The Passive Vulnerability Scanner (PVS) Plugins

The Passive Vulnerability Scanner (PVS) Plugins http://www.tenablesecurity.com/tenable_plugins.pdf All the newest security checks for the Tenable Passive Vulnerability Scanner (PVS) PVS Plugins http://www.tenablesecurity.com/images/RssLogo.jpg http://www.tenablesecurity.com/ QuickTime < 7.7.2 Multiple Vulnerabilities Synopsis :\n\nThe remote host contains an application that is vulnerable to multiple attack vectors.\n\nFor your information, the observed version of QuickTime is %L.\n\nVersions of QuickTime earlier thanolder than 7.7.2 are affected by the following vulnerabilities :\n\n - An uninitialized memory access issue exists in the handling of MP4 encoded files. (CVE-2011-3458)\n\n - An off-by-one buffer overflow exists in the handling of rdrf atoms in QuickTime movie files. (CVE-2011-3459)\n\n - A stack buffer overflow exists in the QuickTime plugin's handling of PNG files. (CVE-2011-3460)\n\n - A stack buffer overflow exists in QuickTime's handling of file paths. (CVE-2012-0265)\n\n - A buffer overflow exists in the handling of audio sample tables. (CVE-2012-0658)\n\n - An integer overflow exists in the handling of MPEG files. (CVE-2012-0659)\n\n - An integer underflow exists in QuickTime's handling of audio streams in MPEG files. (CVE-2012-0660)\n\n - A use-after-free issue exists in the handling of JPEG2000 encoded movie files. (CVE-2012-0661)\n\n - Multiple stack overflows exist in QuickTime's handling of TeXML files. (CVE-2012-0663)\n\n - A heap overflow exists in QuickTime's handling of text tracks. (CVE-2012-0664)\n\n - A heap overflow exists in the handling of H.264 encoded movie files. (CVE-2012-0665)\n\n - A stack buffer overflow exists in the QuickTime plugin's handling of QTMovie objects. (CVE-2012-0666)\n\n - A signedness issue exists in the handling of QTVR movie files. (CVE-2012-0667)\n\n - A buffer overflow exists in QuickTime's handling of Sorenson encoded movie files. (CVE-2012-0669)\n\n - An integer overflow exists in QuickTime's handling of sean atoms. (CVE-2012-0670)\n\n - A memory corruption issue exists in the handling of .pict files. (CVE-2012-0671)\n\nIAVA Reference : 2012-A-0085\nSTIG Finding Severity : Category I

See also :

http://lists.apple.com/archives/security-announce/2012/May/msg00005.html

Solution :

Upgrade to QuickTime 7.7.2 or later.

Risk factor :

HIGH

References:
http://www.nessus.org/plugins/index.php?view=single&id=59113
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3458
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3459
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3460
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0265
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0658
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0659
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0660
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0661
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0663
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0664
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0665
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0666
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0667
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0668
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0669
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0670
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0671

Copyright Tenable Network Security Inc. 2012]]> 2012-05-18T15:28:00-05:00 http://www.tenablesecurity.com/6489.html Real Networks RealPlayer < 15.0.4.53 Multiple Vulnerabilities Synopsis :\n\nThe remote host is running an application that is vulnerable to multiple attack vectors.\n\nThe remote host is running RealPlayer, a multi-media application. For your information, the observed build of RealPlayer is:\n%L.\n\nRealPlayer builds earlier than 15.0.4.53 are potentially affected by multiple vulnerabilities :\n\n - A memory corruption error exists related to the handling of 'MP4' files. (CVE-2012-1904)\n\n - An unspecified error exists related to the parsing of 'RealMedia ASMRuleBook' files that can lead to remote arbitrary code execution. (CVE-2012-2406)\n\n - A buffer overflow exists related to the parsing of 'RealJukebox Media' content. (CVE-2012-2411)\n

See also :

http://service.real.com/realplayer/security/05152012_player/en

Solution :

Upgrade to RealPlayer 15.0.4.53 or later.

