Summary

This document reports on the results of an automatic security scan. The report first summarises the results found. Then, for each host, the report describes every issue found. Please consider the advice given in each description, in order to rectify the issue.

Vendor security updates are not trusted.

Overrides are on. When a result has an override, this report uses the threat of the override.

Information on overrides is included in the report.

Notes are included in the report.

This report might not show details of all issues that were found. It only lists hosts that produced issues. Issues with the threat level "Log" are not shown. Issues with the threat level "Debug" are not shown. Issues with the threat level "False Positive" are not shown. Only results with a minimum QoD of 70 are shown.

This report contains all 530 results selected by the filtering described above. Before filtering there were 1673 results.

All dates are displayed using the timezone "Coordinated Universal Time", which is abbreviated "UTC".

Scan started: Thu Mar 8 04:42:01 2018 UTC
Scan ended: Thu Mar 8 05:26:35 2018 UTC
Task: bWapp

Host Summary

Host Start End High Medium Low Log False Positive
192.168.52.147 Mar 8, 04:42:26 Mar 8, 05:26:35 298 217 15 0 0
Total: 1 298 217 15 0 0

Results per Host

Host 192.168.52.147

Scanning of this host started at: Thu Mar 8 04:42:26 2018 UTC
Number of results: 530

Port Summary for Host 192.168.52.147

Service (Port) Threat Level
25/tcp Medium
8080/tcp High
8443/tcp High
512/tcp High
22/tcp Medium
21/tcp Medium
80/tcp High
3632/tcp High
general/tcp High
9080/tcp High
443/tcp High
9443/tcp High

Security Issues for Host 192.168.52.147

general/tcp
High (CVSS: 10.0)
NVT: Ubuntu Update for gnutls12, gnutls13 vulnerabilities USN-613-1 (OID: 1.3.6.1.4.1.25623.1.0.840331)
Summary

Ubuntu Update for Linux kernel vulnerabilities USN-613-1

Vulnerability Detection Result
Package libgnutls13 version 2.0.4-1ubuntu2 is installed which is known to be vulnerable.
Solution

Solution type: VendorFix

Please Install the Updated Packages.

Affected Software/OS

gnutls12, gnutls13 vulnerabilities on Ubuntu 6.06 LTS , Ubuntu 7.04 , Ubuntu 7.10 , Ubuntu 8.04 LTS

Vulnerability Insight

Multiple flaws were discovered in the connection handling of GnuTLS. A remote attacker could exploit this to crash applications linked against GnuTLS, or possibly execute arbitrary code with permissions of the application's user.

Vulnerability Detection Method

Details: Ubuntu Update for gnutls12, gnutls13 vulnerabilities USN-613-1 (OID: 1.3.6.1.4.1.25623.1.0.840331)

Version used: $Revision: 7969 $

References

CVE: CVE-2008-1948, CVE-2008-1949, CVE-2008-1950
Other: http://www.ubuntu.com/usn/usn-613-1/
USN:613-1

general/tcp
High (CVSS: 10.0)
NVT: Ubuntu USN-767-1 (freetype) (OID: 1.3.6.1.4.1.25623.1.0.64147)
Summary

The remote host is missing an update to freetype announced via advisory USN-767-1.

Vulnerability Detection Result
Package libfreetype6 version 2.3.5-1ubuntu4 is installed which is known to be vulnerable.
Package acpid version 1.0.4-5ubuntu9 is installed which is known to be vulnerable.
Package firefox-gnome-support version 3.0~b5+nobinonly-0ubuntu3 is installed which is known to be vulnerable.
Package xulrunner-1.9-gnome-support version 1.9~b5+nobinonly-0ubuntu3 is installed which is known to be vulnerable.
Package xulrunner-1.9 version 1.9~b5+nobinonly-0ubuntu3 is installed which is known to be vulnerable.
Solution

Solution type: VendorFix

The problem can be corrected by upgrading your system to the following package versions:

Ubuntu 6.06 LTS: libfreetype6 2.1.10-1ubuntu2.6

Ubuntu 8.04 LTS: libfreetype6 2.3.5-1ubuntu4.8.04.2

Ubuntu 8.10: libfreetype6 2.3.7-2ubuntu1.1

Ubuntu 9.04: libfreetype6 2.3.9-4ubuntu0.1

After a standard system upgrade you need to restart your session to effect the necessary changes.

https://secure1.securityspace.com/smysecure/catid.html?in=USN-767-1

Vulnerability Insight

Tavis Ormandy discovered that FreeType did not correctly handle certain large values in font files. If a user were tricked into using a specially crafted font file, a remote attacker could execute arbitrary code with user privileges.

Vulnerability Detection Method

Details: Ubuntu USN-767-1 (freetype) (OID: 1.3.6.1.4.1.25623.1.0.64147)

Version used: $Revision: 7969 $

References

CVE: CVE-2009-0946, CVE-2008-5814, CVE-2009-1271, CVE-2009-0798, CVE-2009-1313
CERT: DFN-CERT-2010-0588, DFN-CERT-2010-0482, DFN-CERT-2010-0263, DFN-CERT-2009-1726, DFN-CERT-2009-1527, DFN-CERT-2009-1333, DFN-CERT-2009-1329, DFN-CERT-2009-0622
Other: http://www.ubuntu.com/usn/usn-767-1/

general/tcp
High (CVSS: 10.0)
NVT: Adobe Flash Player Multiple Vulnerabilities -01 July15 (Linux) (OID: 1.3.6.1.4.1.25623.1.0.805919)
Summary

This host is installed with Adobe Flash Player and is prone to multiple vulnerabilities.

Vulnerability Detection Result
Installed version: 10.3.183.68
Fixed version:     11.2.202.491
Impact

Successful exploitation will allow remote attackers to conduct denial of service attack and potentially execute arbitrary code in the context of the affected user.

Impact Level: System/Application.

Solution

Solution type: VendorFix

Upgrade to Adobe Flash Player version 11.2.202.491 or later. For updates refer to http://get.adobe.com/flashplayer

Affected Software/OS

Adobe Flash Player version 11.2.202.481 and prior on Linux.

Vulnerability Insight

Multiple flaws exist due to, - An use-after-free error triggered by freeing a TextLine object within the 'valueOf' function of a custom class when setting the TextLine's opaqueBackground. - An unspecified error.

Vulnerability Detection Method

Get the installed version with the help of detect NVT and check the version is vulnerable or not.

Details: Adobe Flash Player Multiple Vulnerabilities -01 July15 (Linux) (OID: 1.3.6.1.4.1.25623.1.0.805919)

Version used: $Revision: 6376 $

References

CVE: CVE-2015-5122, CVE-2015-5123
CERT: CB-K15/1266, CB-K15/0976, DFN-CERT-2015-1332, DFN-CERT-2015-1033
Other: https://helpx.adobe.com/security/products/flash-player/apsa15-04.html
https://helpx.adobe.com/security/products/flash-player/apsb15-18.html

general/tcp
High (CVSS: 10.0)
NVT: Ubuntu Update for Firefox and Xulrunner vulnerability USN-957-2 (OID: 1.3.6.1.4.1.25623.1.0.840471)
Summary

Ubuntu Update for Linux kernel vulnerabilities USN-957-2

Vulnerability Detection Result
Package firefox-gnome-support version 3.0~b5+nobinonly-0ubuntu3 is installed which is known to be vulnerable.
Solution

Solution type: VendorFix

Please Install the Updated Packages.

Affected Software/OS

Firefox and Xulrunner vulnerability on Ubuntu 8.04 LTS , Ubuntu 10.04 LTS

Vulnerability Insight

USN-957-1 fixed vulnerabilities in Firefox and Xulrunner. Daniel Holbert discovered that the fix for CVE-2010-1214 introduced a regression which did not properly initialize a plugin pointer. If a user were tricked into viewing a malicious site, a remote attacker could use this to crash the browser or run arbitrary code as the user invoking the program. (CVE-2010-2755)

This update fixes the problem. Original advisory details: Several flaws were discovered in the browser engine of Firefox. If a user were tricked into viewing a malicious site, a remote attacker could use this to crash the browser or possibly run arbitrary code as the user invoking the program. (CVE-2010-1208, CVE-2010-1209, CVE-2010-1211, CVE-2010-1212) An integer overflow was discovered in how Firefox processed plugin parameters. An attacker could exploit this to crash the browser or possibly run arbitrary code as the user invoking the program. (CVE-2010-1214) A flaw was discovered in the Firefox JavaScript engine. If a user were tricked into viewing a malicious site, a remote attacker code execute arbitrary JavaScript with chrome privileges. (CVE-2010-1215) An integer overflow was discovered in how Firefox processed CSS values. An attacker could exploit this to crash the browser or possibly run arbitrary code as the user invoking the program. (CVE-2010-2752) An integer overflow was discovered in how Firefox interpreted the XUL &lt tree&gt element. If a user were tricked into viewing a malicious site, a remote attacker could use this to crash the browser or possibly run arbitrary code as the user invoking the program. (CVE-2010-2753) Aki Helin discovered that libpng did not properly handle certain malformed PNG images. If a user were tricked into opening a crafted PNG file, an attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2010-1205) Yosuke Hasegawa and Vladimir Vukicevic discovered that the same-origin check in Firefox could be bypassed by utilizing the importScripts Web Worker method. If a user were tricked into viewing a malicious website, an attacker could exploit this to read data from other domains. (CVE-2010-1213, CVE-2010-1207) O. Andersen that Firefox did not properly map undefined positions within certain 8 bit encodings. An attacker could utilize this to perform cross-site scripting attacks. (CVE-2010-1210) Michal Zalewski discovered flaws in how Firefox processed the HTT ...

Description truncated, for more information please check the Reference URL

Vulnerability Detection Method

Details: Ubuntu Update for Firefox and Xulrunner vulnerability USN-957-2 (OID: 1.3.6.1.4.1.25623.1.0.840471)

Version used: $Revision: 8250 $

References

CVE: CVE-2010-2755, CVE-2010-1214, CVE-2010-1208, CVE-2010-1209, CVE-2010-1211, CVE-2010-1212, CVE-2010-1215, CVE-2010-2752, CVE-2010-2753, CVE-2010-1205, CVE-2010-1213, CVE-2010-1207, CVE-2010-1210, CVE-2010-1206, CVE-2010-2751, CVE-2010-0654, CVE-2010-2754
CERT: DFN-CERT-2011-0409, DFN-CERT-2010-1745, DFN-CERT-2010-1743, DFN-CERT-2010-1513, DFN-CERT-2010-1347, DFN-CERT-2010-1271, DFN-CERT-2010-1247, DFN-CERT-2010-1200, DFN-CERT-2010-1147, DFN-CERT-2010-1142, DFN-CERT-2010-1066, DFN-CERT-2010-1019, DFN-CERT-2010-0965, DFN-CERT-2010-0952, DFN-CERT-2010-0942, DFN-CERT-2010-0940, DFN-CERT-2010-0939, DFN-CERT-2010-0938, DFN-CERT-2010-0937, DFN-CERT-2010-0934, DFN-CERT-2010-0933, DFN-CERT-2010-0932, DFN-CERT-2010-0928, DFN-CERT-2010-0927, DFN-CERT-2010-0926, DFN-CERT-2010-0925, DFN-CERT-2010-0921, DFN-CERT-2010-0916, DFN-CERT-2010-0908, DFN-CERT-2010-0904, DFN-CERT-2010-0853, DFN-CERT-2010-0846
Other: http://www.ubuntu.com/usn/usn-957-2/
USN:957-2

general/tcp
High (CVSS: 10.0)
NVT: Ubuntu USN-719-1 (libpam-krb5) (OID: 1.3.6.1.4.1.25623.1.0.64166)
Summary

The remote host is missing an update to libpam-krb5 announced via advisory USN-719-1.

Vulnerability Detection Result
Package php5 version 5.2.4-2ubuntu5 is installed which is known to be vulnerable.
Package libapache2-mod-php5 version 5.2.4-2ubuntu5 is installed which is known to be vulnerable.
Package php5-cgi version 5.2.4-2ubuntu5 is installed which is known to be vulnerable.
Package php5-cli version 5.2.4-2ubuntu5 is installed which is known to be vulnerable.
Package php5-common version 5.2.4-2ubuntu5 is installed which is known to be vulnerable.
Package php5-gd version 5.2.4-2ubuntu5 is installed which is known to be vulnerable.
Package php5-ldap version 5.2.4-2ubuntu5 is installed which is known to be vulnerable.
Package php5-mysql version 5.2.4-2ubuntu5 is installed which is known to be vulnerable.
Package php5-sqlite version 5.2.4-2ubuntu5 is installed which is known to be vulnerable.
Solution

Solution type: VendorFix

The problem can be corrected by upgrading your system to the following package versions:

Ubuntu 8.04 LTS: libpam-krb5 3.10-1ubuntu0.8.04.1

Ubuntu 8.10: libpam-krb5 3.10-1ubuntu0.8.10.1

In general, a standard system upgrade is sufficient to effect the necessary changes.

https://secure1.securityspace.com/smysecure/catid.html?in=USN-719-1

Vulnerability Insight

It was discovered that pam_krb5 parsed environment variables when run with setuid applications. A local attacker could exploit this flaw to bypass authentication checks and gain root privileges. (CVE-2009-0360)

Derek Chan discovered that pam_krb5 incorrectly handled refreshing existing credentials when used with setuid applications. A local attacker could exploit this to create or overwrite arbitrary files, and possibly gain root privileges. (CVE-2009-0361)

Vulnerability Detection Method

Details: Ubuntu USN-719-1 (libpam-krb5) (OID: 1.3.6.1.4.1.25623.1.0.64166)

Version used: $Revision: 7969 $

References

CVE: CVE-2009-0360, CVE-2009-0361, CVE-2007-3996, CVE-2007-5900, CVE-2008-3658, CVE-2008-3659, CVE-2008-3660, CVE-2008-5557, CVE-2008-5624, CVE-2008-5625, CVE-2008-5658, CVE-2007-5625, CVE-2007-6420, CVE-2008-1232, CVE-2008-1947, CVE-2008-2364, CVE-2008-2370, CVE-2008-2938, CVE-2008-2939
CERT: DFN-CERT-2012-1832, DFN-CERT-2010-0712, DFN-CERT-2010-0588, DFN-CERT-2010-0263, DFN-CERT-2009-1725, DFN-CERT-2009-1497, DFN-CERT-2009-1418, DFN-CERT-2009-0251
Other: http://www.ubuntu.com/usn/usn-719-1/

general/tcp
High (CVSS: 10.0)
NVT: Ubuntu Update for Firefox 3.0 and Xulrunner 1.9 vulnerabilities USN-895-1 (OID: 1.3.6.1.4.1.25623.1.0.840390)
Summary

Ubuntu Update for Linux kernel vulnerabilities USN-895-1

Vulnerability Detection Result
Package xulrunner-1.9-gnome-support version 1.9~b5+nobinonly-0ubuntu3 is installed which is known to be vulnerable.
Solution

Solution type: VendorFix

Please Install the Updated Packages.

Affected Software/OS

Firefox 3.0 and Xulrunner 1.9 vulnerabilities on Ubuntu 8.04 LTS , Ubuntu 8.10 , Ubuntu 9.04

Vulnerability Insight

Several flaws were discovered in the browser engine of Firefox. If a user were tricked into viewing a malicious website, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2010-0159)

Orlando Barrera II discovered a flaw in the Web Workers implementation of Firefox. If a user were tricked into posting to a malicious website, an attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2010-0160) Alin Rad Pop discovered that Firefox's HTML parser would incorrectly free memory under certain circumstances. If the browser could be made to access these freed memory objects, an attacker could exploit this to execute arbitrary code with the privileges of the user invoking the program. (CVE-2009-1571) Hidetake Jo discovered that the showModalDialog in Firefox did not always honor the same-origin policy. An attacker could exploit this to run untrusted JavaScript from other domains. (CVE-2009-3988) Georgi Guninski discovered that the same-origin check in Firefox could be bypassed by utilizing a crafted SVG image. If a user were tricked into viewing a malicious website, an attacker could exploit this to read data from other domains. (CVE-2010-0162)

Vulnerability Detection Method

Details: Ubuntu Update for Firefox 3.0 and Xulrunner 1.9 vulnerabilities USN-895-1 (OID: 1.3.6.1.4.1.25623.1.0.840390)

Version used: $Revision: 8510 $

References

CVE: CVE-2009-1571, CVE-2009-3988, CVE-2010-0159, CVE-2010-0160, CVE-2010-0162
CERT: DFN-CERT-2010-0593, DFN-CERT-2010-0369, DFN-CERT-2010-0306, DFN-CERT-2010-0281, DFN-CERT-2010-0280, DFN-CERT-2010-0279, DFN-CERT-2010-0257, DFN-CERT-2010-0255, DFN-CERT-2010-0245, DFN-CERT-2010-0239, DFN-CERT-2010-0238
Other: http://www.ubuntu.com/usn/usn-895-1/
USN:895-1

512/tcp
High (CVSS: 10.0)
NVT: Check for rexecd Service (OID: 1.3.6.1.4.1.25623.1.0.100111)
Summary

Rexecd Service is running at this Host. Rexecd (Remote Process Execution) has the same kind of functionality that rsh has : you can execute shell commands on a remote computer.

The main difference is that rexecd authenticate by reading the username and password *unencrypted* from the socket.

Vulnerability Detection Result
The rexecd Service is not allowing connections from this host.
Solution

Solution type: Mitigation

Disable rexec Service.

Vulnerability Detection Method

Details: Check for rexecd Service (OID: 1.3.6.1.4.1.25623.1.0.100111)

Version used: $Revision: 6849 $

References

Other: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-1999-0618

general/tcp
High (CVSS: 10.0)
NVT: Ubuntu Update for Firefox 3.0 and Xulrunner vulnerabilities USN-920-1 (OID: 1.3.6.1.4.1.25623.1.0.840418)
Summary

Ubuntu Update for Linux kernel vulnerabilities USN-920-1

Vulnerability Detection Result
Package xulrunner-1.9-gnome-support version 1.9~b5+nobinonly-0ubuntu3 is installed which is known to be vulnerable.
Solution

Solution type: VendorFix

Please Install the Updated Packages.

Affected Software/OS

Firefox 3.0 and Xulrunner vulnerabilities on Ubuntu 8.04 LTS , Ubuntu 8.10 , Ubuntu 9.04

Vulnerability Insight

Martijn Wargers, Josh Soref, Jesse Ruderman, and Ehsan Akhgari discovered flaws in the browser engine of Firefox. If a user were tricked into viewing a malicious website, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2010-0174)

It was discovered that Firefox could be made to access previously freed memory. If a user were tricked into viewing a malicious website, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2010-0175, CVE-2010-0176, CVE-2010-0177) Paul Stone discovered that Firefox could be made to change a mouse click into a drag and drop event. If the user could be tricked into performing this action twice on a crafted website, an attacker could execute arbitrary JavaScript with chrome privileges. (CVE-2010-0178) It was discovered that the XMLHttpRequestSpy module as used by the Firebug add-on could be used to escalate privileges within the browser. If the user had the Firebug add-on installed and were tricked into viewing a malicious website, an attacker could potentially run arbitrary JavaScript. (CVE-2010-0179)

Vulnerability Detection Method

Details: Ubuntu Update for Firefox 3.0 and Xulrunner vulnerabilities USN-920-1 (OID: 1.3.6.1.4.1.25623.1.0.840418)

Version used: $Revision: 8244 $

References

CVE: CVE-2010-0174, CVE-2010-0175, CVE-2010-0176, CVE-2010-0177, CVE-2010-0178, CVE-2010-0179
CERT: DFN-CERT-2011-0018, DFN-CERT-2010-1743, DFN-CERT-2010-1682, DFN-CERT-2010-1673, DFN-CERT-2010-1669, DFN-CERT-2010-0928, DFN-CERT-2010-0926, DFN-CERT-2010-0775, DFN-CERT-2010-0579, DFN-CERT-2010-0544, DFN-CERT-2010-0525, DFN-CERT-2010-0495, DFN-CERT-2010-0480, DFN-CERT-2010-0479, DFN-CERT-2010-0474, DFN-CERT-2010-0473, DFN-CERT-2010-0458, DFN-CERT-2010-0457, DFN-CERT-2010-0450, DFN-CERT-2010-0449, DFN-CERT-2010-0443, DFN-CERT-2010-0441
Other: http://www.ubuntu.com/usn/usn-920-1/
USN:920-1

general/tcp
High (CVSS: 10.0)
NVT: Adobe Flash Player Use-After-Free Vulnerability July15 (Linux) (OID: 1.3.6.1.4.1.25623.1.0.805904)
Summary

This host is installed with Adobe Flash Player and is prone to multiple vulnerabilities.

Vulnerability Detection Result
Installed version: 10.3.183.68
Fixed version:     11.2.202.481
Impact

Successful exploitation will allow remote attackers to gain access to potentially sensitive information, conduct denial of service attack and potentially execute arbitrary code in the context of the affected user.

Impact Level: System/Application.

Solution

Solution type: VendorFix

Upgrade to Adobe Flash Player version 11.2.202.481 or later. For updates refer to http://get.adobe.com/flashplayer

Affected Software/OS

Adobe Flash Player versions before 11.2.202.481 on Linux.

Vulnerability Insight

Multiple flaws exist due to, - An use-after-free error in 'ByteArray' class. - Multiple heap based buffer overflow errors. - Multiple memory corruption errors. - Multiple null pointer dereference errors. - Multiple unspecified errors. - A type confusion error. - Multiple use-after-free vulnerabilities.

Vulnerability Detection Method

Get the installed version with the help of detect NVT and check the version is vulnerable or not.

Details: Adobe Flash Player Use-After-Free Vulnerability July15 (Linux) (OID: 1.3.6.1.4.1.25623.1.0.805904)

Version used: $Revision: 6391 $

References

CVE: CVE-2015-5119, CVE-2014-0578, CVE-2015-3114, CVE-2015-3115, CVE-2015-3116, CVE-2015-3117, CVE-2015-3118, CVE-2015-3119, CVE-2015-3120, CVE-2015-3121, CVE-2015-3122, CVE-2015-3123, CVE-2015-3124, CVE-2015-3125, CVE-2015-3126, CVE-2015-3127, CVE-2015-3128, CVE-2015-3129, CVE-2015-3130, CVE-2015-3131, CVE-2015-3132, CVE-2015-3133, CVE-2015-3134, CVE-2015-3135, CVE-2015-3136, CVE-2015-3137, CVE-2015-4428, CVE-2015-4429, CVE-2015-4430, CVE-2015-4431, CVE-2015-4432, CVE-2015-4433, CVE-2015-5116, CVE-2015-5117, CVE-2015-5118
BID: 75568, 75594, 75593, 75591, 75590, 75595, 75596, 75592
CERT: CB-K15/0952, DFN-CERT-2015-0996
Other: https://www.kb.cert.org/vuls/id/561288
https://helpx.adobe.com/security/products/flash-player/apsa15-03.html
https://helpx.adobe.com/security/products/flash-player/apsb15-16.html
http://blog.trendmicro.com/trendlabs-security-intelligence/unpatched-flash-player-flaws-more-pocs-found-in-hacking-team-leak

general/tcp
High (CVSS: 10.0)
NVT: Ubuntu Update for firefox-3.0, xulrunner-1.9 vulnerabilities USN-690-1 (OID: 1.3.6.1.4.1.25623.1.0.840340)
Summary

Ubuntu Update for Linux kernel vulnerabilities USN-690-1

Vulnerability Detection Result
Package firefox-gnome-support version 3.0~b5+nobinonly-0ubuntu3 is installed which is known to be vulnerable.
Solution

Solution type: VendorFix

Please Install the Updated Packages.

Affected Software/OS

firefox-3.0, xulrunner-1.9 vulnerabilities on Ubuntu 8.04 LTS , Ubuntu 8.10

Vulnerability Insight

Several flaws were discovered in the browser engine. These problems could allow an attacker to crash the browser and possibly execute arbitrary code with user privileges. (CVE-2008-5500, CVE-2008-5501, CVE-2008-5502)

It was discovered that Firefox did not properly handle persistent cookie data. If a user were tricked into opening a malicious website, an attacker could write persistent data in the user's browser and track the user across browsing sessions. (CVE-2008-5505) Marius Schilder discovered that Firefox did not properly handle redirects to an outside domain when an XMLHttpRequest was made to a same-origin resource. It's possible that sensitive information could be revealed in the XMLHttpRequest response. (CVE-2008-5506) Chris Evans discovered that Firefox did not properly protect a user's data when accessing a same-domain Javascript URL that is redirected to an unparsable Javascript off-site resource. If a user were tricked into opening a malicious website, an attacker may be able to steal a limited amount of private data. (CVE-2008-5507) Chip Salzenberg, Justin Schuh, Tom Cross, and Peter William discovered Firefox did not properly parse URLs when processing certain control characters. (CVE-2008-5508) Kojima Hajime discovered that Firefox did not properly handle an escaped null character. An attacker may be able to exploit this flaw to bypass script sanitization. (CVE-2008-5510) Several flaws were discovered in the Javascript engine. If a user were tricked into opening a malicious website, an attacker could exploit this to execute arbitrary Javascript code within the context of another website or with chrome privileges. (CVE-2008-5511, CVE-2008-5512) Flaws were discovered in the session-restore feature of Firefox. If a user were tricked into opening a malicious website, an attacker could exploit this to perform cross-site scripting attacks or execute arbitrary Javascript code with chrome privileges. (CVE-2008-5513)

Vulnerability Detection Method

Details: Ubuntu Update for firefox-3.0, xulrunner-1.9 vulnerabilities USN-690-1 (OID: 1.3.6.1.4.1.25623.1.0.840340)

Version used: $Revision: 7969 $

References

CVE: CVE-2008-5500, CVE-2008-5501, CVE-2008-5502, CVE-2008-5505, CVE-2008-5506, CVE-2008-5507, CVE-2008-5508, CVE-2008-5510, CVE-2008-5511, CVE-2008-5512, CVE-2008-5513
Other: http://www.ubuntu.com/usn/usn-690-1/
USN:690-1

general/tcp
High (CVSS: 10.0)
NVT: Ubuntu USN-806-1 (python2.5) (OID: 1.3.6.1.4.1.25623.1.0.64488)
Summary

The remote host is missing an update to python2.5 announced via advisory USN-806-1.

Vulnerability Detection Result
Package python2.5-dbg version 2.5.2-2ubuntu4 is installed which is known to be vulnerable.
Package python2.5-dev version 2.5.2-2ubuntu4 is installed which is known to be vulnerable.
Package python2.5-minimal version 2.5.2-2ubuntu4 is installed which is known to be vulnerable.
Package python2.5 version 2.5.2-2ubuntu4 is installed which is known to be vulnerable.
Solution

Solution type: VendorFix

The problem can be corrected by upgrading your system to the following package versions:

Ubuntu 6.06 LTS: python2.4 2.4.3-0ubuntu6.3 python2.4-minimal 2.4.3-0ubuntu6.3

Ubuntu 8.04 LTS: python2.4 2.4.5-1ubuntu4.2 python2.4-minimal 2.4.5-1ubuntu4.2 python2.5 2.5.2-2ubuntu6 python2.5-minimal 2.5.2-2ubuntu6

Ubuntu 8.10: python2.4 2.4.5-5ubuntu1.1 python2.4-minimal 2.4.5-5ubuntu1.1

After a standard system upgrade you need to reboot your computer to effect the necessary changes.

https://secure1.securityspace.com/smysecure/catid.html?in=USN-806-1

Vulnerability Insight

It was discovered that Python incorrectly handled certain arguments in the imageop module. If an attacker were able to pass specially crafted arguments through the crop function, they could execute arbitrary code with user privileges. For Python 2.5, this issue only affected Ubuntu 8.04 LTS. (CVE-2008-4864)

Multiple integer overflows were discovered in Python's stringobject and unicodeobject expandtabs method. If an attacker were able to exploit these flaws they could execute arbitrary code with user privileges or cause Python applications to crash, leading to a denial of service. (CVE-2008-5031)

Vulnerability Detection Method

Details: Ubuntu USN-806-1 (python2.5) (OID: 1.3.6.1.4.1.25623.1.0.64488)

Version used: $Revision: 7969 $

References

CVE: CVE-2008-4864, CVE-2008-5031
CERT: DFN-CERT-2009-1644
Other: http://www.ubuntu.com/usn/usn-806-1/

general/tcp
High (CVSS: 10.0)
NVT: Adobe Flash Player Multiple Vulnerabilities-01 Aug14 (Linux) (OID: 1.3.6.1.4.1.25623.1.0.804744)
Summary

This host is installed with Adobe Flash Player and is prone to multiple vulnerabilities.

Vulnerability Detection Result

Vulnerability was detected according to the Vulnerability Detection Method.

Impact

Successful exploitation will allow attackers to bypass certain security restrictions and compromise a user's system.

Impact Level: System/Application

Solution

Solution type: VendorFix

Update to Adobe Flash Player version 11.2.202.400 or later, For updates refer to http://get.adobe.com/flashplayer

Affected Software/OS

Adobe Flash Player version 11.2.202.400 on Linux

Vulnerability Insight

Multiple Flaws are due to an unspecified error and an use-after-free error.

Vulnerability Detection Method

Get the installed version with the help of detect NVT and check the version is vulnerable or not.

Details: Adobe Flash Player Multiple Vulnerabilities-01 Aug14 (Linux) (OID: 1.3.6.1.4.1.25623.1.0.804744)

Version used: $Revision: 6769 $

References

CVE: CVE-2014-0538, CVE-2014-0540, CVE-2014-0541, CVE-2014-0542, CVE-2014-0543, CVE-2014-0544, CVE-2014-0545, CVE-2014-5333
BID: 69192, 69190, 69191, 69194, 69195, 69196, 69197, 69320
CERT: CB-K14/1004, DFN-CERT-2014-1052
Other: http://secunia.com/advisories/58593
http://helpx.adobe.com/security/products/flash-player/apsb14-18.html

general/tcp
High (CVSS: 10.0)
NVT: Ubuntu Update for firefox, firefox-3.0, xulrunner-1.9 vulnerabilities USN-667-1 (OID: 1.3.6.1.4.1.25623.1.0.840223)
Summary

Ubuntu Update for Linux kernel vulnerabilities USN-667-1

Vulnerability Detection Result
Package firefox-gnome-support version 3.0~b5+nobinonly-0ubuntu3 is installed which is known to be vulnerable.
Solution

Solution type: VendorFix

Please Install the Updated Packages.

Affected Software/OS

firefox, firefox-3.0, xulrunner-1.9 vulnerabilities on Ubuntu 6.06 LTS , Ubuntu 7.10 , Ubuntu 8.04 LTS , Ubuntu 8.10

Vulnerability Insight

Liu Die Yu discovered an information disclosure vulnerability in Firefox when using saved .url shortcut files. If a user were tricked into downloading a crafted .url file and a crafted HTML file, an attacker could steal information from the user's cache. (CVE-2008-4582)

Georgi Guninski, Michal Zalewsk and Chris Evans discovered that the same-origin check in Firefox could be bypassed. If a user were tricked into opening a malicious website, an attacker could obtain private information from data stored in the images, or discover information about software on the user's computer. This issue only affects Firefox 2. (CVE-2008-5012) It was discovered that Firefox did not properly check if the Flash module was properly unloaded. By tricking a user into opening a crafted SWF file, an attacker could cause Firefox to crash and possibly execute arbitrary code with user privileges. This issue only affects Firefox 2. (CVE-2008-5013) Jesse Ruderman discovered that Firefox did not properly guard locks on non-native objects. If a user were tricked into opening a malicious website, an attacker could cause a browser crash and possibly execute arbitrary code with user privileges. This issue only affects Firefox 2. (CVE-2008-5014) Luke Bryan discovered that Firefox sometimes opened file URIs with chrome privileges. If a user saved malicious code locally, then opened the file in the same tab as a privileged document, an attacker could run arbitrary JavaScript code with chrome privileges. This issue only affects Firefox 3.0. (CVE-2008-5015) Several problems were discovered in the browser, layout and JavaScript engines. These problems could allow an attacker to crash the browser and possibly execute arbitrary code with user privileges. (CVE-2008-5016, CVE-2008-5017, CVE-2008-5018) David Bloom discovered that the same-origin check in Firefox could be bypassed by utilizing the session restore feature. An attacker could exploit this to run JavaScript in the context of another site or execute arbitrary JavaScript code with chrome privileges. (CVE-2008-5019) Justin Schuh discovered a flaw in Firefox's mime-type parsing. If a user were tricked into opening a malicious website, an attacker could send a crafted header in the HTTP index response, causing a browser crash and execute arbitrary code with user privileges. (CVE-2008-0017) A flaw was discovered in Firefox's DOM constructing code. If a user were tricked into opening ...

Description truncated, for more information please check the Reference URL

Vulnerability Detection Method

Details: Ubuntu Update for firefox, firefox-3.0, xulrunner-1.9 vulnerabilities USN-667-1 (OID: 1.3.6.1.4.1.25623.1.0.840223)

Version used: $Revision: 7969 $

References

CVE: CVE-2008-0017, CVE-2008-4582, CVE-2008-5012, CVE-2008-5013, CVE-2008-5014, CVE-2008-5015, CVE-2008-5016, CVE-2008-5017, CVE-2008-5018, CVE-2008-5019, CVE-2008-5021, CVE-2008-5022, CVE-2008-5023, CVE-2008-5024
Other: http://www.ubuntu.com/usn/usn-667-1/
USN:667-1

general/tcp
High (CVSS: 10.0)
NVT: Adobe Flash Player Multiple Vulnerabilities -02 April13 (Linux) (OID: 1.3.6.1.4.1.25623.1.0.803383)
Summary

This host is installed with Adobe Flash Player and is prone to multiple vulnerabilities.

Vulnerability Detection Result

Vulnerability was detected according to the Vulnerability Detection Method.

Impact

Successful exploitation will allow remote attackers to execute arbitrary code or cause denial-of-service condition. Impact Level: System/Application

Solution

Solution type: VendorFix

Upgrade to version 10.3.183.75 or 11.2.202.280, For updates refer to http://www.adobe.com/products/flash.html

Affected Software/OS

Adobe Flash Player 10.3.183.68 and earlier, and 11.x to 11.2.202.275 on Linux

Vulnerability Insight

Multiple flaws due to, - Error when initializing certain pointer arrays. - Integer overflow error.

Vulnerability Detection Method

Details: Adobe Flash Player Multiple Vulnerabilities -02 April13 (Linux) (OID: 1.3.6.1.4.1.25623.1.0.803383)

Version used: $Revision: 6104 $

References

CVE: CVE-2013-1380, CVE-2013-1379, CVE-2013-1378, CVE-2013-2555
BID: 58949, 58951, 58947, 58396
CERT: CB-K14/0057, DFN-CERT-2014-0058, DFN-CERT-2013-0776, DFN-CERT-2013-0775, DFN-CERT-2013-0770, DFN-CERT-2013-0762, DFN-CERT-2013-0761
Other: http://www.securelist.com/en/advisories/52931
http://www.adobe.com/support/security/bulletins/apsb13-11.html
http://www.cert.be/pro/advisories/adobe-flash-player-air-multiple-vulnerabilities-3

general/tcp
High (CVSS: 10.0)
NVT: Adobe Flash Player Multiple Vulnerabilities-01 June14 (Linux) (OID: 1.3.6.1.4.1.25623.1.0.804647)
Summary

This host is installed with Adobe Flash Player and is prone to multiple vulnerabilities.

Vulnerability Detection Result

Vulnerability was detected according to the Vulnerability Detection Method.

Impact

Successful exploitation will allow attackers to conduct cross-site scripting attacks, bypass certain security restrictions, and compromise a user's system.

Impact Level: System/Application

Solution

Solution type: VendorFix

Update to Adobe Flash Player version 11.2.202.378 or later For updates refer to http://get.adobe.com/flashplayer

Affected Software/OS

Adobe Flash Player before version 11.2.202.378 on Linux.

