match))\n{\n version = two_six_match[1];\n}\nelse\n{\n version_match = pregmatch(string:version, pattern:\"^(\\d+.\\d+)\", icase:TRUE);\n if(!isnull(version_match))\n {\n version = version_match[1];\n }\n}\n\nif (isnull(unsupported_kernel_version[version]))\n{\n exit(0, \"The remote host's Linux kernel version \" + version + \" is still supported.\");\n}\nelse\n{\n eol_date = unsupported_kernel_version[version][\"eol_date\"];\n eol_url = unsupported_kernel_version[version][\"eol_url\"];\n supported_levels = unsupported_kernel_version[\"supported_levels\"];\n report = 'Kernel Version: ' + version + '\\n';\n report += 'End of support date: ' + eol_date + '\\n';\n report += 'Details available from: ' + eol_url + '\\n';\n report += 'Currently supported kernel versions: ' + supported_levels + '\\n';\n security_report_v4(\n port : port,\n severity : SECURITY_HOLE,\n extra : report\n );\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2019-02-15T07:10:21", "bulletinFamily": "scanner", "description": "According to its version number, the firmware of Integrated Lights-Out\nrunning on the remote web server is iLO 3 prior to 1.65 or iLO 4 \nprior to 1.32. It is, therefore, affected by multiple vulnerabilities:\n - A cross-site scripting (XSS) vulnerability exists due to improper\n validation of user-supplied input before returning it to users. \n An unauthenticated, remote attacker can exploit this, by convincing\n a user to click a specially crafted URL, to execute arbitrary script\n code in a user's browser session (CVE-2013-4842).\n\n - An information disclosure vulnerability exists in Integrated \n Lights-Out (iLO) 3 & 4 due to an undisclosed vulnerability. \n An unauthenticated, remote attacker can exploit this to disclose\n potentially sensitive information (CVE-2013-4843).", "modified": "2019-02-14T00:00:00", "published": "2019-02-14T00:00:00", "id": "ILO_HPSBHF_02939.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=122188", "title": "iLO 3 < 1.65 / iLO 4 < 1.32 Multiple Vulnerabilities", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(122188);\n script_version(\"1.1\");\n script_cvs_date(\"Date: 2019/02/14 13:48:00\");\n\n script_cve_id(\n \"CVE-2013-4842\",\n \"CVE-2013-4843\"\n );\n\n script_bugtraq_id(\n 63689,\n 63691\n );\n\n script_name(english:\"iLO 3 < 1.65 / iLO 4 < 1.32 Multiple Vulnerabilities\");\n script_summary(english:\"Checks version of HP Integrated Lights-Out (iLO).\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote HP Integrated Lights-Out (iLO) server's web interface is\naffected by multiple vulnerabilities.\") ;\n script_set_attribute(attribute:\"description\", value:\n\"According to its version number, the firmware of Integrated Lights-Out\nrunning on the remote web server is iLO 3 prior to 1.65 or iLO 4 \nprior to 1.32. It is, therefore, affected by multiple vulnerabilities:\n - A cross-site scripting (XSS) vulnerability exists due to improper\n validation of user-supplied input before returning it to users. \n An unauthenticated, remote attacker can exploit this, by convincing\n a user to click a specially crafted URL, to execute arbitrary script\n code in a user's browser session (CVE-2013-4842).\n\n - An information disclosure vulnerability exists in Integrated \n Lights-Out (iLO) 3 & 4 due to an undisclosed vulnerability. \n An unauthenticated, remote attacker can exploit this to disclose\n potentially sensitive information (CVE-2013-4843).\");\n # https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-c03996804&docLocale=en_US\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?aaf46ad1\");\n script_set_attribute(attribute:\"solution\", value:\n \"For iLO 3, upgrade firmware to 1.65 or later. \n For iLO 4, upgrade firmware to 1.32 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2013-4842\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/12/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/11/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/02/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:hp:integrated_lights-out_firmware\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ilo_detect.nasl\");\n script_require_keys(\"www/ilo\", \"ilo/generation\", \"ilo/firmware\");\n script_require_ports(\"Services/www\", 80);\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('http.inc');\ninclude('install_func.inc');\ninclude('misc_func.inc');\ninclude('vcf.inc');\n\ngeneration = get_kb_item_or_exit('ilo/generation');\nport = get_http_port(default:80, embedded: TRUE);\napp_info = vcf::get_app_info(app:'ilo', port:port, webapp:TRUE);\n\n# Firmware versions are different across generations so additional if check is required.