Nessus.org Plugins
http://www.nessus.org/scripts.php
All the newest security checks for the Nessus scannerNessus Pluginshttp://www.nessus.org/images/RssLogo.jpg
http://www.nessus.org/
Moodle lib/kses.php Remote Code Execution Vulnerability
Synopsis :
The remote web server contains a PHP application that allows execution
of arbitrary code remotely.
Description :
The version of Moodle on the remote host includes a version of the
KSES HTML filtering library that does not safely call 'preg_replace()'
in the function 'kses_bad_protocol_once()' in 'lib/kses.php'. An
unauthenticated remote attacker can leverage this issue to inject
arbitrary PHP code that will be executed subject to the privileges of
the web server user id.
Note that there reportedly are also several cross-site scripting and
HTML filtering bypass issues in the version of the KSES library in
use, although Nessus has not tested for them explicitly.
Andreas Solberg discovered that libxml2 did not handle recursive entities
safely. If an application linked against libxml2 were made to process
a specially crafted XML document, a remote attacker could exhaust the
system's CPU resources, leading to a denial of service.
Sergei Golubchik reported that MySQL imposes no restrictions on the
specification of "DATA DIRECTORY" or "INDEX DIRECTORY" in SQL "CREATE
TABLE" statements.
Impact
An authenticated remote attacker could create MyISAM tables, specifying
DATA or INDEX directories that contain future table files by other
database users, or existing table files in the MySQL data directory,
gaining access to those tables.
Dyon Balding of Secunia Research reported an unspecified heap-based
buffer overflow in the Shockwave Flash (SWF) frame handling.
Impact
By enticing a user to open a specially crafted SWF (Shockwave Flash)
file, a remote attacker could be able to execute arbitrary code with
the privileges of the user running the application.
Solution:
All RealPlayer users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=media-video/realplayer-11.0.0.4028-r1"
Risk factor : Medium
]]>
http://www.nessus.org/plugins/index.php?view=single&id=34092
?[GLSA-200809-02] dnsmasq: Denial of Service and DNS spoofing
(dnsmasq: Denial of Service and DNS spoofing)
Dan Kaminsky of IOActive reported that dnsmasq does not randomize UDP
source ports when forwarding DNS queries to a recursing DNS server
(CVE-2008-1447).
Carlos Carvalho reported that dnsmasq in the 2.43 version does not
properly handle clients sending inform or renewal queries for unknown
DHCP leases, leading to a crash (CVE-2008-3350).
Impact
A remote attacker could send spoofed DNS response traffic to dnsmasq,
possibly involving generating queries via multiple vectors, and spoof
DNS replies, which could e.g. lead to the redirection of web or mail
traffic to malicious sites. Furthermore, an attacker could generate
invalid DHCP traffic and cause a Denial of Service.
Solution:
All dnsmasq users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-dns/dnsmasq-2.45"
Risk factor : Medium
]]>
http://www.nessus.org/plugins/index.php?view=single&id=34091
?[GLSA-200809-01] yelp: User-assisted execution of arbitrary code
(yelp: User-assisted execution of arbitrary code)
Aaron Grattafiori reported a format string vulnerability in the
window_error() function in yelp-window.c.
Impact
A remote attacker can entice a user to open specially crafted "man:" or
"ghelp:" URIs in yelp, or an application using yelp such as Firefox or
Evolution, and execute arbitrary code with the privileges of that user.
Solution:
All yelp users running GNOME 2.22 should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=gnome-extra/yelp-2.22.1-r2"
All yelp users running GNOME 2.20 should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=gnome-extra/yelp-2.20.0-r1"
Risk factor : Medium
]]>
http://www.nessus.org/plugins/index.php?view=single&id=34090
?FreeBSD : php -- input validation error in safe_mode (1154)
The remote host is missing an update to the system
The following package is affected: php5
Solution : Update the package on the remote host
See also :
]]>
http://www.nessus.org/plugins/index.php?view=single&id=34089
?[DSA1634] DSA-1634-1 wordnet
Rob Holland discovered several programming errors in WordNet, an
electronic lexical database of the English language. These flaws could
allow arbitrary code execution when used with untrusted input, for
example when WordNet is in use as a back end for a web application.
For the stable distribution (etch), these problems have been fixed in
version 1:2.1-4+etch1.