Vulnerability Insight

Multiple Flaws exists due to, - Certain unspecified input is not properly sanitised before being returned to the user. - An unspecified error can be exploited to bypass certain security restrictions. - Another unspecified error can be exploited to corrupt memory. - Another unspecified error can be exploited to bypass certain security restrictions.

Vulnerability Detection Method

Get the installed version with the help of detect NVT and check the version is vulnerable or not.

Details: Adobe Flash Player Multiple Vulnerabilities-01 June14 (Linux) (OID: 1.3.6.1.4.1.25623.1.0.804647)

Version used: $Revision: 6637 $

References

CVE: CVE-2014-0531, CVE-2014-0532, CVE-2014-0533, CVE-2014-0534, CVE-2014-0535, CVE-2014-0536
BID: 67962, 67973, 67974, 67963, 67970, 67961
CERT: CB-K14/0706, DFN-CERT-2014-0734
Other: https://helpx.adobe.com/security/products/flash-player/apsb14-16.html

general/tcp
High (CVSS: 10.0)
NVT: Ubuntu USN-776-2 (kvm) (OID: 1.3.6.1.4.1.25623.1.0.64175)
Summary

The remote host is missing an update to kvm announced via advisory USN-776-2.

Vulnerability Detection Result
Package ntpdate version 4.2.4p4+dfsg-3ubuntu2 is installed which is known to be vulnerable.
Package ntp version 4.2.4p4+dfsg-3ubuntu2 is installed which is known to be vulnerable.
Package linux-libc-dev version 2.6.24-16.30 is installed which is known to be vulnerable.
Solution

Solution type: VendorFix

The problem can be corrected by upgrading your system to the following package versions:

Ubuntu 8.04 LTS: kvm 1:62+dfsg-0ubuntu8.2

After a standard system upgrade you need to restart all KVM VMs to effect the necessary changes.

https://secure1.securityspace.com/smysecure/catid.html?in=USN-776-2

Vulnerability Insight

USN-776-1 fixed vulnerabilities in KVM. Due to an incorrect fix, a regression was introduced in Ubuntu 8.04 LTS that caused KVM to fail to boot virtual machines started via libvirt. This update fixes the problem. We apologize for the inconvenience.

Original advisory details:

Avi Kivity discovered that KVM did not correctly handle certain disk formats. A local attacker could attach a malicious partition that would allow the guest VM to read files on the VM host. (CVE-2008-1945, CVE-2008-2004)

Alfredo Ortega discovered that KVM's VNC protocol handler did not correctly validate certain messages. A remote attacker could send specially crafted VNC messages that would cause KVM to consume CPU resources, leading to a denial of service. (CVE-2008-2382)

Jan Niehusmann discovered that KVM's Cirrus VGA implementation over VNC did not correctly handle certain bitblt operations. A local attacker could exploit this flaw to potentially execute arbitrary code on the VM host or crash KVM, leading to a denial of service. (CVE-2008-4539)

It was discovered that KVM's VNC password checks did not use the correct length. A remote attacker could exploit this flaw to cause KVM to crash, leading to a denial of service. (CVE-2008-5714)

Vulnerability Detection Method

Details: Ubuntu USN-776-2 (kvm) (OID: 1.3.6.1.4.1.25623.1.0.64175)

Version used: $Revision: 7969 $

References

CVE: CVE-2008-1945, CVE-2008-2004, CVE-2008-2382, CVE-2008-4539, CVE-2008-5714, CVE-2009-1130, CVE-2009-1574, CVE-2009-0714, CVE-2008-1517, CVE-2007-2807, CVE-2009-0159, CVE-2009-1252, CVE-2009-1578, CVE-2009-1579, CVE-2009-1580, CVE-2009-1581, CVE-2009-1418, CVE-2009-0028, CVE-2009-0269, CVE-2009-0342, CVE-2009-0343, CVE-2009-0834, CVE-2009-0835, CVE-2009-1184, CVE-2009-1415, CVE-2009-1416, CVE-2009-1417, CVE-2009-0154, CVE-2009-1150, CVE-2009-1151, CVE-2009-0922, CVE-2009-1632, CVE-2009-0945, CVE-2009-0688, CVE-2009-1527, CVE-2009-1338, CVE-2009-1242, CVE-2009-1192, CVE-2009-1439, CVE-2009-1337, CVE-2009-0157, CVE-2008-5077, CVE-2008-5814, CVE-2009-0721, CVE-2009-0859, CVE-2009-1046, CVE-2009-1072, CVE-2009-1265, CVE-2009-1011, CVE-2009-1010, CVE-2009-1009, CVE-2009-1161
CERT: CB-K15/1514, DFN-CERT-2012-1293, DFN-CERT-2012-0513, DFN-CERT-2011-1138, DFN-CERT-2011-1137, DFN-CERT-2011-0111, DFN-CERT-2010-0824, DFN-CERT-2010-0795, DFN-CERT-2010-0588, DFN-CERT-2010-0530, DFN-CERT-2010-0425, DFN-CERT-2010-0263, DFN-CERT-2010-0154, DFN-CERT-2010-0152, DFN-CERT-2010-0119, DFN-CERT-2009-1775, DFN-CERT-2009-1759, DFN-CERT-2009-1742, DFN-CERT-2009-1701, DFN-CERT-2009-1700, DFN-CERT-2009-1644, DFN-CERT-2009-1622, DFN-CERT-2009-1610, DFN-CERT-2009-1599, DFN-CERT-2009-1546, DFN-CERT-2009-1431, DFN-CERT-2009-1428, DFN-CERT-2009-1408, DFN-CERT-2009-1177, DFN-CERT-2009-1169, DFN-CERT-2009-1161, DFN-CERT-2009-1132, DFN-CERT-2009-0723, DFN-CERT-2009-0658, DFN-CERT-2009-0645, DFN-CERT-2009-0446
Other: http://www.ubuntu.com/usn/usn-776-2/

general/tcp
High (CVSS: 10.0)
NVT: Ubuntu USN-803-1 (dhcp3) (OID: 1.3.6.1.4.1.25623.1.0.64444)
Summary

The remote host is missing an update to dhcp3 announced via advisory USN-803-1.

Vulnerability Detection Result
Package dhcp3-client version 3.0.6.dfsg-1ubuntu9 is installed which is known to be vulnerable.
Package dhcp3-common version 3.0.6.dfsg-1ubuntu9 is installed which is known to be vulnerable.
Solution

Solution type: VendorFix

The problem can be corrected by upgrading your system to the following package versions:

Ubuntu 6.06 LTS: dhcp3-client 3.0.3-6ubuntu7.1 dhcp3-client-udeb 3.0.3-6ubuntu7.1

Ubuntu 8.04 LTS: dhcp3-client 3.0.6.dfsg-1ubuntu9.1 dhcp3-client-udeb 3.0.6.dfsg-1ubuntu9.1

Ubuntu 8.10: dhcp3-client 3.1.1-1ubuntu2.1 dhcp3-client-udeb 3.1.1-1ubuntu2.1

Ubuntu 9.04: dhcp3-client 3.1.1-5ubuntu8.1 dhcp3-client-udeb 3.1.1-5ubuntu8.1

After a standard system upgrade you need to restart any DHCP network connections utilizing dhclient3 to effect the necessary changes.

https://secure1.securityspace.com/smysecure/catid.html?in=USN-803-1

Vulnerability Insight

It was discovered that the DHCP client as included in dhcp3 did not verify the length of certain option fields when processing a response from an IPv4 dhcp server. If a user running Ubuntu 6.06 LTS or 8.04 LTS connected to a malicious dhcp server, a remote attacker could cause a denial of service or execute arbitrary code as the user invoking the program, typically the 'dhcp' user. For users running Ubuntu 8.10 or 9.04, a remote attacker should only be able to cause a denial of service in the DHCP client. In Ubuntu 9.04, attackers would also be isolated by the AppArmor dhclient3 profile.

Vulnerability Detection Method

Details: Ubuntu USN-803-1 (dhcp3) (OID: 1.3.6.1.4.1.25623.1.0.64444)

Version used: $Revision: 7969 $

References

CVE: CVE-2009-0692
CERT: DFN-CERT-2010-0906, DFN-CERT-2009-1697, DFN-CERT-2009-1600, DFN-CERT-2009-1481, DFN-CERT-2009-1202
Other: http://www.ubuntu.com/usn/usn-803-1/

general/tcp
High (CVSS: 10.0)
NVT: Ubuntu USN-759-1 (poppler) (OID: 1.3.6.1.4.1.25623.1.0.63858)
Summary

The remote host is missing an update to poppler announced via advisory USN-759-1.

Vulnerability Detection Result
Package libpoppler-glib2 version 0.6.4-1ubuntu1 is installed which is known to be vulnerable.
Package libpoppler2 version 0.6.4-1ubuntu1 is installed which is known to be vulnerable.
Package poppler-utils version 0.6.4-1ubuntu1 is installed which is known to be vulnerable.
Package cupsys-common version 1.3.7-1ubuntu3 is installed which is known to be vulnerable.
Package cupsys-bsd version 1.3.7-1ubuntu3 is installed which is known to be vulnerable.
Package cupsys-client version 1.3.7-1ubuntu3 is installed which is known to be vulnerable.
Package cupsys version 1.3.7-1ubuntu3 is installed which is known to be vulnerable.
Package libcupsimage2 version 1.3.7-1ubuntu3 is installed which is known to be vulnerable.
Package libcupsys2 version 1.3.7-1ubuntu3 is installed which is known to be vulnerable.
Solution

Solution type: VendorFix

The problem can be corrected by upgrading your system to the following package versions:

Ubuntu 6.06 LTS: libpoppler1 0.5.1-0ubuntu7.5 libpoppler1-glib 0.5.1-0ubuntu7.5

Ubuntu 8.04 LTS: libpoppler-glib2 0.6.4-1ubuntu3.2 libpoppler2 0.6.4-1ubuntu3.2

Ubuntu 8.10: libpoppler-glib3 0.8.7-1ubuntu0.2 libpoppler3 0.8.7-1ubuntu0.2

In general, a standard system upgrade is sufficient to effect the necessary changes.

https://secure1.securityspace.com/smysecure/catid.html?in=USN-759-1

Vulnerability Insight

Will Dormann, Alin Rad Pop, Braden Thomas, and Drew Yao discovered that poppler contained multiple security issues in its JBIG2 decoder. If a user or automated system were tricked into opening a crafted PDF file, an attacker could cause a denial of service or execute arbitrary code with privileges of the user invoking the program.

Vulnerability Detection Method

Details: Ubuntu USN-759-1 (poppler) (OID: 1.3.6.1.4.1.25623.1.0.63858)

Version used: $Revision: 7969 $

References

CVE: CVE-2009-0146, CVE-2009-0147, CVE-2009-0166, CVE-2009-0799, CVE-2009-0800, CVE-2009-1179, CVE-2009-1180, CVE-2009-1181, CVE-2009-1182, CVE-2009-1183, CVE-2009-1187, CVE-2009-1188, CVE-2009-1210, CVE-2009-1266, CVE-2009-1267, CVE-2009-1268, CVE-2009-1269, CVE-2009-0163, CVE-2009-0164, CVE-2009-1185, CVE-2009-1186
CERT: CB-K15/1514, DFN-CERT-2011-1762, DFN-CERT-2010-0697, DFN-CERT-2010-0665, DFN-CERT-2010-0635, DFN-CERT-2010-0634, DFN-CERT-2010-0609, DFN-CERT-2010-0477, DFN-CERT-2010-0313, DFN-CERT-2010-0259, DFN-CERT-2009-1841, DFN-CERT-2009-1759, DFN-CERT-2009-1670, DFN-CERT-2009-1556, DFN-CERT-2009-1495, DFN-CERT-2009-1488, DFN-CERT-2009-1485, DFN-CERT-2009-1484, DFN-CERT-2009-1483, DFN-CERT-2009-1475, DFN-CERT-2009-1472, DFN-CERT-2009-1471, DFN-CERT-2009-1470, DFN-CERT-2009-1466, DFN-CERT-2009-0598
Other: http://www.ubuntu.com/usn/usn-759-1/

general/tcp
High (CVSS: 10.0)
NVT: Adobe Flash Player Security Updates( apsb16-39 )-Linux (OID: 1.3.6.1.4.1.25623.1.0.810312)
Summary

This host is installed with Adobe Flash Player and is prone to multiple vulnerabilities.

Vulnerability Detection Result
Installed version: 10.3.183.68
Fixed version:     24.0.0.186
Impact

Successful exploitation of this vulnerability will allow remote attackers to take control of the affected system, and lead to code execution.

Impact Level: System/Application.

Solution

Solution type: VendorFix

Upgrade to Adobe Flash Player version 24.0.0.186 or later. For updates refer to http://get.adobe.com/flashplayer

Affected Software/OS

Adobe Flash Player version before 24.0.0.186 on Linux.

Vulnerability Insight

The multiple flaws exists due to, - An use-after-free vulnerabilities. - The buffer overflow vulnerabilities. - The memory corruption vulnerabilities.

Vulnerability Detection Method

Get the installed version with the help of detect NVT and check the version is vulnerable or not.

Details: Adobe Flash Player Security Updates( apsb16-39 )-Linux (OID: 1.3.6.1.4.1.25623.1.0.810312)

Version used: $Revision: 4760 $

References

CVE: CVE-2016-7867, CVE-2016-7868, CVE-2016-7869, CVE-2016-7870, CVE-2016-7871, CVE-2016-7872, CVE-2016-7873, CVE-2016-7874, CVE-2016-7875, CVE-2016-7876, CVE-2016-7877, CVE-2016-7878, CVE-2016-7879, CVE-2016-7880, CVE-2016-7881, CVE-2016-7890, CVE-2016-7892
CERT: CB-K16/1946, DFN-CERT-2016-2058
Other: https://helpx.adobe.com/security/products/flash-player/apsb16-39.html

general/tcp
High (CVSS: 10.0)
NVT: Ubuntu Update for yelp vulnerability USN-638-1 (OID: 1.3.6.1.4.1.25623.1.0.840309)
Summary

Ubuntu Update for Linux kernel vulnerabilities USN-638-1

Vulnerability Detection Result
Package yelp version 2.22.1-0ubuntu2 is installed which is known to be vulnerable.
Solution

Solution type: VendorFix

Please Install the Updated Packages.

Affected Software/OS

yelp vulnerability on Ubuntu 7.10 , Ubuntu 8.04 LTS

Vulnerability Insight

Aaron Grattafiori discovered that the Gnome Help Viewer did not handle format strings correctly when displaying certain error messages. If a user were tricked into opening a specially crafted URI, a remote attacker could execute arbitrary code with user privileges.

Vulnerability Detection Method

Details: Ubuntu Update for yelp vulnerability USN-638-1 (OID: 1.3.6.1.4.1.25623.1.0.840309)

Version used: $Revision: 7969 $

References

CVE: CVE-2008-3533
Other: http://www.ubuntu.com/usn/usn-638-1/
USN:638-1

general/tcp
High (CVSS: 10.0)
NVT: Ubuntu USN-802-1 (apache2) (OID: 1.3.6.1.4.1.25623.1.0.64443)
Summary

The remote host is missing an update to apache2 announced via advisory USN-802-1.

Vulnerability Detection Result
Package apache2 version 2.2.8-1 is installed which is known to be vulnerable.
Solution

Solution type: VendorFix

The problem can be corrected by upgrading your system to the following package versions:

Ubuntu 6.06 LTS: apache2-common 2.0.55-4ubuntu2.6 apache2-mpm-perchild 2.0.55-4ubuntu2.6 apache2-mpm-prefork 2.0.55-4ubuntu2.6 apache2-mpm-worker 2.0.55-4ubuntu2.6 libapr0 2.0.55-4ubuntu2.6

Ubuntu 8.04 LTS: apache2-mpm-event 2.2.8-1ubuntu0.10 apache2-mpm-perchild 2.2.8-1ubuntu0.10 apache2-mpm-prefork 2.2.8-1ubuntu0.10 apache2-mpm-worker 2.2.8-1ubuntu0.10 apache2.2-common 2.2.8-1ubuntu0.10

Ubuntu 8.10: apache2-mpm-event 2.2.9-7ubuntu3.2 apache2-mpm-prefork 2.2.9-7ubuntu3.2 apache2-mpm-worker 2.2.9-7ubuntu3.2 apache2.2-common 2.2.9-7ubuntu3.2

Ubuntu 9.04: apache2-mpm-event 2.2.11-2ubuntu2.2 apache2-mpm-prefork 2.2.11-2ubuntu2.2 apache2-mpm-worker 2.2.11-2ubuntu2.2 apache2.2-common 2.2.11-2ubuntu2.2

In general, a standard system upgrade is sufficient to effect the necessary changes.

https://secure1.securityspace.com/smysecure/catid.html?in=USN-802-1

Vulnerability Insight

It was discovered that mod_proxy_http did not properly handle a large amount of streamed data when used as a reverse proxy. A remote attacker could exploit this and cause a denial of service via memory resource consumption. This issue affected Ubuntu 8.04 LTS, 8.10 and 9.04. (CVE-2009-1890)

It was discovered that mod_deflate did not abort compressing large files when the connection was closed. A remote attacker could exploit this and cause a denial of service via CPU resource consumption. (CVE-2009-1891)

Vulnerability Detection Method

Details: Ubuntu USN-802-1 (apache2) (OID: 1.3.6.1.4.1.25623.1.0.64443)

Version used: $Revision: 7969 $

References

CVE: CVE-2009-1890, CVE-2009-1891, CVE-2008-2327, CVE-2009-2285, CVE-2009-2347, CVE-2009-2295, CVE-2009-0858, CVE-2009-2334, CVE-2009-2335, CVE-2009-2336, CVE-2008-0196, CVE-2009-2360, CVE-2009-0040, CVE-2009-0352, CVE-2009-0353, CVE-2009-0652, CVE-2009-0771, CVE-2009-0772, CVE-2009-0773, CVE-2009-0774, CVE-2009-0776, CVE-2009-1302, CVE-2009-1303, CVE-2009-1307, CVE-2009-1832, CVE-2009-1392, CVE-2009-1836, CVE-2009-1838, CVE-2009-1841, CVE-2009-1185, CVE-2009-0034, CVE-2009-0037, CVE-2009-1422, CVE-2009-1423, CVE-2009-1424, CVE-2009-1425, CVE-2009-1959
CERT: CB-K15/1514, DFN-CERT-2012-0731, DFN-CERT-2012-0627, DFN-CERT-2011-0700, DFN-CERT-2011-0329, DFN-CERT-2011-0103, DFN-CERT-2011-0102, DFN-CERT-2011-0075, DFN-CERT-2010-1665, DFN-CERT-2010-1647, DFN-CERT-2010-0125, DFN-CERT-2009-1725, DFN-CERT-2009-1602, DFN-CERT-2009-1593, DFN-CERT-2009-1507, DFN-CERT-2009-1493, DFN-CERT-2009-1350, DFN-CERT-2009-1288, DFN-CERT-2009-1231, DFN-CERT-2009-1225, DFN-CERT-2009-1224, DFN-CERT-2009-1208, DFN-CERT-2009-1188, DFN-CERT-2009-1170, DFN-CERT-2009-1148, DFN-CERT-2009-1144, DFN-CERT-2009-1137, DFN-CERT-2009-1126, DFN-CERT-2009-1116, DFN-CERT-2009-1101, DFN-CERT-2009-1081, DFN-CERT-2009-1062, DFN-CERT-2009-1050, DFN-CERT-2009-1047, DFN-CERT-2009-1032, DFN-CERT-2009-0986, DFN-CERT-2009-0795, DFN-CERT-2009-0598
Other: http://www.ubuntu.com/usn/usn-802-1/

general/tcp
High (CVSS: 10.0)
NVT: Ubuntu USN-731-1 (apache2) (OID: 1.3.6.1.4.1.25623.1.0.63562)
Summary

The remote host is missing an update to apache2 announced via advisory USN-731-1.

For details, please visit the referenced security advisories.

Vulnerability Detection Result
Package apache2 version 2.2.8-1 is installed which is known to be vulnerable.
Package dash version 0.5.4-8ubuntu1 is installed which is known to be vulnerable.
Package curl version 7.18.0-1ubuntu2 is installed which is known to be vulnerable.
Package libcurl3-gnutls version 7.18.0-1ubuntu2 is installed which is known to be vulnerable.
Package libcurl3 version 7.18.0-1ubuntu2 is installed which is known to be vulnerable.
Solution

Solution type: VendorFix

The problem can be corrected by upgrading your system to the following package versions:

Ubuntu 6.06 LTS: apache2-common 2.0.55-4ubuntu2.4 apache2-mpm-perchild 2.0.55-4ubuntu2.4 apache2-mpm-prefork 2.0.55-4ubuntu2.4 apache2-mpm-worker 2.0.55-4ubuntu2.4

Ubuntu 7.10: apache2-mpm-event 2.2.4-3ubuntu0.2 apache2-mpm-perchild 2.2.4-3ubuntu0.2 apache2-mpm-prefork 2.2.4-3ubuntu0.2 apache2-mpm-worker 2.2.4-3ubuntu0.2 apache2.2-common 2.2.4-3ubuntu0.2

Ubuntu 8.04 LTS: apache2-mpm-event 2.2.8-1ubuntu0.4 apache2-mpm-perchild 2.2.8-1ubuntu0.4 apache2-mpm-prefork 2.2.8-1ubuntu0.4 apache2-mpm-worker 2.2.8-1ubuntu0.4 apache2.2-common 2.2.8-1ubuntu0.4

In general, a standard system upgrade is sufficient to effect the necessary changes.

https://secure1.securityspace.com/smysecure/catid.html?in=USN-731-1

Vulnerability Detection Method

Details: Ubuntu USN-731-1 (apache2) (OID: 1.3.6.1.4.1.25623.1.0.63562)

Version used: $Revision: 7969 $

References

CVE: CVE-2007-6203, CVE-2007-6420, CVE-2008-1678, CVE-2008-2168, CVE-2008-2364, CVE-2008-2939, CVE-2009-0854, CVE-2009-0675, CVE-2009-0676, CVE-2009-0759, CVE-2009-0660, CVE-2008-2086, CVE-2008-5339, CVE-2008-5340, CVE-2008-5341, CVE-2008-5342, CVE-2008-5343, CVE-2008-5344, CVE-2008-5345, CVE-2008-5347, CVE-2008-5348, CVE-2008-5350, CVE-2008-5351, CVE-2008-5353, CVE-2008-5354, CVE-2008-5356, CVE-2008-5357, CVE-2008-5358, CVE-2008-5359, CVE-2008-5360, CVE-2009-0712, CVE-2009-0713, CVE-2008-4546, CVE-2009-0037, CVE-2009-0632, CVE-2008-1922, CVE-2009-0478
CERT: DFN-CERT-2012-0731, DFN-CERT-2010-1665, DFN-CERT-2010-0899, DFN-CERT-2010-0775, DFN-CERT-2010-0771, DFN-CERT-2010-0770, DFN-CERT-2010-0712, DFN-CERT-2010-0195, DFN-CERT-2010-0107, DFN-CERT-2009-1725, DFN-CERT-2009-1508, DFN-CERT-2009-1497, DFN-CERT-2009-1481, DFN-CERT-2009-1458, DFN-CERT-2009-1452, DFN-CERT-2009-1169, DFN-CERT-2009-1046
Other: http://www.ubuntu.com/usn/usn-731-1/

general/tcp
High (CVSS: 10.0)
NVT: Ubuntu Update for ghostscript USN-1317-1 (OID: 1.3.6.1.4.1.25623.1.0.840856)
Summary

Ubuntu Update for Linux kernel vulnerabilities USN-1317-1

Vulnerability Detection Result
Package libgs8 version 8.61.dfsg.1-1ubuntu3 is installed which is known to be vulnerable.
Solution

Solution type: VendorFix

Please Install the Updated Packages.

Affected Software/OS

ghostscript on Ubuntu 10.10 , Ubuntu 10.04 LTS , Ubuntu 8.04 LTS

Vulnerability Insight

It was discovered that Ghostscript did not correctly handle memory allocation when parsing certain malformed JPEG-2000 images. If a user or automated system were tricked into opening a specially crafted image, an attacker could cause a denial of service and possibly execute arbitrary code with user privileges. (CVE-2008-3520)

It was discovered that Ghostscript did not correctly handle certain formatting operations when parsing JPEG-2000 images. If a user or automated system were tricked into opening a specially crafted image, an attacker could cause a denial of service and possibly execute arbitrary code with user privileges. (CVE-2008-3522)

It was discovered that Ghostscript incorrectly handled certain malformed TrueType fonts. If a user or automated system were tricked into opening a document containing a specially crafted font, an attacker could cause a denial of service and possibly execute arbitrary code with user privileges. This issue only affected Ubuntu 8.04 LTS. (CVE-2009-3743)

It was discovered that Ghostscript incorrectly handled certain malformed Type 2 fonts. If a user or automated system were tricked into opening a document containing a specially crafted font, an attacker could cause a denial of service and possibly execute arbitrary code with user privileges. This issue only affected Ubuntu 8.04 LTS. (CVE-2010-4054)

Jonathan Foote discovered that Ghostscript incorrectly handled certain malformed JPEG-2000 image files. If a user or automated system were tricked into opening a specially crafted JPEG-2000 image file, an attacker could cause Ghostscript to crash or possibly execute arbitrary code with user privileges. (CVE-2011-4516, CVE-2011-4517)

Vulnerability Detection Method

Details: Ubuntu Update for ghostscript USN-1317-1 (OID: 1.3.6.1.4.1.25623.1.0.840856)

Version used: $Revision: 7960 $

References

CVE: CVE-2008-3520, CVE-2008-3522, CVE-2009-3743, CVE-2010-4054, CVE-2011-4516, CVE-2011-4517
CERT: CB-K16/1796, CB-K16/1713, CB-K15/0357, CB-K14/1560, DFN-CERT-2016-1901, DFN-CERT-2016-1821, DFN-CERT-2015-0369, DFN-CERT-2014-1663, DFN-CERT-2012-1348, DFN-CERT-2012-0627, DFN-CERT-2012-0189, DFN-CERT-2012-0187, DFN-CERT-2012-0012, DFN-CERT-2012-0007, DFN-CERT-2011-1965, DFN-CERT-2011-1926, DFN-CERT-2011-1925, DFN-CERT-2011-1918, DFN-CERT-2011-1886, DFN-CERT-2011-1877, DFN-CERT-2011-1872, DFN-CERT-2010-0969, DFN-CERT-2009-1711, DFN-CERT-2009-1698, DFN-CERT-2009-1511, DFN-CERT-2009-0850
Other: http://www.ubuntu.com/usn/usn-1317-1/
USN:1317-1

general/tcp
High (CVSS: 10.0)
NVT: Adobe Flash Player Multiple Vulnerabilities-01 Feb15 (Linux) (OID: 1.3.6.1.4.1.25623.1.0.805270)
Summary

This host is installed with Adobe Flash Player and is prone to multiple vulnerabilities.

Vulnerability Detection Result
Installed version: 10.3.183.68
Fixed version:     11.2.202.442
Impact

Successful exploitation will allow remote attackers to corrupt memory, dereference already freed memory, execute arbitrary code or have other unspecified impacts.

Impact Level: System/Application.

Solution

Solution type: VendorFix

Upgrade to Adobe Flash Player version 11.2.202.442 or later. For updates refer http://get.adobe.com/flashplayer

Affected Software/OS

Adobe Flash Player before version 11.2.202.442 on Linux.

Vulnerability Insight

Multiple flaws exists due to, - Multiple unspecified use-after-free errors. - Multiple unspecified errors due to improper validation of user-supplied input. - Multiple unspecified type confusion errors. - Multiple errors leading to overflow condition. - Multiple unspecified NULL pointer dereference errors.

Vulnerability Detection Method

Get the installed version with the help of detect NVT and check the version is vulnerable or not.

Details: Adobe Flash Player Multiple Vulnerabilities-01 Feb15 (Linux) (OID: 1.3.6.1.4.1.25623.1.0.805270)

Version used: $Revision: 6183 $

References

CVE: CVE-2015-0313, CVE-2015-0314, CVE-2015-0315, CVE-2015-0316, CVE-2015-0317, CVE-2015-0318, CVE-2015-0319, CVE-2015-0320, CVE-2015-0321, CVE-2015-0322, CVE-2015-0323, CVE-2015-0324, CVE-2015-0325, CVE-2015-0326, CVE-2015-0327, CVE-2015-0328, CVE-2015-0329, CVE-2015-0330, CVE-2015-0331
BID: 72429, 72514
CERT: CB-K15/0150, CB-K15/0129, DFN-CERT-2015-0153, DFN-CERT-2015-0136
Other: https://helpx.adobe.com/security/products/flash-player/apsb15-04.html

general/tcp
High (CVSS: 10.0)
NVT: Ubuntu USN-755-1 (krb5) (OID: 1.3.6.1.4.1.25623.1.0.63814)
Summary

The remote host is missing an update to krb5 announced via advisory USN-755-1.

Vulnerability Detection Result
Package libkrb53 version 1.6.dfsg.3~beta1-2ubuntu1 is installed which is known to be vulnerable.
Solution

Solution type: VendorFix

The problem can be corrected by upgrading your system to the following package versions:

Ubuntu 6.06 LTS: libkadm55 1.4.3-5ubuntu0.8 libkrb53 1.4.3-5ubuntu0.8

Ubuntu 7.10: libkadm55 1.6.dfsg.1-7ubuntu0.2 libkrb53 1.6.dfsg.1-7ubuntu0.2

Ubuntu 8.04 LTS: libkadm55 1.6.dfsg.3~beta1-2ubuntu1.1 libkrb53 1.6.dfsg.3~beta1-2ubuntu1.1

Ubuntu 8.10: libkadm55 1.6.dfsg.4~beta1-3ubuntu0.1 libkrb53 1.6.dfsg.4~beta1-3ubuntu0.1

After a standard system upgrade you need to restart any services using the Kerberos libraries to effect the necessary changes.

https://secure1.securityspace.com/smysecure/catid.html?in=USN-755-1

Vulnerability Insight

Multiple flaws were discovered in the Kerberos GSS-API and ASN.1 routines that did not correctly handle certain requests. An unauthenticated remote attacker could send specially crafted traffic to crash services using the Kerberos library, leading to a denial of service.

Vulnerability Detection Method

Details: Ubuntu USN-755-1 (krb5) (OID: 1.3.6.1.4.1.25623.1.0.63814)

Version used: $Revision: 7969 $

References

CVE: CVE-2009-0844, CVE-2009-0845, CVE-2009-0846, CVE-2009-0847
CERT: DFN-CERT-2010-1566, DFN-CERT-2010-0054, DFN-CERT-2009-1026, DFN-CERT-2009-0869, DFN-CERT-2009-0583, DFN-CERT-2009-0479
Other: http://www.ubuntu.com/usn/usn-755-1/

general/tcp
High (CVSS: 10.0)
NVT: Ubuntu Update for Firefox and Xulrunner vulnerabilities USN-930-1 (OID: 1.3.6.1.4.1.25623.1.0.840450)
Summary

Ubuntu Update for Linux kernel vulnerabilities USN-930-1

Vulnerability Detection Result
Package firefox-gnome-support version 3.0~b5+nobinonly-0ubuntu3 is installed which is known to be vulnerable.
Solution

Solution type: VendorFix

Please Install the Updated Packages.

Affected Software/OS

Firefox and Xulrunner vulnerabilities on Ubuntu 8.04 LTS , Ubuntu 10.04 LTS

Vulnerability Insight

If was discovered that Firefox could be made to access freed memory. If a user were tricked into viewing a malicious site, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. This issue only affected Ubuntu 8.04 LTS. (CVE-2010-1121)

Several flaws were discovered in the browser engine of Firefox. If a user were tricked into viewing a malicious site, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2010-1200, CVE-2010-1201, CVE-2010-1202, CVE-2010-1203) A flaw was discovered in the way plugin instances interacted. An attacker could potentially exploit this and use one plugin to access freed memory from a second plugin to execute arbitrary code with the privileges of the user invoking the program. (CVE-2010-1198) An integer overflow was discovered in Firefox. If a user were tricked into viewing a malicious site, an attacker could overflow a buffer and cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2010-1196) Martin Barbella discovered an integer overflow in an XSLT node sorting routine. An attacker could exploit this to overflow a buffer and cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2010-1199) Michal Zalewski discovered that the focus behavior of Firefox could be subverted. If a user were tricked into viewing a malicious site, a remote attacker could use this to capture keystrokes. (CVE-2010-1125) Ilja van Sprundel discovered that the 'Content-Disposition: attachment' HTTP header was ignored when 'Content-Type: multipart' was also present. Under certain circumstances, this could potentially lead to cross-site scripting attacks. (CVE-2010-1197) Amit Klein discovered that Firefox did not seed its random number generator often enough. An attacker could exploit this to identify and track users across different web sites. (CVE-2008-5913)

Vulnerability Detection Method

Details: Ubuntu Update for Firefox and Xulrunner vulnerabilities USN-930-1 (OID: 1.3.6.1.4.1.25623.1.0.840450)

Version used: $Revision: 8246 $

References

CVE: CVE-2008-5913, CVE-2010-1121, CVE-2010-1125, CVE-2010-1196, CVE-2010-1197, CVE-2010-1198, CVE-2010-1199, CVE-2010-1200, CVE-2010-1201, CVE-2010-1202, CVE-2010-1203
CERT: DFN-CERT-2010-1745, DFN-CERT-2010-0934, DFN-CERT-2010-0928, DFN-CERT-2010-0926, DFN-CERT-2010-0880, DFN-CERT-2010-0831, DFN-CERT-2010-0830, DFN-CERT-2010-0828, DFN-CERT-2010-0827, DFN-CERT-2010-0823, DFN-CERT-2010-0819, DFN-CERT-2010-0818, DFN-CERT-2010-0817, DFN-CERT-2010-0497
Other: http://www.ubuntu.com/usn/usn-930-1/
USN:930-1

general/tcp
High (CVSS: 10.0)
NVT: OS End Of Life Detection (OID: 1.3.6.1.4.1.25623.1.0.103674)
Summary

OS End Of Life Detection

The Operating System on the remote host has reached the end of life and should not be used anymore.

Vulnerability Detection Result
The "Ubuntu" Operating System on the remote host has reached the end of life.

CPE:               cpe:/o:canonical:ubuntu_linux:8.04:-:lts
Installed version,
build or SP:       8.04
EOL date:          2013-05-09
EOL info:          https://wiki.ubuntu.com/Releases
Solution

Solution type: Mitigation

Vulnerability Detection Method

Details: OS End Of Life Detection (OID: 1.3.6.1.4.1.25623.1.0.103674)

Version used: $Revision: 8927 $

general/tcp
High (CVSS: 10.0)
NVT: Ubuntu USN-727-2 (network-manager) (OID: 1.3.6.1.4.1.25623.1.0.63507)
Summary

The remote host is missing an update to network-manager announced via advisory USN-727-2.

Vulnerability Detection Result
Package python-crypto version 2.0.1+dfsg1-2.1ubuntu1 is installed which is known to be vulnerable.
Solution

Solution type: VendorFix

The problem can be corrected by upgrading your system to the following package versions:

Ubuntu 6.06 LTS: network-manager-gnome 0.6.2-0ubuntu7.1

Ubuntu 8.10: network-manager 0.7~~svn20081018t105859-0ubuntu1.8.10.2

In general, a standard system upgrade is sufficient to effect the necessary changes.

https://secure1.securityspace.com/smysecure/catid.html?in=USN-727-2

Vulnerability Insight

USN-727-1 fixed vulnerabilities in network-manager-applet. This advisory provides the corresponding updates for NetworkManager.

It was discovered that NetworkManager did not properly enforce permissions when responding to dbus requests. A local user could perform dbus queries to view system and user network connection passwords and pre-shared keys.

