{"nessus": [{"lastseen": "2019-02-21T01:46:14", "bulletinFamily": "scanner", "description": "Multiple security issues were found in the rdesktop RDP client, which could result in denial of service, information disclosure and the execution of arbitrary code.\n\nFor Debian 8 'Jessie', these problems have been fixed in version 1.8.4-0+deb8u1.\n\nWe recommend that you upgrade your rdesktop packages.\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "modified": "2019-02-20T00:00:00", "published": "2019-02-20T00:00:00", "id": "DEBIAN_DLA-1683.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=122318", "title": "Debian DLA-1683-1 : rdesktop security update", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-1683-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(122318);\n script_version(\"1.1\");\n script_cvs_date(\"Date: 2019/02/20 9:20:28\");\n\n script_cve_id(\"CVE-2018-20174\", \"CVE-2018-20175\", \"CVE-2018-20176\", \"CVE-2018-20177\", \"CVE-2018-20178\", \"CVE-2018-20179\", \"CVE-2018-20180\", \"CVE-2018-20181\", \"CVE-2018-20182\", \"CVE-2018-8791\", \"CVE-2018-8792\", \"CVE-2018-8793\", \"CVE-2018-8794\", \"CVE-2018-8795\", \"CVE-2018-8796\", \"CVE-2018-8797\", \"CVE-2018-8798\", \"CVE-2018-8799\", \"CVE-2018-8800\");\n\n script_name(english:\"Debian DLA-1683-1 : rdesktop security update\");\n script_summary(english:\"Checks dpkg output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple security issues were found in the rdesktop RDP client, which\ncould result in denial of service, information disclosure and the\nexecution of arbitrary code.\n\nFor Debian 8 'Jessie', these problems have been fixed in version\n1.8.4-0+deb8u1.\n\nWe recommend that you upgrade your rdesktop packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2019/02/msg00030.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/rdesktop\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Upgrade the affected rdesktop package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:rdesktop\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/02/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/02/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/02/20\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"rdesktop\", reference:\"1.8.4-0+deb8u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:46:12", "bulletinFamily": "scanner", "description": "Multiple security issues were found in the rdesktop RDP client, which could result in denial of service, information disclosure and the execution of arbitrary code.", "modified": "2019-02-19T00:00:00", "id": "DEBIAN_DSA-4394.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=122271", "published": "2019-02-19T00:00:00", "title": "Debian DSA-4394-1 : rdesktop - security update", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-4394. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(122271);\n script_version(\"1.1\");\n script_cvs_date(\"Date: 2019/02/19 9:39:24\");\n\n script_cve_id(\"CVE-2018-20174\", \"CVE-2018-20175\", \"CVE-2018-20176\", \"CVE-2018-20177\", \"CVE-2018-20178\", \"CVE-2018-20179\", \"CVE-2018-20180\", \"CVE-2018-20181\", \"CVE-2018-20182\", \"CVE-2018-8791\", \"CVE-2018-8792\", \"CVE-2018-8793\", \"CVE-2018-8794\", \"CVE-2018-8795\", \"CVE-2018-8796\", \"CVE-2018-8797\", \"CVE-2018-8798\", \"CVE-2018-8799\", \"CVE-2018-8800\");\n script_xref(name:\"DSA\", value:\"4394\");\n\n script_name(english:\"Debian DSA-4394-1 : rdesktop - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple security issues were found in the rdesktop RDP client, which\ncould result in denial of service, information disclosure and the\nexecution of arbitrary code.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/source-package/rdesktop\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/stretch/rdesktop\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2019/dsa-4394\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the rdesktop packages.\n\nFor the stable distribution (stretch), these problems have been fixed\nin version 1.8.4-1~deb9u1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:rdesktop\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:9.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/02/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/02/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/02/19\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"9.0\", prefix:\"rdesktop\", reference:\"1.8.4-1~deb9u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:46:11", "bulletinFamily": "scanner", "description": "A denial of service (DoS) vulnerability exists in Integrated Lights-Out (iLO) 2 due to incorrect handling of https traffic. An unauthenticated, remote attacker can exploit this issue to cause the application to stop responding.", "modified": "2019-02-18T00:00:00", "id": "ILO_HPSBHF_03006.