\nif (generation == 3)\n fixed_version = '1.65';\nelse if (generation == 4)\n fixed_version = '1.32';\nelse\n audit(\n AUDIT_WEB_APP_NOT_AFFECTED,\n 'iLO ' + generation, \n build_url2(qs:app_info.path, port:port),\n app_info.version);\n\nconstraints = [{'fixed_version':fixed_version}];\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);\n\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:NONE/A:NONE/"}}, {"lastseen": "2019-02-14T03:08:43", "bulletinFamily": "scanner", "description": "New lxc packages are available for Slackware 14.2 and -current to fix\na security issue.", "modified": "2019-02-13T00:00:00", "published": "2019-02-13T00:00:00", "id": "SLACKWARE_SSA_2019-043-01.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=122143", "title": "Slackware 14.2 / current : lxc (SSA:2019-043-01)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Slackware Security Advisory 2019-043-01. The text \n# itself is copyright (C) Slackware Linux, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(122143);\n script_version(\"1.1\");\n script_cvs_date(\"Date: 2019/02/13 9:26:32\");\n\n script_xref(name:\"SSA\", value:\"2019-043-01\");\n\n script_name(english:\"Slackware 14.2 / current : lxc (SSA:2019-043-01)\");\n script_summary(english:\"Checks for updated package in /var/log/packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Slackware host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"New lxc packages are available for Slackware 14.2 and -current to fix\na security issue.\"\n );\n # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2019&m=slackware-security.394423\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?8c1d2197\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected lxc package.\");\n script_set_attribute(attribute:\"risk_factor\", value:\"High\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:lxc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:14.2\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/02/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/02/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/02/13\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Slackware Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Slackware/release\", \"Host/Slackware/packages\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"slackware.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Slackware/release\")) audit(AUDIT_OS_NOT, \"Slackware\");\nif (!get_kb_item(\"Host/Slackware/packages\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Slackware\", cpu);\n\n\nflag = 0;\nif (slackware_check(osver:\"14.2\", pkgname:\"lxc\", pkgver:\"2.0.9_d3a03247\", pkgarch:\"i586\", pkgnum:\"1_slack14.2\")) flag++;\nif (slackware_check(osver:\"14.2\", arch:\"x86_64\", pkgname:\"lxc\", pkgver:\"2.0.9_d3a03247\", pkgarch:\"x86_64\", pkgnum:\"1_slack14.2\")) flag++;\n\nif (slackware_check(osver:\"current\", pkgname:\"lxc\", pkgver:\"2.0.9_d3a03247\", pkgarch:\"i586\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"current\", arch:\"x86_64\", pkgname:\"lxc\", pkgver:\"2.0.9_d3a03247\", pkgarch:\"x86_64\", pkgnum:\"1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:slackware_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2019-02-12T03:01:03", "bulletinFamily": "scanner", "description": "- Fix large memory usage by systemd-journald (#1665931)\n\n - Some minor fixes to systemd-nspawn, udevadm,\n documentation and logging\n\nNo need to log out or reboot.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "modified": "2019-02-11T00:00:00", "published": "2019-02-11T00:00:00", "id": "FEDORA_2019-1FB1547321.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=122071", "title": "Fedora 29 : systemd (2019-1fb1547321)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2019-1fb1547321.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(122071);\n script_version(\"1.1\");\n script_cvs_date(\"Date: 2019/02/11 11:26:49\");\n\n script_xref(name:\"FEDORA\", value:\"2019-1fb1547321\");\n\n script_name(english:\"Fedora 29 : systemd (2019-1fb1547321)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - Fix large memory usage by systemd-journald (#1665931)\n\n - Some minor fixes to systemd-nspawn, udevadm,\n documentation and logging\n\nNo need to log out or reboot.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2019-1fb1547321\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected systemd package.\"\n );\n script_set_attribute(attribute:\"risk_factor\", value:\"High\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:systemd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:29\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/02/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/02/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/02/11\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^29([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 29\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC29\", reference:\"systemd-239-11.git4dc7dce.fc29\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"systemd\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2019-02-12T03:01:03", "bulletinFamily": "scanner", "description": "- Updated to latest version (60.5.0) \n\n- https://www.thunderbird.net/en-US/thunderbird/60.5.0/releasenotes/\n\n - Backported Wayland patches from Firefox 65.0\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "modified": "2019-02-11T00:00:00", "published": "2019-02-11T00:00:00", "id": "FEDORA_2019-526EF126CD.