Vulnerability Detection Method

Details: Ubuntu USN-727-2 (network-manager) (OID: 1.3.6.1.4.1.25623.1.0.63507)

Version used: $Revision: 7969 $

References

CVE: CVE-2009-0365, CVE-2009-0619, CVE-2009-0537, CVE-2009-0775, CVE-2007-4850, CVE-2008-5557, CVE-2009-0754, CVE-2009-0544
CERT: DFN-CERT-2010-0588, DFN-CERT-2009-1789, DFN-CERT-2009-1497
Other: http://www.ubuntu.com/usn/usn-727-2/

general/tcp
High (CVSS: 10.0)
NVT: Ubuntu USN-727-1 (network-manager-applet) (OID: 1.3.6.1.4.1.25623.1.0.63505)
Summary

The remote host is missing an update to network-manager-applet announced via advisory USN-727-1.

Vulnerability Detection Result
Package network-manager-gnome version 0.6.6-0ubuntu3 is installed which is known to be vulnerable.
Package curl version 7.18.0-1ubuntu2 is installed which is known to be vulnerable.
Package libcurl3-gnutls version 7.18.0-1ubuntu2 is installed which is known to be vulnerable.
Package libcurl3 version 7.18.0-1ubuntu2 is installed which is known to be vulnerable.
Package python-crypto version 2.0.1+dfsg1-2.1ubuntu1 is installed which is known to be vulnerable.
Solution

Solution type: VendorFix

The problem can be corrected by upgrading your system to the following package versions:

Ubuntu 7.10: network-manager-gnome 0.6.5-0ubuntu11~7.10.1

Ubuntu 8.04 LTS: network-manager-gnome 0.6.6-0ubuntu3.1

Ubuntu 8.10: network-manager-gnome 0.7~~svn20081020t000444-0ubuntu1.8.10.2

In general, a standard system upgrade is sufficient to effect the necessary changes.

https://secure1.securityspace.com/smysecure/catid.html?in=USN-727-1

Vulnerability Insight

It was discovered that network-manager-applet did not properly enforce permissions when responding to dbus requests. A local user could perform dbus queries to view other users' network connection passwords and pre-shared keys. (CVE-2009-0365)

It was discovered that network-manager-applet did not properly enforce permissions when responding to dbus modify and delete requests. A local user could use dbus to modify or delete other users' network connections. This issue only applied to Ubuntu 8.10. (CVE-2009-0578)

Vulnerability Detection Method

Details: Ubuntu USN-727-1 (network-manager-applet) (OID: 1.3.6.1.4.1.25623.1.0.63505)

Version used: $Revision: 7969 $

References

CVE: CVE-2009-0365, CVE-2009-0578, CVE-2009-0037, CVE-2008-5005, CVE-2009-0619, CVE-2009-0537, CVE-2009-0775, CVE-2007-4850, CVE-2008-5557, CVE-2009-0754, CVE-2009-0544
CERT: DFN-CERT-2012-0731, DFN-CERT-2010-0588, DFN-CERT-2009-1789, DFN-CERT-2009-1497, DFN-CERT-2009-0860
Other: http://www.ubuntu.com/usn/usn-727-1/

general/tcp
High (CVSS: 10.0)
NVT: Adobe Flash Player Security Updates(apsb17-07)-Linux (OID: 1.3.6.1.4.1.25623.1.0.810806)
Summary

This host is installed with Adobe Flash Player and is prone to multiple vulnerabilities.

Vulnerability Detection Result
Installed version: 10.3.183.68
Fixed version:     25.0.0.127
Impact

Successful exploitation of this vulnerability will allow remote attackers to execute arbitrary code on the target user's system and that could potentially allow an attacker to take control of the affected system.

Impact Level: System/Application.

Solution

Solution type: VendorFix

Upgrade to Adobe Flash Player version 25.0.0.127, or later. For updates refer to http://get.adobe.com/flashplayer

Affected Software/OS

Adobe Flash Player version before 25.0.0.127 on Linux.

Vulnerability Insight

Multiple flaws exists due to, - A buffer overflow vulnerability. - The memory corruption vulnerabilities. - A random number generator vulnerability used for constant blinding. - The use-after-free vulnerabilities.

Vulnerability Detection Method

Get the installed version with the help of detect NVT and check the version is vulnerable or not.

Details: Adobe Flash Player Security Updates(apsb17-07)-Linux (OID: 1.3.6.1.4.1.25623.1.0.810806)

Version used: $Revision: 5582 $

References

CVE: CVE-2017-2997, CVE-2017-2998, CVE-2017-2999, CVE-2017-3000, CVE-2017-3001, CVE-2017-3002, CVE-2017-3003
BID: 96860, 96866, 96862, 96861
CERT: CB-K17/0430, DFN-CERT-2017-0442
Other: https://helpx.adobe.com/security/products/flash-player/apsb17-07.html

general/tcp
High (CVSS: 10.0)
NVT: Ubuntu Update for krb5 vulnerabilities USN-940-1 (OID: 1.3.6.1.4.1.25623.1.0.840433)
Summary

Ubuntu Update for Linux kernel vulnerabilities USN-940-1

Vulnerability Detection Result
Package libkrb53 version 1.6.dfsg.3~beta1-2ubuntu1 is installed which is known to be vulnerable.
Solution

Solution type: VendorFix

Please Install the Updated Packages.

Affected Software/OS

krb5 vulnerabilities on Ubuntu 6.06 LTS , Ubuntu 8.04 LTS , Ubuntu 9.04 , Ubuntu 9.10

Vulnerability Insight

It was discovered that Kerberos did not correctly free memory in the GSSAPI and kdb libraries. If a remote attacker were able to manipulate an application using these libraries carefully, the service could crash, leading to a denial of service. (Only Ubuntu 6.06 LTS was affected.) (CVE-2007-5902, CVE-2007-5971, CVE-2007-5972)

Joel Johnson, Brian Almeida, and Shawn Emery discovered that Kerberos did not correctly verify certain packet structures. An unauthenticated remote attacker could send specially crafted traffic to cause the KDC or kadmind services to crash, leading to a denial of service. (CVE-2010-1320, CVE-2010-1321)

Vulnerability Detection Method

Details: Ubuntu Update for krb5 vulnerabilities USN-940-1 (OID: 1.3.6.1.4.1.25623.1.0.840433)

Version used: $Revision: 8258 $

References

CVE: CVE-2007-5902, CVE-2007-5971, CVE-2007-5972, CVE-2010-1320, CVE-2010-1321
CERT: DFN-CERT-2012-1377, DFN-CERT-2012-0029, DFN-CERT-2011-1665, DFN-CERT-2011-0712, DFN-CERT-2011-0421, DFN-CERT-2011-0224, DFN-CERT-2011-0185, DFN-CERT-2011-0116, DFN-CERT-2011-0074, DFN-CERT-2010-1710, DFN-CERT-2010-1634, DFN-CERT-2010-1566, DFN-CERT-2010-1544, DFN-CERT-2010-1439, DFN-CERT-2010-1424, DFN-CERT-2010-1385, DFN-CERT-2010-1135, DFN-CERT-2010-0984, DFN-CERT-2010-0868, DFN-CERT-2010-0867, DFN-CERT-2010-0826, DFN-CERT-2010-0775, DFN-CERT-2010-0699, DFN-CERT-2010-0687, DFN-CERT-2010-0686, DFN-CERT-2010-0679, DFN-CERT-2010-0678, DFN-CERT-2010-0672, DFN-CERT-2010-0599, DFN-CERT-2010-0582, DFN-CERT-2010-0580
Other: http://www.ubuntu.com/usn/usn-940-1/
USN:940-1

general/tcp
High (CVSS: 10.0)
NVT: Ubuntu USN-698-1 (nagios) (OID: 1.3.6.1.4.1.25623.1.0.64163)
Summary

The remote host is missing an update to nagios announced via advisory USN-698-1.

Vulnerability Detection Result
Package openoffice.org-help-en-gb version 2.4.0-3ubuntu1 is installed which is known to be vulnerable.
Package openoffice.org-help-en-us version 2.4.0-3ubuntu1 is installed which is known to be vulnerable.
Package openoffice.org-l10n-common version 2.4.0-3ubuntu1 is installed which is known to be vulnerable.
Package openoffice.org-l10n-en-gb version 2.4.0-3ubuntu1 is installed which is known to be vulnerable.
Package openoffice.org-l10n-en-za version 2.4.0-3ubuntu1 is installed which is known to be vulnerable.
Solution

Solution type: VendorFix

The problem can be corrected by upgrading your system to the following package versions:

Ubuntu 6.06 LTS: nagios-common 2:1.3-cvs.20050402-8ubuntu8

After a standard system upgrade you need to restart Nagios to effect the necessary changes.

https://secure1.securityspace.com/smysecure/catid.html?in=USN-698-1

Vulnerability Insight

It was discovered that Nagios did not properly parse commands submitted using the web interface. An authenticated user could use a custom form or a browser addon to bypass security restrictions and submit unauthorized commands.

Vulnerability Detection Method

Details: Ubuntu USN-698-1 (nagios) (OID: 1.3.6.1.4.1.25623.1.0.64163)

Version used: $Revision: 7969 $

References

CVE: CVE-2008-5027, CVE-2008-5302, CVE-2008-5303, CVE-2008-2435, CVE-2008-1102, CVE-2008-4863, CVE-2008-5028, CVE-2007-3555, CVE-2008-1502, CVE-2008-3325, CVE-2008-3326, CVE-2008-4796, CVE-2008-4810, CVE-2008-4811, CVE-2008-5432, CVE-2008-5619, CVE-2008-2426, CVE-2008-2434, CVE-2008-4242, CVE-2007-3372, CVE-2008-5081, CVE-2008-4577, CVE-2008-4870, CVE-2008-5140, CVE-2008-5312, CVE-2008-5313, CVE-2008-4844, CVE-2008-2237, CVE-2008-2238, CVE-2008-4937
CERT: CB-K17/0248, CB-K16/0564, CB-K15/1514, CB-K15/1375, DFN-CERT-2017-0245, DFN-CERT-2015-1454, DFN-CERT-2012-0923, DFN-CERT-2012-0883, DFN-CERT-2010-1370, DFN-CERT-2010-1135, DFN-CERT-2010-1056, DFN-CERT-2010-0773, DFN-CERT-2010-0740, DFN-CERT-2009-1504, DFN-CERT-2009-1419, DFN-CERT-2009-1208, DFN-CERT-2009-1188, DFN-CERT-2009-0229
Other: http://www.ubuntu.com/usn/usn-698-1/

general/tcp
High (CVSS: 10.0)
NVT: Ubuntu USN-699-1 (blender) (OID: 1.3.6.1.4.1.25623.1.0.63071)
Summary

The remote host is missing an update to blender announced via advisory USN-699-1.

Vulnerability Detection Result
Package openoffice.org-help-en-gb version 2.4.0-3ubuntu1 is installed which is known to be vulnerable.
Package openoffice.org-help-en-us version 2.4.0-3ubuntu1 is installed which is known to be vulnerable.
Package openoffice.org-l10n-common version 2.4.0-3ubuntu1 is installed which is known to be vulnerable.
Package openoffice.org-l10n-en-gb version 2.4.0-3ubuntu1 is installed which is known to be vulnerable.
Package openoffice.org-l10n-en-za version 2.4.0-3ubuntu1 is installed which is known to be vulnerable.
Solution

Solution type: VendorFix

The problem can be corrected by upgrading your system to the following package versions:

Ubuntu 6.06 LTS: blender 2.41-1ubuntu4.1

After a standard system upgrade you need to restart Blender to effect the necessary changes.

https://secure1.securityspace.com/smysecure/catid.html?in=USN-699-1

Vulnerability Insight

It was discovered that Blender did not correctly handle certain malformed Radiance RGBE images. If a user were tricked into opening a .blend file containing a specially crafted Radiance RGBE image, an attacker could execute arbitrary code with the user's privileges. (CVE-2008-1102)

It was discovered that Blender did not properly sanitize the Python search path. A local attacker could execute arbitrary code by inserting a specially crafted Python file in the Blender working directory. (CVE-2008-4863)

Vulnerability Detection Method

Details: Ubuntu USN-699-1 (blender) (OID: 1.3.6.1.4.1.25623.1.0.63071)

Version used: $Revision: 7969 $

References

CVE: CVE-2008-1102, CVE-2008-4863, CVE-2008-5027, CVE-2008-5028, CVE-2007-3555, CVE-2008-1502, CVE-2008-3325, CVE-2008-3326, CVE-2008-4796, CVE-2008-4810, CVE-2008-4811, CVE-2008-5432, CVE-2008-5619, CVE-2008-2426, CVE-2008-2434, CVE-2008-4242, CVE-2007-3372, CVE-2008-5081, CVE-2008-4577, CVE-2008-4870, CVE-2008-5140, CVE-2008-5312, CVE-2008-5313, CVE-2008-4844, CVE-2008-2237, CVE-2008-2238, CVE-2008-4937
CERT: CB-K17/0248, CB-K15/1375, DFN-CERT-2017-0245, DFN-CERT-2015-1454, DFN-CERT-2012-0923, DFN-CERT-2012-0883, DFN-CERT-2010-1370, DFN-CERT-2010-1056, DFN-CERT-2009-1504, DFN-CERT-2009-1419, DFN-CERT-2009-1208, DFN-CERT-2009-1188, DFN-CERT-2009-0229
Other: http://www.ubuntu.com/usn/usn-699-1/

general/tcp
High (CVSS: 10.0)
NVT: Ubuntu USN-820-1 (pidgin) (OID: 1.3.6.1.4.1.25623.1.0.64776)
Summary

The remote host is missing an update to pidgin announced via advisory USN-820-1.

Vulnerability Detection Result
Package pidgin-data version 2.4.1-1ubuntu2 is installed which is known to be vulnerable.
Package libpurple0 version 2.4.1-1ubuntu2 is installed which is known to be vulnerable.
Package pidgin version 2.4.1-1ubuntu2 is installed which is known to be vulnerable.
Solution

Solution type: VendorFix

The problem can be corrected by upgrading your system to the following package versions:

Ubuntu 6.06 LTS: libgnutls12 1.2.9-2ubuntu1.7

Ubuntu 8.04 LTS: libgnutls13 2.0.4-1ubuntu2.6

Ubuntu 8.10: libgnutls26 2.4.1-1ubuntu0.4

Ubuntu 9.04: libgnutls26 2.4.2-6ubuntu0.1

In general, a standard system upgrade is sufficient to effect the necessary changes.

https://secure1.securityspace.com/smysecure/catid.html?in=USN-820-1

Vulnerability Insight

Federico Muttis discovered that Pidgin did not properly handle certain malformed messages in the MSN protocol handler. A remote attacker could send a specially crafted message and possibly execute arbitrary code with user privileges.

Vulnerability Detection Method

Details: Ubuntu USN-820-1 (pidgin) (OID: 1.3.6.1.4.1.25623.1.0.64776)

Version used: $Revision: 7969 $

References

CVE: CVE-2009-2694
CERT: DFN-CERT-2009-1707, DFN-CERT-2009-1292, DFN-CERT-2009-1283, DFN-CERT-2009-1191, DFN-CERT-2009-1173, DFN-CERT-2009-1164, DFN-CERT-2009-1154
Other: http://www.ubuntu.com/usn/usn-820-1/

general/tcp
High (CVSS: 10.0)
NVT: Adobe Flash Player Multiple Vulnerabilities-01 Sep14 (Linux) (OID: 1.3.6.1.4.1.25623.1.0.804842)
Summary

This host is installed with Adobe Flash Player and is prone to multiple vulnerabilities.

Vulnerability Detection Result

Vulnerability was detected according to the Vulnerability Detection Method.

Impact

Successful exploitation will allow attackers to disclose potentially sensitive information and compromise a user's system.

Impact Level: System/Application

Solution

Solution type: VendorFix

Upgrade to Adobe Flash Player version 11.2.202.406 or later. For updates refer to http://get.adobe.com/flashplayer

Affected Software/OS

Adobe Flash Player version before 11.2.202.406 on Linux

Vulnerability Insight

Multiple Flaws are due to multiple unspecified errors and an use-after-free error.

Vulnerability Detection Method

Get the installed version with the help of detect NVT and check the version is vulnerable or not.

Details: Adobe Flash Player Multiple Vulnerabilities-01 Sep14 (Linux) (OID: 1.3.6.1.4.1.25623.1.0.804842)

Version used: $Revision: 7000 $

References

CVE: CVE-2014-0559, CVE-2014-0557, CVE-2014-0556, CVE-2014-0555, CVE-2014-0553, CVE-2014-0552, CVE-2014-0551, CVE-2014-0550, CVE-2014-0549, CVE-2014-0548, CVE-2014-0547, CVE-2014-0554
BID: 69704, 69701, 69696, 69706, 69707, 69703, 69702, 69700, 69699, 69705, 69695, 69697
CERT: CB-K14/1122, DFN-CERT-2014-1182
Other: http://secunia.com/advisories/60985
http://helpx.adobe.com/security/products/flash-player/apsb14-21.html

general/tcp
High (CVSS: 10.0)
NVT: Ubuntu Update for libxml2 vulnerabilities USN-644-1 (OID: 1.3.6.1.4.1.25623.1.0.840208)
Summary

Ubuntu Update for Linux kernel vulnerabilities USN-644-1

Vulnerability Detection Result
Package libxml2-utils version 2.6.31.dfsg-2ubuntu1 is installed which is known to be vulnerable.
Solution

Solution type: VendorFix

Please Install the Updated Packages.

Affected Software/OS

libxml2 vulnerabilities on Ubuntu 6.06 LTS , Ubuntu 7.04 , Ubuntu 7.10 , Ubuntu 8.04 LTS

Vulnerability Insight

It was discovered that libxml2 did not correctly handle long entity names. If a user were tricked into processing a specially crafted XML document, a remote attacker could execute arbitrary code with user privileges or cause the application linked against libxml2 to crash, leading to a denial of service. (CVE-2008-3529)

USN-640-1 fixed vulnerabilities in libxml2. When processing extremely large XML documents with valid entities, it was possible to incorrectly trigger the newly added vulnerability protections. This update fixes the problem. (CVE-2008-3281)

Vulnerability Detection Method

Details: Ubuntu Update for libxml2 vulnerabilities USN-644-1 (OID: 1.3.6.1.4.1.25623.1.0.840208)

Version used: $Revision: 7969 $

References

CVE: CVE-2008-3281, CVE-2008-3529
CERT: DFN-CERT-2012-1191, DFN-CERT-2009-1705, DFN-CERT-2009-1095, DFN-CERT-2009-0091
Other: http://www.ubuntu.com/usn/usn-644-1/
USN:644-1

general/tcp
High (CVSS: 10.0)
NVT: Ubuntu USN-732-1 (dash) (OID: 1.3.6.1.4.1.25623.1.0.63563)
Summary

The remote host is missing an update to dash announced via advisory USN-732-1.

Vulnerability Detection Result
Package dash version 0.5.4-8ubuntu1 is installed which is known to be vulnerable.
Package curl version 7.18.0-1ubuntu2 is installed which is known to be vulnerable.
Package libcurl3-gnutls version 7.18.0-1ubuntu2 is installed which is known to be vulnerable.
Package libcurl3 version 7.18.0-1ubuntu2 is installed which is known to be vulnerable.
Solution

Solution type: VendorFix

The problem can be corrected by upgrading your system to the following package versions:

Ubuntu 8.04 LTS: dash 0.5.4-8ubuntu1.1

Ubuntu 8.10: dash 0.5.4-9ubuntu1.1

In general, a standard system upgrade is sufficient to effect the necessary changes.

https://secure1.securityspace.com/smysecure/catid.html?in=USN-732-1

Vulnerability Insight

Wolfgang M. Reimer discovered that dash, when invoked as a login shell, would source .profile files from the current directory. Local users may be able to bypass security restrictions and gain root privileges by placing specially crafted .profile files where they might get sourced by other dash users.

Vulnerability Detection Method

Details: Ubuntu USN-732-1 (dash) (OID: 1.3.6.1.4.1.25623.1.0.63563)

Version used: $Revision: 7969 $

References

CVE: CVE-2009-0854, CVE-2009-0675, CVE-2009-0676, CVE-2009-0759, CVE-2009-0660, CVE-2008-2086, CVE-2008-5339, CVE-2008-5340, CVE-2008-5341, CVE-2008-5342, CVE-2008-5343, CVE-2008-5344, CVE-2008-5345, CVE-2008-5347, CVE-2008-5348, CVE-2008-5350, CVE-2008-5351, CVE-2008-5353, CVE-2008-5354, CVE-2008-5356, CVE-2008-5357, CVE-2008-5358, CVE-2008-5359, CVE-2008-5360, CVE-2009-0712, CVE-2009-0713, CVE-2008-4546, CVE-2009-0037, CVE-2009-0632, CVE-2008-1922, CVE-2009-0478
CERT: DFN-CERT-2012-0731, DFN-CERT-2010-0899, DFN-CERT-2010-0775, DFN-CERT-2010-0771, DFN-CERT-2010-0770, DFN-CERT-2010-0195, DFN-CERT-2009-1508, DFN-CERT-2009-1481, DFN-CERT-2009-1458, DFN-CERT-2009-1452, DFN-CERT-2009-1169, DFN-CERT-2009-1046
Other: http://www.ubuntu.com/usn/usn-732-1/

general/tcp
High (CVSS: 10.0)
NVT: Wireshark Multiple Vulnerabilities - Sept08 (Linux) (OID: 1.3.6.1.4.1.25623.1.0.900213)
Summary

Check for vulnerable version of Wireshark/Ethereal

Vulnerability Detection Result
Overview : The host is running Wireshark/Ethereal, which is prone to multiple
 vulnerabilities.

        Vulnerability Insight:

        Flaw(s) is/are due to,
       - infinite loop errors in the NCP dissector.
       - an error when uncompressing zlib-compressed packet data.
       - an error when reading a Tektronix .rf5 file.
Impact

Successful exploitation could result in denial of service condition or application crash by injecting a series of malformed packets or by convincing the victim to read a malformed packet. Impact Level : Application

Solution

Upgrade to wireshark 1.0.3 or later. http://www.wireshark.org/download.html

Affected Software/OS

Wireshark versions 1.0.2 and prior on Linux (All).

Vulnerability Detection Method

Details: Wireshark Multiple Vulnerabilities - Sept08 (Linux) (OID: 1.3.6.1.4.1.25623.1.0.900213)

Version used: $Revision: 7522 $

References

CVE: CVE-2008-3146, CVE-2008-3932, CVE-2008-3933
BID: 31009
Other: http://secunia.com/advisories/31674
http://www.frsirt.com/english/advisories/2008/2493
http://www.wireshark.org/security/wnpa-sec-2008-05.html

general/tcp
High (CVSS: 10.0)
NVT: Ubuntu USN-712-1 (vim) (OID: 1.3.6.1.4.1.25623.1.0.63307)
Summary

The remote host is missing an update to vim announced via advisory USN-712-1.

Vulnerability Detection Result
Package vim-common version 7.1-138+1ubuntu3 is installed which is known to be vulnerable.
Package vim-tiny version 7.1-138+1ubuntu3 is installed which is known to be vulnerable.
Solution

Solution type: VendorFix

The problem can be corrected by upgrading your system to the following package versions:

Ubuntu 6.06 LTS: vim 1:6.4-006+2ubuntu6.2 vim-runtime 1:6.4-006+2ubuntu6.2

Ubuntu 7.10: vim 1:7.1-056+2ubuntu2.1 vim-runtime 1:7.1-056+2ubuntu2.1

Ubuntu 8.04 LTS: vim 1:7.1-138+1ubuntu3.1 vim-runtime 1:7.1-138+1ubuntu3.1

Ubuntu 8.10: vim 1:7.1.314-3ubuntu3.1 vim-runtime 1:7.1.314-3ubuntu3.1

In general, a standard system upgrade is sufficient to effect the necessary changes.

https://secure1.securityspace.com/smysecure/catid.html?in=USN-712-1

Vulnerability Insight

Jan Minar discovered that Vim did not properly sanitize inputs before invoking the execute or system functions inside Vim scripts. If a user were tricked into running Vim scripts with a specially crafted input, an attacker could execute arbitrary code with the privileges of the user invoking the program. (CVE-2008-2712)

Ben Schmidt discovered that Vim did not properly escape characters when performing keyword or tag lookups. If a user were tricked into running specially crafted commands, an attacker could execute arbitrary code with the privileges of the user invoking the program. (CVE-2008-4101)

Vulnerability Detection Method

Details: Ubuntu USN-712-1 (vim) (OID: 1.3.6.1.4.1.25623.1.0.63307)

Version used: $Revision: 7969 $

References

CVE: CVE-2008-2712, CVE-2008-4101, CVE-2005-2090, CVE-2005-3510, CVE-2006-3835, CVE-2006-7195, CVE-2006-7196, CVE-2007-0450, CVE-2007-1355, CVE-2007-1358, CVE-2007-1858, CVE-2007-2449, CVE-2007-2450, CVE-2007-3382, CVE-2007-3385, CVE-2007-3386, CVE-2008-0128, CVE-2008-3358, CVE-2009-0042, CVE-2009-0135, CVE-2009-0136, CVE-2008-5347, CVE-2008-5348, CVE-2008-5349, CVE-2008-5350, CVE-2008-5351, CVE-2008-5352, CVE-2008-5353, CVE-2008-5354, CVE-2008-5358, CVE-2008-5359, CVE-2008-5360
CERT: CB-K14/1342, CB-K14/0058, DFN-CERT-2014-1414, DFN-CERT-2014-0049, DFN-CERT-2012-0442, DFN-CERT-2010-1190, DFN-CERT-2010-0195, DFN-CERT-2009-1508, DFN-CERT-2009-1481, DFN-CERT-2009-1458, DFN-CERT-2009-1452, DFN-CERT-2009-1046, DFN-CERT-2009-0446, DFN-CERT-2009-0137
Other: http://www.ubuntu.com/usn/usn-712-1/

general/tcp
High (CVSS: 10.0)
NVT: Ubuntu Update for openssl vulnerabilities USN-1003-1 (OID: 1.3.6.1.4.1.25623.1.0.840515)
Summary

Ubuntu Update for Linux kernel vulnerabilities USN-1003-1

Vulnerability Detection Result
Package openssl version 0.9.8g-4ubuntu3 is installed which is known to be vulnerable.
Solution

Solution type: VendorFix

Please Install the Updated Packages.

Affected Software/OS

openssl vulnerabilities on Ubuntu 6.06 LTS , Ubuntu 8.04 LTS , Ubuntu 9.04 , Ubuntu 9.10 , Ubuntu 10.04 LTS

Vulnerability Insight

It was discovered that OpenSSL incorrectly handled return codes from the bn_wexpand function calls. A remote attacker could trigger this flaw in services that used SSL to cause a denial of service or possibly execute arbitrary code with application privileges. This issue only affected Ubuntu 6.06 LTS, 8.04 LTS, 9.04 and 9.10. (CVE-2009-3245)

It was discovered that OpenSSL incorrectly handled certain private keys with an invalid prime. A remote attacker could trigger this flaw in services that used SSL to cause a denial of service or possibly execute arbitrary code with application privileges. The default compiler options for affected releases should reduce the vulnerability to a denial of service. (CVE-2010-2939)

Vulnerability Detection Method

Details: Ubuntu Update for openssl vulnerabilities USN-1003-1 (OID: 1.3.6.1.4.1.25623.1.0.840515)

Version used: $Revision: 8469 $

References

CVE: CVE-2009-3245, CVE-2010-2939
CERT: CB-K14/0862, DFN-CERT-2014-0903, DFN-CERT-2011-0642, DFN-CERT-2011-0185, DFN-CERT-2010-1683, DFN-CERT-2010-1568, DFN-CERT-2010-1437, DFN-CERT-2010-1293, DFN-CERT-2010-1139, DFN-CERT-2010-1130, DFN-CERT-2010-0795, DFN-CERT-2010-0775, DFN-CERT-2010-0708, DFN-CERT-2010-0707, DFN-CERT-2010-0562, DFN-CERT-2010-0558, DFN-CERT-2010-0539, DFN-CERT-2010-0499, DFN-CERT-2010-0485, DFN-CERT-2010-0412, DFN-CERT-2010-0405, DFN-CERT-2010-0374
Other: http://www.ubuntu.com/usn/usn-1003-1/
USN:1003-1

general/tcp
High (CVSS: 10.0)
NVT: Ubuntu USN-747-1 (icu) (OID: 1.3.6.1.4.1.25623.1.0.63747)
Summary

The remote host is missing an update to icu announced via advisory USN-747-1.

Vulnerability Detection Result
Package libicu38 version 3.8-6 is installed which is known to be vulnerable.
Solution

Solution type: VendorFix

The problem can be corrected by upgrading your system to the following package versions:

Ubuntu 6.06 LTS: libicu34 3.4.1a-1ubuntu1.6.06.2

Ubuntu 7.10: libicu36 3.6-3ubuntu0.2

Ubuntu 8.04 LTS: libicu38 3.8-6ubuntu0.1

Ubuntu 8.10: libicu38 3.8.1-2ubuntu0.1

After a standard system upgrade you need to restart applications linked against libicu, such as OpenOffice.org, to effect the necessary changes.

https://secure1.securityspace.com/smysecure/catid.html?in=USN-747-1

Vulnerability Insight

It was discovered that libicu did not correctly handle certain invalid encoded data. If a user or automated system were tricked into processing specially crafted data with applications linked against libicu, certain content filters could be bypassed.

Vulnerability Detection Method

Details: Ubuntu USN-747-1 (icu) (OID: 1.3.6.1.4.1.25623.1.0.63747)

Version used: $Revision: 7969 $

References

CVE: CVE-2008-1036, CVE-2008-4316, CVE-2006-2426, CVE-2009-1093, CVE-2009-1094, CVE-2009-1095, CVE-2009-1096, CVE-2009-1097, CVE-2009-1098, CVE-2009-1100, CVE-2009-1101, CVE-2009-1102
CERT: DFN-CERT-2013-0744, DFN-CERT-2010-0300, DFN-CERT-2010-0144, DFN-CERT-2009-1481, DFN-CERT-2009-1076, DFN-CERT-2009-1046
Other: http://www.ubuntu.com/usn/usn-747-1/

general/tcp
High (CVSS: 10.0)
NVT: Ubuntu USN-729-1 (python-crypto) (OID: 1.3.6.1.4.1.25623.1.0.63509)
Summary

The remote host is missing an update to python-crypto announced via advisory USN-729-1.

Vulnerability Detection Result
Package python-crypto version 2.0.1+dfsg1-2.1ubuntu1 is installed which is known to be vulnerable.
Solution

Solution type: VendorFix

The problem can be corrected by upgrading your system to the following package versions:

Ubuntu 6.06 LTS: python2.4-crypto 2.0.1+dfsg1-1ubuntu1.1

Ubuntu 7.10: python-crypto 2.0.1+dfsg1-2ubuntu1.1

Ubuntu 8.04 LTS: python-crypto 2.0.1+dfsg1-2.1ubuntu1.1

Ubuntu 8.10: python-crypto 2.0.1+dfsg1-2.3ubuntu0.1

In general, a standard system upgrade is sufficient to effect the necessary changes.

https://secure1.securityspace.com/smysecure/catid.html?in=USN-729-1

Vulnerability Insight

Mike Wiacek discovered that the ARC2 implementation in Python Crypto did not correctly check the key length. If a user or automated system were tricked into processing a malicious ARC2 stream, a remote attacker could execute arbitrary code or crash the application using Python Crypto, leading to a denial of service.

Vulnerability Detection Method

Details: Ubuntu USN-729-1 (python-crypto) (OID: 1.3.6.1.4.1.25623.1.0.63509)

Version used: $Revision: 7969 $

References

CVE: CVE-2009-0544
Other: http://www.ubuntu.com/usn/usn-729-1/

general/tcp
High (CVSS: 10.0)
NVT: Adobe Flash Player Multiple Vulnerabilities(APSB14-27)- 01 Dec14 (Linux) (OID: 1.3.6.1.4.1.25623.1.0.805214)
Summary

This host is installed with Adobe Flash Player and is prone to multiple vulnerabilities.

Vulnerability Detection Result

Vulnerability was detected according to the Vulnerability Detection Method.

Impact

Successful exploitation will allow attackers to disclose potentially sensitive information, bypass certain security restrictions, and compromise a user's system.

Impact Level: System/Application

Solution

Solution type: VendorFix

Upgrade to Adobe Flash Player version 11.2.202.425 or later. For updates refer to http://get.adobe.com/flashplayer

Affected Software/OS

Adobe Flash Player version before 11.2.202.425 on Linux

Vulnerability Insight

Multiple Flaws are due to, - An out-of-bounds read error when handling Regular Expression Objects. - Some unspecified errors. - A use-after-free error. - An error when the 'parseFloat' function is called on a specific datatype.

Vulnerability Detection Method

Get the installed version with the help of detect NVT and check the version is vulnerable or not.

Details: Adobe Flash Player Multiple Vulnerabilities(APSB14-27)- 01 Dec14 (Linux) (OID: 1.3.6.1.4.1.25623.1.0.805214)

Version used: $Revision: 6637 $

References

CVE: CVE-2014-0580, CVE-2014-0587, CVE-2014-8443, CVE-2014-9162, CVE-2014-9164, CVE-2014-9163
BID: 71584, 71586, 71585, 71581, 71583, 71582
CERT: CB-K14/1534, DFN-CERT-2014-1627
Other: http://secunia.com/advisories/61094
http://helpx.adobe.com/security/products/flash-player/apsb14-27.html

general/tcp
High (CVSS: 10.0)
NVT: Ubuntu USN-763-1 (xine-lib) (OID: 1.3.6.1.4.1.25623.1.0.64143)
Summary

The remote host is missing an update to xine-lib announced via advisory USN-763-1.

Vulnerability Detection Result
Package firefox-gnome-support version 3.0~b5+nobinonly-0ubuntu3 is installed which is known to be vulnerable.
Package xulrunner-1.9-gnome-support version 1.9~b5+nobinonly-0ubuntu3 is installed which is known to be vulnerable.
Package xulrunner-1.9 version 1.9~b5+nobinonly-0ubuntu3 is installed which is known to be vulnerable.
Solution

Solution type: VendorFix

The problem can be corrected by upgrading your system to the following package versions:

Ubuntu 6.06 LTS: libxine-main1 1.1.1+ubuntu2-7.12

Ubuntu 8.04 LTS: libxine1 1.1.11.1-1ubuntu3.4

Ubuntu 8.10: libxine1 1.1.15-0ubuntu3.3

After a standard system upgrade you need to restart applications linked against xine-lib, such as Totem-xine and Amarok, to effect the necessary changes.

https://secure1.securityspace.com/smysecure/catid.html?in=USN-763-1

Vulnerability Insight

It was discovered that the QT demuxer in xine-lib did not correctly handle a large count value in an STTS atom, resulting in a heap-based buffer overflow. If a user or automated system were tricked into opening a specially crafted MOV file, an attacker could execute arbitrary code as the user invoking the program. (CVE-2009-1274)

USN-746-1 provided updated xine-lib packages to fix multiple security vulnerabilities. The security patch to fix CVE-2009-0698 was incomplete. This update corrects the problem.