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=122257", "published": "2019-02-18T00:00:00", "title": "iLO 2 <= 2.23 Denial of Service Vulnerability", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(122257);\n script_version(\"1.1\");\n script_cvs_date(\"Date: 2019/02/18 9:00:12\");\n\n script_cve_id(\"CVE-2014-2601\");\n\n script_bugtraq_id(67054);\n\n script_name(english:\"iLO 2 <= 2.23 Denial of Service Vulnerability\");\n script_summary(english:\"Checks version of HP Integrated Lights-Out (iLO).\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote HP Integrated Lights-Out (iLO) server's web interface is\naffected by a denial of service vulnerability.\") ;\n script_set_attribute(attribute:\"description\", value:\n\"A denial of service (DoS) vulnerability exists in Integrated Lights-Out\n(iLO) 2 due to incorrect handling of https traffic. \nAn unauthenticated, remote attacker can exploit this issue to cause\nthe application to stop responding.\");\n # https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-c04244787\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?5f729249\");\n script_set_attribute(attribute:\"solution\", value:\n \"Upgrade firmware of iLO 2 to 2.25 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2014-2601\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/04/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/04/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/02/18\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\n\"cpe:/o:hp:integrated_lights-out_firmware\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ilo_detect.nasl\");\n script_require_keys(\"www/ilo\", \"ilo/generation\", \"ilo/firmware\");\n script_require_ports(\"Services/www\", 80);\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('http.inc');\ninclude('install_func.inc');\ninclude('misc_func.inc');\ninclude('vcf.inc');\n\ngeneration = get_kb_item_or_exit('ilo/generation');\nport = get_http_port(default:80, embedded: TRUE);\napp_info = vcf::get_app_info(app:'ilo', port:port, webapp:TRUE);\n\n# Firmware versions are different across generations so additional if check is required. \nif (generation != 2)\n audit(\n AUDIT_WEB_APP_NOT_AFFECTED,\n 'iLO ' + generation, \n build_url2(qs:app_info.path, port:port),\n app_info.version);\n\nconstraints = [{'max_version':'2.23', 'fixed_version': '2.25'}];\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);\n\n", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:46:11", "bulletinFamily": "scanner", "description": "The version of the remote MongoDB server is 2.6.x prior to 2.6.9, is 3.0.x < 3.0.14 or is 3.2.x < 3.2.8. It is, therefore, affected by multiple vulnerabilities.\n\n - A credentials disclosure vulnerability exists in the PEMKeyPassword, clusterPassword and Windows servicePassword. An unauthenticated local attacker can exploit this to get access to user credentials. (CVE-2014-2917)\n\n - A denial of service (DoS) vulnerability exist in the CmdAuthenticate::_authenticateX509 function in db/commands/authentication_commands.cpp in mongod. An unauthenticated remote attacker can exploit this to cause a denial of service (daemon crash) by attempting authentication with an invalid X.509 client certificate. (CVE-2014-3971)\n\n - A heap-based buffer overflow condition exists in PCRE. An unauthenticated remote attacker can exploit this via a crafted regular expression, related to an assertion that allows zero repeats to cause a denial of service or to cause other unspecified impact. (CVE-2014-8964)\n\n - A DoS vulnerability exists due to failure to check for missing values. An authenticated remote attacker can exploit this to cause the application to crash. The attacker needs write access to a database to be able to exploit this vulnerability.\n (CVE-2015-2705)\n\n - A breach of data integrity vulnerability exists in the WiredTiger storage engine. An authenticated remote attacker can exploit this by issuing an admin command to write statistic logs to a specific file and may compromise data integrity. (CVE-2017-12926)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "modified": "2019-02-15T00:00:00", "id": "MONGODB_3_2_8.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=122243", "published": "2019-02-15T00:00:00", "title": "MongoDB 2.6.x < 2.6.9, 3.0.x < 3.0.14, 3.2.x < 3.2.8 mongod", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(122243);\n script_version(\"1.1\");\n script_cvs_date(\"Date: 2019/02/15 11:49:10\");\n\n script_cve_id(\n \"CVE-2014-2917\",\n \"CVE-2014-3971\",\n \"CVE-2014-8964\",\n \"CVE-2015-2705\",\n \"CVE-2017-12926\"\n );\n script_bugtraq_id(71206);\n\n script_name(english:\"MongoDB 2.6.x < 2.6.9, 3.0.x < 3.0.14, 3.2.x < 3.2.8 mongod\");\n script_summary(english:\"Checks the version of MongoDB.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote database server is affected by a vulnerability that may\nresult in a denial of service or in the compromise of the server\nmemory integrity.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of the remote MongoDB server is 2.6.x prior to 2.6.9,\nis 3.0.x < 3.0.14 or is 3.2.x < 3.2.8. It is, therefore, affected by\nmultiple vulnerabilities.