Nessus Plugins

All the newest security checks for the Nessus scanner

URL: http://www.nessus.org/scripts.php

Updated: 4 weeks 6 days ago

| 2008-06-04 18:01

Synopsis :

These remote packages are missing security patches :
- avm-fritz-firmware-2.6.24-18
- avm-fritz-kernel-source
- fglrx-amdcccle
- fglrx-control
- fglrx-kernel-source
- linux-backports-modules-2.6.24-18-386
- linux-backports-modules-2.6.24-18-generic
- linux-backports-modules-2.6.24-18-openvz
- linux-backports-modules-2.6.24-18-rt
- linux-backports-modules-2.6.24-18-server
- linux-backports-modules-2.6.24-18-virtual
- linux-backports-modules-2.6.24-18-xen
- linux-doc-2.6.24
- linux-headers-2.6.2
[...]

Description :

It was discovered that PowerPC kernels did not correctly handle reporting
certain system details. By requesting a specific set of information,
a local attacker could cause a system crash resulting in a denial
of service. (CVE-2007-6694)

A race condition was discovered between dnotify fcntl() and close() in
the kernel. If a local attacker performed malicious dnotify requests,
they could cause memory consumption leading to a denial of service,
or possibly send arbitrary signals to any process. (CVE-2008-1375)

On SMP systems, a race condition existed in fcntl(). Local attackers
could perform malicious locks, causing system crashes and leading to
a denial of service. (CVE-2008-1669)

The tehuti network driver did not correctly handle certain IO functions.
A local attacker could perform malicious requests to the driver,
potentially accessing kernel memory, leading to privilege escalation
or access to private system information. (CVE-2008-1675)

Solution :

Upgrade to :
- avm-fritz-firmware-2.6.24-18-3.11+2.6.24.13-18.41 (Ubuntu 8.04)
- avm-fritz-kernel-source-3.11+2.6.24.13-18.41 (Ubuntu 8.04)
- fglrx-amdcccle-2.6.24.13-18.41 (Ubuntu 8.04)
- fglrx-control-8-3+2.6.24.13-18.41 (Ubuntu 8.04)
- fglrx-kernel-source-8-3+2.6.24.13-18.41 (Ubuntu 8.04)
- linux-backports-modules-2.6.24-18-386-2.6.24-18.16 (Ubuntu 8.04)
- linux-backports-modules-2.6.24-18-generic-2.6.24-18.16 (Ubuntu 8.04)
- linux-backports-modules-2.6.24-18-openvz-2.6.24-18.16 (Ubuntu 8.04)
- linux-b
[...]

Risk factor : High

| 2008-06-04 18:01

SuSE Security Update: Security update for vorbis-tools (vorbis-tools-5193)

Synopsis :

The remote SuSE system is missing the security patch vorbis-tools-5193.

Description :

Specially crafted files or streams could potentially be
abused to trick applications that support speex into
executing arbitrary code (CVE-2008-1686).

Solution :

Install the security patch vorbis-tools-5193.

Risk factor :

High

This is the 1-year notification of the End Of Life plans for Red Hat
Enterprise Linux 2.1.

In accordance with the Red Hat Enterprise Linux Errata Support Policy, the
7 year life-cycle of Red Hat Enterprise Linux 2.1 will end on May 31, 2009.

After this date, Red Hat will discontinue the technical support services,
bug fix, enhancement, and security errata updates for the following
products:

* Red Hat Enterprise Linux AS 2.1
* Red Hat Enterprise Linux ES 2.1
* Red Hat Enterprise Linux WS 2.1
* Red Hat Linux Advanced Server 2.1
* Red Hat Linux Advanced Workstation 2.1

Customers still running production workloads on Red Hat Enterprise Linux
2.1 are advised to begin planning the upgrade to Red Hat Enterprise Linux
5. Active subscribers of Red Hat Enterprise Linux already have access to
all currently maintained versions of Red Hat Enterprise Linux, as part of
their subscription.