Original advisory details: It was discovered that the 4xm demuxer in xine-lib did not correctly handle a large current_track value in a 4xm file, resulting in an integer overflow. If a user or automated system were tricked into opening a specially crafted 4xm movie file, an attacker could crash xine-lib or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2009-0698)

Vulnerability Detection Method

Details: Ubuntu USN-763-1 (xine-lib) (OID: 1.3.6.1.4.1.25623.1.0.64143)

Version used: $Revision: 7969 $

References

CVE: CVE-2009-0698, CVE-2009-1274, CVE-2009-0991, CVE-2009-1357, CVE-2009-1301, CVE-2009-0664, CVE-2008-3963, CVE-2008-2079, CVE-2008-4097, CVE-2008-4098, CVE-2008-4456, CVE-2009-0652, CVE-2009-1302, CVE-2009-1303, CVE-2009-1304, CVE-2009-1305, CVE-2009-1306, CVE-2009-1307, CVE-2009-1308, CVE-2009-1309, CVE-2009-1310, CVE-2009-1311, CVE-2009-1312
CERT: DFN-CERT-2010-0232, DFN-CERT-2009-1728, DFN-CERT-2009-1709, DFN-CERT-2009-1615, DFN-CERT-2009-1614, DFN-CERT-2009-1340, DFN-CERT-2009-1300, DFN-CERT-2009-1235, DFN-CERT-2009-1231, DFN-CERT-2009-1148, DFN-CERT-2009-0551
Other: http://www.ubuntu.com/usn/usn-763-1/

general/tcp
High (CVSS: 10.0)
NVT: Ubuntu Update for Firefox and Xulrunner vulnerabilities USN-1049-2 (OID: 1.3.6.1.4.1.25623.1.0.840609)
Summary

Ubuntu Update for Linux kernel vulnerabilities USN-1049-2

Vulnerability Detection Result
Package firefox-gnome-support version 3.0~b5+nobinonly-0ubuntu3 is installed which is known to be vulnerable.
Solution

Solution type: VendorFix

Please Install the Updated Packages.

Affected Software/OS

Firefox and Xulrunner vulnerabilities on Ubuntu 8.04 LTS , Ubuntu 9.10 , Ubuntu 10.04 LTS , Ubuntu 10.10

Vulnerability Insight

USN-1049-1 fixed vulnerabilities in Firefox and Xulrunner. That update introduced a regression where some Java applets would fail to load. This update fixes the problem.

We apologize for the inconvenience. Original advisory details: Jesse Ruderman, Igor Bukanov, Olli Pettay, Gary Kwong, Jeff Walden, Henry Sivonen, Martijn Wargers, David Baron and Marcia Knous discovered several memory issues in the browser engine. An attacker could exploit these to crash the browser or possibly run arbitrary code as the user invoking the program. (CVE-2011-0053, CVE-2011-0062) Zach Hoffman discovered that a recursive call to eval() wrapped in a try/catch statement places the browser into a inconsistent state. An attacker could exploit this to force a user to accept any dialog. (CVE-2011-0051) It was discovered that memory was used after being freed in a method used by JSON.stringify. An attacker could exploit this to crash the browser or possibly run arbitrary code as the user invoking the program. (CVE-2011-0055) Christian Holler discovered multiple buffer overflows in the JavaScript engine. An attacker could exploit these to crash the browser or possibly run arbitrary code as the user invoking the program. (CVE-2011-0054, CVE-2011-0056) Daniel Kozlowski discovered that a JavaScript Worker kept a reference to memory after it was freed. An attacker could exploit this to crash the browser or possibly run arbitrary code as the user invoking the program. (CVE-2011-0057) Alex Miller discovered a buffer overflow in the browser rendering engine. An attacker could exploit this to crash the browser or possibly run arbitrary code as the user invoking the program. (CVE-2011-0058) Roberto Suggi Liverani discovered a possible issue with unsafe JavaScript execution in chrome documents. A malicious extension could exploit this to execute arbitrary code with chrome privlieges. (CVE-2010-1585) Jordi Chancel discovered a buffer overlow in the JPEG decoding engine. An attacker could exploit this to crash the browser or possibly run arbitrary code as the user invoking the program. (CVE-2011-0061) Peleus Uhley discovered a CSRF vulnerability in the plugin code related to 307 redirects. This could allow custom headers to be forwarded across origins. (CVE-2011-0059)

Vulnerability Detection Method

Details: Ubuntu Update for Firefox and Xulrunner vulnerabilities USN-1049-2 (OID: 1.3.6.1.4.1.25623.1.0.840609)

Version used: $Revision: 7964 $

References

CVE: CVE-2011-0053, CVE-2011-0062, CVE-2011-0051, CVE-2011-0055, CVE-2011-0054, CVE-2011-0056, CVE-2011-0057, CVE-2011-0058, CVE-2010-1585, CVE-2011-0061, CVE-2011-0059
CERT: DFN-CERT-2011-0704, DFN-CERT-2011-0690, DFN-CERT-2011-0384, DFN-CERT-2011-0373, DFN-CERT-2011-0345, DFN-CERT-2011-0326, DFN-CERT-2011-0323, DFN-CERT-2011-0315, DFN-CERT-2011-0312, DFN-CERT-2011-0302, DFN-CERT-2011-0298, DFN-CERT-2011-0283, DFN-CERT-2011-0282, DFN-CERT-2011-0281, DFN-CERT-2011-0280
Other: http://www.ubuntu.com/usn/usn-1049-2/
USN:1049-2

general/tcp
High (CVSS: 10.0)
NVT: Adobe Flash Player Multiple Vulnerabilities - 01 Mar15 (Linux) (OID: 1.3.6.1.4.1.25623.1.0.805493)
Summary

This host is installed with Adobe Flash Player and is prone to multiple vulnerabilities.

Vulnerability Detection Result
Installed version: 10.3.183.68
Fixed version:     11.2.202.451
Impact

Successful exploitation will allow remote attackers to cause denial of service execute arbitrary code, bypass intended file-upload restrictions or have other unspecified impacts.

Impact Level: System/Application.

Solution

Solution type: VendorFix

Upgrade to Adobe Flash Player version 11.2.202.451 or later. For updates refer to http://get.adobe.com/flashplayer

Affected Software/OS

Adobe Flash Player version before 11.2.202.451 on Linux.

Vulnerability Insight

Multiple flaws exists due to, - Multiple unspecified use-after-free errors. - Multiple unspecified errors due to improper validation of user-supplied input. - Multiple unspecified type confusion errors. - Integer overflow in adobe Flash Player.

Vulnerability Detection Method

Get the installed version with the help of detect NVT and check the version is vulnerable or not.

Details: Adobe Flash Player Multiple Vulnerabilities - 01 Mar15 (Linux) (OID: 1.3.6.1.4.1.25623.1.0.805493)

Version used: $Revision: 6141 $

References

CVE: CVE-2015-0342, CVE-2015-0341, CVE-2015-0340, CVE-2015-0339, CVE-2015-0338, CVE-2015-0337, CVE-2015-0336, CVE-2015-0335, CVE-2015-0334, CVE-2015-0333, CVE-2015-0332
CERT: CB-K15/0333, DFN-CERT-2015-0345
Other: https://helpx.adobe.com/security/products/flash-player/apsb15-05.html

general/tcp
High (CVSS: 10.0)
NVT: Adobe Flash Player Improper FLV Parsing Vulnerability June15 (Linux) (OID: 1.3.6.1.4.1.25623.1.0.805804)
Summary

This host is installed with Adobe Flash Player and is prone to unspecified vulnerability.

Vulnerability Detection Result
Installed version: 10.3.183.68
Fixed version:     11.2.202.468
Impact

Successful exploitation will allow remote attacker to downloaded a malicious flash file and create a back door results in taking complete control over the victim's system.

Impact Level: System/Application.

Solution

Solution type: VendorFix

Upgrade to Adobe Flash Player version 11.2.202.468 or later. For updates refer to http://get.adobe.com/flashplayer

Affected Software/OS

Adobe Flash Player versions before 11.2.202.468 on Linux.

Vulnerability Insight

Flaw is due to improper parsing of Flash Video (FLV) files by Adobe Flash Player.

Vulnerability Detection Method

Get the installed version with the help of detect NVT and check the version is vulnerable or not.

Details: Adobe Flash Player Improper FLV Parsing Vulnerability June15 (Linux) (OID: 1.3.6.1.4.1.25623.1.0.805804)

Version used: $Revision: 6415 $

References

CVE: CVE-2015-3113
CERT: CB-K15/1266, CB-K15/0858, DFN-CERT-2015-1332, DFN-CERT-2015-0909
Other: https://krebsonsecurity.com/tag/cve-2015-3113
https://helpx.adobe.com/security/products/flash-player/apsb15-14.html
http://securityaffairs.co/wordpress/38044/cyber-crime/adobe-fixed-cve-2015-3113.html
https://www.fireeye.com/blog/threat-research/2015/06/operation-clandestine-wolf-adobe-flash-zero-day.html
http://blog.trendmicro.com/trendlabs-security-intelligence/adobe-issues-emergency-patch-for-flash-zero-day

general/tcp
High (CVSS: 10.0)
NVT: Ubuntu Update for php5 USN-1569-1 (OID: 1.3.6.1.4.1.25623.1.0.841151)
Summary

Ubuntu Update for Linux kernel vulnerabilities USN-1569-1

Vulnerability Detection Result
Package php5 version 5.2.4-2ubuntu5 is installed which is known to be vulnerable.
Solution

Solution type: VendorFix

Please Install the Updated Packages.

Affected Software/OS

php5 on Ubuntu 12.04 LTS , Ubuntu 11.10 , Ubuntu 11.04 , Ubuntu 10.04 LTS , Ubuntu 8.04 LTS

Vulnerability Insight

It was discovered that PHP incorrectly handled certain character sequences when applying HTTP response-splitting protection. A remote attacker could create a specially-crafted URL and inject arbitrary headers. (CVE-2011-1398, CVE-2012-4388)

It was discovered that PHP incorrectly handled directories with a large number of files. This could allow a remote attacker to execute arbitrary code with the privileges of the web server, or to perform a denial of service. (CVE-2012-2688) It was discovered that PHP incorrectly parsed certain PDO prepared statements. A remote attacker could use this flaw to cause PHP to crash, leading to a denial of service. (CVE-2012-3450)

Vulnerability Detection Method

Details: Ubuntu Update for php5 USN-1569-1 (OID: 1.3.6.1.4.1.25623.1.0.841151)

Version used: $Revision: 7960 $

References

CVE: CVE-2011-1398, CVE-2012-4388, CVE-2012-2688, CVE-2012-3450
CERT: CB-K13/1037, CB-K13/0712, DFN-CERT-2013-2065, DFN-CERT-2013-1713, DFN-CERT-2013-1494, DFN-CERT-2013-1444, DFN-CERT-2013-0357, DFN-CERT-2012-1840, DFN-CERT-2012-1789, DFN-CERT-2012-1775, DFN-CERT-2012-1772, DFN-CERT-2012-1655, DFN-CERT-2012-1654, DFN-CERT-2012-1560, DFN-CERT-2012-1541, DFN-CERT-2012-1505, DFN-CERT-2012-1504, DFN-CERT-2012-1503, DFN-CERT-2012-1499, DFN-CERT-2012-1422
Other: http://www.ubuntu.com/usn/usn-1569-1/
USN:1569-1

general/tcp
High (CVSS: 10.0)
NVT: Adobe Flash Player Arbitrary Code Execution Vulnerability - 01 Feb14 (Linux) (OID: 1.3.6.1.4.1.25623.1.0.804087)
Summary

This host is installed with Adobe Flash Player and is prone to arbitrary code execution vulnerability.

Vulnerability Detection Result

Vulnerability was detected according to the Vulnerability Detection Method.

Impact

Successful exploitation will allow attackers to, execute arbitrary code and cause buffer overflow.

Impact Level: System/Application

Solution

Solution type: VendorFix

Update to Adobe Flash Player version 11.2.202.336 or later, For updates refer to http://get.adobe.com/flashplayer

Affected Software/OS

Adobe Flash Player versions before 11.2.202.336 on Linux

Vulnerability Insight

Flaw is due to an integer underflow condition that is triggered as unspecified user-supplied input is not properly validated.

Vulnerability Detection Method

Get the installed version with the help of detect NVT and check the version is vulnerable or not.

Details: Adobe Flash Player Arbitrary Code Execution Vulnerability - 01 Feb14 (Linux) (OID: 1.3.6.1.4.1.25623.1.0.804087)

Version used: $Revision: 6769 $

References

CVE: CVE-2014-0497
BID: 65327
CERT: CB-K14/0138, DFN-CERT-2014-0142
Other: http://secunia.com/advisories/56737
http://helpx.adobe.com/security/products/flash-player/apsb14-04.html
http://krebsonsecurity.com/2014/02/adobe-pushes-fix-for-flash-zero-day-attack

general/tcp
High (CVSS: 10.0)
NVT: Adobe Flash Player Multiple Vulnerabilities Dec15 (Linux) (OID: 1.3.6.1.4.1.25623.1.0.806780)
Summary

This host is installed with Adobe Flash Player and is prone to multiple vulnerabilities.

Vulnerability Detection Result
Installed version: 10.3.183.68
Fixed version: 11.2.202.554
Impact

Successful exploitation will allow attackers to bypass security restrictions and execute arbitrary code on the affected system.

Impact Level: System/Application.

Solution

Solution type: VendorFix

Upgrade to Adobe Flash Player version 11.2.202.554 or later. For updates refer to http://get.adobe.com/flashplayer

Affected Software/OS

Adobe Flash Player version before 11.2.202.554 on Linux.

Vulnerability Insight

Multiple flaws exist due to, - Multiple heap buffer overflow vulnerabilities. - Multiple memory corruption vulnerabilities. - Multiple security bypass vulnerabilities. - A stack overflow vulnerability. - A type confusion vulnerability. - An integer overflow vulnerability. - A buffer overflow vulnerability. - Multiple use-after-free vulnerabilities.

Vulnerability Detection Method

Get the installed version with the help of detect NVT and check the version is vulnerable or not.

Details: Adobe Flash Player Multiple Vulnerabilities Dec15 (Linux) (OID: 1.3.6.1.4.1.25623.1.0.806780)

Version used: $Revision: 6551 $

References

CVE: CVE-2015-8045, CVE-2015-8047, CVE-2015-8048, CVE-2015-8049, CVE-2015-8050, CVE-2015-8418, CVE-2015-8454, CVE-2015-8455, CVE-2015-8055, CVE-2015-8056, CVE-2015-8057, CVE-2015-8058, CVE-2015-8059, CVE-2015-8060, CVE-2015-8061, CVE-2015-8062, CVE-2015-8063, CVE-2015-8064, CVE-2015-8065, CVE-2015-8066, CVE-2015-8067, CVE-2015-8068, CVE-2015-8069, CVE-2015-8070, CVE-2015-8071, CVE-2015-8401, CVE-2015-8402, CVE-2015-8403, CVE-2015-8404, CVE-2015-8405, CVE-2015-8406, CVE-2015-8407, CVE-2015-8408, CVE-2015-8409, CVE-2015-8410, CVE-2015-8411, CVE-2015-8412, CVE-2015-8413, CVE-2015-8414, CVE-2015-8415, CVE-2015-8416, CVE-2015-8417, CVE-2015-8419, CVE-2015-8420, CVE-2015-8421, CVE-2015-8422, CVE-2015-8423, CVE-2015-8424, CVE-2015-8425, CVE-2015-8426, CVE-2015-8427, CVE-2015-8428, CVE-2015-8429, CVE-2015-8430, CVE-2015-8431, CVE-2015-8432, CVE-2015-8433, CVE-2015-8434, CVE-2015-8435, CVE-2015-8436, CVE-2015-8437, CVE-2015-8438, CVE-2015-8439, CVE-2015-8440, CVE-2015-8441, CVE-2015-8442, CVE-2015-8443, CVE-2015-8444, CVE-2015-8445, CVE-2015-8446, CVE-2015-8447, CVE-2015-8448, CVE-2015-8449, CVE-2015-8450, CVE-2015-8451, CVE-2015-8452, CVE-2015-8453, CVE-2015-8456, CVE-2015-8457, CVE-2015-8652, CVE-2015-8653, CVE-2015-8654, CVE-2015-8655, CVE-2015-8656, CVE-2015-8657, CVE-2015-8822, CVE-2015-8658, CVE-2015-8820, CVE-2015-8821, CVE-2015-8823
BID: 78717, 78718, 78715, 78714, 78716, 78712, 78710, 78715, 78713
CERT: CB-K16/0402, CB-K15/1795, DFN-CERT-2016-0438, DFN-CERT-2015-1895
Other: https://helpx.adobe.com/security/products/flash-player/apsb15-32.html

general/tcp
High (CVSS: 10.0)
NVT: Ubuntu Update for firefox, firefox-3.0, xulrunner-1.9 vulnerabilities USN-645-1 (OID: 1.3.6.1.4.1.25623.1.0.840354)
Summary

Ubuntu Update for Linux kernel vulnerabilities USN-645-1

Vulnerability Detection Result
Package firefox-gnome-support version 3.0~b5+nobinonly-0ubuntu3 is installed which is known to be vulnerable.
Solution

Solution type: VendorFix

Please Install the Updated Packages.

Affected Software/OS

firefox, firefox-3.0, xulrunner-1.9 vulnerabilities on Ubuntu 7.04 , Ubuntu 7.10 , Ubuntu 8.04 LTS

Vulnerability Insight

Justin Schuh, Tom Cross and Peter Williams discovered errors in the Firefox URL parsing routines. If a user were tricked into opening a crafted hyperlink, an attacker could overflow a stack buffer and execute arbitrary code. (CVE-2008-0016)

It was discovered that the same-origin check in Firefox could be bypassed. If a user were tricked into opening a malicious website, an attacker may be able to execute JavaScript in the context of a different website. (CVE-2008-3835) Several problems were discovered in the JavaScript engine. This could allow an attacker to execute scripts from page content with chrome privileges. (CVE-2008-3836) Paul Nickerson discovered Firefox did not properly process mouse click events. If a user were tricked into opening a malicious web page, an attacker could move the content window, which could potentially be used to force a user to perform unintended drag and drop operations. (CVE-2008-3837) Several problems were discovered in the browser engine. This could allow an attacker to execute code with chrome privileges. (CVE-2008-4058, CVE-2008-4059, CVE-2008-4060) Drew Yao, David Maciejak and other Mozilla developers found several problems in the browser engine of Firefox. If a user were tricked into opening a malicious web page, an attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2008-4061, CVE-2008-4062, CVE-2008-4063, CVE-2008-4064) Dave Reed discovered a flaw in the JavaScript parsing code when processing certain BOM characters. An attacker could exploit this to bypass script filters and perform cross-site scripting attacks. (CVE-2008-4065) Gareth Heyes discovered a flaw in the HTML parser of Firefox. If a user were tricked into opening a malicious web page, an attacker could bypass script filtering and perform cross-site scripting attacks. (CVE-2008-4066) Boris Zbarsky and Georgi Guninski independently discovered flaws in the resource: protocol. An attacker could exploit this to perform directory traversal, read information about the system, and prompt the user to save information in a file. (CVE-2008-4067, CVE-2008-4068) Billy Hoffman discovered a problem in the XBM decoder. If a user were tricked into opening a malicious web page or XBM file, an attacker may be able to cause a denial of service via application crash. (CVE-2008-4069)

Vulnerability Detection Method

Details: Ubuntu Update for firefox, firefox-3.0, xulrunner-1.9 vulnerabilities USN-645-1 (OID: 1.3.6.1.4.1.25623.1.0.840354)

Version used: $Revision: 7969 $

References

CVE: CVE-2008-0016, CVE-2008-3835, CVE-2008-3836, CVE-2008-3837, CVE-2008-4058, CVE-2008-4059, CVE-2008-4060, CVE-2008-4061, CVE-2008-4062, CVE-2008-4063, CVE-2008-4064, CVE-2008-4065, CVE-2008-4066, CVE-2008-4067, CVE-2008-4068, CVE-2008-4069
Other: http://www.ubuntu.com/usn/usn-645-1/
USN:645-1

general/tcp
High (CVSS: 10.0)
NVT: Adobe Flash Player Security Updates( apsb17-10 )-Linux (OID: 1.3.6.1.4.1.25623.1.0.810840)
Summary

This host is installed with Adobe Flash Player and is prone to multiple vulnerabilities.

Vulnerability Detection Result
Installed version: 10.3.183.68
Fixed version:     25.0.0.148
Impact

Successful exploitation of this vulnerabilities will allow remote attackers to execute arbitrary code on the target user's system and that could potentially allow an attacker to take control of the affected system.

Impact Level: System/Application.

Solution

Solution type: VendorFix

Upgrade to Adobe Flash Player version 25.0.0.148, or later. For updates refer to http://get.adobe.com/flashplayer

Affected Software/OS

Adobe Flash Player version before 25.0.0.148 on Linux.

Vulnerability Insight

Multiple flaws exists due to, - Use-after-free vulnerabilities that could lead to code execution. - Memory corruption vulnerabilities that could lead to code execution.

Vulnerability Detection Method

Get the installed version with the help of detect NVT and check the version is vulnerable or not.

Details: Adobe Flash Player Security Updates( apsb17-10 )-Linux (OID: 1.3.6.1.4.1.25623.1.0.810840)

Version used: $Revision: 5941 $

References

CVE: CVE-2017-3058, CVE-2017-3059, CVE-2017-3060, CVE-2017-3061, CVE-2017-3062, CVE-2017-3063, CVE-2017-3064, CVE-2015-5122, CVE-2015-5123
BID: 97551, 97557, 75712, 75710
CERT: CB-K17/0614, CB-K15/1266, CB-K15/0976, DFN-CERT-2017-0633, DFN-CERT-2015-1332, DFN-CERT-2015-1033
Other: https://helpx.adobe.com/security/products/flash-player/apsb17-10.html

general/tcp
High (CVSS: 10.0)
NVT: Ubuntu Update for krb5 vulnerability USN-881-1 (OID: 1.3.6.1.4.1.25623.1.0.840368)
Summary

Ubuntu Update for Linux kernel vulnerabilities USN-881-1

Vulnerability Detection Result
Package libkrb53 version 1.6.dfsg.3~beta1-2ubuntu1 is installed which is known to be vulnerable.
Solution

Solution type: VendorFix

Please Install the Updated Packages.

Affected Software/OS

krb5 vulnerability on Ubuntu 6.06 LTS , Ubuntu 8.04 LTS , Ubuntu 8.10 , Ubuntu 9.04 , Ubuntu 9.10

Vulnerability Insight

It was discovered that Kerberos did not correctly handle invalid AES blocks. An unauthenticated remote attacker could send specially crafted traffic that would crash the KDC service, leading to a denial of service, or possibly execute arbitrary code with root privileges.

Vulnerability Detection Method

Details: Ubuntu Update for krb5 vulnerability USN-881-1 (OID: 1.3.6.1.4.1.25623.1.0.840368)

Version used: $Revision: 8510 $

References

CVE: CVE-2009-4212
CERT: DFN-CERT-2010-1566, DFN-CERT-2010-0720, DFN-CERT-2010-0090, DFN-CERT-2010-0064, DFN-CERT-2010-0061, DFN-CERT-2010-0056, DFN-CERT-2010-0039, DFN-CERT-2010-0038
Other: http://www.ubuntu.com/usn/usn-881-1/
USN:881-1

general/tcp
High (CVSS: 10.0)
NVT: Adobe Flash Player Multiple Vulnerabilities -01 Feb16 (Linux) (OID: 1.3.6.1.4.1.25623.1.0.806867)
Summary

This host is installed with Adobe Flash Player and is prone to multiple vulnerabilities.

Vulnerability Detection Result
Installed version: 10.3.183.68
Fixed version:     11.2.202.569
Impact

Successful exploitation will potentially allow an attacker to take control of the affected system, which could lead to code execution.

Impact Level: System/Application.

Solution

Solution type: VendorFix

Upgrade to Adobe Flash Player version 11.2.202.569 or later. For updates refer to http://get.adobe.com/flashplayer

Affected Software/OS

Adobe Flash Player version before 11.2.202.569 on Linux.

Vulnerability Insight

Multiple flaws exist due to, - Multiple memory corruption vulnerabilities - Multiple use-after-free vulnerabilities - A heap buffer overflow vulnerability - A type confusion vulnerability.

Vulnerability Detection Method

Get the installed version with the help of detect NVT and check the version is vulnerable or not.

Details: Adobe Flash Player Multiple Vulnerabilities -01 Feb16 (Linux) (OID: 1.3.6.1.4.1.25623.1.0.806867)

Version used: $Revision: 5527 $

References

CVE: CVE-2016-0964, CVE-2016-0965, CVE-2016-0966, CVE-2016-0967, CVE-2016-0968, CVE-2016-0969, CVE-2016-0970, CVE-2016-0971, CVE-2016-0972, CVE-2016-0973, CVE-2016-0974, CVE-2016-0975, CVE-2016-0976, CVE-2016-0977, CVE-2016-0978, CVE-2016-0979, CVE-2016-0980, CVE-2016-0981, CVE-2016-0982, CVE-2016-0983, CVE-2016-0984, CVE-2016-0985
CERT: CB-K16/0214, DFN-CERT-2016-0244
Other: https://helpx.adobe.com/security/products/flash-player/apsb16-04.html

general/tcp
High (CVSS: 10.0)
NVT: Adobe Flash Player Multiple Vulnerabilities -01 May 13 (Linux) (OID: 1.3.6.1.4.1.25623.1.0.803498)
Summary

This host is installed with Adobe Flash Player and is prone to multiple vulnerabilities.

Vulnerability Detection Result

Vulnerability was detected according to the Vulnerability Detection Method.

Impact

Successful exploitation will allow remote attackers to execute arbitrary code on the target system or cause a denial of service (memory corruption) via unspecified vectors. Impact Level: System/Application

Solution

Solution type: VendorFix

Update to Adobe Flash Player version 10.3.183.86 or 11.2.202.285 or later For updates refer to http://get.adobe.com/flashplayer

Affected Software/OS

Adobe Flash Player version before 10.3.183.76 and 11.x before 11.2.202.281 on Linux

Vulnerability Insight

Multiple memory corruption flaws due to improper sanitation of user supplied input via a file.

Vulnerability Detection Method

Details: Adobe Flash Player Multiple Vulnerabilities -01 May 13 (Linux) (OID: 1.3.6.1.4.1.25623.1.0.803498)

Version used: $Revision: 6093 $

References

CVE: CVE-2013-3335, CVE-2013-3334, CVE-2013-3333, CVE-2013-3332, CVE-2013-3331, CVE-2013-3330, CVE-2013-3329, CVE-2013-3328, CVE-2013-3327, CVE-2013-3326, CVE-2013-3325, CVE-2013-3324, CVE-2013-2728
BID: 59901, 59900, 59899, 59898, 59897, 59896, 59895, 59894, 59893, 59892, 59891, 59890, 59889
CERT: DFN-CERT-2013-1069, DFN-CERT-2013-0919, DFN-CERT-2013-0918, DFN-CERT-2013-0907, DFN-CERT-2013-0906
Other: http://secunia.com/advisories/53419
http://www.adobe.com/support/security/bulletins/apsb13-14.html

general/tcp
High (CVSS: 10.0)
NVT: Ubuntu USN-801-1 (tiff) (OID: 1.3.6.1.4.1.25623.1.0.64442)
Summary

The remote host is missing an update to tiff announced via advisory USN-801-1.

Vulnerability Detection Result
Package libtiff4 version 3.8.2-7ubuntu3 is installed which is known to be vulnerable.
Package apache2 version 2.2.8-1 is installed which is known to be vulnerable.
Solution

Solution type: VendorFix

The problem can be corrected by upgrading your system to the following package versions:

Ubuntu 6.06 LTS: libtiff4 3.7.4-1ubuntu3.6

Ubuntu 8.04 LTS: libtiff4 3.8.2-7ubuntu3.4

Ubuntu 8.10: libtiff4 3.8.2-11ubuntu0.8.10.3

Ubuntu 9.04: libtiff4 3.8.2-11ubuntu0.9.04.3

In general, a standard system upgrade is sufficient to effect the necessary changes.

https://secure1.securityspace.com/smysecure/catid.html?in=USN-801-1

Vulnerability Insight

Tielei Wang and Tom Lane discovered that the TIFF library did not correctly handle certain malformed TIFF images. If a user or automated system were tricked into processing a malicious image, an attacker could execute arbitrary code with the privileges of the user invoking the program.

Vulnerability Detection Method

Details: Ubuntu USN-801-1 (tiff) (OID: 1.3.6.1.4.1.25623.1.0.64442)

Version used: $Revision: 7969 $

References

CVE: CVE-2009-2347, CVE-2009-1890, CVE-2009-1891, CVE-2008-2327, CVE-2009-2285, CVE-2009-2295, CVE-2009-0858, CVE-2009-2334, CVE-2009-2335, CVE-2009-2336, CVE-2008-0196, CVE-2009-2360, CVE-2009-0040, CVE-2009-0352, CVE-2009-0353, CVE-2009-0652, CVE-2009-0771, CVE-2009-0772, CVE-2009-0773, CVE-2009-0774, CVE-2009-0776, CVE-2009-1302, CVE-2009-1303, CVE-2009-1307, CVE-2009-1832, CVE-2009-1392, CVE-2009-1836, CVE-2009-1838, CVE-2009-1841, CVE-2009-1185, CVE-2009-0034, CVE-2009-0037, CVE-2009-1422, CVE-2009-1423, CVE-2009-1424, CVE-2009-1425, CVE-2009-1959
CERT: CB-K15/1514, DFN-CERT-2012-0731, DFN-CERT-2012-0627, DFN-CERT-2011-0700, DFN-CERT-2011-0329, DFN-CERT-2011-0103, DFN-CERT-2011-0102, DFN-CERT-2011-0075, DFN-CERT-2010-1665, DFN-CERT-2010-1647, DFN-CERT-2010-0125, DFN-CERT-2009-1725, DFN-CERT-2009-1602, DFN-CERT-2009-1593, DFN-CERT-2009-1507, DFN-CERT-2009-1493, DFN-CERT-2009-1350, DFN-CERT-2009-1288, DFN-CERT-2009-1231, DFN-CERT-2009-1225, DFN-CERT-2009-1224, DFN-CERT-2009-1208, DFN-CERT-2009-1188, DFN-CERT-2009-1170, DFN-CERT-2009-1148, DFN-CERT-2009-1144, DFN-CERT-2009-1137, DFN-CERT-2009-1126, DFN-CERT-2009-1116, DFN-CERT-2009-1101, DFN-CERT-2009-1081, DFN-CERT-2009-1062, DFN-CERT-2009-1050, DFN-CERT-2009-1047, DFN-CERT-2009-1032, DFN-CERT-2009-0986, DFN-CERT-2009-0795, DFN-CERT-2009-0598
Other: http://www.ubuntu.com/usn/usn-801-1/

general/tcp
High (CVSS: 10.0)
NVT: Ubuntu USN-728-1 (xulrunner-1.9) (OID: 1.3.6.1.4.1.25623.1.0.63510)
Summary

The remote host is missing an update to xulrunner-1.9 announced via advisory USN-728-1.

Vulnerability Detection Result
Package firefox-gnome-support version 3.0~b5+nobinonly-0ubuntu3 is installed which is known to be vulnerable.
Package xulrunner-1.9-gnome-support version 1.9~b5+nobinonly-0ubuntu3 is installed which is known to be vulnerable.
Package xulrunner-1.9 version 1.9~b5+nobinonly-0ubuntu3 is installed which is known to be vulnerable.
Solution

Solution type: VendorFix

The problem can be corrected by upgrading your system to the following package versions:

Ubuntu 8.04 LTS: firefox-3.0 3.0.7+nobinonly-0ubuntu0.8.04.1 xulrunner-1.9 1.9.0.7+nobinonly-0ubuntu0.8.04.1

Ubuntu 8.10: abrowser 3.0.7+nobinonly-0ubuntu0.8.10.1 firefox-3.0 3.0.7+nobinonly-0ubuntu0.8.10.1 xulrunner-1.9 1.9.0.7+nobinonly-0ubuntu0.8.10.1

After a standard system upgrade you need to restart Firefox and any applications that use xulrunner, such as Epiphany, to effect the necessary changes.

https://secure1.securityspace.com/smysecure/catid.html?in=USN-728-1

Vulnerability Insight

Glenn Randers-Pehrson discovered that the embedded libpng in Firefox did not properly initialize pointers. If a user were tricked into viewing a malicious website with a crafted PNG file, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2009-0040)

Martijn Wargers, Jesse Ruderman, Josh Soref, Gary Kwong, and Timothee Groleau discovered flaws in the browser engine. If a user were tricked into viewing a malicious website, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2009-0771, CVE-2009-0772, CVE-2009-0773, CVE-2009-0774)

A flaw was discovered in Firefox's garbage collection process. Under certain circumstances a remote attacker could exploit this to cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2009-0775)

Georgi Guninski discovered a flaw when Firefox performed a cross-domain redirect. An attacker could bypass the same-origin policy in Firefox by utilizing nsIRDFService and steal private data from users authenticated to the redirected website. (CVE-2009-0776)

Masahiro Yamada discovered that Firefox did not display control characters in the location bar. An attacker could exploit this to spoof the location bar, such as in a phishing attack. (CVE-2009-0777)

Vulnerability Detection Method

Details: Ubuntu USN-728-1 (xulrunner-1.9) (OID: 1.3.6.1.4.1.25623.1.0.63510)

Version used: $Revision: 7969 $

References

CVE: CVE-2009-0040, CVE-2009-0771, CVE-2009-0772, CVE-2009-0773, CVE-2009-0774, CVE-2009-0775, CVE-2009-0776, CVE-2009-0777
CERT: DFN-CERT-2012-0627, DFN-CERT-2009-1170
Other: http://www.ubuntu.com/usn/usn-728-1/

general/tcp
High (CVSS: 10.0)
NVT: Ubuntu USN-717-1 (xulrunner-1.9) (OID: 1.3.6.1.4.1.25623.1.0.63397)
Summary

The remote host is missing an update to xulrunner-1.9 announced via advisory USN-717-1.

Vulnerability Detection Result
Package firefox-gnome-support version 3.0~b5+nobinonly-0ubuntu3 is installed which is known to be vulnerable.
Package xulrunner-1.9-gnome-support version 1.9~b5+nobinonly-0ubuntu3 is installed which is known to be vulnerable.
Package xulrunner-1.9 version 1.9~b5+nobinonly-0ubuntu3 is installed which is known to be vulnerable.
Solution

Solution type: VendorFix

The problem can be corrected by upgrading your system to the following package versions:

Ubuntu 8.04 LTS: firefox-3.0 3.0.6+nobinonly-0ubuntu0.8.04.1 xulrunner-1.9 1.9.0.6+nobinonly-0ubuntu0.8.04.1

Ubuntu 8.10: abrowser 3.0.6+nobinonly-0ubuntu0.8.10.1 firefox-3.0 3.0.6+nobinonly-0ubuntu0.8.10.1 xulrunner-1.9 1.9.0.6+nobinonly-0ubuntu0.8.10.1

After a standard system upgrade you need to restart Firefox and any applications that use xulrunner, such as Epiphany, to effect the necessary changes.

https://secure1.securityspace.com/smysecure/catid.html?in=USN-717-1

Vulnerability Insight

Several flaws were discovered in the browser engine. These problems could allow an attacker to crash the browser and possibly execute arbitrary code with user privileges. (CVE-2009-0352, CVE-2009-0353)

A flaw was discovered in the JavaScript engine. An attacker could bypass the same-origin policy in Firefox by utilizing a chrome XBL method and execute arbitrary JavaScript within the context of another website. (CVE-2009-0354)

A flaw was discovered in the browser engine when restoring closed tabs. If a user were tricked into restoring a tab to a malicious website with form input controls, an attacker could steal local files on the user's system. (CVE-2009-0355)

Wladimir Palant discovered that Firefox did not restrict access to cookies in HTTP response headers. If a user were tricked into opening a malicious web page, a remote attacker could view sensitive information. (CVE-2009-0357)

Paul Nel discovered that Firefox did not honor certain Cache-Control HTTP directives. A local attacker could exploit this to view private data in improperly cached pages of another user. (CVE-2009-0358)

Vulnerability Detection Method

Details: Ubuntu USN-717-1 (xulrunner-1.9) (OID: 1.3.6.1.4.1.25623.1.0.63397)

Version used: $Revision: 7969 $

References

CVE: CVE-2009-0352, CVE-2009-0353, CVE-2009-0354, CVE-2009-0355, CVE-2009-0357, CVE-2009-0358
Other: http://www.ubuntu.com/usn/usn-717-1/

general/tcp
High (CVSS: 10.0)
NVT: Ubuntu Update for php5 vulnerabilities USN-628-1 (OID: 1.3.6.1.4.1.25623.1.0.840283)
Summary

Ubuntu Update for Linux kernel vulnerabilities USN-628-1

Vulnerability Detection Result
Package libapache2-mod-php5 version 5.2.4-2ubuntu5 is installed which is known to be vulnerable.
Solution

Solution type: VendorFix

Please Install the Updated Packages.