\n\n - A credentials disclosure vulnerability exists in the\n PEMKeyPassword, clusterPassword and Windows servicePassword. An\n unauthenticated local attacker can exploit this to get access \n to user credentials. (CVE-2014-2917)\n\n - A denial of service (DoS) vulnerability exist in the\n CmdAuthenticate::_authenticateX509 function in\n db/commands/authentication_commands.cpp in mongod. An\n unauthenticated remote attacker can exploit this to cause a denial\n of service (daemon crash) by attempting authentication with an\n invalid X.509 client certificate. (CVE-2014-3971)\n\n - A heap-based buffer overflow condition exists in PCRE. An \n unauthenticated remote attacker can exploit this via a crafted\n regular expression, related to an assertion that allows zero\n repeats to cause a denial of service or to cause other unspecified\n impact. (CVE-2014-8964)\n\n - A DoS vulnerability exists due to failure to check for missing\n values. An authenticated remote attacker can exploit this to\n cause the application to crash. The attacker needs write access\n to a database to be able to exploit this vulnerability.\n (CVE-2015-2705)\n\n - A breach of data integrity vulnerability exists in the WiredTiger\n storage engine. An authenticated remote attacker can exploit this\n by issuing an admin command to write statistic logs to a specific\n file and may compromise data integrity. (CVE-2017-12926)\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\n\");\n script_set_attribute(attribute:\"see_also\", value:\"https://jira.mongodb.org/browse/SERVER-13644\");\n script_set_attribute(attribute:\"see_also\", value:\"https://jira.mongodb.org/browse/SERVER-13753\");\n script_set_attribute(attribute:\"see_also\", value:\"https://jira.mongodb.org/browse/SERVER-17252\");\n script_set_attribute(attribute:\"see_also\", value:\"https://jira.mongodb.org/browse/SERVER-17521\");\n script_set_attribute(attribute:\"see_also\", value:\"https://jira.mongodb.org/browse/WT-2711\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mongodb.com/alerts\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to MongoDB version 2.6.9 / 3.0.14 / 3.2.8 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2014-2917\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/04/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/05/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/02/15\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:mongodb:mongodb\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Databases\");\n\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"mongodb_detect.nasl\");\n script_require_keys(\"Services/mongodb\");\n exit(0);\n}\n\ninclude('vcf.inc');\n\napp = 'MongoDB';\nport = get_service(svc:'mongodb', default:27017, exit_on_fail:TRUE);\nkbVer = 'mongodb/' + port + '/Version';\n\napp_info = vcf::get_app_info(app:app, kb_ver:kbVer, port: port);\n\nconstraints = [\n { 'min_version' : '2.6.0', 'fixed_version' : '2.6.9' },\n { 'min_version' : '3.0.0', 'fixed_version' : '3.0.14' },\n { 'min_version' : '3.2.0', 'fixed_version' : '3.2.8' }\n];\n\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:46:09", "bulletinFamily": "scanner", "description": "A denial of service (DoS) vulnerability exists in Integrated Lights-Out (iLO) due to an undisclosed vulnerability. An unauthenticated, remote attacker can exploit this issue to cause the application to stop responding.", "modified": "2019-02-14T00:00:00", "id": "ILO_HPSSRT_101886.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=122190", "published": "2019-02-14T00:00:00", "title": "iLO 2 < 2.27 / iLO 3 < 1.82 / iLO 4 < 2.10 Denial of Service Vulnerability", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(122190);\n script_version(\"1.1\");\n script_cvs_date(\"Date: 2019/02/14 14:52:48\");\n\n script_cve_id(\"CVE-2015-2106\");\n\n script_name(english:\"iLO 2 < 2.27 / iLO 3 < 1.82 / iLO 4 < 2.10 Denial of Service Vulnerability\");\n script_summary(english:\"Checks version of HP Integrated Lights-Out (iLO).\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote HP Integrated Lights-Out (iLO) server's web interface is\naffected by a denial of service vulnerability.\") ;\n script_set_attribute(attribute:\"description\", value:\n\"A denial of service (DoS) vulnerability exists in Integrated Lights-Out\n(iLO) due to an undisclosed vulnerability. \nAn unauthenticated, remote attacker can exploit this issue to cause \nthe application to stop responding.\");\n # https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04582368\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?c250bedf\");\n # https://nvd.nist.gov/vuln/detail/CVE-2015-2106\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?01654ca1\");\n script_set_attribute(attribute:\"solution\", value:\n \"For iLO 2, upgrade firmware to 2.27 or later. For iLO 3, upgrade firmware to 1.82 or later.