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=122072", "title": "Fedora 29 : thunderbird (2019-526ef126cd)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2019-526ef126cd.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(122072);\n script_version(\"1.1\");\n script_cvs_date(\"Date: 2019/02/11 11:26:49\");\n\n script_xref(name:\"FEDORA\", value:\"2019-526ef126cd\");\n\n script_name(english:\"Fedora 29 : thunderbird (2019-526ef126cd)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - Updated to latest version (60.5.0) \n\n- https://www.thunderbird.net/en-US/thunderbird/60.5.0/releasenotes/\n\n - Backported Wayland patches from Firefox 65.0\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2019-526ef126cd\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected thunderbird package.\"\n );\n script_set_attribute(attribute:\"risk_factor\", value:\"High\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:thunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:29\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/02/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/02/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/02/11\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^29([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 29\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC29\", reference:\"thunderbird-60.5.0-4.fc29\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"thunderbird\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2019-02-10T15:00:38", "bulletinFamily": "scanner", "description": "The version of Samba running on the remote host is prior to\n3.4.0. It is, therefore, affected by a remote code execution\nvulnerability in process.c due to a heap-based buffer overflow. An \nunauthenticated, remote attacker can exploit this to bypass authentication \nand execute arbitrary commands via Batched / AndX request.\n\nNote that Nessus has not tested for this issue but has instead relied\nonly on the application's self-reported version number.", "modified": "2019-02-08T00:00:00", "published": "2019-02-08T00:00:00", "id": "SAMBA_3_4_0.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=122058", "title": "Samba < 3.4.0 Remote Code Execution Vulnerability", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(122058);\n script_version(\"1.1\");\n script_cvs_date(\"Date: 2019/02/08 15:02:57\");\n\n script_cve_id(\n \"CVE-2012-0870\"\n );\n script_bugtraq_id(52103);\n\n script_name(english:\"Samba < 3.4.0 Remote Code Execution Vulnerability\");\n script_summary(english:\"Checks the version of Samba.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Samba server is affected by a remote code execution vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Samba running on the remote host is prior to\n3.4.0. It is, therefore, affected by a remote code execution\nvulnerability in process.c due to a heap-based buffer overflow. An \nunauthenticated, remote attacker can exploit this to bypass authentication \nand execute arbitrary commands via Batched / AndX request.\n\nNote that Nessus has not tested for this issue but has instead relied\nonly on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.samba.org/samba/security/CVE-2012-0870.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Samba version 3.4.0 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2012-0870\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2008/08/22\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/08/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/02/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:samba:samba\");\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_nativelanman.nasl\");\n script_require_keys(\"SMB/NativeLanManager\", \"SMB/samba\", \"Settings/ParanoidReport\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"vcf.inc\");\ninclude(\"vcf_extras.inc\");\n\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\napp = vcf::samba::get_app_info();\nvcf::check_granularity(app_info:app, sig_segments:3);\n\nconstraints = \n[\n {\"fixed_version\" : \"3.4.0\"}\n];\n\nvcf::check_version_and_report(app_info:app, constraints:constraints, severity:SECURITY_HOLE, strict:FALSE);\n", "cvss": {"score": 7.9, "vector": "AV:ADJACENT_NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-10T15:00:37", "bulletinFamily": "scanner", "description": "New php packages are available for Slackware 14.0, 14.1, 14.2 to fix\nsecurity issues. A bugfix release for -current is also available.", "modified": "2019-02-08T00:00:00", "published": "2019-02-08T00:00:00", "id": "SLACKWARE_SSA_2019-038-01.