Details of the Red Hat Enterprise Linux life-cycle can be found on the
Red Hat website: http://www.redhat.com/security/updates/errata/

Solution : http://rhn.redhat.com/errata/RHSA-2008-0521.html
Risk factor : High

Updated evolution packages that fix two buffer overflow vulnerabilities are
now available for Red Hat Enterprise Linux 5.

This update has been rated as having important security impact by the Red
Hat Security Response Team.

Evolution is the integrated collection of e-mail, calendaring, contact
management, communications and personal information management (PIM) tools
for the GNOME desktop environment.

A flaw was found in the way Evolution parsed iCalendar timezone attachment
data. If the Itip Formatter plug-in was disabled and a user opened a mail
with a carefully crafted iCalendar attachment, arbitrary code could be
executed as the user running Evolution. (CVE-2008-1108)

Note: the Itip Formatter plug-in, which allows calendar information
(attachments with a MIME type of "text/calendar") to be displayed as part
of the e-mail message, is enabled by default.

A heap-based buffer overflow flaw was found in the way Evolution parsed
iCalendar attachments with an overly long "DESCRIPTION" property string. If
a user responded to a carefully crafted iCalendar attachment in a
particular way, arbitrary code could be executed as the user running
Evolution. (CVE-2008-1109).

The particular response required to trigger this vulnerability was as
follows:

1. Receive the carefully crafted iCalendar attachment.
2. Accept the associated meeting.
3. Open the calender the meeting was in.
4. Reply to the sender.

Red Hat would like to thank Alin Rad Pop of Secunia Research for
responsibly disclosing these issues.

All Evolution users should upgrade to these updated packages, which contain
backported patches which resolves these issues.

Solution : http://rhn.redhat.com/errata/RHSA-2008-0514.html
Risk factor : High

The remote host is affected by the vulnerability described in GLSA-200806-02
(libxslt: Execution of arbitrary code)

Anthony de Almeida Lopes reported a vulnerability in libxslt when
handling XSL style-sheet files, which could be exploited to trigger the
use of uninitialized memory, e.g. in a call to "free()".

Impact

A remote attacker could entice a user or automated system to process an
XML file using a specially crafted XSL transformation file, possibly
resulting in the execution of arbitrary code or a Denial of Service.

Workaround

There is no known workaround at this time.

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1767

Solution:
All libxslt users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-libs/libxslt-1.1.24"

Risk factor : Medium

The remote host is affected by the vulnerability described in GLSA-200806-01
(mtr: Stack-based buffer overflow)

Adam Zabrocki reported a boundary error within the split_redraw()
function in the file split.c, possibly leading to a stack-based buffer
overflow.

Impact

A remote attacker could use a specially crafted resolved hostname to
execute arbitrary code with root privileges. However, it is required
that the attacker controls the DNS server used by the victim, and that
the "-p" (or "--split") command line option is used.

Workaround

There is no known workaround at this time.

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2357

Solution:
All mtr users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-analyzer/mtr-0.73-r1"

Risk factor : High

The remote host is missing the patch for the advisory FEDORA-2008-4950 (imlib2).

Imlib 2 is a library that does image file loading and saving as well
as rendering, manipulation, arbitrary polygon support, etc. It does
ALL of these operations FAST. Imlib2 also tries to be highly
intelligent about doing them, so writing naive programs can be done
easily, without sacrificing speed. This is a complete rewrite over
the Imlib 1.x series. The architecture is more modular, simple, and
flexible.

-
Update Information:

Fix CVE-2008-2426 / SA30401 - buffer overflow in the XPM loader.
[9]http://secunia.com/advisories/30401/

Solution : Get the newest Fedora Updates
Risk factor : High

The remote host is missing the patch for the advisory FEDORA-2008-4947 (libpng).

The libpng package contains a library of functions for creating and
manipulating PNG (Portable Network Graphics) image format files. PNG
is a bit-mapped graphics format similar to the GIF format. PNG was
created to replace the GIF format, since GIF uses a patented data
compression algorithm.

Libpng should be installed if you need to manipulate PNG format image
files.