\nFor iLO 4, upgrade firmware to 2.10 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2015-2106\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/03/31\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/03/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/02/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:hp:integrated_lights-out_firmware\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ilo_detect.nasl\");\n script_require_keys(\"www/ilo\", \"ilo/generation\", \"ilo/firmware\");\n script_require_ports(\"Services/www\", 80);\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('http.inc');\ninclude('install_func.inc');\ninclude('misc_func.inc');\ninclude('vcf.inc');\n\ngeneration = get_kb_item_or_exit('ilo/generation');\nport = get_http_port(default:80, embedded: TRUE);\napp_info = vcf::get_app_info(app:'ilo', port:port, webapp:TRUE);\n\n# Firmware versions are different across generations so additional if check is required.\nif (generation == 2)\n fixed_version = '2.27';\nelse if (generation == 3)\n fixed_version = '1.82';\nelse if (generation == 4)\n fixed_version = '2.10';\nelse\n audit(\n AUDIT_WEB_APP_NOT_AFFECTED,\n 'iLO ' + generation, \n build_url2(qs:app_info.path, port:port),\n app_info.version);\n\nconstraints = [{'fixed_version':fixed_version}];\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);\n\n", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:46:09", "bulletinFamily": "scanner", "description": "An information disclosure vulnerability exists in Integrated Lights-Out due to an unspecified vulnerability. An unauthenticated, remote attacker can exploit this to disclose potentially sensitive information.", "modified": "2019-02-14T00:00:00", "id": "ILO_HPSBHF_02821.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=122189", "published": "2019-02-14T00:00:00", "title": "iLO 3 < 1.50 / iLO 4 < 1.13 Information Disclosure Vulnerability", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(122189);\n script_version(\"1.1\");\n script_cvs_date(\"Date: 2019/02/14 14:04:59\");\n\n script_cve_id(\"CVE-2012-3271\");\n\n script_bugtraq_id(56597);\n\n script_name(english:\"iLO 3 < 1.50 / iLO 4 < 1.13 Information Disclosure Vulnerability\");\n script_summary(english:\"Checks version of HP Integrated Lights-Out (iLO).\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote HP Integrated Lights-Out (iLO) server's web interface is\naffected by an information disclosure vulnerability.\") ;\n script_set_attribute(attribute:\"description\", value:\n\"An information disclosure vulnerability exists in Integrated \nLights-Out due to an unspecified vulnerability. \nAn unauthenticated, remote attacker can exploit this to \ndisclose potentially sensitive information.\");\n # https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-c03515413&docLocale=en_US\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?6d1b5324\");\n script_set_attribute(attribute:\"solution\", value:\n \"For iLO 3, upgrade firmware to 1.50 or later. \n For iLO 4, upgrade firmware to 1.13 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2012-3271\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/11/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/11/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/02/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:hp:integrated_lights-out_firmware\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ilo_detect.nasl\");\n script_require_keys(\"www/ilo\", \"ilo/generation\", \"ilo/firmware\");\n script_require_ports(\"Services/www\", 80);\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('http.inc');\ninclude('install_func.inc');\ninclude('misc_func.inc');\ninclude('vcf.inc');\n\ngeneration = get_kb_item_or_exit('ilo/generation');\nport = get_http_port(default:80, embedded: TRUE);\napp_info = vcf::get_app_info(app:'ilo', port:port, webapp:TRUE);\n\n# Firmware versions are different across generations so additional if check is required.\nif (generation == 3)\n fixed_version = '1.50';\nelse if (generation == 4)\n fixed_version = '1.13';\nelse\n audit(\n AUDIT_WEB_APP_NOT_AFFECTED,\n 'iLO ' + generation, \n build_url2(qs:app_info.path, port:port),\n app_info.version);\n\nconstraints = [{'fixed_version':fixed_version}];\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);\n\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:46:09", "bulletinFamily": "scanner", "description": "According to its version number, the firmware of Integrated Lights-Out running on the remote web server is iLO 3 prior to 1.65 or iLO 4 prior to 1.32. It is, therefore, affected by multiple vulnerabilities:\n - A cross-site scripting (XSS) vulnerability exists due to improper validation of user-supplied input before returning it to users. An unauthenticated, remote attacker can exploit this, by convincing a user to click a specially crafted URL, to execute arbitrary script code in a user's browser session (CVE-2013-4842).\n\n - An information disclosure vulnerability exists in Integrated Lights-Out (iLO) 3 & 4 due to an undisclosed vulnerability. An unauthenticated, remote attacker can exploit this to disclose potentially sensitive information (CVE-2013-4843).", "modified": "2019-02-14T00:00:00", "id": "ILO_HPSBHF_02939.