Risk factor :

HIGH

References:
http://www.nessus.org/plugins/index.php?view=single&id=59173
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1904
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2406
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2411

Copyright Tenable Network Security Inc. 2012]]> 2012-05-18T15:28:00-05:00 http://www.tenablesecurity.com/6488.html Google Chrome < 19.0.1084.46 Multiple Vulnerabilities Synopsis :\n\nThe remote host contains a web browser that is affected by multiple vulnerabilities.\n\nFor your information, the observed version of Google Chrome is :\n %L \n\nVersions of Google Chrome earlier than 19.0.1084.46 are potentially affected by the following vulnerabilities :\n\n - Video content with FTP can cause crashes. (CVE-2011-3083)\n\n - Internal links are not loaded in their own process. (CVE-2011-3084)\n\n - Lenghty auto-filled values can corrupt the user interface. (CVE-2011-3085)\n\n - User-after free errors exist related to style elements, table handling, indexed DBs, GTK 'omnibox' handling, and corrupt font enconding names related to PDF handling. (CVE-2011-3086, CVE-2011-3089, CVE-2011-3091, CVE-2011-3096, CVE-2011-3099)\n\n - An error exists related to windows navigation. (CVE-2011-3087)\n\n - Out-of-bounds read errors exist to hairline drawing, glyph handling, Tibetan, OGG containers, PDF sampled functions and drawing dash paths. (CVE-2011-3088, CVE-2011-3093, CVE-2011-3094, CVE-2011-3095, CVE-2011-3097, CVE-2011-3100)\n\n - A race condition related to workers exists. (CVE-2011-3090)\n\n - An invalid write exists in the v8 regex processing. (CVE-2011-3092)\n\n - An error exists related to Windows Media Player plugin and the search path. (CVE-2011-3098)\n\n - An off-by-one out-of-bounds write error exists in libxml. (CVE-2011-3098)

See also :

http://www.nessus.org/u?ac840e6e

Solution :

Upgrade to Google Chrome 19.0.1084.46 or later.

Risk factor :

HIGH

References:
http://www.nessus.org/plugins/index.php?view=single&id=59117
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3083
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3084
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3085
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3086
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3087
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3088
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3089
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3090
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3091
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3092
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3093
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3094
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3095
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3096
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3097
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3098
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3099
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3100
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3102

Copyright Tenable Network Security Inc. 2012]]> 2012-05-17T19:31:00-05:00 http://www.tenablesecurity.com/6487.html Apple Hardware Detection The remote host is running an Apple device version: %L.

Solution :

Ensure that this hardware is authorized for your network

Risk factor :

INFO

Copyright Tenable Network Security Inc. 2012]]> 2012-05-16T15:30:00-05:00 http://www.tenablesecurity.com/6486.html iTunes AppleTV client detection The remote client is running the iTunes AppleTV application version : %L

See also :

www.apple.com

Solution :

Remove this software if its use does not match your organization's security policy.

Risk factor :

INFO

Copyright Tenable Network Security Inc. 2012]]> 2012-05-16T11:29:00-05:00 http://www.tenablesecurity.com/6485.html Dropbox Software Detection Dropbox is installed on the remote host. Dropbox is an application for storing and synchronizing files between computers, possibly outside the organization.

See also :

www.getdropbox.com

Solution :

Remove this software if its use does not match your organization's security policy.

Risk factor :

INFO

References:
http://www.nessus.org/plugins/index.php?view=single&id=35717

Copyright Tenable Network Security Inc. 2012]]> 2012-05-16T11:29:00-05:00 http://www.tenablesecurity.com/6484.html Safari < 5.1.7 Multiple Vulnerabilities Synopsis :\n\nThe remote host contains a web browser that is vulnerable to multiple attack vectors.\n\nThe remote host has Safari installed. For your information, the observed version of Safari is: \n %L \n\nVersions of Safari earlier than 5.1.7 are reportedly affected by several issues :\n\n - Two unspecified errors that can allow malicious sites to perform cross-site scripting attacks. (CVE-2011-3046, CVE-2011-3056)\n\n - An unspecified memory corruption error exists that can allows malicious sites to crash the application or potentially execute arbitrary code. (CVE-2012-0672)\n\n - A state-tracking issue exists that can allow malicious sites to populate HTML form values of other sites with arbitrary data. (CVE-2012-0676)\n

See also :

http://lists.apple.com/archives/security-announce/2012/May/msg00002.html

Solution :

Upgrade to Safari 5.1.7 or later.