Solution : http://www.debian.org/security/2008/dsa-1634
Risk factor : High]]>
http://www.nessus.org/plugins/index.php?view=single&id=34088
?[DSA1633] DSA-1633-1 slash
It has been discovered that Slash, the Slashdot Like Automated
Storytelling Homepage suffers from two vulnerabilities related to
insufficient input sanitation, leading to execution of SQL commands
(CVE-2008-2231) and cross-site scripting (CVE-2008-2553).
For the stable distribution (etch), these problems have been fixed in
version 2.2.6-8etch1.
Solution : http://www.debian.org/security/2008/dsa-1633
Risk factor : High]]>
http://www.nessus.org/plugins/index.php?view=single&id=34087
?SSA-2008-247-01 php
New php packages are available for Slackware 10.2 and 11.0 to fix security
issues. These releases are the last to contain PHP 4.4.x, which was upgraded
to version 4.4.9 to fix PCRE issues and other bugs.
Please note that this is the FINAL release of PHP4, and it has already passed
the announced end-of-life. Sites should seriously consider migrating to PHP5
rather than upgrading to php-4.4.9.
The remote Windows host has an application that is affected by a
buffer overflow vulnerability.
Description :
The installed version of Novell iPrint Client is affected by a buffer
overflow vulnerability.
By passing very long arguments to either 'GetPrinterURLList()',
'GetPrinterURLList2()', or 'GetFileList2()' functions available in
ActiveX control 'ienipp.ocx', it may be possible to cause a heap-based
buffer overflow in function 'IppCreateServerRef()' provided by
'nipplib.dll'.
Successful exploitation of this issue may result in arbitrary code
execution on the remote system.
- Novell iPrint Client for Vista 5.08 or
- Novell iPrint Client for Windows 4.38
Risk factor :
High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)]]>
http://www.nessus.org/plugins/index.php?view=single&id=34085
?Default password (trans) for 'trans' account
Synopsis :
An account on the remote host uses a known password.
Description :
The account 'trans' on the remote host has the password 'trans'. An
attacker may leverage this issue to gain access to the affected system
and launch further attacks against it.
Solution :
Change the password for this account or disable it.
Risk factor :
High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)]]>
http://www.nessus.org/plugins/index.php?view=single&id=34084
?Unpassworded 'r00t' account
Synopsis :
An account on the remote host does not have a password.
Description :
The account 'r00t' on the remote host has no password. An attacker
may leverage this issue to gain access to the affected system and
launch further attacks against it.
Solution :
Set a password for this account or disable it.
Risk factor :
Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)]]>
http://www.nessus.org/plugins/index.php?view=single&id=34083
?Default password (bank) for 'bank' account
Synopsis :
An account on the remote host uses a known password.
Description :
The account 'bank' on the remote host has the password 'bank'. An
attacker may leverage this issue to gain access to the affected system
and launch further attacks against it.
Solution :
Change the password for this account or disable it.
Risk factor :
High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)]]>
http://www.nessus.org/plugins/index.php?view=single&id=34082
?Default password (admin) for 'admin' account
Synopsis :
The remote system can be accessed with a default administrator
account.
Description :
The account 'admin' on the remote host has the password 'admin'. An
attacker may leverage this issue to gain access to the affected system
and launch further attacks against it.
Solution :
Change the password for this account or disable it.
These remote packages are missing security patches :
- libtiff-opengl
- libtiff-tools
- libtiff4
- libtiff4-dev
- libtiffxx0c2
Description :
Drew Yao discovered that the TIFF library did not correctly validate LZW
compressed TIFF images. If a user or automated system were tricked into
processing a malicious image, a remote attacker could execute arbitrary
code or cause an application linked against libtiff to crash, leading
to a denial of service.
Risk factor : High
]]>
http://www.nessus.org/plugins/index.php?view=single&id=34080
?SuSE Security Update: Security update for vsftpd (vsftpd-5388)
Synopsis :
The remote SuSE system is missing the security patch vsftpd-5388.
Description :
This update of vsftpd fixes a memory leak that can occur
during authentication. (CVE-2008-2375) Additionally
non-security bugs for SLES10 were fixed. There were some
issues with simultaneous FTP PUT of the same file name that
lead to a corrupted file on the server.
The remote SuSE system is missing the security patch opensc-5493.
Description :
This update fix a security issues with opensc that occurs
during initializing blank smart cards with Siemens CardOS
M4. It allows to set the PIN of the smart card without
authorization. (CVE-2008-2235)
NOTE: Already initialized cards are still vulnerable after
this update. Please use the command-line tool pkcs15-tool
with option --test-update and --update when necessary.