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=122188", "published": "2019-02-14T00:00:00", "title": "iLO 3 < 1.65 / iLO 4 < 1.32 Multiple Vulnerabilities", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(122188);\n script_version(\"1.1\");\n script_cvs_date(\"Date: 2019/02/14 13:48:00\");\n\n script_cve_id(\n \"CVE-2013-4842\",\n \"CVE-2013-4843\"\n );\n\n script_bugtraq_id(\n 63689,\n 63691\n );\n\n script_name(english:\"iLO 3 < 1.65 / iLO 4 < 1.32 Multiple Vulnerabilities\");\n script_summary(english:\"Checks version of HP Integrated Lights-Out (iLO).\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote HP Integrated Lights-Out (iLO) server's web interface is\naffected by multiple vulnerabilities.\") ;\n script_set_attribute(attribute:\"description\", value:\n\"According to its version number, the firmware of Integrated Lights-Out\nrunning on the remote web server is iLO 3 prior to 1.65 or iLO 4 \nprior to 1.32. It is, therefore, affected by multiple vulnerabilities:\n - A cross-site scripting (XSS) vulnerability exists due to improper\n validation of user-supplied input before returning it to users. \n An unauthenticated, remote attacker can exploit this, by convincing\n a user to click a specially crafted URL, to execute arbitrary script\n code in a user's browser session (CVE-2013-4842).\n\n - An information disclosure vulnerability exists in Integrated \n Lights-Out (iLO) 3 & 4 due to an undisclosed vulnerability. \n An unauthenticated, remote attacker can exploit this to disclose\n potentially sensitive information (CVE-2013-4843).\");\n # https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-c03996804&docLocale=en_US\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?aaf46ad1\");\n script_set_attribute(attribute:\"solution\", value:\n \"For iLO 3, upgrade firmware to 1.65 or later. \n For iLO 4, upgrade firmware to 1.32 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2013-4842\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/12/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/11/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/02/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:hp:integrated_lights-out_firmware\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ilo_detect.nasl\");\n script_require_keys(\"www/ilo\", \"ilo/generation\", \"ilo/firmware\");\n script_require_ports(\"Services/www\", 80);\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('http.inc');\ninclude('install_func.inc');\ninclude('misc_func.inc');\ninclude('vcf.inc');\n\ngeneration = get_kb_item_or_exit('ilo/generation');\nport = get_http_port(default:80, embedded: TRUE);\napp_info = vcf::get_app_info(app:'ilo', port:port, webapp:TRUE);\n\n# Firmware versions are different across generations so additional if check is required.\nif (generation == 3)\n fixed_version = '1.65';\nelse if (generation == 4)\n fixed_version = '1.32';\nelse\n audit(\n AUDIT_WEB_APP_NOT_AFFECTED,\n 'iLO ' + generation, \n build_url2(qs:app_info.path, port:port),\n app_info.version);\n\nconstraints = [{'fixed_version':fixed_version}];\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);\n\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:NONE/A:NONE/"}}, {"lastseen": "2019-02-21T01:46:08", "bulletinFamily": "scanner", "description": "Update to 1.8.4. Security fix for CVE-2018-8794 CVE-2018-8795 CVE-2018-8797 CVE-2018-20175 CVE-2018-20176 CVE-2018-8791 CVE-2018-8792 CVE-2018-8793 CVE-2018-8796 CVE-2018-8798 CVE-2018-8799 CVE-2018-8800 CVE-2018-20174 CVE-2018-20177 CVE-2018-20178 CVE-2018-20179 CVE-2018-20180 CVE-2018-20181 CVE-2018-20182.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "modified": "2019-02-13T00:00:00", "id": "FEDORA_2019-5146CD34E2.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=122134", "published": "2019-02-13T00:00:00", "title": "Fedora 28 : rdesktop (2019-5146cd34e2)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2019-5146cd34e2.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(122134);\n script_version(\"1.1\");\n script_cvs_date(\"Date: 2019/02/13 9:26:32\");\n\n script_cve_id(\"CVE-2018-20174\", \"CVE-2018-20175\", \"CVE-2018-20176\", \"CVE-2018-20177\", \"CVE-2018-20178\", \"CVE-2018-20179\", \"CVE-2018-20180\", \"CVE-2018-20181\", \"CVE-2018-20182\", \"CVE-2018-8791\", \"CVE-2018-8792\", \"CVE-2018-8793\", \"CVE-2018-8794\", \"CVE-2018-8795\", \"CVE-2018-8796\", \"CVE-2018-8797\", \"CVE-2018-8798\", \"CVE-2018-8799\", \"CVE-2018-8800\");\n script_xref(name:\"FEDORA\", value:\"2019-5146cd34e2\");\n\n script_name(english:\"Fedora 28 : rdesktop (2019-5146cd34e2)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Update to 1.8.4. Security fix for CVE-2018-8794 CVE-2018-8795\nCVE-2018-8797 CVE-2018-20175 CVE-2018-20176 CVE-2018-8791\nCVE-2018-8792 CVE-2018-8793 CVE-2018-8796 CVE-2018-8798 CVE-2018-8799\nCVE-2018-8800 CVE-2018-20174 CVE-2018-20177 CVE-2018-20178\nCVE-2018-20179 CVE-2018-20180 CVE-2018-20181 CVE-2018-20182.