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=122046", "title": "Slackware 14.0 / 14.1 / 14.2 / current : php (SSA:2019-038-01)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Slackware Security Advisory 2019-038-01. The text \n# itself is copyright (C) Slackware Linux, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(122046);\n script_version(\"1.1\");\n script_cvs_date(\"Date: 2019/02/08 10:06:13\");\n\n script_xref(name:\"SSA\", value:\"2019-038-01\");\n\n script_name(english:\"Slackware 14.0 / 14.1 / 14.2 / current : php (SSA:2019-038-01)\");\n script_summary(english:\"Checks for updated package in /var/log/packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Slackware host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"New php packages are available for Slackware 14.0, 14.1, 14.2 to fix\nsecurity issues. A bugfix release for -current is also available.\"\n );\n # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2019&m=slackware-security.489648\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?2a579508\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected php package.\");\n script_set_attribute(attribute:\"risk_factor\", value:\"High\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:php\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:14.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:14.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:14.2\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/02/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/02/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/02/08\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Slackware Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Slackware/release\", \"Host/Slackware/packages\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"slackware.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Slackware/release\")) audit(AUDIT_OS_NOT, \"Slackware\");\nif (!get_kb_item(\"Host/Slackware/packages\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Slackware\", cpu);\n\n\nflag = 0;\nif (slackware_check(osver:\"14.0\", pkgname:\"php\", pkgver:\"5.6.40\", pkgarch:\"i486\", pkgnum:\"1_slack14.0\")) flag++;\nif (slackware_check(osver:\"14.0\", arch:\"x86_64\", pkgname:\"php\", pkgver:\"5.6.40\", pkgarch:\"x86_64\", pkgnum:\"1_slack14.0\")) flag++;\n\nif (slackware_check(osver:\"14.1\", pkgname:\"php\", pkgver:\"5.6.40\", pkgarch:\"i486\", pkgnum:\"1_slack14.1\")) flag++;\nif (slackware_check(osver:\"14.1\", arch:\"x86_64\", pkgname:\"php\", pkgver:\"5.6.40\", pkgarch:\"x86_64\", pkgnum:\"1_slack14.1\")) flag++;\n\nif (slackware_check(osver:\"14.2\", pkgname:\"php\", pkgver:\"5.6.40\", pkgarch:\"i586\", pkgnum:\"1_slack14.2\")) flag++;\nif (slackware_check(osver:\"14.2\", arch:\"x86_64\", pkgname:\"php\", pkgver:\"5.6.40\", pkgarch:\"x86_64\", pkgnum:\"1_slack14.2\")) flag++;\n\nif (slackware_check(osver:\"current\", pkgname:\"php\", pkgver:\"7.2.15\", pkgarch:\"i586\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"current\", arch:\"x86_64\", pkgname:\"php\", pkgver:\"7.2.15\", pkgarch:\"x86_64\", pkgnum:\"1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:slackware_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}], "mozilla": [{"lastseen": "2019-02-14T22:27:17", "bulletinFamily": "software", "description": "A use-after-free vulnerability in the Skia library can occur when creating a path, leading to a potentially exploitable crash.\nAn integer overflow vulnerability in the Skia library can occur after specific transform operations, leading to a potentially exploitable crash.\nA buffer overflow vulnerability in the Skia library can occur with Canvas 2D acceleration on macOS. This issue was addressed by disabling Canvas 2D acceleration in Firefox ESR. Note: this does not affect other versions and platforms where Canvas 2D acceleration is already disabled by default. \nA flaw during verification of certain S/MIME signatures causes emails to be shown in Thunderbird as having a valid digital signature, even if the shown message contents aren't covered by the signature. The flaw allows an attacker to reuse a valid S/MIME signature to craft an email message with arbitrary content.", "modified": "2019-02-14T00:00:00", "published": "2019-02-14T00:00:00", "id": "MFSA2019-06", "href": "http://www.mozilla.org/en-US/security/advisories/mfsa2019-06/", "title": "Security vulnerabilities fixed in Thunderbird 60.5.1", "type": "mozilla", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2019-02-13T00:22:25", "bulletinFamily": "software", "description": "A use-after-free vulnerability in the Skia library can occur when creating a path, leading to a potentially exploitable crash.