Affected Software/OS

php5 vulnerabilities on Ubuntu 6.06 LTS , Ubuntu 7.04 , Ubuntu 7.10 , Ubuntu 8.04 LTS

Vulnerability Insight

It was discovered that PHP did not properly check the length of the string parameter to the fnmatch function. An attacker could cause a denial of service in the PHP interpreter if a script passed untrusted input to the fnmatch function. (CVE-2007-4782)

Maksymilian Arciemowicz discovered a flaw in the cURL library that allowed safe_mode and open_basedir restrictions to be bypassed. If a PHP application were tricked into processing a bad file:// request, an attacker could read arbitrary files. (CVE-2007-4850) Rasmus Lerdorf discovered that the htmlentities and htmlspecialchars functions did not correctly stop when handling partial multibyte sequences. A remote attacker could exploit this to read certain areas of memory, possibly gaining access to sensitive information. This issue affects Ubuntu 8.04 LTS, and an updated fix is included for Ubuntu 6.06 LTS, 7.04 and 7.10. (CVE-2007-5898) It was discovered that the output_add_rewrite_var function would sometimes leak session id information to forms targeting remote URLs. Malicious remote sites could use this information to gain access to a PHP application user's login credentials. This issue only affects Ubuntu 8.04 LTS. (CVE-2007-5899) It was discovered that PHP did not properly calculate the length of PATH_TRANSLATED. If a PHP application were tricked into processing a malicious URI, and attacker may be able to execute arbitrary code with application privileges. (CVE-2008-0599) An integer overflow was discovered in the php_sprintf_appendstring function. Attackers could exploit this to cause a denial of service. (CVE-2008-1384) Andrei Nigmatulin discovered stack-based overflows in the FastCGI SAPI of PHP. An attacker may be able to leverage this issue to perform attacks against PHP applications. (CVE-2008-2050) It was discovered that the escapeshellcmd did not properly process multibyte characters. An attacker may be able to bypass quoting restrictions and possibly execute arbitrary code with application privileges. (CVE-2008-2051) It was discovered that the GENERATE_SEED macro produced a predictable seed under certain circumstances. Attackers may by able to easily predict the results of the rand and mt_rand functions. (CVE-2008-2107, CVE-2008-2108) Tavis Ormandy discovered that the PCRE library did not correctly handle certain in-pattern options. An attacker could cause PHP applications using pcre to crash, leading to a denial of service. USN-624-1 fixed vulnerabilities in ...

Description truncated, for more information please check the Reference URL

Vulnerability Detection Method

Details: Ubuntu Update for php5 vulnerabilities USN-628-1 (OID: 1.3.6.1.4.1.25623.1.0.840283)

Version used: $Revision: 7969 $

References

CVE: CVE-2007-4782, CVE-2007-4850, CVE-2007-5898, CVE-2007-5899, CVE-2008-0599, CVE-2008-1384, CVE-2008-2050, CVE-2008-2051, CVE-2008-2107, CVE-2008-2108, CVE-2008-2371, CVE-2008-2829
CERT: DFN-CERT-2010-0075, DFN-CERT-2009-1497
Other: http://www.ubuntu.com/usn/usn-628-1/
USN:628-1

general/tcp
High (CVSS: 10.0)
NVT: Ubuntu USN-744-1 (lcms) (OID: 1.3.6.1.4.1.25623.1.0.64170)
Summary

The remote host is missing an update to lcms announced via advisory USN-744-1.

Vulnerability Detection Result
Package liblcms1 version 1.16-7ubuntu1 is installed which is known to be vulnerable.
Package libicu38 version 3.8-6 is installed which is known to be vulnerable.
Solution

Solution type: VendorFix

The problem can be corrected by upgrading your system to the following package versions:

Ubuntu 6.06 LTS: liblcms1 1.13-1ubuntu0.2

Ubuntu 7.10: liblcms1 1.16-5ubuntu3.2 python-liblcms 1.16-5ubuntu3.2

Ubuntu 8.04 LTS: liblcms1 1.16-7ubuntu1.2 python-liblcms 1.16-7ubuntu1.2

Ubuntu 8.10: liblcms1 1.16-10ubuntu0.2 python-liblcms 1.16-10ubuntu0.2

In general, a standard system upgrade is sufficient to effect the necessary changes.

https://secure1.securityspace.com/smysecure/catid.html?in=USN-744-1

Vulnerability Insight

Chris Evans discovered that LittleCMS did not properly handle certain error conditions, resulting in a large memory leak. If a user or automated system were tricked into processing an image with malicious ICC tags, a remote attacker could cause a denial of service. (CVE-2009-0581)

Chris Evans discovered that LittleCMS contained multiple integer overflows. If a user or automated system were tricked into processing an image with malicious ICC tags, a remote attacker could crash applications linked against liblcms1, leading to a denial of service, or possibly execute arbitrary code with user privileges. (CVE-2009-0723)

Chris Evans discovered that LittleCMS did not properly perform bounds checking, leading to a buffer overflow. If a user or automated system were tricked into processing an image with malicious ICC tags, a remote attacker could execute arbitrary code with user privileges. (CVE-2009-0733)

Vulnerability Detection Method

Details: Ubuntu USN-744-1 (lcms) (OID: 1.3.6.1.4.1.25623.1.0.64170)

Version used: $Revision: 7969 $

References

CVE: CVE-2009-0581, CVE-2009-0723, CVE-2009-0733, CVE-2009-0920, CVE-2009-0921, CVE-2009-0927, CVE-2009-0207, CVE-2009-0928, CVE-2009-0193, CVE-2009-0629, CVE-2009-0626, CVE-2009-0628, CVE-2009-0635, CVE-2009-0633, CVE-2009-0634, CVE-2009-0637, CVE-2009-0784, CVE-2009-0698, CVE-2008-5239, CVE-2008-1036, CVE-2008-4316, CVE-2006-2426, CVE-2009-1093, CVE-2009-1094, CVE-2009-1095, CVE-2009-1096, CVE-2009-1097, CVE-2009-1098, CVE-2009-1100, CVE-2009-1101, CVE-2009-1102
CERT: DFN-CERT-2013-0744, DFN-CERT-2010-0300, DFN-CERT-2010-0144, DFN-CERT-2009-1709, DFN-CERT-2009-1615, DFN-CERT-2009-1614, DFN-CERT-2009-1481, DFN-CERT-2009-1076, DFN-CERT-2009-1046, DFN-CERT-2009-0682, DFN-CERT-2009-0398, DFN-CERT-2009-0397
Other: http://www.ubuntu.com/usn/usn-744-1/

general/tcp
High (CVSS: 10.0)
NVT: Ubuntu USN-861-1 (libvorbis) (OID: 1.3.6.1.4.1.25623.1.0.66337)
Summary

The remote host is missing an update to libvorbis announced via advisory USN-861-1.

Vulnerability Detection Result
Package libvorbis0a version 1.2.0.dfsg-2 is installed which is known to be vulnerable.
Package libvorbisenc2 version 1.2.0.dfsg-2 is installed which is known to be vulnerable.
Package libvorbisfile3 version 1.2.0.dfsg-2 is installed which is known to be vulnerable.
Solution

Solution type: VendorFix

The problem can be corrected by upgrading your system to the following package versions:

Ubuntu 8.04 LTS: libvorbis0a 1.2.0.dfsg-2ubuntu0.3

Ubuntu 8.10: libvorbis0a 1.2.0.dfsg-3.1ubuntu0.8.10.2

Ubuntu 9.04: libvorbis0a 1.2.0.dfsg-3.1ubuntu0.9.04.2

Ubuntu 9.10: libvorbis0a 1.2.0.dfsg-6ubuntu0.1

After a standard system upgrade you need to restart any applications that use libvorbis, such as Totem and gtkpod, to effect the necessary changes.

https://secure1.securityspace.com/smysecure/catid.html?in=USN-861-1

Vulnerability Insight

It was discovered that libvorbis did not correctly handle ogg files with underpopulated Huffman trees. If a user were tricked into opening a specially crafted ogg file with an application that uses libvorbis, an attacker could cause a denial of service. (CVE-2008-2009)

It was discovered that libvorbis did not correctly handle certain malformed ogg files. If a user were tricked into opening a specially crafted ogg file with an application that uses libvorbis, an attacker could cause a denial of service or possibly execute arbitrary code with the user's privileges. (CVE-2009-3379)

Vulnerability Detection Method

Details: Ubuntu USN-861-1 (libvorbis) (OID: 1.3.6.1.4.1.25623.1.0.66337)

Version used: $Revision: 7969 $

References

CVE: CVE-2008-2009, CVE-2009-3379
CERT: DFN-CERT-2012-0621, DFN-CERT-2010-0763, DFN-CERT-2010-0726, DFN-CERT-2009-1661, DFN-CERT-2009-1650, DFN-CERT-2009-1591, DFN-CERT-2009-1577, DFN-CERT-2009-1564, DFN-CERT-2009-1554
Other: http://www.ubuntu.com/usn/usn-861-1/

general/tcp
High (CVSS: 10.0)
NVT: Adobe Flash Player Multiple Vulnerabilities-01 July13 (Linux) (OID: 1.3.6.1.4.1.25623.1.0.803833)
Summary

This host is installed with Adobe Flash Player and is prone to multiple vulnerabilities.

Vulnerability Detection Result

Vulnerability was detected according to the Vulnerability Detection Method.

Impact

Successful exploitation will allow remote attackers to execute arbitrary code on the target system will cause heap-based buffer overflow or cause memory corruption via unspecified vectors.

Solution

Solution type: VendorFix

Update to Adobe Flash Player version 11.2.202.297 or later, For updates refer to http://get.adobe.com/flashplayer

Affected Software/OS

Adobe Flash Player before 11.2.202.297 on Linux

Vulnerability Insight

Multiple unspecified error exists and an integer overflow error exists when resampling a PCM buffer.

Vulnerability Detection Method

Get the installed version with the help of detect NVT and check the version is vulnerable or not.

Details: Adobe Flash Player Multiple Vulnerabilities-01 July13 (Linux) (OID: 1.3.6.1.4.1.25623.1.0.803833)

Version used: $Revision: 6104 $

References

CVE: CVE-2013-3347, CVE-2013-3345, CVE-2013-3344
BID: 61048, 61045, 61043
CERT: DFN-CERT-2013-1322, DFN-CERT-2013-1292, DFN-CERT-2013-1275, DFN-CERT-2013-1270
Other: http://secunia.com/advisories/53975
http://www.adobe.com/support/security/bulletins/apsb13-17.html

general/tcp
High (CVSS: 10.0)
NVT: Adobe Flash Player Remote Code Execution Vulnerability -June13 (Linux) (OID: 1.3.6.1.4.1.25623.1.0.803662)
Summary

This host is installed with Adobe Flash Player and is prone to remote code execution vulnerability.

Vulnerability Detection Result

Vulnerability was detected according to the Vulnerability Detection Method.

Impact

Successful exploitation will allow remote attackers to execute arbitrary code on the target system or cause a denial of service (memory corruption) via unspecified vectors. Impact Level: System/Application

Solution

Solution type: VendorFix

Update to Adobe Flash Player 10.3.183.90 or 11.2.202.291 or later For updates refer to http://get.adobe.com/flashplayer

Affected Software/OS

Adobe Flash Player version 10.3.183.86 and earlier and 11.x to 11.2.202.285 on Linux

Vulnerability Insight

Unspecified flaw due to improper sanitization of user-supplied input.

Vulnerability Detection Method

Details: Adobe Flash Player Remote Code Execution Vulnerability -June13 (Linux) (OID: 1.3.6.1.4.1.25623.1.0.803662)

Version used: $Revision: 6065 $

References

CVE: CVE-2013-3343
BID: 60478
CERT: DFN-CERT-2013-1219, DFN-CERT-2013-1192, DFN-CERT-2013-1161, DFN-CERT-2013-1119, DFN-CERT-2013-1118
Other: http://secunia.com/advisories/53751
http://www.adobe.com/support/security/bulletins/apsb13-16.html

general/tcp
High (CVSS: 10.0)
NVT: Ubuntu Update for apt USN-1215-1 (OID: 1.3.6.1.4.1.25623.1.0.840752)
Summary

Ubuntu Update for Linux kernel vulnerabilities USN-1215-1

Vulnerability Detection Result
Package apt version 0.7.9ubuntu17 is installed which is known to be vulnerable.
Solution

Solution type: VendorFix

Please Install the Updated Packages.

Affected Software/OS

apt on Ubuntu 11.04 , Ubuntu 10.10 , Ubuntu 10.04 LTS , Ubuntu 8.04 LTS

Vulnerability Insight

It was discovered that the apt-key utility incorrectly verified GPG keys when downloaded via the net-update option. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could potentially be used to install altered packages. This update corrects the issue by disabling the net-update option completely. A future update will re-enable the option with corrected verification.

Vulnerability Detection Method

Details: Ubuntu Update for apt USN-1215-1 (OID: 1.3.6.1.4.1.25623.1.0.840752)

Version used: $Revision: 7964 $

References

Other: http://www.ubuntu.com/usn/usn-1215-1/
USN:1215-1

general/tcp
High (CVSS: 10.0)
NVT: Adobe Flash Player Code Execution and DoS Vulnerabilities Nov13 (Linux) (OID: 1.3.6.1.4.1.25623.1.0.804147)
Summary

This host is installed with Adobe Flash Player and is prone to remote code execution and denial of service vulnerabilities.

Vulnerability Detection Result

Vulnerability was detected according to the Vulnerability Detection Method.

Impact

Successful exploitation will allow attackers to execute arbitrary code, cause denial of service (memory corruption) and compromise a user's system.

Impact Level: System/Application

Solution

Solution type: VendorFix

Update to Adobe Flash Player version 11.2.202.327 or later. For updates refer to http://get.adobe.com/flashplayer

Affected Software/OS

Adobe Flash Player before version 11.2.202.327 on Linux

Vulnerability Insight

Flaws are due to unspecified errors.

Vulnerability Detection Method

Get the installed version with the help of detect NVT and check the version is vulnerable or not.

Details: Adobe Flash Player Code Execution and DoS Vulnerabilities Nov13 (Linux) (OID: 1.3.6.1.4.1.25623.1.0.804147)

Version used: $Revision: 6115 $

References

CVE: CVE-2013-5329, CVE-2013-5330
BID: 63680, 63680
CERT: CB-K13/0910, DFN-CERT-2013-1930
Other: http://secunia.com/advisories/55527
http://www.adobe.com/support/security/bulletins/apsb13-26.html

general/tcp
High (CVSS: 10.0)
NVT: Ubuntu Update for net-snmp vulnerabilities USN-685-1 (OID: 1.3.6.1.4.1.25623.1.0.840244)
Summary

Ubuntu Update for Linux kernel vulnerabilities USN-685-1

Vulnerability Detection Result
Package libsnmp15 version 5.4.1~dfsg-4ubuntu4 is installed which is known to be vulnerable.
Solution

Solution type: VendorFix

Please Install the Updated Packages.

Affected Software/OS

net-snmp vulnerabilities on Ubuntu 6.06 LTS , Ubuntu 7.10 , Ubuntu 8.04 LTS , Ubuntu 8.10

Vulnerability Insight

Wes Hardaker discovered that the SNMP service did not correctly validate HMAC authentication requests. An unauthenticated remote attacker could send specially crafted SNMPv3 traffic with a valid username and gain access to the user's views without a valid authentication passphrase. (CVE-2008-0960)

John Kortink discovered that the Net-SNMP Perl module did not correctly check the size of returned values. If a user or automated system were tricked into querying a malicious SNMP server, the application using the Perl module could be made to crash, leading to a denial of service. This did not affect Ubuntu 8.10. (CVE-2008-2292) It was discovered that the SNMP service did not correctly handle large GETBULK requests. If an unauthenticated remote attacker sent a specially crafted request, the SNMP service could be made to crash, leading to a denial of service. (CVE-2008-4309)

Vulnerability Detection Method

Details: Ubuntu Update for net-snmp vulnerabilities USN-685-1 (OID: 1.3.6.1.4.1.25623.1.0.840244)

Version used: $Revision: 7969 $

References

CVE: CVE-2008-0960, CVE-2008-2292, CVE-2008-4309
CERT: DFN-CERT-2009-1129, DFN-CERT-2009-0794
Other: http://www.ubuntu.com/usn/usn-685-1/
USN:685-1

general/tcp
High (CVSS: 10.0)
NVT: Adobe Flash Player Security Updates( apsb16-32 )-Linux (OID: 1.3.6.1.4.1.25623.1.0.809442)
Summary

This host is installed with Adobe Flash Player and is prone to multiple vulnerabilities.

Vulnerability Detection Result
Installed version: 10.3.183.68
Fixed version:     11.2.202.637
Impact

Successful exploitation of this vulnerability will allow remote attackers lead to code execution.

Impact Level: System/Application.

Solution

Solution type: VendorFix

Upgrade to Adobe Flash Player version 11.2.202.637 or later. For updates refer to http://get.adobe.com/flashplayer

Affected Software/OS

Adobe Flash Player version before 11.2.202.637 on Linux.

Vulnerability Insight

The multiple flaws exists due to, - a type confusion vulnerability. - use-after-free vulnerabilities. - memory corruption vulnerabilities.

Vulnerability Detection Method

Get the installed version with the help of detect NVT and check the version is vulnerable or not.

Details: Adobe Flash Player Security Updates( apsb16-32 )-Linux (OID: 1.3.6.1.4.1.25623.1.0.809442)

Version used: $Revision: 5675 $

References

CVE: CVE-2016-4273, CVE-2016-4286, CVE-2016-6981, CVE-2016-6982, CVE-2016-6983, CVE-2016-6984, CVE-2016-6985, CVE-2016-6986, CVE-2016-6987, CVE-2016-6989, CVE-2016-6990, CVE-2016-6992
BID: 93490, 93497, 93492
CERT: CB-K16/1573, DFN-CERT-2016-1671
Other: https://helpx.adobe.com/security/products/flash-player/apsb16-32.html

general/tcp
High (CVSS: 10.0)
NVT: Ubuntu USN-821-1 (xulrunner-1.9) (OID: 1.3.6.1.4.1.25623.1.0.64889)
Summary

The remote host is missing an update to xulrunner-1.9 announced via advisory USN-821-1.

Vulnerability Detection Result
Package firefox-gnome-support version 3.0~b5+nobinonly-0ubuntu3 is installed which is known to be vulnerable.
Package xulrunner-1.9-gnome-support version 1.9~b5+nobinonly-0ubuntu3 is installed which is known to be vulnerable.
Package xulrunner-1.9 version 1.9~b5+nobinonly-0ubuntu3 is installed which is known to be vulnerable.
Solution

Solution type: VendorFix

The problem can be corrected by upgrading your system to the following package versions:

Ubuntu 8.04 LTS: firefox-3.0 3.0.14+build2+nobinonly-0ubuntu0.8.04.1 xulrunner-1.9 1.9.0.14+build2+nobinonly-0ubuntu0.8.04.1

Ubuntu 8.10: abrowser 3.0.14+build2+nobinonly-0ubuntu0.8.10.1 firefox-3.0 3.0.14+build2+nobinonly-0ubuntu0.8.10.1 xulrunner-1.9 1.9.0.14+build2+nobinonly-0ubuntu0.8.10.1

Ubuntu 9.04: abrowser 3.0.14+build2+nobinonly-0ubuntu0.9.04.1 firefox-3.0 3.0.14+build2+nobinonly-0ubuntu0.9.04.1 xulrunner-1.9 1.9.0.14+build2+nobinonly-0ubuntu0.9.04.1

After a standard system upgrade you need to restart Firefox and any applications that use xulrunner, such as Epiphany, to effect the necessary changes.

https://secure1.securityspace.com/smysecure/catid.html?in=USN-821-1

Vulnerability Insight

Several flaws were discovered in the Firefox browser and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2009-3070, CVE-2009-3071, CVE-2009-3072, CVE-2009-3074, CVE-2009-3075)

Jesse Ruderman and Dan Kaminsky discovered that Firefox did not adequately inform users when security modules were added or removed via PKCS11. If a user visited a malicious website, an attacker could exploit this to trick the user into installing a malicious PKCS11 module. (CVE-2009-3076)

It was discovered that Firefox did not properly manage memory when using XUL tree elements. If a user were tricked into viewing a malicious website, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2009-3077)

Juan Pablo Lopez Yacubian discovered that Firefox did properly display certain Unicode characters in the location bar and other text fields when using a certain non-Ubuntu font. If a user configured Firefox to use this font, an attacker could exploit this to spoof the location bar, such as in a phishing attack. (CVE-2009-3078)

It was discovered that the BrowserFeedWriter in Firefox could be subverted to run JavaScript code from web content with elevated chrome privileges. If a user were tricked into viewing a malicious website, an attacker could exploit this to execute arbitrary code with the privileges of the user invoking the program. (CVE-2009-3079)

Vulnerability Detection Method

Details: Ubuntu USN-821-1 (xulrunner-1.9) (OID: 1.3.6.1.4.1.25623.1.0.64889)

Version used: $Revision: 7969 $

References

CVE: CVE-2009-3070, CVE-2009-3071, CVE-2009-3072, CVE-2009-3074, CVE-2009-3075, CVE-2009-3076, CVE-2009-3077, CVE-2009-3078, CVE-2009-3079
CERT: DFN-CERT-2010-0775, DFN-CERT-2010-0593, DFN-CERT-2010-0584, DFN-CERT-2010-0461, DFN-CERT-2010-0369, DFN-CERT-2009-1491, DFN-CERT-2009-1477, DFN-CERT-2009-1324, DFN-CERT-2009-1300, DFN-CERT-2009-1299, DFN-CERT-2009-1291, DFN-CERT-2009-1290, DFN-CERT-2009-1276, DFN-CERT-2009-1275, DFN-CERT-2009-1274
Other: http://www.ubuntu.com/usn/usn-821-1/

general/tcp
High (CVSS: 10.0)
NVT: Ubuntu Update for firefox regression USN-930-3 (OID: 1.3.6.1.4.1.25623.1.0.840454)
Summary

Ubuntu Update for Linux kernel vulnerabilities USN-930-3

Vulnerability Detection Result
Package firefox-gnome-support version 3.0~b5+nobinonly-0ubuntu3 is installed which is known to be vulnerable.
Solution

Solution type: VendorFix

Please Install the Updated Packages.

Affected Software/OS

firefox regression on Ubuntu 8.04 LTS

Vulnerability Insight

USN-930-1 fixed vulnerabilities in Firefox. Due to a software packaging problem, the Firefox 3.6 update could not be installed when the firefox-2 package was also installed. This update fixes the problem and updates apturl for the change.

Original advisory details: If was discovered that Firefox could be made to access freed memory. If a user were tricked into viewing a malicious site, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. This issue only affected Ubuntu 8.04 LTS. (CVE-2010-1121) Several flaws were discovered in the browser engine of Firefox. If a user were tricked into viewing a malicious site, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2010-1200, CVE-2010-1201, CVE-2010-1202, CVE-2010-1203) A flaw was discovered in the way plugin instances interacted. An attacker could potentially exploit this and use one plugin to access freed memory from a second plugin to execute arbitrary code with the privileges of the user invoking the program. (CVE-2010-1198) An integer overflow was discovered in Firefox. If a user were tricked into viewing a malicious site, an attacker could overflow a buffer and cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2010-1196) Martin Barbella discovered an integer overflow in an XSLT node sorting routine. An attacker could exploit this to overflow a buffer and cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2010-1199) Michal Zalewski discovered that the focus behavior of Firefox could be subverted. If a user were tricked into viewing a malicious site, a remote attacker could use this to capture keystrokes. (CVE-2010-1125) Ilja van Sprundel discovered that the 'Content-Disposition: attachment' HTTP header was ignored when 'Content-Type: multipart' was also present. Under certain circumstances, this could potentially lead to cross-site scripting attacks. (CVE-2010-1197) Amit Klein discovered that Firefox did not seed its random number generator often enough. An attacker could exploit this to identify and track users across different web sites. (CVE-2008-5913)

Vulnerability Detection Method

Details: Ubuntu Update for firefox regression USN-930-3 (OID: 1.3.6.1.4.1.25623.1.0.840454)

Version used: $Revision: 8510 $

References

CVE: CVE-2010-1121, CVE-2010-1200, CVE-2010-1201, CVE-2010-1202, CVE-2010-1203, CVE-2010-1198, CVE-2010-1196, CVE-2010-1199, CVE-2010-1125, CVE-2010-1197, CVE-2008-5913
CERT: DFN-CERT-2010-1745, DFN-CERT-2010-0934, DFN-CERT-2010-0928, DFN-CERT-2010-0926, DFN-CERT-2010-0880, DFN-CERT-2010-0831, DFN-CERT-2010-0830, DFN-CERT-2010-0828, DFN-CERT-2010-0827, DFN-CERT-2010-0823, DFN-CERT-2010-0819, DFN-CERT-2010-0818, DFN-CERT-2010-0817, DFN-CERT-2010-0497
Other: http://www.ubuntu.com/usn/usn-930-3/
USN:930-3

general/tcp
High (CVSS: 10.0)
NVT: Adobe Flash Player Security Updates( apsb17-04 )-Linux (OID: 1.3.6.1.4.1.25623.1.0.810552)
Summary

This host is installed with Adobe Flash Player and is prone to multiple vulnerabilities.

Vulnerability Detection Result
Installed version: 10.3.183.68
Fixed version:     24.0.0.221
Impact

Successful exploitation of this vulnerabilities will allow remote attackers to execute arbitrary code on the target user's system and that could potentially allow an attacker to take control of the affected system.

Impact Level: System/Application

Solution

Solution type: VendorFix

Upgrade to Adobe Flash Player version 24.0.0.221 or later. For updates refer to http://get.adobe.com/flashplayer

Affected Software/OS

Adobe Flash Player version before 24.0.0.221 on Linux.

Vulnerability Insight

The multiple flaws exists due to, - A type confusion vulnerability. - Multiple use-after-free vulnerabilities. - An integer overflow vulnerability. - Multiple heap buffer overflow vulnerabilities. - Multiple memory corruption vulnerabilities.

Vulnerability Detection Method

Get the installed version with the help of detect NVT and check the version is vulnerable or not.

Details: Adobe Flash Player Security Updates( apsb17-04 )-Linux (OID: 1.3.6.1.4.1.25623.1.0.810552)

Version used: $Revision: 5301 $

References

CVE: CVE-2017-2982, CVE-2017-2984, CVE-2017-2985, CVE-2017-2986, CVE-2017-2987, CVE-2017-2988, CVE-2017-2990, CVE-2017-2991, CVE-2017-2992, CVE-2017-2993, CVE-2017-2994, CVE-2017-2995, CVE-2017-2996
CERT: CB-K17/0262, DFN-CERT-2017-0268
Other: https://helpx.adobe.com/security/products/flash-player/apsb17-04.html

general/tcp
High (CVSS: 10.0)
NVT: Pidgin MSN SLP Packets Denial Of Service Vulnerability (Linux) (OID: 1.3.6.1.4.1.25623.1.0.900920)
Summary

This host has Pidgin installed and is prone to Denial of Service vulnerability.

Vulnerability Detection Result
Installed version: 2.4.1
Fixed version:     2.5.9
Impact

Attackers can exploit this issue to execute arbitrary code, corrupt memory and cause the application to crash.

Impact Level: Application

Solution

Solution type: VendorFix

Upgrade to Pidgin version 2.5.9 http://pidgin.im/download

Affected Software/OS

Pidgin version prior to 2.5.9 on Linux.

Vulnerability Insight

An error in the 'msn_slplink_process_msg()' function while processing malformed MSN SLP packets which can be exploited to overwrite an arbitrary memory location.

Vulnerability Detection Method

Details: Pidgin MSN SLP Packets Denial Of Service Vulnerability (Linux) (OID: 1.3.6.1.4.1.25623.1.0.900920)

Version used: $Revision: 5122 $

References

CVE: CVE-2009-2694
BID: 36071
CERT: DFN-CERT-2009-1707, DFN-CERT-2009-1292, DFN-CERT-2009-1283, DFN-CERT-2009-1191, DFN-CERT-2009-1173, DFN-CERT-2009-1164, DFN-CERT-2009-1154
Other: http://secunia.com/advisories/36384
http://www.pidgin.im/news/security/?id=34
http://www.vupen.com/english/advisories/2009/2303

general/tcp
High (CVSS: 10.0)
NVT: Ubuntu USN-798-1 (xulrunner-1.9) (OID: 1.3.6.1.4.1.25623.1.0.64487)
Summary

The remote host is missing an update to xulrunner-1.9 announced via advisory USN-798-1.

Vulnerability Detection Result
Package firefox-gnome-support version 3.0~b5+nobinonly-0ubuntu3 is installed which is known to be vulnerable.
Package xulrunner-1.9-gnome-support version 1.9~b5+nobinonly-0ubuntu3 is installed which is known to be vulnerable.
Package xulrunner-1.9 version 1.9~b5+nobinonly-0ubuntu3 is installed which is known to be vulnerable.
Solution

Solution type: VendorFix

The problem can be corrected by upgrading your system to the following package versions:

Ubuntu 8.04 LTS: firefox-3.0 3.0.12+build1+nobinonly-0ubuntu0.8.04.1 xulrunner-1.9 1.9.0.12+build1+nobinonly-0ubuntu0.8.04.1

Ubuntu 8.10: abrowser 3.0.12+build1+nobinonly-0ubuntu0.8.10.1 firefox-3.0 3.0.12+build1+nobinonly-0ubuntu0.8.10.1 xulrunner-1.9 1.9.0.12+build1+nobinonly-0ubuntu0.8.10.2

Ubuntu 9.04: abrowser 3.0.12+build1+nobinonly-0ubuntu0.9.04.1 firefox-3.0 3.0.12+build1+nobinonly-0ubuntu0.9.04.1 xulrunner-1.9 1.9.0.12+build1+nobinonly-0ubuntu0.9.04.1

After a standard system upgrade you need to restart Firefox and any applications that use xulrunner, such as Epiphany, to effect the necessary changes.

https://secure1.securityspace.com/smysecure/catid.html?in=USN-798-1

Vulnerability Insight

Several flaws were discovered in the Firefox browser and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2009-2462, CVE-2009-2463, CVE-2009-2464, CVE-2009-2465, CVE-2009-2466, CVE-2009-2469)

Attila Suszter discovered a flaw in the way Firefox processed Flash content. If a user were tricked into viewing and navigating within a specially crafted Flash object, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2009-2467)

It was discovered that Firefox did not properly handle some SVG content. An attacker could exploit this to cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2009-2469)

A flaw was discovered in the JavaScript engine. If a user were tricked into viewing a malicious website, an attacker could exploit this perform cross-site scripting attacks. (CVE-2009-2472)

Vulnerability Detection Method

Details: Ubuntu USN-798-1 (xulrunner-1.9) (OID: 1.3.6.1.4.1.25623.1.0.64487)

Version used: $Revision: 7969 $

References

CVE: CVE-2009-2462, CVE-2009-2463, CVE-2009-2464, CVE-2009-2465, CVE-2009-2466, CVE-2009-2467, CVE-2009-2469, CVE-2009-2472
CERT: DFN-CERT-2010-0775, DFN-CERT-2010-0593, DFN-CERT-2010-0584, DFN-CERT-2010-0461, DFN-CERT-2010-0369, DFN-CERT-2009-1574, DFN-CERT-2009-1187, DFN-CERT-2009-1071, DFN-CERT-2009-1062, DFN-CERT-2009-1032
Other: http://www.ubuntu.com/usn/usn-798-1/

general/tcp
High (CVSS: 10.0)
NVT: Ubuntu USN-762-1 (apt) (OID: 1.3.6.1.4.1.25623.1.0.63897)
Summary

The remote host is missing an update to apt announced via advisory USN-762-1.

Vulnerability Detection Result
Package apt-utils version 0.7.9ubuntu17 is installed which is known to be vulnerable.
Package apt version 0.7.9ubuntu17 is installed which is known to be vulnerable.
Solution

Solution type: VendorFix

The problem can be corrected by upgrading your system to the following package versions:

Ubuntu 6.06 LTS: apt 0.6.43.3ubuntu3.1

Ubuntu 8.04 LTS: apt 0.7.9ubuntu17.2

Ubuntu 8.10: apt 0.7.14ubuntu6.1

In general, a standard system upgrade is sufficient to effect the necessary changes.

https://secure1.securityspace.com/smysecure/catid.html?in=USN-762-1

Vulnerability Insight

Alexandre Martani discovered that the APT daily cron script did not check the return code of the date command. If a machine is configured for automatic updates and is in a time zone where DST occurs at midnight, under certain circumstances automatic updates might not be applied and could become permanently disabled. (CVE-2009-1300)

Michael Casadevall discovered that APT did not properly verify repositories signed with a revoked or expired key. If a repository were signed with only an expired or revoked key and the signature was otherwise valid, APT would consider the repository valid. (https://launchpad.net/bugs/356012)

Vulnerability Detection Method

Details: Ubuntu USN-762-1 (apt) (OID: 1.3.6.1.4.1.25623.1.0.63897)

Version used: $Revision: 7969 $

References

CVE: CVE-2009-1300
Other: http://www.ubuntu.com/usn/usn-762-1/

general/tcp
High (CVSS: 10.0)
NVT: Ubuntu Update for php5 vulnerabilities USN-882-1 (OID: 1.3.6.1.4.1.25623.1.0.840366)
Summary

Ubuntu Update for Linux kernel vulnerabilities USN-882-1

Vulnerability Detection Result
Package libapache2-mod-php5 version 5.2.4-2ubuntu5 is installed which is known to be vulnerable.
Solution

Solution type: VendorFix

Please Install the Updated Packages.

Affected Software/OS

php5 vulnerabilities on Ubuntu 6.06 LTS , Ubuntu 8.04 LTS , Ubuntu 8.10 , Ubuntu 9.04 , Ubuntu 9.10

Vulnerability Insight

Maksymilian Arciemowicz discovered that PHP did not properly handle the ini_restore function. An attacker could exploit this issue to obtain random memory contents or to cause the PHP server to crash, resulting in a denial of service. (CVE-2009-2626)

It was discovered that the htmlspecialchars function did not properly handle certain character sequences, which could result in browsers becoming vulnerable to cross-site scripting attacks when processing the output. With cross-site scripting vulnerabilities, if a user were tricked into viewing server output during a crafted server request, a remote attacker could exploit this to modify the contents, or steal confidential data (such as passwords), within the same domain. (CVE-2009-4142) Stefan Esser discovered that PHP did not properly handle session data. An attacker could exploit this issue to bypass safe_mode or open_basedir restrictions. (CVE-2009-4143)

Vulnerability Detection Method

Details: Ubuntu Update for php5 vulnerabilities USN-882-1 (OID: 1.3.6.1.4.1.25623.1.0.840366)

Version used: $Revision: 8440 $

References

CVE: CVE-2009-2626, CVE-2009-4142, CVE-2009-4143
CERT: DFN-CERT-2010-1227, DFN-CERT-2010-0265, DFN-CERT-2010-0263, DFN-CERT-2010-0253, DFN-CERT-2010-0143, DFN-CERT-2010-0140, DFN-CERT-2010-0075, DFN-CERT-2010-0074, DFN-CERT-2010-0073, DFN-CERT-2010-0060, DFN-CERT-2009-1652
Other: http://www.ubuntu.com/usn/usn-882-1/
USN:882-1

general/tcp
High (CVSS: 10.0)
NVT: Adobe Flash Player Security Updates( apsb16-36 )-Linux (OID: 1.3.6.1.4.1.25623.1.0.809463)
Summary

This host is installed with Adobe Flash Player and is prone to multiple vulnerabilities.