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2019-5146cd34e2\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected rdesktop package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:rdesktop\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:28\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/02/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/02/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/02/13\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^28([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 28\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC28\", reference:\"rdesktop-1.8.4-2.fc28\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"rdesktop\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:46:06", "bulletinFamily": "scanner", "description": "The version of Samba running on the remote host is prior to 3.4.0. It is, therefore, affected by a remote code execution vulnerability in process.c due to a heap-based buffer overflow. An unauthenticated, remote attacker can exploit this to bypass authentication and execute arbitrary commands via Batched / AndX request.\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "modified": "2019-02-08T00:00:00", "id": "SAMBA_3_4_0.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=122058", "published": "2019-02-08T00:00:00", "title": "Samba < 3.4.0 Remote Code Execution Vulnerability", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(122058);\n script_version(\"1.1\");\n script_cvs_date(\"Date: 2019/02/08 15:02:57\");\n\n script_cve_id(\n \"CVE-2012-0870\"\n );\n script_bugtraq_id(52103);\n\n script_name(english:\"Samba < 3.4.0 Remote Code Execution Vulnerability\");\n script_summary(english:\"Checks the version of Samba.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Samba server is affected by a remote code execution vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Samba running on the remote host is prior to\n3.4.0. It is, therefore, affected by a remote code execution\nvulnerability in process.c due to a heap-based buffer overflow. An \nunauthenticated, remote attacker can exploit this to bypass authentication \nand execute arbitrary commands via Batched / AndX request.\n\nNote that Nessus has not tested for this issue but has instead relied\nonly on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.samba.org/samba/security/CVE-2012-0870.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Samba version 3.4.0 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2012-0870\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2008/08/22\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/08/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/02/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:samba:samba\");\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_nativelanman.nasl\");\n script_require_keys(\"SMB/NativeLanManager\", \"SMB/samba\", \"Settings/ParanoidReport\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"vcf.inc\");\ninclude(\"vcf_extras.inc\");\n\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\napp = vcf::samba::get_app_info();\nvcf::check_granularity(app_info:app, sig_segments:3);\n\nconstraints = \n[\n {\"fixed_version\" : \"3.4.0\"}\n];\n\nvcf::check_version_and_report(app_info:app, constraints:constraints, severity:SECURITY_HOLE, strict:FALSE);\n", "cvss": {"score": 7.9, "vector": "AV:ADJACENT_NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-08T12:51:52", "bulletinFamily": "scanner", "description": "An update of the libtar package has been released.", "modified": "2019-02-07T00:00:00", "published": "2019-02-07T00:00:00", "id": "PHOTONOS_PHSA-2017-0040_LIBTAR.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=121744", "title": "Photon OS 1.0: Libtar PHSA-2017-0040", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.`\n#\n\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2017-0040. The text\n# itself is copyright (C) VMware, Inc.\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(121744);\n script_version(\"1.1\");\n script_cvs_date(\"Date: 2019/02/07 18:14:47\");\n\n script_cve_id(\"CVE-2013-4420\");\n\n script_name(english:\"Photon OS 1.0: Libtar PHSA-2017-0040\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote PhotonOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of the libtar package has been released.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/vmware/photon/wiki/Security-Updates-80.md\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-10309\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/10/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/10/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/02/07\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:libtar\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:1.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/PhotonOS/release\");\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, \"PhotonOS\");\nif (release !~ \"^VMware Photon (?:Linux|OS) 1\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"PhotonOS 1.0\");\n\nif (!get_kb_item(\"Host/PhotonOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"PhotonOS\", cpu);\n\nflag = 0;\n\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"libtar-1.2.20-3.