\nAn integer overflow vulnerability in the Skia library can occur after specific transform operations, leading to a potentially exploitable crash.\nCross-origin images can be read from a canvas element in violation of the same-origin policy using the transferFromImageBitmap method. Note: This only affects Firefox 65. Previous versions are unaffected.", "modified": "2019-02-12T00:00:00", "published": "2019-02-12T00:00:00", "id": "MFSA2019-04", "href": "http://www.mozilla.org/en-US/security/advisories/mfsa2019-04/", "title": "Security vulnerabilities fixed in Firefox 65.0.1", "type": "mozilla", "cvss": {"score": 0.0, "vector": "NONE"}}], "f5": [{"lastseen": "2019-02-16T06:37:21", "bulletinFamily": "software", "description": "\nF5 Product Development has evaluated the currently supported releases for potential vulnerability, and no F5 products were found to be vulnerable.\n\nNone\n\n * [K51812227: Understanding Security Advisory versioning](<https://support.f5.com/csp/article/K51812227>)\n * [K41942608: Overview of AskF5 Security Advisory articles](<https://support.f5.com/csp/article/K41942608>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n", "modified": "2019-02-11T23:55:00", "published": "2019-02-11T23:55:00", "id": "F5:K07052904", "href": "https://support.f5.com/csp/article/K07052904", "title": "PHP vulnerability CVE-2015-3307", "type": "f5", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-02-16T06:37:16", "bulletinFamily": "software", "description": "\nF5 Product Development has evaluated the currently supported releases for potential vulnerability, and no F5 products were found to be vulnerable.\n\nNone\n\n * [K51812227: Understanding Security Advisory versioning](<https://support.f5.com/csp/article/K51812227>)\n * [K41942608: Overview of AskF5 Security Advisory articles](<https://support.f5.com/csp/article/K41942608>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n", "modified": "2019-02-07T23:23:00", "published": "2019-02-07T23:23:00", "id": "F5:K19916307", "href": "https://support.f5.com/csp/article/K19916307", "title": "glibc vulnerability CVE-2015-1473", "type": "f5", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}], "debian": [{"lastseen": "2019-02-07T01:57:13", "bulletinFamily": "unix", "description": "Package : libav\nVersion : 6:11.12-1~deb8u5\nCVE ID : CVE-2014-8542 CVE-2015-1207 CVE-2017-7863 CVE-2017-7865 \n CVE-2017-14169 CVE-2017-14223\n\n\nSeveral security issues have been corrected in multiple demuxers and\ndecoders of the libav multimedia library.\n\nCVE-2014-8542\n\n libavcodec/utils.c omitted a certain codec ID during enforcement of\n alignment, which allowed remote attackers to cause a denial of ervice\n (out-of-bounds access) or possibly have unspecified other impact via\n crafted JV data.\n\nCVE-2015-1207\n\n Double-free vulnerability in libavformat/mov.c allowed remote\n attackers to cause a denial of service (memory corruption and crash)\n via a crafted .m4a file.\n\nCVE-2017-7863\n\n libav had an out-of-bounds write caused by a heap-based buffer\n overflow related to the decode_frame_common function in\n libavcodec/pngdec.c.\n\nCVE-2017-7865\n\n libav had an out-of-bounds write caused by a heap-based buffer\n overflow related to the ipvideo_decode_block_opcode_0xA function in\n libavcodec/interplayvideo.c and the avcodec_align_dimensions2\n function in libavcodec/utils.c.\n\nCVE-2017-14169\n\n In the mxf_read_primer_pack function in libavformat/mxfdec.c in, an\n integer signedness error might have occured when a crafted file,\n claiming a large "item_num" field such as 0xffffffff, was provided.\n As a result, the variable "item_num" turned negative, bypassing the\n check for a large value.\n\nCVE-2017-14223\n\n In libavformat/asfdec_f.c a DoS in asf_build_simple_index() due to\n lack of an EOF (End of File) check might have caused huge CPU\n consumption. When a crafted ASF file, claiming a large "ict" field in\n the header but not containing sufficient backing data, was provided,\n the for loop would have consumed huge CPU and memory resources, since\n there was no EOF check inside the loop.\n\nFor Debian 8 "Jessie", these problems have been fixed in version\n6:11.12-1~deb8u5.\n\nWe recommend that you upgrade your libav packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS\n\n-- \n\nmike gabriel aka sunweaver (Debian Developer)\nfon: +49 (1520) 1976 148\n\nGnuPG Fingerprint: 9BFB AEE8 6C0A A5FF BF22 0782 9AF4 6B30 2577 1B31\nmail: sunweaver@debian.org, http://sunweavers.net\n", "modified": "2019-02-06T12:42:33", "published": "2019-02-06T12:42:33", "id": "DEBIAN:DLA-1654-1:B472E", "href": "https://lists.debian.org/debian-lts-announce/2019/debian-lts-announce-201902/msg00005.html", "title": "[SECURITY] [DLA 1654-1] libav security update", "type": "debian", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}]}