Vulnerability Detection Result
Installed version: 10.3.183.68
Fixed version:     11.2.202.643
Impact

Successful exploitation of this vulnerability will allow remote attackers to take control of the affected system.

Impact Level: System/Application.

Solution

Solution type: VendorFix

Upgrade to Adobe Flash Player version 11.2.202.643 or later. For updates refer to http://get.adobe.com/flashplayer

Affected Software/OS

Adobe Flash Player version before 11.2.202.643 on Linux.

Vulnerability Insight

The Flaw exists due to, a use-after-free vulnerability

Vulnerability Detection Method

Get the installed version with the help of detect NVT and check the version is vulnerable or not.

Details: Adobe Flash Player Security Updates( apsb16-36 )-Linux (OID: 1.3.6.1.4.1.25623.1.0.809463)

Version used: $Revision: 5513 $

References

CVE: CVE-2016-7855
CERT: CB-K16/1666, DFN-CERT-2016-1766
Other: https://helpx.adobe.com/security/products/flash-player/apsb16-36.html

general/tcp
High (CVSS: 10.0)
NVT: Ubuntu Update for samba USN-1423-1 (OID: 1.3.6.1.4.1.25623.1.0.840980)
Summary

Ubuntu Update for Linux kernel vulnerabilities USN-1423-1

Vulnerability Detection Result
Package samba version 3.0.28a-1ubuntu4 is installed which is known to be vulnerable.
Solution

Solution type: VendorFix

Please Install the Updated Packages.

Affected Software/OS

samba on Ubuntu 11.10 , Ubuntu 11.04 , Ubuntu 10.04 LTS , Ubuntu 8.04 LTS

Vulnerability Insight

Brian Gorenc discovered that Samba incorrectly calculated array bounds when handling remote procedure calls (RPC) over the network. A remote, unauthenticated attacker could exploit this to execute arbitrary code as the root user. (CVE-2012-1182)

Vulnerability Detection Method

Details: Ubuntu Update for samba USN-1423-1 (OID: 1.3.6.1.4.1.25623.1.0.840980)

Version used: $Revision: 7960 $

References

CVE: CVE-2012-1182
CERT: DFN-CERT-2013-0359, DFN-CERT-2013-0351, DFN-CERT-2012-1172, DFN-CERT-2012-1111, DFN-CERT-2012-0986, DFN-CERT-2012-0950, DFN-CERT-2012-0929, DFN-CERT-2012-0850, DFN-CERT-2012-0764, DFN-CERT-2012-0748, DFN-CERT-2012-0730, DFN-CERT-2012-0727, DFN-CERT-2012-0726, DFN-CERT-2012-0721, DFN-CERT-2012-0720, DFN-CERT-2012-0719, DFN-CERT-2012-0718, DFN-CERT-2012-0713, DFN-CERT-2012-0666, DFN-CERT-2012-0665, DFN-CERT-2012-0657
Other: http://www.ubuntu.com/usn/usn-1423-1/
USN:1423-1

general/tcp
High (CVSS: 10.0)
NVT: Adobe Flash Player Multiple Vulnerabilities -01 Aug15 (Linux) (OID: 1.3.6.1.4.1.25623.1.0.805956)
Summary

This host is installed with Adobe Flash Player and is prone to multiple vulnerabilities.

Vulnerability Detection Result
Installed version: 10.3.183.68
Fixed version:     11.2.202.508
Impact

Successful exploitation will allow remote attackers to conduct denial of service attack, execute arbitrary code in the context of the affected user and possibly have other unspecified impact.

Impact Level: System/Application.

Solution

Solution type: VendorFix

Upgrade to Adobe Flash Player version 11.2.202.508 or later. For updates refer to http://get.adobe.com/flashplayer

Affected Software/OS

Adobe Flash Player before version 11.2.202.508 on Linux.

Vulnerability Insight

Multiple flaws exist due to multiple type confusion errors, a vector-length corruption error, multiple use-after-free errors, multiple heap buffer overflow errors, multiple buffer overflow errors, multiple memory corruption errors and an integer overflow error.

Vulnerability Detection Method

Get the installed version with the help of detect NVT and check the version is vulnerable or not.

Details: Adobe Flash Player Multiple Vulnerabilities -01 Aug15 (Linux) (OID: 1.3.6.1.4.1.25623.1.0.805956)

Version used: $Revision: 6486 $

References

CVE: CVE-2015-5124, CVE-2015-5125, CVE-2015-5127, CVE-2015-5129, CVE-2015-5130, CVE-2015-5131, CVE-2015-5132, CVE-2015-5133, CVE-2015-5134, CVE-2015-5539, CVE-2015-5540, CVE-2015-5541, CVE-2015-5544, CVE-2015-5545, CVE-2015-5546, CVE-2015-5547, CVE-2015-5548, CVE-2015-5549, CVE-2015-5550, CVE-2015-5551, CVE-2015-5552, CVE-2015-5553, CVE-2015-5554, CVE-2015-5555, CVE-2015-5556, CVE-2015-5557, CVE-2015-5558, CVE-2015-5559, CVE-2015-5560, CVE-2015-5561, CVE-2015-5562, CVE-2015-5563, CVE-2015-5564, CVE-2015-5565, CVE-2015-5566
BID: 75959, 76291, 76282, 76282, 76283, 76283, 76289, 76288, 76287
CERT: CB-K15/1168, CB-K15/0952, DFN-CERT-2015-1227, DFN-CERT-2015-0996
Other: https://helpx.adobe.com/security/products/flash-player/apsb15-19.html

general/tcp
High (CVSS: 10.0)
NVT: Adobe Flash Player Security Updates( apsb17-17 )-Linux (OID: 1.3.6.1.4.1.25623.1.0.811177)
Summary

This host is installed with Adobe Flash Player and is prone to multiple vulnerabilities.

Vulnerability Detection Result
Installed version: 10.3.183.68
Fixed version:     26.0.0.126
Impact

Successful exploitation of this vulnerability will allow remote attackers to conduct remote code execution.

Impact Level: System/Application

Solution

Solution type: VendorFix

Upgrade to Adobe Flash Player version 26.0.0.126, or later. For updates refer to http://get.adobe.com/flashplayer

Affected Software/OS

Adobe Flash Player version before 26.0.0.126 on Linux.

Vulnerability Insight

The multiple flaws exists due to, - A Use After Free vulnerability.

- The Memory Corruption vulnerability.

Vulnerability Detection Method

Get the installed version with the help of detect NVT and check the version is vulnerable or not.

Details: Adobe Flash Player Security Updates( apsb17-17 )-Linux (OID: 1.3.6.1.4.1.25623.1.0.811177)

Version used: $Revision: 6343 $

References

CVE: CVE-2017-3075, CVE-2017-3081, CVE-2017-3083, CVE-2017-3084, CVE-2017-3076, CVE-2017-3077, CVE-2017-3078, CVE-2017-3079, CVE-2017-3082
BID: 99023, 99025
CERT: CB-K17/0983, DFN-CERT-2017-1015
Other: https://helpx.adobe.com/security/products/flash-player/apsb17-17.html

general/tcp
High (CVSS: 10.0)
NVT: Adobe Flash Player Security Updates( apsb16-10 )-Linux (OID: 1.3.6.1.4.1.25623.1.0.807654)
Summary

This host is installed with Adobe Flash Player and is prone to multiple vulnerabilities.

Vulnerability Detection Result
Installed version: 10.3.183.68
Fixed version:     11.2.202.616
Impact

Successful exploitation of this vulnerability will allow remote attackers to bypass memory layout randomization mitigations, also leads to code execution.

Impact Level: System/Application

Solution

Solution type: VendorFix

Upgrade to Adobe Flash Player version 11.2.202.616 or later. For updates refer to http://get.adobe.com/flashplayer

Affected Software/OS

Adobe Flash Player version before 11.2.202.616 on Linux.

Vulnerability Insight

The multiple flaws exists due to, - Multiple type confusion vulnerabilities. - Multiple use-after-free vulnerabilities. - Multiple memory corruption vulnerabilities. - A stack overflow vulnerability. - A vulnerability in the directory search path used to find resources.

Vulnerability Detection Method

Get the installed version with the help of detect NVT and check the version is vulnerable or not.

Details: Adobe Flash Player Security Updates( apsb16-10 )-Linux (OID: 1.3.6.1.4.1.25623.1.0.807654)

Version used: $Revision: 5557 $

References

CVE: CVE-2016-1006, CVE-2016-1011, CVE-2016-1012, CVE-2016-1013, CVE-2016-1014, CVE-2016-1015, CVE-2016-1016, CVE-2016-1017, CVE-2016-1018, CVE-2016-1019, CVE-2016-1020, CVE-2016-1021, CVE-2016-1022, CVE-2016-1023, CVE-2016-1024, CVE-2016-1025, CVE-2016-1026, CVE-2016-1027, CVE-2016-1028, CVE-2016-1029, CVE-2016-1030, CVE-2016-1031, CVE-2016-1032, CVE-2016-1033
CERT: CB-K16/0511, DFN-CERT-2016-0558
Other: https://helpx.adobe.com/security/products/flash-player/apsb16-10.html

general/tcp
High (CVSS: 10.0)
NVT: Ubuntu USN-853-1 (xulrunner-1.9.1) (OID: 1.3.6.1.4.1.25623.1.0.66304)
Summary

The remote host is missing an update to xulrunner-1.9.1 announced via advisory USN-853-1.

A number of security issues affecting xulrunner and Firefox have been corrected. For details, please visit the referenced security advisories.

Vulnerability Detection Result
Package firefox-gnome-support version 3.0~b5+nobinonly-0ubuntu3 is installed which is known to be vulnerable.
Package xulrunner-1.9-gnome-support version 1.9~b5+nobinonly-0ubuntu3 is installed which is known to be vulnerable.
Package xulrunner-1.9 version 1.9~b5+nobinonly-0ubuntu3 is installed which is known to be vulnerable.
Solution

Solution type: VendorFix

The problem can be corrected by upgrading your system to the following package versions:

Ubuntu 8.04 LTS: firefox-3.0 3.0.15+nobinonly-0ubuntu0.8.04.1 xulrunner-1.9 1.9.0.15+nobinonly-0ubuntu0.8.04.1

Ubuntu 8.10: abrowser 3.0.15+nobinonly-0ubuntu0.8.10.1 firefox-3.0 3.0.15+nobinonly-0ubuntu0.8.10.1 xulrunner-1.9 1.9.0.15+nobinonly-0ubuntu0.8.10.1

Ubuntu 9.04: abrowser 3.0.15+nobinonly-0ubuntu0.9.04.1 firefox-3.0 3.0.15+nobinonly-0ubuntu0.9.04.1 xulrunner-1.9 1.9.0.15+nobinonly-0ubuntu0.9.04.1

Ubuntu 9.10: firefox-3.5 3.5.4+nobinonly-0ubuntu0.9.10.1 xulrunner-1.9.1 1.9.1.4+nobinonly-0ubuntu0.9.10.1

After a standard system upgrade you need to restart Firefox and any applications that use xulrunner, such as Epiphany, to effect the necessary changes.

https://secure1.securityspace.com/smysecure/catid.html?in=USN-853-1

Vulnerability Detection Method

Details: Ubuntu USN-853-1 (xulrunner-1.9.1) (OID: 1.3.6.1.4.1.25623.1.0.66304)

Version used: $Revision: 7969 $

References

CVE: CVE-2009-0689, CVE-2009-3380, CVE-2009-3274, CVE-2009-3381, CVE-2009-3382, CVE-2009-3383, CVE-2009-3371, CVE-2009-3370, CVE-2009-3373, CVE-2009-3372, CVE-2009-3375, CVE-2009-3374, CVE-2009-3377, CVE-2009-3376
CERT: CB-K16/0143, CB-K15/1893, CB-K14/0323, CB-K13/1007, DFN-CERT-2016-0159, DFN-CERT-2015-2000, DFN-CERT-2014-0336, DFN-CERT-2013-2028, DFN-CERT-2010-0775, DFN-CERT-2010-0763, DFN-CERT-2010-0726, DFN-CERT-2010-0593, DFN-CERT-2010-0584, DFN-CERT-2010-0369, DFN-CERT-2010-0234, DFN-CERT-2010-0120, DFN-CERT-2010-0119, DFN-CERT-2010-0036, DFN-CERT-2010-0014, DFN-CERT-2009-1841, DFN-CERT-2009-1758, DFN-CERT-2009-1661, DFN-CERT-2009-1651, DFN-CERT-2009-1650, DFN-CERT-2009-1591, DFN-CERT-2009-1577, DFN-CERT-2009-1564, DFN-CERT-2009-1563, DFN-CERT-2009-1554, DFN-CERT-2009-1535, DFN-CERT-2009-1532, DFN-CERT-2009-1531, DFN-CERT-2009-1525, DFN-CERT-2009-1524
Other: http://www.ubuntu.com/usn/usn-853-1/

general/tcp
High (CVSS: 10.0)
NVT: Adobe Flash Player Security Updates( apsb17-21 )-Linux (OID: 1.3.6.1.4.1.25623.1.0.811467)
Summary

This host is installed with Adobe Flash Player and is prone to multiple vulnerabilities.

Vulnerability Detection Result
Installed version: 10.3.183.68
Fixed version:     26.0.0.137
Impact

Successful exploitation of this vulnerability will allow remote attackers execute remote code and can get sensitive information which can lead to denial of service.

Impact Level: System/Application

Solution

Solution type: VendorFix

Upgrade to Adobe Flash Player version 26.0.0.137, or later. For updates refer to http://get.adobe.com/flashplayer

Affected Software/OS

Adobe Flash Player version before 26.0.0.137 on Linux.

Vulnerability Insight

Multiple flaws exists due to, - A Security Bypass vulenrability.

- Multiple memory corruption issues.

Vulnerability Detection Method

Get the installed version with the help of detect NVT and check the version is vulnerable or not.

Details: Adobe Flash Player Security Updates( apsb17-21 )-Linux (OID: 1.3.6.1.4.1.25623.1.0.811467)

Version used: $Revision: 6706 $

References

CVE: CVE-2017-3080, CVE-2017-3099, CVE-2017-3100
CERT: CB-K17/1156, DFN-CERT-2017-1195
Other: https://helpx.adobe.com/security/products/flash-player/apsb17-21.html

general/tcp
High (CVSS: 10.0)
NVT: Ubuntu USN-769-1 (libwmf) (OID: 1.3.6.1.4.1.25623.1.0.64171)
Summary

The remote host is missing an update to libwmf announced via advisory USN-769-1.

Vulnerability Detection Result
Package libwmf0.2-7 version 0.2.8.4-6 is installed which is known to be vulnerable.
Solution

Solution type: VendorFix

The problem can be corrected by upgrading your system to the following package versions:

Ubuntu 6.06 LTS: libwmf0.2-7 0.2.8.3-3.1ubuntu0.2

Ubuntu 8.04 LTS: libwmf0.2-7 0.2.8.4-6ubuntu0.8.04.1

Ubuntu 8.10: libwmf0.2-7 0.2.8.4-6ubuntu0.8.10.1

Ubuntu 9.04: libwmf0.2-7 0.2.8.4-6ubuntu1.1

In general, a standard system upgrade is sufficient to effect the necessary changes.

https://secure1.securityspace.com/smysecure/catid.html?in=USN-769-1

Vulnerability Insight

Tavis Ormandy discovered that libwmf incorrectly used memory after it had been freed when using its embedded GD library. If a user or automated system were tricked into opening a crafted WMF file, an attacker could cause a denial of service or execute arbitrary code with privileges of the user invoking the program.

Vulnerability Detection Method

Details: Ubuntu USN-769-1 (libwmf) (OID: 1.3.6.1.4.1.25623.1.0.64171)

Version used: $Revision: 7969 $

References

CVE: CVE-2009-1364, CVE-2009-0720, CVE-2008-3545, CVE-2008-2107, CVE-2008-2108, CVE-2008-5557, CVE-2008-5624, CVE-2008-5658, CVE-2008-5814, CVE-2009-0754, CVE-2009-1271, CVE-2009-1469, CVE-2009-1467
CERT: CB-K15/0876, CB-K15/0875, DFN-CERT-2015-0919, DFN-CERT-2015-0914, DFN-CERT-2010-0588, DFN-CERT-2010-0263, DFN-CERT-2009-1726, DFN-CERT-2009-1497, DFN-CERT-2009-0617
Other: http://www.ubuntu.com/usn/usn-769-1/

general/tcp
High (CVSS: 10.0)
NVT: Ubuntu Update for LittleCMS vulnerability USN-693-1 (OID: 1.3.6.1.4.1.25623.1.0.840306)
Summary

Ubuntu Update for Linux kernel vulnerabilities USN-693-1

Vulnerability Detection Result
Package liblcms1 version 1.16-7ubuntu1 is installed which is known to be vulnerable.
Solution

Solution type: VendorFix

Please Install the Updated Packages.

Affected Software/OS

LittleCMS vulnerability on Ubuntu 7.10 , Ubuntu 8.04 LTS , Ubuntu 8.10

Vulnerability Insight

It was discovered that certain gamma operations in lcms were not correctly bounds-checked. If a user or automated system were tricked into processing a malicious image, a remote attacker could crash applications linked against liblcms1, leading to a denial of service, or possibly execute arbitrary code with user privileges.

Vulnerability Detection Method

Details: Ubuntu Update for LittleCMS vulnerability USN-693-1 (OID: 1.3.6.1.4.1.25623.1.0.840306)

Version used: $Revision: 7969 $

References

CVE: CVE-2008-5317
Other: http://www.ubuntu.com/usn/usn-693-1/
USN:693-1

general/tcp
High (CVSS: 10.0)
NVT: Ubuntu Update for apturl, Epiphany, gecko-sharp, gnome-python-extras, liferea, ... (OID: 1.3.6.1.4.1.25623.1.0.840451)
Summary

Ubuntu Update for Linux kernel vulnerabilities USN-930-2

Vulnerability Detection Result
Package python-gtkhtml2 version 2.19.1-0ubuntu7 is installed which is known to be vulnerable.
Solution

Solution type: VendorFix

Please Install the Updated Packages.

Affected Software/OS

apturl, Epiphany, gecko-sharp, gnome-python-extras, liferea, rhythmbox, totem, ubufox, yelp update on Ubuntu 8.04 LTS

Vulnerability Insight

USN-930-1 fixed vulnerabilities in Firefox and Xulrunner. This update provides updated packages for use with Firefox 3.6 and Xulrunner 1.9.2 on Ubuntu 8.04 LTS.

Original advisory details: If was discovered that Firefox could be made to access freed memory. If a user were tricked into viewing a malicious site, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. This issue only affected Ubuntu 8.04 LTS. (CVE-2010-1121) Several flaws were discovered in the browser engine of Firefox. If a user were tricked into viewing a malicious site, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2010-1200, CVE-2010-1201, CVE-2010-1202, CVE-2010-1203) A flaw was discovered in the way plugin instances interacted. An attacker could potentially exploit this and use one plugin to access freed memory from a second plugin to execute arbitrary code with the privileges of the user invoking the program. (CVE-2010-1198) An integer overflow was discovered in Firefox. If a user were tricked into viewing a malicious site, an attacker could overflow a buffer and cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2010-1196) Martin Barbella discovered an integer overflow in an XSLT node sorting routine. An attacker could exploit this to overflow a buffer and cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2010-1199) Michal Zalewski discovered that the focus behavior of Firefox could be subverted. If a user were tricked into viewing a malicious site, a remote attacker could use this to capture keystrokes. (CVE-2010-1125) Ilja van Sprundel discovered that the 'Content-Disposition: attachment' HTTP header was ignored when 'Content-Type: multipart' was also present. Under certain circumstances, this could potentially lead to cross-site scripting attacks. (CVE-2010-1197) Amit Klein discovered that Firefox did not seed its random number generator often enough. An attacker could exploit this to identify and track users across different web sites. (CVE-2008-5913)

Vulnerability Detection Method

Details: Ubuntu Update for apturl, Epiphany, gecko-sharp, gnome-python-extras, liferea, ... (OID: 1.3.6.1.4.1.25623.1.0.840451)

Version used: $Revision: 8440 $

References

CVE: CVE-2010-1121, CVE-2010-1200, CVE-2010-1201, CVE-2010-1202, CVE-2010-1203, CVE-2010-1198, CVE-2010-1196, CVE-2010-1199, CVE-2010-1125, CVE-2010-1197, CVE-2008-5913
CERT: DFN-CERT-2010-1745, DFN-CERT-2010-0934, DFN-CERT-2010-0928, DFN-CERT-2010-0926, DFN-CERT-2010-0880, DFN-CERT-2010-0831, DFN-CERT-2010-0830, DFN-CERT-2010-0828, DFN-CERT-2010-0827, DFN-CERT-2010-0823, DFN-CERT-2010-0819, DFN-CERT-2010-0818, DFN-CERT-2010-0817, DFN-CERT-2010-0497
Other: http://www.ubuntu.com/usn/usn-930-2/
USN:930-2

general/tcp
High (CVSS: 10.0)
NVT: Ubuntu USN-707-1 (cupsys) (OID: 1.3.6.1.4.1.25623.1.0.64165)
Summary

The remote host is missing an update to cupsys announced via advisory USN-707-1.

Vulnerability Detection Result
Package cupsys-common version 1.3.7-1ubuntu3 is installed which is known to be vulnerable.
Package cupsys-bsd version 1.3.7-1ubuntu3 is installed which is known to be vulnerable.
Package cupsys-client version 1.3.7-1ubuntu3 is installed which is known to be vulnerable.
Package cupsys version 1.3.7-1ubuntu3 is installed which is known to be vulnerable.
Package libcupsimage2 version 1.3.7-1ubuntu3 is installed which is known to be vulnerable.
Package libcupsys2 version 1.3.7-1ubuntu3 is installed which is known to be vulnerable.
Solution

Solution type: VendorFix

The problem can be corrected by upgrading your system to the following package versions:

Ubuntu 6.06 LTS: cupsys 1.2.2-0ubuntu0.6.06.12

Ubuntu 7.10: cupsys 1.3.2-1ubuntu7.9

Ubuntu 8.04 LTS: cupsys 1.3.7-1ubuntu3.3

Ubuntu 8.10: cups 1.3.9-2ubuntu6.1

In general, a standard system upgrade is sufficient to effect the necessary changes.

https://secure1.securityspace.com/smysecure/catid.html?in=USN-707-1

Vulnerability Insight

It was discovered that CUPS didn't properly handle adding a large number of RSS subscriptions. A local user could exploit this and cause CUPS to crash, leading to a denial of service. This issue only applied to Ubuntu 7.10, 8.04 LTS and 8.10. (CVE-2008-5183)

It was discovered that CUPS did not authenticate users when adding and cancelling RSS subscriptions. An unprivileged local user could bypass intended restrictions and add a large number of RSS subscriptions. This issue only applied to Ubuntu 7.10 and 8.04 LTS. (CVE-2008-5184)

It was discovered that the PNG filter in CUPS did not properly handle certain malformed images. If a user or automated system were tricked into opening a crafted PNG image file, a remote attacker could cause a denial of service or execute arbitrary code with user privileges. In Ubuntu 7.10, 8.04 LTS, and 8.10, attackers would be isolated by the AppArmor CUPS profile. (CVE-2008-5286)

It was discovered that the example pstopdf CUPS filter created log files in an insecure way. Local users could exploit a race condition to create or overwrite files with the privileges of the user invoking the program. This issue only applied to Ubuntu 6.06 LTS, 7.10, and 8.04 LTS. (CVE-2008-5377)

Vulnerability Detection Method

Details: Ubuntu USN-707-1 (cupsys) (OID: 1.3.6.1.4.1.25623.1.0.64165)

Version used: $Revision: 7969 $

References

CVE: CVE-2008-5183, CVE-2008-5184, CVE-2008-5286, CVE-2008-5377, CVE-2009-0050, CVE-2008-2383, CVE-2007-4349, CVE-2008-5077, CVE-2009-0021, CVE-2009-0025, CVE-2008-5262, CVE-2008-2237, CVE-2008-2238, CVE-2008-4314, CVE-2008-5517, CVE-2008-5516, CVE-2008-3825, CVE-2008-3997, CVE-2008-4444, CVE-2008-4006, CVE-2008-5449, CVE-2008-3979, CVE-2008-3821, CVE-2008-2382, CVE-2008-5714, CVE-2008-3818, CVE-2009-0053, CVE-2009-0054, CVE-2009-0055, CVE-2009-0056, CVE-2008-5500, CVE-2008-5503, CVE-2008-5506, CVE-2008-5507, CVE-2008-5508, CVE-2008-5511, CVE-2008-5512, CVE-2008-5256, CVE-2008-5448, CVE-2008-5718, CVE-2007-4476
CERT: CB-K15/1514, DFN-CERT-2012-0513, DFN-CERT-2012-0015, DFN-CERT-2011-1138, DFN-CERT-2011-1137, DFN-CERT-2011-0388, DFN-CERT-2011-0279, DFN-CERT-2011-0185, DFN-CERT-2010-1135, DFN-CERT-2010-0795, DFN-CERT-2010-0357, DFN-CERT-2010-0356, DFN-CERT-2009-1703, DFN-CERT-2009-1431, DFN-CERT-2009-1428, DFN-CERT-2009-1120, DFN-CERT-2009-0446
Other: http://www.ubuntu.com/usn/usn-707-1/

general/tcp
High (CVSS: 10.0)
NVT: Adobe Flash Player Multiple Vulnerabilities - 01 Apr15 (Linux) (OID: 1.3.6.1.4.1.25623.1.0.805466)
Summary

This host is installed with Adobe Flash Player and is prone to multiple vulnerabilities.

Vulnerability Detection Result
Installed version: 10.3.183.68
Fixed version:     11.2.202.457
Impact

Successful exploitation will allow remote attackers to cause denial of service, execute arbitrary code, bypass the ASLR protection mechanism via unspecified vectors and allow local users to gain privileges .

Impact Level: System/Application.

Solution

Solution type: VendorFix

Upgrade to Adobe Flash Player version 11.2.202.457 or later. For updates refer to http://get.adobe.com/flashplayer

Affected Software/OS

Adobe Flash Player version before 11.2.202.457 on Linux.

Vulnerability Insight

Multiple flaws exists due to, - Multiple unspecified use-after-free errors. - Multiple unspecified double free vulnerabilities. - An overflow condition that is triggered as user-supplied input is not properly validated. - Improper restriction of discovery of memory addresses.

Vulnerability Detection Method

Get the installed version with the help of detect NVT and check the version is vulnerable or not.

Details: Adobe Flash Player Multiple Vulnerabilities - 01 Apr15 (Linux) (OID: 1.3.6.1.4.1.25623.1.0.805466)

Version used: $Revision: 6600 $

References

CVE: CVE-2015-3044, CVE-2015-3043, CVE-2015-3042, CVE-2015-3041, CVE-2015-3040, CVE-2015-3039, CVE-2015-3038, CVE-2015-0360, CVE-2015-0359, CVE-2015-0357, CVE-2015-0356, CVE-2015-0355, CVE-2015-0354, CVE-2015-0353, CVE-2015-0352, CVE-2015-0351, CVE-2015-0350, CVE-2015-0349, CVE-2015-0348, CVE-2015-0347, CVE-2015-0346, CVE-2015-0358
BID: 74065, 74062, 74068, 74064, 74067, 74066, 74069
CERT: CB-K15/0651, CB-K15/0519, DFN-CERT-2015-0678, DFN-CERT-2015-0543
Other: https://helpx.adobe.com/security/products/flash-player/apsb15-06.html

general/tcp
High (CVSS: 10.0)
NVT: Ubuntu Update for Linux kernel vulnerabilities USN-894-1 (OID: 1.3.6.1.4.1.25623.1.0.840383)
Summary

Ubuntu Update for Linux kernel vulnerabilities USN-894-1

Vulnerability Detection Result
Package linux-libc-dev version 2.6.24-16.30 is installed which is known to be vulnerable.
Solution

Solution type: VendorFix

Please Install the Updated Packages.

Affected Software/OS

Linux kernel vulnerabilities on Ubuntu 6.06 LTS , Ubuntu 8.04 LTS , Ubuntu 8.10 , Ubuntu 9.04 , Ubuntu 9.10

Vulnerability Insight

Amerigo Wang and Eric Sesterhenn discovered that the HFS and ext4 filesystems did not correctly check certain disk structures. If a user were tricked into mounting a specially crafted filesystem, a remote attacker could crash the system or gain root privileges. (CVE-2009-4020, CVE-2009-4308)

It was discovered that FUSE did not correctly check certain requests. A local attacker with access to FUSE mounts could exploit this to crash the system or possibly gain root privileges. Ubuntu 9.10 was not affected. (CVE-2009-4021) It was discovered that KVM did not correctly decode certain guest instructions. A local attacker in a guest could exploit this to trigger high scheduling latency in the host, leading to a denial of service. Ubuntu 6.06 was not affected. (CVE-2009-4031) It was discovered that the OHCI fireware driver did not correctly handle certain ioctls. A local attacker could exploit this to crash the system, or possibly gain root privileges. Ubuntu 6.06 was not affected. (CVE-2009-4138) Tavis Ormandy discovered that the kernel did not correctly handle O_ASYNC on locked files. A local attacker could exploit this to gain root privileges. Only Ubuntu 9.04 and 9.10 were affected. (CVE-2009-4141) Neil Horman and Eugene Teo discovered that the e1000 and e1000e network drivers did not correctly check the size of Ethernet frames. An attacker on the local network could send specially crafted traffic to bypass packet filters, crash the system, or possibly gain root privileges. (CVE-2009-4536, CVE-2009-4538) It was discovered that &quot print-fatal-signals&quot reporting could show arbitrary kernel memory contents. A local attacker could exploit this, leading to a loss of privacy. By default this is disabled in Ubuntu and did not affect Ubuntu 6.06. (CVE-2010-0003) Olli Jarva and Tuomo Untinen discovered that IPv6 did not correctly handle jumbo frames. A remote attacker could exploit this to crash the system, leading to a denial of service. Only Ubuntu 9.04 and 9.10 were affected. (CVE-2010-0006) Florian Westphal discovered that bridging netfilter rules could be modified by unprivileged users. A local attacker could disrupt network traffic, leading to a denial of service. (CVE-2010-0007) Al Viro discovered that certain mremap operations could leak kernel memory. A local attacker could exploit this to consume all available memory, leading to a denial of service. (CVE-2010-0291)

Vulnerability Detection Method

Details: Ubuntu Update for Linux kernel vulnerabilities USN-894-1 (OID: 1.3.6.1.4.1.25623.1.0.840383)

Version used: $Revision: 8457 $

References

CVE: CVE-2009-4020, CVE-2009-4021, CVE-2009-4031, CVE-2009-4138, CVE-2009-4141, CVE-2009-4308, CVE-2009-4536, CVE-2009-4538, CVE-2010-0003, CVE-2010-0006, CVE-2010-0007, CVE-2010-0291
CERT: CB-K15/0573, CB-K13/1030, DFN-CERT-2015-0597, DFN-CERT-2013-2045, DFN-CERT-2012-2075, DFN-CERT-2012-1294, DFN-CERT-2012-1272, DFN-CERT-2012-1223, DFN-CERT-2011-1002, DFN-CERT-2011-1001, DFN-CERT-2011-0873, DFN-CERT-2011-0411, DFN-CERT-2011-0185, DFN-CERT-2010-1566, DFN-CERT-2010-1552, DFN-CERT-2010-1333, DFN-CERT-2010-1258, DFN-CERT-2010-1133, DFN-CERT-2010-1057, DFN-CERT-2010-0845, DFN-CERT-2010-0720, DFN-CERT-2010-0630, DFN-CERT-2010-0486, DFN-CERT-2010-0445, DFN-CERT-2010-0396, DFN-CERT-2010-0391, DFN-CERT-2010-0385, DFN-CERT-2010-0368, DFN-CERT-2010-0367, DFN-CERT-2010-0366, DFN-CERT-2010-0364, DFN-CERT-2010-0315, DFN-CERT-2010-0291, DFN-CERT-2010-0274, DFN-CERT-2010-0264, DFN-CERT-2010-0244, DFN-CERT-2010-0231, DFN-CERT-2010-0227, DFN-CERT-2010-0226, DFN-CERT-2010-0213, DFN-CERT-2010-0178, DFN-CERT-2010-0170, DFN-CERT-2010-0165, DFN-CERT-2010-0152, DFN-CERT-2010-0151, DFN-CERT-2010-0114, DFN-CERT-2010-0108, DFN-CERT-2010-0105, DFN-CERT-2010-0097, DFN-CERT-2010-0084, DFN-CERT-2010-0083, DFN-CERT-2010-0077, DFN-CERT-2010-0029, DFN-CERT-2010-0028, DFN-CERT-2010-0021, DFN-CERT-2009-1846, DFN-CERT-2009-1824, DFN-CERT-2009-1777, DFN-CERT-2009-1774, DFN-CERT-2009-1754
Other: http://www.ubuntu.com/usn/usn-894-1/
USN:894-1

general/tcp
High (CVSS: 10.0)
NVT: Adobe Flash Player Security Updates( apsb16-15 )-Linux (OID: 1.3.6.1.4.1.25623.1.0.808104)
Summary

This host is installed with Adobe Flash Player and is prone to multiple vulnerabilities.

Vulnerability Detection Result
Installed version: 10.3.183.68
Fixed version:     11.2.202.621
Impact

Successful exploitation of this vulnerability will allow remote attackers to execute arbitrary code.

Impact Level: System/Application.

Solution

Solution type: VendorFix

Upgrade to Adobe Flash Player version 11.2.202.621 or later. For updates refer to http://get.adobe.com/flashplayer

Affected Software/OS

Adobe Flash Player version before 11.2.202.621 on Linux.

Vulnerability Insight

The multiple flaws exists due to, - Multiple type confusion vulnerabilities. - Multiple use-after-free vulnerabilities. - A heap buffer overflow vulnerability. - A buffer overflow vulnerability. - Multiple memory corruption vulnerabilities. - A vulnerability in the directory search path used to find resources.

Vulnerability Detection Method

Get the installed version with the help of detect NVT and check the version is vulnerable or not.

Details: Adobe Flash Player Security Updates( apsb16-15 )-Linux (OID: 1.3.6.1.4.1.25623.1.0.808104)

Version used: $Revision: 5675 $

References

CVE: CVE-2016-1096, CVE-2016-1097, CVE-2016-1098, CVE-2016-1099, CVE-2016-1100, CVE-2016-1101, CVE-2016-1102, CVE-2016-1103, CVE-2016-1104, CVE-2016-1105, CVE-2016-1106, CVE-2016-1107, CVE-2016-1108, CVE-2016-1109, CVE-2016-1110, CVE-2016-4108, CVE-2016-4109, CVE-2016-4110, CVE-2016-4111, CVE-2016-4112, CVE-2016-4113, CVE-2016-4114, CVE-2016-4115, CVE-2016-4116, CVE-2016-4117, CVE-2016-4120, CVE-2016-4121, CVE-2016-4160, CVE-2016-4161, CVE-2016-4162, CVE-2016-4163
CERT: CB-K16/0686, DFN-CERT-2016-0745
Other: https://helpx.adobe.com/security/products/flash-player/apsb16-15.html

general/tcp
High (CVSS: 10.0)
NVT: Adobe Flash Player Multiple Vulnerabilities - 01 May15 (Linux) (OID: 1.3.6.1.4.1.25623.1.0.805619)
Summary

This host is installed with Adobe Flash Player and is prone to multiple vulnerabilities.