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"libtar-devel-1.2.20-3.ph1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libtar\");\n}\n", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}], "debian": [{"lastseen": "2019-02-19T14:01:43", "bulletinFamily": "unix", "description": "Package : rdesktop\nVersion : 1.8.4-0+deb8u1\nCVE ID : CVE-2018-8791 CVE-2018-8792 CVE-2018-8793 CVE-2018-8794\n CVE-2018-8795 CVE-2018-8796 CVE-2018-8797 CVE-2018-8798\n CVE-2018-8799 CVE-2018-8800 CVE-2018-20174 CVE-2018-20175\n CVE-2018-20176 CVE-2018-20177 CVE-2018-20178 CVE-2018-20179\n CVE-2018-20180 CVE-2018-20181 CVE-2018-20182\n\nMultiple security issues were found in the rdesktop RDP client, which\ncould result in denial of service, information disclosure and the\nexecution of arbitrary code.\n\nFor Debian 8 "Jessie", these problems have been fixed in version\n1.8.4-0+deb8u1.\n\nWe recommend that you upgrade your rdesktop packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS\n", "modified": "2019-02-19T10:40:01", "published": "2019-02-19T10:40:01", "id": "DEBIAN:DLA-1683-1:7CEE2", "href": "https://lists.debian.org/debian-lts-announce/2019/debian-lts-announce-201902/msg00030.html", "title": "[SECURITY] [DLA 1683-1] rdesktop security update", "type": "debian", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-02-19T02:01:18", "bulletinFamily": "unix", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-4394-1 security@debian.org\nhttps://www.debian.org/security/ Moritz Muehlenhoff\nFebruary 18, 2019 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : rdesktop\nCVE ID : CVE-2018-8791 CVE-2018-8792 CVE-2018-8793 CVE-2018-8794 \n CVE-2018-8795 CVE-2018-8796 CVE-2018-8797 CVE-2018-8798 \n CVE-2018-8799 CVE-2018-8800 CVE-2018-20174\n\t\t CVE-2018-20175 CVE-2018-20176 CVE-2018-20177\n\t\t CVE-2018-20178 CVE-2018-20179 CVE-2018-20180\n\t\t CVE-2018-20181 CVE-2018-20182\n\nMultiple security issues were found in the rdesktop RDP client, which\ncould result in denial of service, information disclosure and the\nexecution of arbitrary code.\n\nFor the stable distribution (stretch), these problems have been fixed in\nversion 1.8.4-1~deb9u1.\n\nWe recommend that you upgrade your rdesktop packages.\n\nFor the detailed security status of rdesktop please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/rdesktop\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "modified": "2019-02-18T21:24:40", "published": "2019-02-18T21:24:40", "id": "DEBIAN:DSA-4394-1:6FB8A", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2019/msg00035.html", "title": "[SECURITY] [DSA 4394-1] rdesktop security update", "type": "debian", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "openvas": [{"lastseen": "2019-02-20T15:06:40", "bulletinFamily": "scanner", "description": "Multiple security issues were found in the rdesktop RDP client, which\ncould result in denial of service, information disclosure and the\nexecution of arbitrary code.", "modified": "2019-02-19T00:00:00", "published": "2019-02-19T00:00:00", "id": "OPENVAS:1361412562310891683", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310891683", "title": "Debian LTS Advisory ([SECURITY] [DLA 1683-1] rdesktop security update)", "type": "openvas", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.891683\");\n script_version(\"$Revision: 13758 $\");\n script_cve_id(\"CVE-2018-20174\", \"CVE-2018-20175\", \"CVE-2018-20176\", \"CVE-2018-20177\", \"CVE-2018-20178\",\n \"CVE-2018-20179\", \"CVE-2018-20180\", \"CVE-2018-20181\", \"CVE-2018-20182\", \"CVE-2018-8791\",\n \"CVE-2018-8792\", \"CVE-2018-8793\", \"CVE-2018-8794\", \"CVE-2018-8795\", \"CVE-2018-8796\",\n \"CVE-2018-8797\", \"CVE-2018-8798\", \"CVE-2018-8799\", \"CVE-2018-8800\");\n script_name(\"Debian LTS Advisory ([SECURITY] [DLA 1683-1] rdesktop security update)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-02-19 11:55:49 +0100 (Tue, 19 Feb 2019) $\");\n script_tag(name:\"creation_date\", value:\"2019-02-19 00:00:00 +0100 (Tue, 19 Feb 2019)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"https://lists.debian.org/debian-lts-announce/2019/02/msg00030.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB8\\.[0-9]+\");\n script_tag(name:\"affected\", value:\"rdesktop on Debian Linux\");\n script_tag(name:\"insight\", value:\"rdesktop is an open source client for Windows NT/2000 Terminal Server and\nWindows Server 2003/2008. Capable of natively speaking its Remote Desktop\nProtocol (RDP) in order to present the user's Windows desktop. Unlike Citrix\nICA, no server extensions are required.\");\n script_tag(name:\"solution\", value:\"For Debian 8 'Jessie', these problems have been fixed in version\n1.8.4-0+deb8u1.\n\nWe recommend that you upgrade your rdesktop packages.\");\n script_tag(name:\"summary\", value:\"Multiple security issues were found in the rdesktop RDP client, which\ncould result in denial of service, information disclosure and the\nexecution of arbitrary code.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"rdesktop\", ver:\"1.8.4-0+deb8u1\", rls_regex:\"DEB8\\.