-
Update Information:

Update to new upstream version 1.2.29. Among other bug fixes, this introduce
s
a minor security fix in the handling of unknown chunks - CVE-2008-1382:
[9]http://libpng.sourceforge.net/Advisory-1.2.26.txt
[10]http://www.ocert.org/advisories/ocert-2008-003.html

Solution : Get the newest Fedora Updates
Risk factor : High

The remote host is missing the patch for the advisory FEDORA-2008-4910 (libpng).

The libpng package contains a library of functions for creating and
manipulating PNG (Portable Network Graphics) image format files. PNG
is a bit-mapped graphics format similar to the GIF format. PNG was
created to replace the GIF format, since GIF uses a patented data
compression algorithm.

Libpng should be installed if you need to manipulate PNG format image
files.

-
Update Information:

Update to new upstream version 1.2.29. Among other bug fixes, this introduce
s
a minor security fix in the handling of unknown chunks - CVE-2008-1382:
[9]http://libpng.sourceforge.net/Advisory-1.2.26.txt
[10]http://www.ocert.org/advisories/ocert-2008-003.html

Solution : Get the newest Fedora Updates
Risk factor : High

The remote host is missing the patch for the advisory FEDORA-2008-4871 (imlib2).

Imlib 2 is a library that does image file loading and saving as well
as rendering, manipulation, arbitrary polygon support, etc. It does
ALL of these operations FAST. Imlib2 also tries to be highly
intelligent about doing them, so writing naive programs can be done
easily, without sacrificing speed. This is a complete rewrite over
the Imlib 1.x series. The architecture is more modular, simple, and
flexible.

-
Update Information:

Fix CVE-2008-2426 / SA30401 - buffer overflow in the XPM loader.
[9]http://secunia.com/advisories/30401/

Solution : Get the newest Fedora Updates
Risk factor : High

The remote host is missing the patch for the advisory FEDORA-2008-4847 (libpng).

The libpng package contains a library of functions for creating and
manipulating PNG (Portable Network Graphics) image format files. PNG
is a bit-mapped graphics format similar to the GIF format. PNG was
created to replace the GIF format, since GIF uses a patented data
compression algorithm.

Libpng should be installed if you need to manipulate PNG format image
files.

-
Update Information:

Update to new upstream version 1.2.29. Among other bug fixes, this introduce
s
a minor security fix in the handling of unknown chunks - CVE-2008-1382:
[9]http://libpng.sourceforge.net/Advisory-1.2.26.txt
[10]http://www.ocert.org/advisories/ocert-2008-003.html

Solution : Get the newest Fedora Updates
Risk factor : High

The remote host is missing the patch for the advisory FEDORA-2008-4842 (imlib2).

Imlib 2 is a library that does image file loading and saving as well
as rendering, manipulation, arbitrary polygon support, etc. It does
ALL of these operations FAST. Imlib2 also tries to be highly
intelligent about doing them, so writing naive programs can be done
easily, without sacrificing speed. This is a complete rewrite over
the Imlib 1.x series. The architecture is more modular, simple, and
flexible.

-
Update Information:

Fix CVE-2008-2426 / SA30401 - buffer overflow in the XPM loader.
[9]http://secunia.com/advisories/30401/

Solution : Get the newest Fedora Updates
Risk factor : High

Several local (remote) vulnerabilities have been discovered in libvorbis,
a library for the Vorbis general-purpose compressed audio codec. The Common
Vulnerabilities and Exposures project identifies the following problems:
libvorbis does not properly handle a zero value which allows remote
attackers to cause a denial of service (crash or infinite loop) or
trigger an integer overflow.
Integer overflow in libvorbis allows remote attackers to execute
arbitrary code via a crafted OGG file, which triggers a heap overflow.
Integer overflow in libvorbis allows remote attackers to cause a denial
of service (crash) or execute arbitrary code via a crafted OGG file
which triggers a heap overflow.
For the stable distribution (etch), these problems have been fixed in version
1.1.2.dfsg-1.4.

Solution : http://www.debian.org/security/2008/dsa-1591
Risk factor : High