Vulnerability Detection Result
Installed version: 10.3.183.68
Fixed version:     11.2.202.460
Impact

Successful exploitation will allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code, bypass security restrictions and gain access to sensitive information, bypass protected mode, bypass validation mechanisms and write arbitrary data, bypass the sandbox when chained with another vulnerability, bypass ASLR protection mechanisms.

Impact Level: System/Application.

Solution

Solution type: VendorFix

Upgrade to Adobe Flash Player version 11.2.202.460 or later. For updates refer to http://get.adobe.com/flashplayer

Affected Software/OS

Adobe Flash Player versions before 11.2.202.460 on Linux.

Vulnerability Insight

Multiple flaws exists due to, - Improper validation of user supplied input. - A flaw in the Broker that is due to the BrokerCreateFile method not properly sanitizing user input. - An integer overflow condition that is triggered as user-supplied input is not properly validated. - An overflow condition that is triggered as user-supplied input is not properly validated. - Multiple unspecified memory disclosure flaws in Adobe Flash Player. - Multiple unspecified type confusion flaws in Adobe Flash Player. - Multiple unspecified flaws in Adobe Flash Player. - A a use-after-free error Adobe Flash Player. - An unspecified TOCTOU flaw in Adobe Flash Player.

Vulnerability Detection Method

Get the installed version with the help of detect NVT and check the version is vulnerable or not.

Details: Adobe Flash Player Multiple Vulnerabilities - 01 May15 (Linux) (OID: 1.3.6.1.4.1.25623.1.0.805619)

Version used: $Revision: 6443 $

References

CVE: CVE-2015-3077, CVE-2015-3078, CVE-2015-3079, CVE-2015-3080, CVE-2015-3081, CVE-2015-3082, CVE-2015-3083, CVE-2015-3084, CVE-2015-3085, CVE-2015-3086, CVE-2015-3087, CVE-2015-3088, CVE-2015-3089, CVE-2015-3090, CVE-2015-3091, CVE-2015-3092, CVE-2015-3093
BID: 74614, 74605, 74612, 74608, 74613, 74610, 74616, 74609, 74617
CERT: CB-K15/0651, DFN-CERT-2015-0678
Other: https://helpx.adobe.com/security/products/flash-player/apsb15-09.html

general/tcp
High (CVSS: 10.0)
NVT: Adobe Flash Player Multiple Vulnerabilities - 01 Oct15 (Linux) (OID: 1.3.6.1.4.1.25623.1.0.806095)
Summary

This host is installed with Adobe Flash Player and is prone to multiple vulnerabilities.

Vulnerability Detection Result
Installed version: 10.3.183.68
Fixed version:     11.2.202.535
Impact

Successful exploitation will allow attackers to obtain sensitive information, execute arbitrary code or cause a denial of service and have other unspecified impacts.

Impact Level: System/Application.

Solution

Solution type: VendorFix

Upgrade to Adobe Flash Player version 11.2.202.535 or later. For updates refer to http://get.adobe.com/flashplayer

Affected Software/OS

Adobe Flash Player before version 11.2.202.535 on Linux.

Vulnerability Insight

Multiple flaws exists due to, - Improper implementation of the Flash broker API. - Multiple memory corruption errors. - An use-after-free error. - An error in same origin policy. - A buffer overflow error.

Vulnerability Detection Method

Get the installed version with the help of detect NVT and check the version is vulnerable or not.

Details: Adobe Flash Player Multiple Vulnerabilities - 01 Oct15 (Linux) (OID: 1.3.6.1.4.1.25623.1.0.806095)

Version used: $Revision: 6534 $

References

CVE: CVE-2015-5569, CVE-2015-7625, CVE-2015-7626, CVE-2015-7627, CVE-2015-7628, CVE-2015-7629, CVE-2015-7630, CVE-2015-7631, CVE-2015-7632, CVE-2015-7633, CVE-2015-7634, CVE-2015-7635, CVE-2015-7636, CVE-2015-7637, CVE-2015-7638, CVE-2015-7639, CVE-2015-7640, CVE-2015-7641, CVE-2015-7642, CVE-2015-7643, CVE-2015-7644
CERT: CB-K15/1653, CB-K15/1500, DFN-CERT-2015-1753, DFN-CERT-2015-1582
Other: https://helpx.adobe.com/security/products/flash-player/apsb15-25.html

general/tcp
High (CVSS: 10.0)
NVT: Ubuntu USN-792-1 (openssl) (OID: 1.3.6.1.4.1.25623.1.0.64323)
Summary

The remote host is missing an update to openssl announced via advisory USN-792-1.

Vulnerability Detection Result
Package openssl version 0.9.8g-4ubuntu3 is installed which is known to be vulnerable.
Solution

Solution type: VendorFix

The problem can be corrected by upgrading your system to the following package versions:

Ubuntu 6.06 LTS: libssl0.9.8 0.9.8a-7ubuntu0.9

Ubuntu 8.04 LTS: libssl0.9.8 0.9.8g-4ubuntu3.7

Ubuntu 8.10: libssl0.9.8 0.9.8g-10.1ubuntu2.4

Ubuntu 9.04: libssl0.9.8 0.9.8g-15ubuntu3.2

After a standard system upgrade you need to reboot your computer to effect the necessary changes.

https://secure1.securityspace.com/smysecure/catid.html?in=USN-792-1

Vulnerability Insight

It was discovered that OpenSSL did not limit the number of DTLS records it would buffer when they arrived with a future epoch. A remote attacker could cause a denial of service via memory resource consumption by sending a large number of crafted requests. (CVE-2009-1377)

It was discovered that OpenSSL did not properly free memory when processing DTLS fragments. A remote attacker could cause a denial of service via memory resource consumption by sending a large number of crafted requests. (CVE-2009-1378)

It was discovered that OpenSSL did not properly handle certain server certificates when processing DTLS packets. A remote DTLS server could cause a denial of service by sending a message containing a specially crafted server certificate. (CVE-2009-1379)

It was discovered that OpenSSL did not properly handle a DTLS ChangeCipherSpec packet when it occurred before ClientHello. A remote attacker could cause a denial of service by sending a specially crafted request. (CVE-2009-1386)

It was discovered that OpenSSL did not properly handle out of sequence DTLS handshake messages. A remote attacker could cause a denial of service by sending a specially crafted request. (CVE-2009-1387)

Vulnerability Detection Method

Details: Ubuntu USN-792-1 (openssl) (OID: 1.3.6.1.4.1.25623.1.0.64323)

Version used: $Revision: 7969 $

References

CVE: CVE-2009-1377, CVE-2009-1378, CVE-2009-1379, CVE-2009-1386, CVE-2009-1387, CVE-2009-1628, CVE-2009-1886, CVE-2009-1888, CVE-2009-1394, CVE-2009-1150, CVE-2009-1151, CVE-2009-1303, CVE-2009-1305, CVE-2009-1306, CVE-2009-1307, CVE-2009-1308, CVE-2009-1309, CVE-2009-1392, CVE-2009-1833, CVE-2009-1836, CVE-2009-1838, CVE-2009-1841
CERT: CB-K14/0766, DFN-CERT-2014-0798, DFN-CERT-2010-0720, DFN-CERT-2010-0588, DFN-CERT-2010-0482, DFN-CERT-2010-0300, DFN-CERT-2009-1708, DFN-CERT-2009-1699, DFN-CERT-2009-1621, DFN-CERT-2009-1523, DFN-CERT-2009-1363, DFN-CERT-2009-1325, DFN-CERT-2009-1318, DFN-CERT-2009-1317, DFN-CERT-2009-1238, DFN-CERT-2009-1148, DFN-CERT-2009-1086, DFN-CERT-2009-1062, DFN-CERT-2009-1032
Other: http://www.ubuntu.com/usn/usn-792-1/

general/tcp
High (CVSS: 10.0)
NVT: Ubuntu USN-698-2 (nagios3) (OID: 1.3.6.1.4.1.25623.1.0.63072)
Summary

The remote host is missing an update to nagios3 announced via advisory USN-698-2.

Vulnerability Detection Result
Package openoffice.org-help-en-gb version 2.4.0-3ubuntu1 is installed which is known to be vulnerable.
Package openoffice.org-help-en-us version 2.4.0-3ubuntu1 is installed which is known to be vulnerable.
Package openoffice.org-l10n-common version 2.4.0-3ubuntu1 is installed which is known to be vulnerable.
Package openoffice.org-l10n-en-gb version 2.4.0-3ubuntu1 is installed which is known to be vulnerable.
Package openoffice.org-l10n-en-za version 2.4.0-3ubuntu1 is installed which is known to be vulnerable.
Solution

Solution type: VendorFix

The problem can be corrected by upgrading your system to the following package versions:

Ubuntu 8.10: nagios3 3.0.2-1ubuntu1.1

After a standard system upgrade you need to restart Nagios to effect the necessary changes.

https://secure1.securityspace.com/smysecure/catid.html?in=USN-698-2

Vulnerability Insight

It was discovered that Nagios was vulnerable to a Cross-site request forgery (CSRF) vulnerability. If an authenticated nagios user were tricked into clicking a link on a specially crafted web page, an attacker could trigger commands to be processed by Nagios and execute arbitrary programs. This update alters Nagios behaviour by disabling submission of CMD_CHANGE commands. (CVE-2008-5028)

It was discovered that Nagios did not properly parse commands submitted using the web interface. An authenticated user could use a custom form or a browser addon to bypass security restrictions and submit unauthorized commands. (CVE-2008-5027)

Vulnerability Detection Method

Details: Ubuntu USN-698-2 (nagios3) (OID: 1.3.6.1.4.1.25623.1.0.63072)

Version used: $Revision: 7969 $

References

CVE: CVE-2008-5027, CVE-2008-5028, CVE-2007-3555, CVE-2008-1502, CVE-2008-3325, CVE-2008-3326, CVE-2008-4796, CVE-2008-4810, CVE-2008-4811, CVE-2008-5432, CVE-2008-5619, CVE-2008-2426, CVE-2008-2434, CVE-2008-4242, CVE-2007-3372, CVE-2008-5081, CVE-2008-4577, CVE-2008-4870, CVE-2008-5140, CVE-2008-5312, CVE-2008-5313, CVE-2008-4844, CVE-2008-2237, CVE-2008-2238, CVE-2008-4937
CERT: CB-K17/0248, CB-K15/1375, DFN-CERT-2017-0245, DFN-CERT-2015-1454, DFN-CERT-2012-0923, DFN-CERT-2012-0883, DFN-CERT-2010-1370, DFN-CERT-2010-1056, DFN-CERT-2009-1504, DFN-CERT-2009-1419, DFN-CERT-2009-1208, DFN-CERT-2009-1188
Other: http://www.ubuntu.com/usn/usn-698-2/

general/tcp
High (CVSS: 10.0)
NVT: Adobe Flash Player Security Updates( apsb16-29 )-Linux (OID: 1.3.6.1.4.1.25623.1.0.809222)
Summary

This host is installed with Adobe Flash Player and is prone to multiple vulnerabilities.

Vulnerability Detection Result
Installed version: 10.3.183.68
Fixed version:     11.2.202.635
Impact

Successful exploitation of this vulnerability will allow remote attackers lead to code execution and information disclosure.

Impact Level: System/Application.

Solution

Solution type: VendorFix

Upgrade to Adobe Flash Player version 11.2.202.635 or later. For updates refer to http://get.adobe.com/flashplayer

Affected Software/OS

Adobe Flash Player version before 11.2.202.635 on Linux.

Vulnerability Insight

The multiple flaws exists due to, - An integer overflow vulnerability. - The use-after-free vulnerabilities. - The security bypass vulnerabilities. - The memory corruption vulnerabilities.

Vulnerability Detection Method

Get the installed version with the help of detect NVT and check the version is vulnerable or not.

Details: Adobe Flash Player Security Updates( apsb16-29 )-Linux (OID: 1.3.6.1.4.1.25623.1.0.809222)

Version used: $Revision: 5813 $

References

CVE: CVE-2016-4271, CVE-2016-4272, CVE-2016-4274, CVE-2016-4275, CVE-2016-4276, CVE-2016-4277, CVE-2016-4278, CVE-2016-4279, CVE-2016-4280, CVE-2016-4281, CVE-2016-4282, CVE-2016-4283, CVE-2016-4284, CVE-2016-4285, CVE-2016-4287, CVE-2016-6921, CVE-2016-6922, CVE-2016-6923, CVE-2016-6924, CVE-2016-6925, CVE-2016-6926, CVE-2016-6927, CVE-2016-6929, CVE-2016-6930, CVE-2016-6931, CVE-2016-6932, CVE-2016-4182, CVE-2016-4237, CVE-2016-4238
CERT: CB-K16/1398, CB-K16/1056, DFN-CERT-2016-1485, DFN-CERT-2016-1121
Other: https://helpx.adobe.com/security/products/flash-player/apsb16-29.html

general/tcp
High (CVSS: 10.0)
NVT: Ubuntu USN-815-1 (libxml2) (OID: 1.3.6.1.4.1.25623.1.0.64649)
Summary

The remote host is missing an update to libxml2 announced via advisory USN-815-1.

Vulnerability Detection Result
Package libxml2-utils version 2.6.31.dfsg-2ubuntu1 is installed which is known to be vulnerable.
Package libxml2 version 2.6.31.dfsg-2ubuntu1 is installed which is known to be vulnerable.
Package python-libxml2 version 2.6.31.dfsg-2ubuntu1 is installed which is known to be vulnerable.
Solution

Solution type: VendorFix

The problem can be corrected by upgrading your system to the following package versions:

Ubuntu 6.06 LTS: libxml2 2.6.24.dfsg-1ubuntu1.5

Ubuntu 8.04 LTS: libxml2 2.6.31.dfsg-2ubuntu1.4

Ubuntu 8.10: libxml2 2.6.32.dfsg-4ubuntu1.2

Ubuntu 9.04: libxml2 2.6.32.dfsg-5ubuntu4.2

After a standard system upgrade you need to restart your sessions to effect the necessary changes.

https://secure1.securityspace.com/smysecure/catid.html?in=USN-815-1

Vulnerability Insight

It was discovered that libxml2 did not correctly handle root XML document element DTD definitions. If a user were tricked into processing a specially crafted XML document, a remote attacker could cause the application linked against libxml2 to crash, leading to a denial of service. (CVE-2009-2414)

It was discovered that libxml2 did not correctly parse Notation and Enumeration attribute types. If a user were tricked into processing a specially crafted XML document, a remote attacker could cause the application linked against libxml2 to crash, leading to a denial of service. (CVE-2009-2416)

USN-644-1 fixed a vulnerability in libxml2. This advisory provides the corresponding update for Ubuntu 9.04.

Original advisory details:

It was discovered that libxml2 did not correctly handle long entity names. If a user were tricked into processing a specially crafted XML document, a remote attacker could execute arbitrary code with user privileges or cause the application linked against libxml2 to crash, leading to a denial of service. (CVE-2008-3529)

Vulnerability Detection Method

Details: Ubuntu USN-815-1 (libxml2) (OID: 1.3.6.1.4.1.25623.1.0.64649)

Version used: $Revision: 7969 $

References

CVE: CVE-2008-3529, CVE-2009-2414, CVE-2009-2416
CERT: DFN-CERT-2012-1191, DFN-CERT-2009-1705, DFN-CERT-2009-1644, DFN-CERT-2009-1311, DFN-CERT-2009-1297, DFN-CERT-2009-1263, DFN-CERT-2009-1146, DFN-CERT-2009-1145, DFN-CERT-2009-1130, DFN-CERT-2009-1121, DFN-CERT-2009-1116, DFN-CERT-2009-1115, DFN-CERT-2009-1103, DFN-CERT-2009-1102, DFN-CERT-2009-1095, DFN-CERT-2009-0091
Other: http://www.ubuntu.com/usn/usn-815-1/

general/tcp
High (CVSS: 10.0)
NVT: Ubuntu Update for Linux kernel vulnerabilities USN-1000-1 (OID: 1.3.6.1.4.1.25623.1.0.840523)
Summary

Ubuntu Update for Linux kernel vulnerabilities USN-1000-1

Vulnerability Detection Result
Package linux-libc-dev version 2.6.24-16.30 is installed which is known to be vulnerable.
Solution

Solution type: VendorFix

Please Install the Updated Packages.

Affected Software/OS

Linux kernel vulnerabilities on Ubuntu 6.06 LTS , Ubuntu 8.04 LTS , Ubuntu 9.04 , Ubuntu 9.10 , Ubuntu 10.04 LTS

Vulnerability Insight

Joel Becker discovered that OCFS2 did not correctly validate on-disk symlink structures. If an attacker were able to trick a user or automated system into mounting a specially crafted filesystem, it could crash the system or exposde kernel memory, leading to a loss of privacy. (Ubuntu 6.06 LTS, 8.04 LTS, and 9.04 were not affected.)

Al Viro discovered a race condition in the TTY driver. A local attacker could exploit this to crash the system, leading to a denial of service. (Only Ubuntu 9.04 and 9.10 were affected.) (CVE-2009-4895) Dan Rosenberg discovered that the MOVE_EXT ext4 ioctl did not correctly check file permissions. A local attacker could overwrite append-only files, leading to potential data loss. (Only Ubuntu 9.10 was affected.) (CVE-2010-2066) Dan Rosenberg discovered that the swapexit xfs ioctl did not correctly check file permissions. A local attacker could exploit this to read from write-only files, leading to a loss of privacy. (Only Ubuntu 8.04 LTS, 9.04, and 9.10 were affected.) (CVE-2010-2226) Suresh Jayaraman discovered that CIFS did not correctly validate certain response packats. A remote attacker could send specially crafted traffic that would crash the system, leading to a denial of service. (Ubuntu 10.04 LTS and 10.10 were not affected.) (CVE-2010-2248) Ben Hutchings discovered that the ethtool interface did not correctly check certain sizes. A local attacker could perform malicious ioctl calls that could crash the system, leading to a denial of service. (Only Ubuntu 9.10 and 10.04 LTS were affected.) (CVE-2010-2478, CVE-2010-3084) James Chapman discovered that L2TP did not correctly evaluate checksum capabilities. If an attacker could make malicious routing changes, they could crash the system, leading to a denial of service. (Only Ubuntu 9.10 was affected.) (CVE-2010-2495) Neil Brown discovered that NFSv4 did not correctly check certain write requests. A remote attacker could send specially crafted traffic that could crash the system or possibly gain root privileges. (Ubuntu 10.04 LTS and 10.10 were not affected.) (CVE-2010-2521) David Howells discovered that DNS resolution in CIFS could be spoofed. A local attacker could exploit this to control DNS replies, leading to a loss of privacy and possible privilege escalation. (Only Ubuntu 9.10 was affected.) (CVE-2010-2524) Bob Peterson discovered that GFS2 rename operations did not correctly validate certain sizes. A local a ...

Description truncated, for more information please check the Reference URL

Vulnerability Detection Method

Details: Ubuntu Update for Linux kernel vulnerabilities USN-1000-1 (OID: 1.3.6.1.4.1.25623.1.0.840523)

Version used: $Revision: 8244 $

References

CVE: CVE-2009-4895, CVE-2010-2066, CVE-2010-2226, CVE-2010-2248, CVE-2010-2478, CVE-2010-2495, CVE-2010-2521, CVE-2010-2524, CVE-2010-2798, CVE-2010-2942, CVE-2010-2946, CVE-2010-2954, CVE-2010-2955, CVE-2010-2960, CVE-2010-2963, CVE-2010-3015, CVE-2010-3067, CVE-2010-3078, CVE-2010-3080, CVE-2010-3084, CVE-2010-3310, CVE-2010-3432, CVE-2010-3437, CVE-2010-3442, CVE-2010-3477, CVE-2010-3705, CVE-2010-3904
CERT: CB-K15/0576, DFN-CERT-2015-0600, DFN-CERT-2013-1066, DFN-CERT-2011-1704, DFN-CERT-2011-1670, DFN-CERT-2011-1594, DFN-CERT-2011-1453, DFN-CERT-2011-1259, DFN-CERT-2011-0979, DFN-CERT-2011-0964, DFN-CERT-2011-0918, DFN-CERT-2011-0731, DFN-CERT-2011-0676, DFN-CERT-2011-0598, DFN-CERT-2011-0411, DFN-CERT-2011-0351, DFN-CERT-2011-0338, DFN-CERT-2011-0324, DFN-CERT-2011-0225, DFN-CERT-2011-0187, DFN-CERT-2011-0186, DFN-CERT-2011-0185, DFN-CERT-2011-0150, DFN-CERT-2011-0065, DFN-CERT-2011-0042, DFN-CERT-2011-0008, DFN-CERT-2011-0005, DFN-CERT-2011-0004, DFN-CERT-2010-1761, DFN-CERT-2010-1717, DFN-CERT-2010-1715, DFN-CERT-2010-1668, DFN-CERT-2010-1657, DFN-CERT-2010-1646, DFN-CERT-2010-1645, DFN-CERT-2010-1635, DFN-CERT-2010-1623, DFN-CERT-2010-1602, DFN-CERT-2010-1573, DFN-CERT-2010-1549, DFN-CERT-2010-1540, DFN-CERT-2010-1521, DFN-CERT-2010-1489, DFN-CERT-2010-1443, DFN-CERT-2010-1440, DFN-CERT-2010-1427, DFN-CERT-2010-1400, DFN-CERT-2010-1394, DFN-CERT-2010-1381, DFN-CERT-2010-1372, DFN-CERT-2010-1363, DFN-CERT-2010-1333, DFN-CERT-2010-1322, DFN-CERT-2010-1292, DFN-CERT-2010-1270, DFN-CERT-2010-1269, DFN-CERT-2010-1267, DFN-CERT-2010-1262, DFN-CERT-2010-1258, DFN-CERT-2010-1235, DFN-CERT-2010-1234, DFN-CERT-2010-1205, DFN-CERT-2010-1186, DFN-CERT-2010-1181, DFN-CERT-2010-1178, DFN-CERT-2010-1154, DFN-CERT-2010-1151, DFN-CERT-2010-1148, DFN-CERT-2010-1133, DFN-CERT-2010-1124, DFN-CERT-2010-1088, DFN-CERT-2010-1070, DFN-CERT-2010-1057, DFN-CERT-2010-1023, DFN-CERT-2010-0998, DFN-CERT-2010-0981, DFN-CERT-2010-0979, DFN-CERT-2010-0978, DFN-CERT-2010-0889, DFN-CERT-2010-0878
Other: http://www.ubuntu.com/usn/usn-1000-1/
USN:1000-1

general/tcp
High (CVSS: 10.0)
NVT: Adobe Flash Player Multiple Vulnerabilities(APSB14-22)-(Linux) (OID: 1.3.6.1.4.1.25623.1.0.805004)
Summary

This host is installed with Adobe Flash Player and is prone to multiple vulnerabilities.

Vulnerability Detection Result

Vulnerability was detected according to the Vulnerability Detection Method.

Impact

Successful exploitation will allow attackers to execute arbitrary code and compromise a user's system.

Impact Level: System/Application

Solution

Solution type: VendorFix

Upgrade to Adobe Flash Player version 11.2.202.411 or later. For updates refer to http://get.adobe.com/flashplayer

Affected Software/OS

Adobe Flash Player before 11.2.202.411 on Linux

Vulnerability Insight

Multiple Flaws are due to, - Two unspecified errors can be exploited to corrupt memory and subsequently execute arbitrary code. - An integer overflow error can be exploited to execute arbitrary code.

Vulnerability Detection Method

Get the installed version with the help of detect NVT and check the version is vulnerable or not.

Details: Adobe Flash Player Multiple Vulnerabilities(APSB14-22)-(Linux) (OID: 1.3.6.1.4.1.25623.1.0.805004)

Version used: $Revision: 6715 $

References

CVE: CVE-2014-0558, CVE-2014-0564, CVE-2014-0569, CVE-2014-8439
BID: 70437, 70442, 70441, 71289
CERT: CB-K14/1463, CB-K14/1281, DFN-CERT-2014-1545, DFN-CERT-2014-1349
Other: http://secunia.com/advisories/59729
http://helpx.adobe.com/security/products/flash-player/apsb14-22.html

general/tcp
High (CVSS: 10.0)
NVT: Ubuntu Update for linux, linux-source-2.6.15/20/22 vulnerabilities USN-625-1 (OID: 1.3.6.1.4.1.25623.1.0.840264)
Summary

Ubuntu Update for Linux kernel vulnerabilities USN-625-1

Vulnerability Detection Result
Package linux-libc-dev version 2.6.24-16.30 is installed which is known to be vulnerable.
Solution

Solution type: VendorFix

Please Install the Updated Packages.

Affected Software/OS

linux, linux-source-2.6.15/20/22 vulnerabilities on Ubuntu 6.06 LTS , Ubuntu 7.04 , Ubuntu 7.10 , Ubuntu 8.04 LTS

Vulnerability Insight

Dirk Nehring discovered that the IPsec protocol stack did not correctly handle fragmented ESP packets. A remote attacker could exploit this to crash the system, leading to a denial of service. (CVE-2007-6282)

Johannes Bauer discovered that the 64bit kernel did not correctly handle hrtimer updates. A local attacker could request a large expiration value and cause the system to hang, leading to a denial of service. (CVE-2007-6712) Tavis Ormandy discovered that the ia32 emulation under 64bit kernels did not fully clear uninitialized data. A local attacker could read private kernel memory, leading to a loss of privacy. (CVE-2008-0598) Jan Kratochvil discovered that PTRACE did not correctly handle certain calls when running under 64bit kernels. A local attacker could exploit this to crash the system, leading to a denial of service. (CVE-2008-1615) Wei Wang discovered that the ASN.1 decoding routines in CIFS and SNMP NAT did not correctly handle certain length values. Remote attackers could exploit this to execute arbitrary code or crash the system. (CVE-2008-1673) Paul Marks discovered that the SIT interfaces did not correctly manage allocated memory. A remote attacker could exploit this to fill all available memory, leading to a denial of service. (CVE-2008-2136) David Miller and Jan Lieskovsky discovered that the Sparc kernel did not correctly range-check memory regions allocated with mmap. A local attacker could exploit this to crash the system, leading to a denial of service. (CVE-2008-2137) The sys_utimensat system call did not correctly check file permissions in certain situations. A local attacker could exploit this to modify the file times of arbitrary files which could lead to a denial of service. (CVE-2008-2148) Brandon Edwards discovered that the DCCP system in the kernel did not correctly check feature lengths. A remote attacker could exploit this to execute arbitrary code. (CVE-2008-2358) A race condition was discovered between ptrace and utrace in the kernel. A local attacker could exploit this to crash the system, leading to a denial of service. (CVE-2008-2365) The copy_to_user routine in the kernel did not correctly clear memory destination addresses when running on 64bit kernels. A local attacker could exploit this to gain access to sensitive kernel memory, leading to a loss of privacy. (CVE-2008-2729) The PPP over L2TP routines in the kernel did not correctly handle certain mess ...

Description truncated, for more information please check the Reference URL

Vulnerability Detection Method

Details: Ubuntu Update for linux, linux-source-2.6.15/20/22 vulnerabilities USN-625-1 (OID: 1.3.6.1.4.1.25623.1.0.840264)

Version used: $Revision: 7969 $

References

CVE: CVE-2007-6282, CVE-2007-6712, CVE-2008-0598, CVE-2008-1615, CVE-2008-1673, CVE-2008-2136, CVE-2008-2137, CVE-2008-2148, CVE-2008-2358, CVE-2008-2365, CVE-2008-2729, CVE-2008-2750, CVE-2008-2826
CERT: DFN-CERT-2010-1133, DFN-CERT-2009-1481
Other: http://www.ubuntu.com/usn/usn-625-1/
USN:625-1

general/tcp
High (CVSS: 10.0)
NVT: Ubuntu USN-726-1 (curl) (OID: 1.3.6.1.4.1.25623.1.0.63506)
Summary

The remote host is missing an update to curl announced via advisory USN-726-1.

Vulnerability Detection Result
Package curl version 7.18.0-1ubuntu2 is installed which is known to be vulnerable.
Package libcurl3-gnutls version 7.18.0-1ubuntu2 is installed which is known to be vulnerable.
Package libcurl3 version 7.18.0-1ubuntu2 is installed which is known to be vulnerable.
Package python-crypto version 2.0.1+dfsg1-2.1ubuntu1 is installed which is known to be vulnerable.
Solution

Solution type: VendorFix

The problem can be corrected by upgrading your system to the following package versions:

Ubuntu 6.06 LTS: libcurl3 7.15.1-1ubuntu3.1 libcurl3-gnutls 7.15.1-1ubuntu3.1

Ubuntu 7.10: libcurl3 7.16.4-2ubuntu1.1 libcurl3-gnutls 7.16.4-2ubuntu1.1

Ubuntu 8.04 LTS: libcurl3 7.18.0-1ubuntu2.1 libcurl3-gnutls 7.18.0-1ubuntu2.1

Ubuntu 8.10: libcurl3 7.18.2-1ubuntu4.1 libcurl3-gnutls 7.18.2-1ubuntu4.1

In general, a standard system upgrade is sufficient to effect the necessary changes.

https://secure1.securityspace.com/smysecure/catid.html?in=USN-726-1

Vulnerability Insight

It was discovered that curl did not enforce any restrictions when following URL redirects. If a user or automated system were tricked into opening a URL to an untrusted server, an attacker could use redirects to gain access to abitrary files. This update changes curl behavior to prevent following file URLs after a redirect.

Vulnerability Detection Method

Details: Ubuntu USN-726-1 (curl) (OID: 1.3.6.1.4.1.25623.1.0.63506)

Version used: $Revision: 7969 $

References

CVE: CVE-2009-0037, CVE-2008-5005, CVE-2009-0365, CVE-2009-0619, CVE-2009-0537, CVE-2009-0775, CVE-2007-4850, CVE-2008-5557, CVE-2009-0754, CVE-2009-0544
CERT: DFN-CERT-2012-0731, DFN-CERT-2010-0588, DFN-CERT-2009-1789, DFN-CERT-2009-1497, DFN-CERT-2009-0860
Other: http://www.ubuntu.com/usn/usn-726-1/

general/tcp
High (CVSS: 10.0)
NVT: Adobe Flash Player Security Updates(apsb17-15)-Linux (OID: 1.3.6.1.4.1.25623.1.0.811102)
Summary

This host is installed with Adobe Flash Player and is prone to multiple vulnerabilities.

Vulnerability Detection Result
Installed version: 10.3.183.68
Fixed version:     25.0.0.171
Impact

Successful exploitation of this vulnerability will allow remote attackers to perform code execution.

Impact Level: System/Application

Solution

Solution type: VendorFix

Upgrade to Adobe Flash Player version 25.0.0.171 or later. For updates refer to http://get.adobe.com/flashplayer

Affected Software/OS

Adobe Flash Player version before 25.0.0.171 on Linux.

Vulnerability Insight

Multiple flaws exists due to, - A use-after-free vulnerability and - The memory corruption vulnerabilities.

Vulnerability Detection Method

Get the installed version with the help of detect NVT and check the version is vulnerable or not.

Details: Adobe Flash Player Security Updates(apsb17-15)-Linux (OID: 1.3.6.1.4.1.25623.1.0.811102)

Version used: $Revision: 6096 $

References

CVE: CVE-2017-3068, CVE-2017-3069, CVE-2017-3070, CVE-2017-3071, CVE-2017-3072, CVE-2017-3073, CVE-2017-3074
BID: 98349, 98347
CERT: CB-K17/0780, DFN-CERT-2017-0805
Other: https://helpx.adobe.com/security/products/flash-player/apsb17-15.html

general/tcp
High (CVSS: 10.0)
NVT: Ubuntu USN-734-1 (ffmpeg-debian) (OID: 1.3.6.1.4.1.25623.1.0.63617)
Summary

The remote host is missing an update to ffmpeg-debian announced via advisory USN-734-1.

Vulnerability Detection Result
Package libglib2.0-0 version 2.16.3-1 is installed which is known to be vulnerable.
Solution

Solution type: VendorFix

The problem can be corrected by upgrading your system to the following package versions:

Ubuntu 7.10: libavcodec1d 3:0.cvs20070307-5ubuntu4.2 libavformat1d 3:0.cvs20070307-5ubuntu4.2

Ubuntu 8.04 LTS: libavcodec1d 3:0.cvs20070307-5ubuntu7.3 libavformat1d 3:0.cvs20070307-5ubuntu7.3

Ubuntu 8.10: libavcodec51 3:0.svn20080206-12ubuntu3.1 libavformat52 3:0.svn20080206-12ubuntu3.1

In general, a standard system upgrade is sufficient to effect the necessary changes.

https://secure1.securityspace.com/smysecure/catid.html?in=USN-734-1

Vulnerability Insight

It was discovered that FFmpeg did not correctly handle certain malformed Ogg Media (OGM) files. If a user were tricked into opening a crafted Ogg Media file, an attacker could cause the application using FFmpeg to crash, leading to a denial of service. (CVE-2008-4610)

It was discovered that FFmpeg did not correctly handle certain parameters when creating DTS streams. If a user were tricked into processing certain commands, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program. This issue only affected Ubuntu 8.10. (CVE-2008-4866)

It was discovered that FFmpeg did not correctly handle certain malformed DTS Coherent Acoustics (DCA) files. If a user were tricked into opening a crafted DCA file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2008-4867)

It was discovered that FFmpeg did not correctly handle certain malformed 4X movie (4xm) files. If a user were tricked into opening a crafted 4xm file, an attacker could execute arbitrary code with the privileges of the user invoking the program. (CVE-2009-0385)

Vulnerability Detection Method

Details: Ubuntu USN-734-1 (ffmpeg-debian) (OID: 1.3.6.1.4.1.25623.1.0.63617)

Version used: $Revision: 7969 $

References

CVE: CVE-2008-4610, CVE-2008-4866, CVE-2008-4867, CVE-2009-0385, CVE-2009-0587, CVE-2008-4316
CERT: DFN-CERT-2013-0744, DFN-CERT-2010-0705, DFN-CERT-2010-0300, DFN-CERT-2009-1806, DFN-CERT-2009-1709, DFN-CERT-2009-1615, DFN-CERT-2009-1614, DFN-CERT-2009-1613
Other: http://www.ubuntu.com/usn/usn-734-1/

general/tcp
High (CVSS: 10.0)
NVT: Ubuntu Update for fuse vulnerability USN-892-1 (OID: 1.3.6.1.4.1.25623.1.0.840378)
Summary

Ubuntu Update for Linux kernel vulnerabilities USN-892-1

Vulnerability Detection Result
Package fuse-utils version 2.7.2-1ubuntu2 is installed which is known to be vulnerable.
Solution

Solution type: VendorFix

Please Install the Updated Packages.

Affected Software/OS

fuse vulnerability on Ubuntu 6.06 LTS , Ubuntu 8.04 LTS , Ubuntu 8.10 , Ubuntu 9.04 , Ubuntu 9.10

Vulnerability Insight

Ronald Volgers discovered that FUSE did not correctly check mount locations. A local attacker, with access to use FUSE, could unmount arbitrary locations, leading to a denial of service.

Vulnerability Detection Method

Details: Ubuntu Update for fuse vulnerability USN-892-1 (OID: 1.3.6.1.4.1.25623.1.0.840378)

Version used: $Revision: 8296 $

References

CVE: CVE-2009-3297
CERT: DFN-CERT-2010-0639, DFN-CERT-2010-0275, DFN-CERT-2010-0268, DFN-CERT-2010-0266, DFN-CERT-2010-0218, DFN-CERT-2010-0198, DFN-CERT-2010-0155, DFN-CERT-2010-0136, DFN-CERT-2010-0134, DFN-CERT-2010-0133, DFN-CERT-2010-0129
Other: http://www.ubuntu.com/usn/usn-892-1/
USN:892-1

general/tcp
High (CVSS: 10.0)
NVT: Adobe Flash Player Multiple Vulnerabilities Sep15 (Linux) (OID: 1.3.6.1.4.1.25623.1.0.805742)
Summary

This host is installed with Adobe Flash Player and is prone to multiple vulnerabilities.