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-02-20T15:06:40", "bulletinFamily": "scanner", "description": "Multiple security issues were found in the rdesktop RDP client, which\ncould result in denial of service, information disclosure and the\nexecution of arbitrary code.", "modified": "2019-02-20T00:00:00", "published": "2019-02-18T00:00:00", "id": "OPENVAS:1361412562310704394", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310704394", "title": "Debian Security Advisory DSA 4394-1 (rdesktop - security update)", "type": "openvas", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.704394\");\n script_version(\"$Revision: 13772 $\");\n script_cve_id(\"CVE-2018-20174\", \"CVE-2018-20175\", \"CVE-2018-20176\", \"CVE-2018-20177\", \"CVE-2018-20178\",\n \"CVE-2018-20179\", \"CVE-2018-20180\", \"CVE-2018-20181\", \"CVE-2018-20182\", \"CVE-2018-8791\",\n \"CVE-2018-8792\", \"CVE-2018-8793\", \"CVE-2018-8794\", \"CVE-2018-8795\", \"CVE-2018-8796\",\n \"CVE-2018-8797\", \"CVE-2018-8798\", \"CVE-2018-8799\", \"CVE-2018-8800\");\n script_name(\"Debian Security Advisory DSA 4394-1 (rdesktop - security update)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-02-20 07:55:55 +0100 (Wed, 20 Feb 2019) $\");\n script_tag(name:\"creation_date\", value:\"2019-02-18 00:00:00 +0100 (Mon, 18 Feb 2019)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"https://www.debian.org/security/2019/dsa-4394.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB9\\.[0-9]+\");\n script_tag(name:\"affected\", value:\"rdesktop on Debian Linux\");\n script_tag(name:\"insight\", value:\"rdesktop is an open source client for Windows NT/2000 Terminal Server and\nWindows Server 2003/2008. Capable of natively speaking its Remote Desktop\nProtocol (RDP) in order to present the user's Windows desktop. Unlike Citrix\nICA, no server extensions are required.\");\n script_tag(name:\"solution\", value:\"For the stable distribution (stretch), these problems have been fixed in\nversion 1.8.4-1~deb9u1.\n\nWe recommend that you upgrade your rdesktop packages.\n\nFor the detailed security status of rdesktop please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/rdesktop\");\n script_tag(name:\"summary\", value:\"Multiple security issues were found in the rdesktop RDP client, which\ncould result in denial of service, information disclosure and the\nexecution of arbitrary code.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"rdesktop\", ver:\"1.8.4-1~deb9u1\", rls_regex:\"DEB9\\.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "cve": [{"lastseen": "2019-02-20T12:22:00", "bulletinFamily": "NVD", "description": "Vulnerability in Easy2map-photos WordPress Plugin v1.09 allows SQL Injection via unsanitized mapTemplateName, mapName, mapSettingsXML, parentCSSXML, photoCSSXML, mapCSSXML, mapHTML,mapID variables", "modified": "2019-02-19T10:29:18", "published": "2019-02-15T16:29:00", "id": "CVE-2015-4615", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-4615", "title": "CVE-2015-4615", "type": "cve", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-02-20T12:22:00", "bulletinFamily": "NVD", "description": "Vulnerability in Easy2map-photos WordPress Plugin v1.09 MapPinImageUpload.php and MapPinIconSave.php allows path traversal when specifying file names creating files outside of the upload directory.", "modified": "2019-02-19T15:56:55", "published": "2019-02-15T16:29:00", "id": "CVE-2015-4617", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-4617", "title": "CVE-2015-4617", "type": "cve", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}], "f5": [{"lastseen": "2019-02-20T21:07:47", "bulletinFamily": "software", "description": "\nF5 Product Development has evaluated the currently supported releases for potential vulnerability, and no F5 products were found to be vulnerable.\n\nNone\n\n * [K51812227: Understanding Security Advisory versioning](<https://support.f5.com/csp/article/K51812227>)\n * [K41942608: Overview of AskF5 Security Advisory articles](<https://support.f5.com/csp/article/K41942608>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n", "modified": "2019-02-11T23:55:00", "published": "2019-02-11T23:55:00", "id": "F5:K07052904", "href": "https://support.f5.com/csp/article/K07052904", "title": "PHP vulnerability CVE-2015-3307", "type": "f5", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-02-20T21:07:52", "bulletinFamily": "software", "description": "\nF5 Product Development has evaluated the currently supported releases for potential vulnerability, and no F5 products were found to be vulnerable.\n\nNone\n\n * [K51812227: Understanding Security Advisory versioning](<https://support.f5.com/csp/article/K51812227>)\n * [K41942608: Overview of AskF5 Security Advisory articles](<https://support.f5.com/csp/article/K41942608>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n", "modified": "2019-02-07T23:23:00", "published": "2019-02-07T23:23:00", "id": "F5:K19916307", "href": "https://support.f5.com/csp/article/K19916307", "title": "glibc vulnerability CVE-2015-1473", "type": "f5", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}]}