Risk factor :

HIGH

References:
http://www.nessus.org/plugins/index.php?view=single&id=59068
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3046
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3056
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0672
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0676

Copyright Tenable Network Security Inc. 2012]]> 2012-05-14T15:32:00-05:00 http://www.tenablesecurity.com/6483.html Mac OS X 10.7 < 10.7.4 Multiple Vulnerabilities Synopsis :\n\nThe remote host is missing a Mac OS X update that fixes a security issue.\n\nFor your information, the observed version of Mac OS X is : \n %L \n\nThe remote host is running a version of Mac OS X 10.7 that is older than version 10.7.4. The newer version contains numerous security-related fixes for the following components :\n\n - Login Windows\n - Bluetooth\n - curl\n - HFS\n - Kernel\n - libarchive\n - libsecurity\n - libxml\n - LoginUIFramework\n - PHP\n - Quartz Composer\n - QuickTime\n - Ruby\n - Security Framework\n - Time Machine\n - X11\nIAVA Reference : 2012-A-0004\nIAVA Reference : 2012-A-0021\nIAVA Reference : 2012-A-0085\nSTIG Finding Severity : Category I

See also :

http://lists.apple.com/archives/security-announce/2012/May/msg00001.html

Solution :

Upgrade to Mac OS X 10.7.4 or later.

Risk factor :

HIGH

References:
http://www.nessus.org/plugins/index.php?view=single&id=59066
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1004
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1005
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1777
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1778
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1944
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2821
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2834
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2895
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3212
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3389
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3919
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4566
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4815
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4885
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0036
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0642
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0649
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0652
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0654
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0655
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0656
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0657
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0658
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0659
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0660
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0661
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0662
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0675
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0830

Copyright Tenable Network Security Inc. 2012]]> 2012-05-14T15:32:00-05:00 http://www.tenablesecurity.com/6482.html Apple iOS 3.0 through 5.1 Multiple Vulnerabilities Synopsis :\n\nThe remote host is vulnerable to multiple attack vectors.\n\nThe remote host is an iPhone, iPod Touch, or iPad running iOS. For your information, the observed version of iOS is : \n %L \n\nVersions of iOS 3.0 through 5.1 are potentially affected by multiple vulnerabilities. iOS 5.1.1 contains security fixes for the following products :\n\n - Safari\n\n - WebKit

See also :

http://lists.apple.com/archives/security-announce/2012/May/msg00000.html

Solution :

Upgrade to iOS 5.1.1 or later.

Risk factor :

HIGH

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2825
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2833
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2846
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2847
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2854
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2855
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2857
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2860
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2867
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2868
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2869
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2870
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2871
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2872
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2873
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2877
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3453
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3881
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3885
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3887
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3888
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3897
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3908
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3909
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3928
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0585
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0586
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0587
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0588
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0589
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0590
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0591
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0592
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0593
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0594
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0595
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0596
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0597
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0598
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0599
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0600
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0601
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0602
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0603
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0604
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0605
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0606
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0607
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0608
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0609
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0610
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0611
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0612
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0613
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0614
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0615
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0616
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0617
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0618
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0619
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0620
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0621
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0622
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0623
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0624
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0625
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0626
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0627
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0628
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0629
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0630
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0631
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0632
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0633
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0635
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0641
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0642
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0643
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0644
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0645
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0646
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0674
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3056
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3046
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0672

Copyright Tenable Network Security Inc. 2012]]> 2012-05-09T11:33:00-05:00 http://www.tenablesecurity.com/6481.html Epiphany Browser Version Detection The remote host is running the Epiphany browser version: %L

Solution :

N/A

Risk factor :

INFO

Copyright Tenable Network Security Inc. 2012]]> 2012-05-09T07:32:00-05:00 http://www.tenablesecurity.com/6480.html