Vulnerability Detection Result
Installed version: 10.3.183.68
Fixed version:     11.2.202.521
Impact

Successful exploitation will allow remote attackers to gain access to potentially sensitive information, conduct denial of service attack and potentially execute arbitrary code in the context of the affected user.

Impact Level: System/Application.

Solution

Solution type: VendorFix

Upgrade to Adobe Flash Player version 11.2.202.521 or later. For updates refer to http://get.adobe.com/flashplayer

Affected Software/OS

Adobe Flash Player before version 11.2.202.521 on Linux.

Vulnerability Insight

Multiple flaws exist due to, - Multiple memory corruption errors. - Multiple unspecified errors. - Multiple use-after-free vulnerabilities.

Vulnerability Detection Method

Get the installed version with the help of detect NVT and check the version is vulnerable or not.

Details: Adobe Flash Player Multiple Vulnerabilities Sep15 (Linux) (OID: 1.3.6.1.4.1.25623.1.0.805742)

Version used: $Revision: 6214 $

References

CVE: CVE-2015-5567, CVE-2015-5568, CVE-2015-5570, CVE-2015-5571, CVE-2015-5572, CVE-2015-5573, CVE-2015-5574, CVE-2015-5575, CVE-2015-5576, CVE-2015-5577, CVE-2015-5578, CVE-2015-5579, CVE-2015-5580, CVE-2015-5581, CVE-2015-5582, CVE-2015-5584, CVE-2015-5587, CVE-2015-5588, CVE-2015-6676, CVE-2015-6677, CVE-2015-6678, CVE-2015-6679, CVE-2015-6682
CERT: CB-K15/1379, DFN-CERT-2015-1460
Other: https://helpx.adobe.com/security/products/flash-player/apsb15-23.html

general/tcp
High (CVSS: 10.0)
NVT: Adobe Flash Player Unspecified Code Execution Vulnerability - Jan15 (Linux) (OID: 1.3.6.1.4.1.25623.1.0.805261)
Summary

This host is installed with Adobe Flash Player and is prone to unspecified arbitrary code execution vulnerability.

Vulnerability Detection Result
Installed version: 10.3.183.68
Fixed version:     11.2.202.440
Impact

Successful exploitation will allow remote attackers to compromise a user's system.

Impact Level: System/Application.

Solution

Solution type: VendorFix

Upgrade to Adobe Flash Player version 11.2.202.440 or later. For updates refer http://get.adobe.com/flashplayer

Affected Software/OS

Adobe Flash Player through version 11.2.202.438 on Linux.

Vulnerability Insight

The flaw exists due to some unspecified error and double-free flaw that is triggered as user-supplied input is not properly validated.

Vulnerability Detection Method

Get the installed version with the help of detect NVT and check the version is vulnerable or not.

Details: Adobe Flash Player Unspecified Code Execution Vulnerability - Jan15 (Linux) (OID: 1.3.6.1.4.1.25623.1.0.805261)

Version used: $Revision: 6513 $

References

CVE: CVE-2015-0311, CVE-2015-0312
BID: 72283, 72343
CERT: CB-K15/0087, DFN-CERT-2015-0089
Other: http://secunia.com/advisories/62432
http://helpx.adobe.com/security/products/flash-player/apsa15-01.html
http://www.rapid7.com/db/vulnerabilities/adobe-flash-apsb15-03-cve-2015-0312

general/tcp
High (CVSS: 10.0)
NVT: Adobe Flash Player Security Updates(apsb16-37) - Linux (OID: 1.3.6.1.4.1.25623.1.0.809469)
Summary

This host is installed with Adobe Flash Player and is prone to multiple vulnerabilities.

Vulnerability Detection Result
Installed version: 10.3.183.68
Fixed version:     11.2.202.644
Impact

Successful exploitation of this vulnerability will allow remote attackers to take control of the affected system, and lead to code execution.

Impact Level: System/Application.

Solution

Solution type: VendorFix

Upgrade to Adobe Flash Player version 11.2.202.644 or later. For updates refer to http://get.adobe.com/flashplayer

Affected Software/OS

Adobe Flash Player version before 11.2.202.644 on Linux.

Vulnerability Insight

The multiple flaws exists due to, - A type confusion vulnerabilities. - An use-after-free vulnerabilities.

Vulnerability Detection Method

Get the installed version with the help of detect NVT and check the version is vulnerable or not.

Details: Adobe Flash Player Security Updates(apsb16-37) - Linux (OID: 1.3.6.1.4.1.25623.1.0.809469)

Version used: $Revision: 5712 $

References

CVE: CVE-2016-7857, CVE-2016-7858, CVE-2016-7859, CVE-2016-7860, CVE-2016-7861, CVE-2016-7862, CVE-2016-7863, CVE-2016-7864, CVE-2016-7865
BID: 94153
CERT: CB-K16/1741, DFN-CERT-2016-1846
Other: https://helpx.adobe.com/security/products/flash-player/apsb16-37.html

general/tcp
High (CVSS: 10.0)
NVT: Ubuntu USN-805-1 (ruby1.9) (OID: 1.3.6.1.4.1.25623.1.0.64486)
Summary

The remote host is missing an update to ruby1.9 announced via advisory USN-805-1.

Vulnerability Detection Result
Package firefox-gnome-support version 3.0~b5+nobinonly-0ubuntu3 is installed which is known to be vulnerable.
Package xulrunner-1.9-gnome-support version 1.9~b5+nobinonly-0ubuntu3 is installed which is known to be vulnerable.
Package xulrunner-1.9 version 1.9~b5+nobinonly-0ubuntu3 is installed which is known to be vulnerable.
Solution

Solution type: VendorFix

The problem can be corrected by upgrading your system to the following package versions:

Ubuntu 6.06 LTS: libruby1.8 1.8.4-1ubuntu1.7 ruby1.8 1.8.4-1ubuntu1.7

Ubuntu 8.04 LTS: libruby1.8 1.8.6.111-2ubuntu1.3 ruby1.8 1.8.6.111-2ubuntu1.3

Ubuntu 8.10: libruby1.8 1.8.7.72-1ubuntu0.2 libruby1.9 1.9.0.2-7ubuntu1.2 ruby1.8 1.8.7.72-1ubuntu0.2 ruby1.9 1.9.0.2-7ubuntu1.2

Ubuntu 9.04: libruby1.8 1.8.7.72-3ubuntu0.1 libruby1.9 1.9.0.2-9ubuntu1.1 ruby1.8 1.8.7.72-3ubuntu0.1 ruby1.9 1.9.0.2-9ubuntu1.1

In general, a standard system upgrade is sufficient to effect the necessary changes.

https://secure1.securityspace.com/smysecure/catid.html?in=USN-805-1

Vulnerability Insight

It was discovered that Ruby did not properly validate certificates. An attacker could exploit this and present invalid or revoked X.509 certificates. (CVE-2009-0642)

It was discovered that Ruby did not properly handle string arguments that represent large numbers. An attacker could exploit this and cause a denial of service. (CVE-2009-1904)

Vulnerability Detection Method

Details: Ubuntu USN-805-1 (ruby1.9) (OID: 1.3.6.1.4.1.25623.1.0.64486)

Version used: $Revision: 7969 $

References

CVE: CVE-2009-0642, CVE-2009-1904, CVE-2009-1892, CVE-2009-1391, CVE-2009-1189, CVE-2007-0062, CVE-2008-5616, CVE-2009-0159, CVE-2009-1252, CVE-2009-2462, CVE-2009-2463, CVE-2009-2464, CVE-2009-2465, CVE-2009-2466, CVE-2009-2467, CVE-2009-2469, CVE-2009-2472
CERT: CB-K15/1514, DFN-CERT-2012-0513, DFN-CERT-2011-0712, DFN-CERT-2010-0775, DFN-CERT-2010-0593, DFN-CERT-2010-0584, DFN-CERT-2010-0461, DFN-CERT-2010-0425, DFN-CERT-2010-0369, DFN-CERT-2010-0300, DFN-CERT-2010-0023, DFN-CERT-2009-1773, DFN-CERT-2009-1742, DFN-CERT-2009-1727, DFN-CERT-2009-1700, DFN-CERT-2009-1697, DFN-CERT-2009-1600, DFN-CERT-2009-1574, DFN-CERT-2009-1403, DFN-CERT-2009-1202, DFN-CERT-2009-1190, DFN-CERT-2009-1187, DFN-CERT-2009-1160, DFN-CERT-2009-1124, DFN-CERT-2009-1075, DFN-CERT-2009-1071, DFN-CERT-2009-1062, DFN-CERT-2009-1032, DFN-CERT-2009-0942
Other: http://www.ubuntu.com/usn/usn-805-1/

general/tcp
High (CVSS: 10.0)
NVT: Adobe Flash Player Security Updates( apsb17-02 )-Linux (OID: 1.3.6.1.4.1.25623.1.0.810330)
Summary

This host is installed with Adobe Flash Player and is prone to multiple vulnerabilities.

Vulnerability Detection Result
Installed version: 10.3.183.68
Fixed version:     24.0.0.194
Impact

Successful exploitation of this vulnerability will allow remote attackers to take control of the affected system, lead to code execution and information disclosure.

Impact Level: System/Application.

Solution

Solution type: VendorFix

Upgrade to Adobe Flash Player version 24.0.0.194 or later. For updates refer to http://get.adobe.com/flashplayer

Affected Software/OS

Adobe Flash Player version before 24.0.0.194 on Linux.

Vulnerability Insight

The multiple flaws exists due to, - A security bypass vulnerability. - An use-after-free vulnerabilities. - The heap buffer overflow vulnerabilities. - The memory corruption vulnerabilities.

Vulnerability Detection Method

Get the installed version with the help of detect NVT and check the version is vulnerable or not.

Details: Adobe Flash Player Security Updates( apsb17-02 )-Linux (OID: 1.3.6.1.4.1.25623.1.0.810330)

Version used: $Revision: 4983 $

References

CVE: CVE-2017-2925, CVE-2017-2926, CVE-2017-2927, CVE-2017-2928, CVE-2017-2930, CVE-2017-2931, CVE-2017-2932, CVE-2017-2933, CVE-2017-2934, CVE-2017-2935, CVE-2017-2936, CVE-2017-2937, CVE-2017-2938
CERT: CB-K17/0036, DFN-CERT-2017-0038
Other: https://helpx.adobe.com/security/products/flash-player/apsb17-02.html

general/tcp
High (CVSS: 10.0)
NVT: Adobe Flash Player Security Bypass Vulnerability Jan14 (Linux) (OID: 1.3.6.1.4.1.25623.1.0.804065)
Summary

This host is installed with Adobe Flash Player and is prone to security bypass vulnerability.

Vulnerability Detection Result

Vulnerability was detected according to the Vulnerability Detection Method.

Impact

Successful exploitation will allow attackers to, bypass certain security restrictions and disclose certain memory informations.

Impact Level: System/Application

Solution

Solution type: VendorFix

Update to Adobe Flash Player version 11.2.202.335 or later, For updates refer to http://get.adobe.com/flashplayer

Affected Software/OS

Adobe Flash Player version before 11.2.202.335 on Linux.

Vulnerability Insight

Flaw is due to an unspecified error and other additional weakness.

Vulnerability Detection Method

Get the installed version with the help of detect NVT and check the version is vulnerable or not.

Details: Adobe Flash Player Security Bypass Vulnerability Jan14 (Linux) (OID: 1.3.6.1.4.1.25623.1.0.804065)

Version used: $Revision: 6769 $

References

CVE: CVE-2014-0491, CVE-2014-0492
BID: 64807, 64810
CERT: CB-K14/0046, DFN-CERT-2014-0046
Other: http://secunia.com/advisories/56267
http://helpx.adobe.com/security/products/flash-player/apsb14-02.html

general/tcp
High (CVSS: 10.0)
NVT: Ubuntu USN-711-1 (ktorrent) (OID: 1.3.6.1.4.1.25623.1.0.63306)
Summary

The remote host is missing an update to ktorrent announced via advisory USN-711-1.

Vulnerability Detection Result
Package vim-common version 7.1-138+1ubuntu3 is installed which is known to be vulnerable.
Package vim-tiny version 7.1-138+1ubuntu3 is installed which is known to be vulnerable.
Solution

Solution type: VendorFix

The problem can be corrected by upgrading your system to the following package versions:

Ubuntu 7.10: ktorrent 2.2.1-0ubuntu3.1

Ubuntu 8.04 LTS: ktorrent 2.2.5-0ubuntu1.1

Ubuntu 8.10: ktorrent 3.1.2+dfsg.1-0ubuntu2.1

After a standard system upgrade you need to restart KTorrent to effect the necessary changes.

https://secure1.securityspace.com/smysecure/catid.html?in=USN-711-1

Vulnerability Insight

It was discovered that KTorrent did not properly restrict access when using the web interface plugin. A remote attacker could use a crafted http request and upload arbitrary torrent files to trigger the start of downloads and seeding. (CVE-2008-5905)

It was discovered that KTorrent did not properly handle certain parameters when using the web interface plugin. A remote attacker could use crafted http requests to execute arbitrary PHP code. (CVE-2008-5906)

Vulnerability Detection Method

Details: Ubuntu USN-711-1 (ktorrent) (OID: 1.3.6.1.4.1.25623.1.0.63306)

Version used: $Revision: 7969 $

References

CVE: CVE-2008-5905, CVE-2008-5906, CVE-2008-2712, CVE-2008-4101, CVE-2005-2090, CVE-2005-3510, CVE-2006-3835, CVE-2006-7195, CVE-2006-7196, CVE-2007-0450, CVE-2007-1355, CVE-2007-1358, CVE-2007-1858, CVE-2007-2449, CVE-2007-2450, CVE-2007-3382, CVE-2007-3385, CVE-2007-3386, CVE-2008-0128, CVE-2008-3358, CVE-2009-0042, CVE-2009-0135, CVE-2009-0136, CVE-2008-5347, CVE-2008-5348, CVE-2008-5349, CVE-2008-5350, CVE-2008-5351, CVE-2008-5352, CVE-2008-5353, CVE-2008-5354, CVE-2008-5358, CVE-2008-5359, CVE-2008-5360
CERT: CB-K14/1342, CB-K14/0058, DFN-CERT-2014-1414, DFN-CERT-2014-0049, DFN-CERT-2012-0442, DFN-CERT-2010-1190, DFN-CERT-2010-0195, DFN-CERT-2009-1508, DFN-CERT-2009-1481, DFN-CERT-2009-1458, DFN-CERT-2009-1452, DFN-CERT-2009-1046, DFN-CERT-2009-0446, DFN-CERT-2009-0137
Other: http://www.ubuntu.com/usn/usn-711-1/

general/tcp
High (CVSS: 10.0)
NVT: Ubuntu Update for Firefox and Xulrunner vulnerabilities USN-1049-1 (OID: 1.3.6.1.4.1.25623.1.0.840604)
Summary

Ubuntu Update for Linux kernel vulnerabilities USN-1049-1

Vulnerability Detection Result
Package firefox-gnome-support version 3.0~b5+nobinonly-0ubuntu3 is installed which is known to be vulnerable.
Solution

Solution type: VendorFix

Please Install the Updated Packages.

Affected Software/OS

Firefox and Xulrunner vulnerabilities on Ubuntu 8.04 LTS , Ubuntu 9.10 , Ubuntu 10.04 LTS , Ubuntu 10.10

Vulnerability Insight

Jesse Ruderman, Igor Bukanov, Olli Pettay, Gary Kwong, Jeff Walden, Henry Sivonen, Martijn Wargers, David Baron and Marcia Knous discovered several memory issues in the browser engine. An attacker could exploit these to crash the browser or possibly run arbitrary code as the user invoking the program. (CVE-2011-0053, CVE-2011-0062)

Zach Hoffman discovered that a recursive call to eval() wrapped in a try/catch statement places the browser into a inconsistent state. An attacker could exploit this to force a user to accept any dialog. (CVE-2011-0051) It was discovered that memory was used after being freed in a method used by JSON.stringify. An attacker could exploit this to crash the browser or possibly run arbitrary code as the user invoking the program. (CVE-2011-0055) Christian Holler discovered multiple buffer overflows in the JavaScript engine. An attacker could exploit these to crash the browser or possibly run arbitrary code as the user invoking the program. (CVE-2011-0054, CVE-2011-0056) Daniel Kozlowski discovered that a JavaScript Worker kept a reference to memory after it was freed. An attacker could exploit this to crash the browser or possibly run arbitrary code as the user invoking the program. (CVE-2011-0057) Alex Miller discovered a buffer overflow in the browser rendering engine. An attacker could exploit this to crash the browser or possibly run arbitrary code as the user invoking the program. (CVE-2011-0058) Roberto Suggi Liverani discovered a possible issue with unsafe JavaScript execution in chrome documents. A malicious extension could exploit this to execute arbitrary code with chrome privlieges. (CVE-2010-1585) Jordi Chancel discovered a buffer overlow in the JPEG decoding engine. An attacker could exploit this to crash the browser or possibly run arbitrary code as the user invoking the program. (CVE-2011-0061) Peleus Uhley discovered a CSRF vulnerability in the plugin code related to 307 redirects. This could allow custom headers to be forwarded across origins. (CVE-2011-0059)

Vulnerability Detection Method

Details: Ubuntu Update for Firefox and Xulrunner vulnerabilities USN-1049-1 (OID: 1.3.6.1.4.1.25623.1.0.840604)

Version used: $Revision: 7964 $

References

CVE: CVE-2010-1585, CVE-2011-0051, CVE-2011-0053, CVE-2011-0054, CVE-2011-0055, CVE-2011-0056, CVE-2011-0057, CVE-2011-0058, CVE-2011-0059, CVE-2011-0061, CVE-2011-0062
CERT: DFN-CERT-2011-0704, DFN-CERT-2011-0690, DFN-CERT-2011-0384, DFN-CERT-2011-0373, DFN-CERT-2011-0345, DFN-CERT-2011-0326, DFN-CERT-2011-0323, DFN-CERT-2011-0315, DFN-CERT-2011-0312, DFN-CERT-2011-0302, DFN-CERT-2011-0298, DFN-CERT-2011-0283, DFN-CERT-2011-0282, DFN-CERT-2011-0281, DFN-CERT-2011-0280
Other: http://www.ubuntu.com/usn/usn-1049-1/
USN:1049-1

general/tcp
High (CVSS: 10.0)
NVT: Adobe Flash Player Security Updates( apsb17-33 )-Linux (OID: 1.3.6.1.4.1.25623.1.0.812142)
Summary

This host is installed with Adobe Flash Player and is prone to multiple vulnerabilities.

Vulnerability Detection Result
Installed version: 10.3.183.68
Fixed version:     27.0.0.187
Installation
path / port:       /usr/lib/firefox-addons/plugins/libflashplayer.so
Impact

Successful exploitation of this vulnerability will allow remote attackers to execute code.

Impact Level: System/Application

Solution

Solution type: VendorFix

Upgrade to Adobe Flash Player version 27.0.0.187, or later. For updates refer to http://get.adobe.com/flashplayer

Affected Software/OS

Adobe Flash Player version before 27.0.0.187 on Linux.

Vulnerability Insight

The multiple flaws exists due to,

- An Out-of-bounds Read vulnerability.

- An Use after free vulnerability.

Vulnerability Detection Method

Get the installed version with the help of detect NVT and check the version is vulnerable or not.

Details: Adobe Flash Player Security Updates( apsb17-33 )-Linux (OID: 1.3.6.1.4.1.25623.1.0.812142)

Version used: $Revision: 7773 $

References

CVE: CVE-2017-3112, CVE-2017-3114, CVE-2017-11213, CVE-2017-11215, CVE-2017-11225
CERT: CB-K17/1944, DFN-CERT-2017-2030
Other: https://helpx.adobe.com/security/products/flash-player/apsb17-33.html

general/tcp
High (CVSS: 10.0)
NVT: Ubuntu Update for xorg-server vulnerabilities USN-616-1 (OID: 1.3.6.1.4.1.25623.1.0.840329)
Summary

Ubuntu Update for Linux kernel vulnerabilities USN-616-1

Vulnerability Detection Result
Package xserver-xorg-core version 1.4.1~git20080131-1ubuntu9 is installed which is known to be vulnerable.
Solution

Solution type: VendorFix

Please Install the Updated Packages.

Affected Software/OS

xorg-server vulnerabilities on Ubuntu 6.06 LTS , Ubuntu 7.04 , Ubuntu 7.10 , Ubuntu 8.04 LTS

Vulnerability Insight

Multiple flaws were found in the RENDER, RECORD, and Security extensions of X.org which did not correctly validate function arguments. An authenticated attacker could send specially crafted requests and gain root privileges or crash X. (CVE-2008-1377, CVE-2008-2360, CVE-2008-2361, CVE-2008-2362)

It was discovered that the MIT-SHM extension of X.org did not correctly validate the location of memory during an image copy. An authenticated attacker could exploit this to read arbitrary memory locations within X, exposing sensitive information. (CVE-2008-1379)

Vulnerability Detection Method

Details: Ubuntu Update for xorg-server vulnerabilities USN-616-1 (OID: 1.3.6.1.4.1.25623.1.0.840329)

Version used: $Revision: 7969 $

References

CVE: CVE-2008-1377, CVE-2008-1379, CVE-2008-2360, CVE-2008-2361, CVE-2008-2362
Other: http://www.ubuntu.com/usn/usn-616-1/
USN:616-1

general/tcp
High (CVSS: 10.0)
NVT: Adobe Flash Player Security Updates-APSB16-08 (Linux) (OID: 1.3.6.1.4.1.25623.1.0.807611)
Summary

This host is installed with Adobe Flash Player and is prone to multiple vulnerabilities.

Vulnerability Detection Result
Installed version: 10.3.183.68
Fixed version:     11.2.202.577
Impact

Successful exploitation of this vulnerability will allow remote attackers to execute arbitrary code.

Impact Level: System/Application.

Solution

Solution type: VendorFix

Upgrade to Adobe Flash Player version 11.2.202.577 or later. For updates refer to http://get.adobe.com/flashplayer

Affected Software/OS

Adobe Flash Player version before 11.2.202.577 on Linux.

Vulnerability Insight

The multiple flaws exists due to, - An integer overflow vulnerabilities. - A use-after-free vulnerabilities. - A heap overflow vulnerability. - The memory corruption vulnerabilities.

Vulnerability Detection Method

Get the installed version with the help of detect NVT and check the version is vulnerable or not.

Details: Adobe Flash Player Security Updates-APSB16-08 (Linux) (OID: 1.3.6.1.4.1.25623.1.0.807611)

Version used: $Revision: 5568 $

References

CVE: CVE-2016-0960, CVE-2016-0961, CVE-2016-0962, CVE-2016-0963, CVE-2016-0986, CVE-2016-0987, CVE-2016-0988, CVE-2016-0989, CVE-2016-0990, CVE-2016-0991, CVE-2016-0992, CVE-2016-0993, CVE-2016-0994, CVE-2016-0995, CVE-2016-0996, CVE-2016-0997, CVE-2016-0998, CVE-2016-0999, CVE-2016-1000, CVE-2016-1001, CVE-2016-1002, CVE-2016-1005, CVE-2016-1010
CERT: CB-K16/0402, DFN-CERT-2016-0438
Other: https://helpx.adobe.com/security/products/flash-player/apsb16-08.html

general/tcp
High (CVSS: 10.0)
NVT: Ubuntu Update for libxml2 vulnerabilities USN-673-1 (OID: 1.3.6.1.4.1.25623.1.0.840301)
Summary

Ubuntu Update for Linux kernel vulnerabilities USN-673-1

Vulnerability Detection Result
Package libxml2-utils version 2.6.31.dfsg-2ubuntu1 is installed which is known to be vulnerable.
Solution

Solution type: VendorFix

Please Install the Updated Packages.

Affected Software/OS

libxml2 vulnerabilities on Ubuntu 6.06 LTS , Ubuntu 7.10 , Ubuntu 8.04 LTS , Ubuntu 8.10

Vulnerability Insight

Drew Yao discovered that libxml2 did not correctly handle certain corrupt XML documents. If a user or automated system were tricked into processing a malicious XML document, a remote attacker could cause applications linked against libxml2 to enter an infinite loop, leading to a denial of service. (CVE-2008-4225)

Drew Yao discovered that libxml2 did not correctly handle large memory allocations. If a user or automated system were tricked into processing a very large XML document, a remote attacker could cause applications linked against libxml2 to crash, leading to a denial of service. (CVE-2008-4226)

Vulnerability Detection Method

Details: Ubuntu Update for libxml2 vulnerabilities USN-673-1 (OID: 1.3.6.1.4.1.25623.1.0.840301)

Version used: $Revision: 7969 $

References

CVE: CVE-2008-4225, CVE-2008-4226
CERT: DFN-CERT-2010-0588, DFN-CERT-2009-1705, DFN-CERT-2009-1115, DFN-CERT-2009-1095
Other: http://www.ubuntu.com/usn/usn-673-1/
USN:673-1

general/tcp
High (CVSS: 10.0)
NVT: Ubuntu Update for firefox-3.0, xulrunner-1.9 regression USN-645-3 (OID: 1.3.6.1.4.1.25623.1.0.840352)
Summary

Ubuntu Update for Linux kernel vulnerabilities USN-645-3

Vulnerability Detection Result
Package firefox-gnome-support version 3.0~b5+nobinonly-0ubuntu3 is installed which is known to be vulnerable.
Solution

Solution type: VendorFix

Please Install the Updated Packages.

Affected Software/OS

firefox-3.0, xulrunner-1.9 regression on Ubuntu 8.04 LTS

Vulnerability Insight

USN-645-1 fixed vulnerabilities in Firefox and xulrunner. The upstream patches introduced a regression in the saved password handling. While password data was not lost, if a user had saved any passwords with non-ASCII characters, Firefox could not access the password database. This update fixes the problem.

We apologize for the inconvenience. Original advisory details: Justin Schuh, Tom Cross and Peter Williams discovered errors in the Firefox URL parsing routines. If a user were tricked into opening a crafted hyperlink, an attacker could overflow a stack buffer and execute arbitrary code. (CVE-2008-0016) It was discovered that the same-origin check in Firefox could be bypassed. If a user were tricked into opening a malicious website, an attacker may be able to execute JavaScript in the context of a different website. (CVE-2008-3835) Several problems were discovered in the JavaScript engine. This could allow an attacker to execute scripts from page content with chrome privileges. (CVE-2008-3836) Paul Nickerson discovered Firefox did not properly process mouse click events. If a user were tricked into opening a malicious web page, an attacker could move the content window, which could potentially be used to force a user to perform unintended drag and drop operations. (CVE-2008-3837) Several problems were discovered in the browser engine. This could allow an attacker to execute code with chrome privileges. (CVE-2008-4058, CVE-2008-4059, CVE-2008-4060) Drew Yao, David Maciejak and other Mozilla developers found several problems in the browser engine of Firefox. If a user were tricked into opening a malicious web page, an attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2008-4061, CVE-2008-4062, CVE-2008-4063, CVE-2008-4064) Dave Reed discovered a flaw in the JavaScript parsing code when processing certain BOM characters. An attacker could exploit this to bypass script filters and perform cross-site scripting attacks. (CVE-2008-4065) Gareth Heyes discovered a flaw in the HTML parser of Firefox. If a user were tricked into opening a malicious web page, an attacker could bypass script filtering and perform cross-site scripting attacks. (CVE-2008-4066) Boris Zbarsky and Georgi Guninski independently discovered flaws in the resource: protocol. An attacker could exploit this to perform directory traversal, read information about the system, and prompt the user to save ...

Description truncated, for more information please check the Reference URL

Vulnerability Detection Method

Details: Ubuntu Update for firefox-3.0, xulrunner-1.9 regression USN-645-3 (OID: 1.3.6.1.4.1.25623.1.0.840352)

Version used: $Revision: 7969 $

References

CVE: CVE-2008-0016, CVE-2008-3835, CVE-2008-3836, CVE-2008-3837, CVE-2008-4058, CVE-2008-4059, CVE-2008-4060, CVE-2008-4061, CVE-2008-4062, CVE-2008-4063, CVE-2008-4064, CVE-2008-4065, CVE-2008-4066, CVE-2008-4067, CVE-2008-4068, CVE-2008-4069
Other: http://www.ubuntu.com/usn/usn-645-3/
USN:645-3

general/tcp
High (CVSS: 10.0)
NVT: Adobe Flash Player Buffer Overflow Vulnerability - Apr14 (Linux) (OID: 1.3.6.1.4.1.25623.1.0.804561)
Summary

This host is installed with Adobe Flash Player and is prone to buffer overflow vulnerability.

Vulnerability Detection Result

Vulnerability was detected according to the Vulnerability Detection Method.

Impact

Successful exploitation will allow attackers to execute arbitrary code and cause a buffer overflow, resulting in a denial of service condition.

Impact Level: System/Application

Solution

Solution type: VendorFix

Update to Adobe Flash Player version 11.2.202.356 or later, For updates refer to http://get.adobe.com/flashplayer

Affected Software/OS

Adobe Flash Player version before 11.2.202.356 on Linux

Vulnerability Insight

Flaw is due to an improper validation of user-supplied input to the pixel bender component.

Vulnerability Detection Method

Get the installed version with the help of detect NVT and check the version is vulnerable or not.

Details: Adobe Flash Player Buffer Overflow Vulnerability - Apr14 (Linux) (OID: 1.3.6.1.4.1.25623.1.0.804561)

Version used: $Revision: 6750 $

References

CVE: CVE-2014-0515
BID: 67092
CERT: CB-K14/0490, DFN-CERT-2014-0510
Other: http://secpod.org/blog/?p=2577
http://www.securelist.com/en/blog/8212
http://helpx.adobe.com/security/products/flash-player/apsb14-13.html

general/tcp
High (CVSS: 10.0)
NVT: Adobe Flash Player Multiple Vulnerabilities-01 Jan15 (Linux) (OID: 1.3.6.1.4.1.25623.1.0.805244)
Summary

This host is installed with Adobe Flash Player and is prone to multiple vulnerabilities.

Vulnerability Detection Result

Vulnerability was detected according to the Vulnerability Detection Method.

Impact

Successful exploitation will allow remote attackers to disclose potentially sensitive information and compromise a user's system.

Impact Level: System/Application.

Solution

Solution type: VendorFix

Upgrade to Adobe Flash Player version 11.2.202.429 or later. For updates refer http://get.adobe.com/flashplayer

Affected Software/OS

Adobe Flash Player before version 11.2.202.429 on Linux.

Vulnerability Insight

Multiple flaws exists due to, - An unspecified error related to improper file validation. - Another unspecified error which can be exploited to capture keystrokes. - Two unspecified errors which can be exploited to corrupt memory. - Two unspecified errors which can be exploited to cause a heap-based buffer overflow. - A type confusion error which can be exploited to corrupt memory. - An out-of-bounds read error. - An unspecified use-after-free error.

Vulnerability Detection Method

Get the installed version with the help of detect NVT and check the version is vulnerable or not.

Details: Adobe Flash Player Multiple Vulnerabilities-01 Jan15 (Linux) (OID: 1.3.6.1.4.1.25623.1.0.805244)

Version used: $Revision: 6486 $

References

CVE: CVE-2015-0301, CVE-2015-0302, CVE-2015-0303, CVE-2015-0304, CVE-2015-0305, CVE-2015-0306, CVE-2015-0307, CVE-2015-0308, CVE-2015-0309
BID: 72034, 72035, 72031, 72032, 72033, 72036, 72037, 72039, 72038
CERT: CB-K15/0036, DFN-CERT-2015-0042
Other: http://secunia.com/advisories/62177
http://helpx.adobe.com/security/products/flash-player/apsb15-01.html

general/tcp
High (CVSS: 10.0)
NVT: Ubuntu USN-799-1 (dbus) (OID: 1.3.6.1.4.1.25623.1.0.64441)
Summary

The remote host is missing an update to dbus announced via advisory USN-799-1.

Vulnerability Detection Result
Package dbus-x11 version 1.1.20-1ubuntu1 is installed which is known to be vulnerable.
Package dbus version 1.1.20-1ubuntu1 is installed which is known to be vulnerable.
Package libdbus-1-3 version 1.1.20-1ubuntu1 is installed which is known to be vulnerable.
Package libtiff4 version 3.8.2-7ubuntu3 is installed which is known to be vulnerable.
Package apache2 version 2.2.8-1 is installed which is known to be vulnerable.
Solution

Solution type: VendorFix

The problem can be corrected by upgrading your system to the following package versions:

Ubuntu 6.06 LTS: libdbus-1-2 0.60-6ubuntu8.4

Ubuntu 8.04 LTS: libdbus-1-3 1.1.20-1ubuntu3.3

Ubuntu 8.10: libdbus-1-3 1.2.4-0ubuntu1.1

Ubuntu 9.04: libdbus-1-3 1.2.12-0ubuntu2.1

After a standard system upgrade you need to reboot your computer to effect the necessary changes.

https://secure1.securityspace.com/smysecure/catid.html?in=USN-799-1

Vulnerability Insight

It was discovered that the D-Bus library did not correctly validate signatures. If a local user sent a specially crafted D-Bus key, they could spoof a valid signature and bypass security policies.

Vulnerability Detection Method

Details: Ubuntu USN-799-1 (dbus) (OID: 1.3.6.1.4.1.25623.1.0.64441)

Version used: $Revision: 7969 $

References

CVE: CVE-2009-1189, CVE-2009-2347, CVE-2009-1890, CVE-2009-1891, CVE-2008-2327, CVE-2009-2285, CVE-2009-2295, CVE-2009-0858, CVE-2009-2334, CVE-2009-2335, CVE-2009-2336, CVE-2008-0196, CVE-2009-2360, CVE-2009-0040, CVE-2009-0352, CVE-2009-0353, CVE-2009-0652, CVE-2009-0771, CVE-2009-0772, CVE-2009-0773, CVE-2009-0774, CVE-2009-0776, CVE-2009-1302, CVE-2009-1303, CVE-2009-1307, CVE-2009-1832, CVE-2009-1392, CVE-2009-1836, CVE-2009-1838, CVE-2009-1841, CVE-2009-1185, CVE-2009-0034, CVE-2009-0037, CVE-2009-1422, CVE-2009-1423, CVE-2009-1424, CVE-2009-1425, CVE-2009-1959
CERT: CB-K15/1514, DFN-CERT-2012-0731, DFN-CERT-2012-0627, DFN-CERT-2011-0712, DFN-CERT-2011-0700, DFN-CERT-2011-0329, DFN-CERT-2011-0103, DFN-CERT-2011-0102, DFN-CERT-2011-0075, DFN-CERT-2010-1665, DFN-CERT-2010-1647, DFN-CERT-2010-0300, DFN-CERT-2010-0125, DFN-CERT-2010-0023, DFN-CERT-2009-1725, DFN-CERT-2009-1602, DFN-CERT-2009-1593, DFN-CERT-2009-1507, DFN-CERT-2009-1493, DFN-CERT-2009-1403, DFN-CERT-2009-1350, DFN-CERT-2009-1288, DFN-CERT-2009-1231, DFN-CERT-2009-1225, DFN-CERT-2009-1224, DFN-CERT-2009-1208, DFN-CERT-2009-1188, DFN-CERT-2009-1170, DFN-CERT-2009-1148, DFN-CERT-2009-1144, DFN-CERT-2009-1137, DFN-CERT-2009-1126, DFN-CERT-2009-1116, DFN-CERT-2009-1101, DFN-CERT-2009-1081, DFN-CERT-2009-1062, DFN-CERT-2009-1050, DFN-CERT-2009-1047, DFN-CERT-2009-1032, DFN-CERT-2009-0986, DFN-CERT-2009-0795, DFN-CERT-2009-0598
Other: http://www.ubuntu.com/usn/usn-799-1/

general/tcp
High (CVSS: 10.0)
NVT: Adobe Flash Player Multiple Vulnerabilities - 01 Feb14 (Linux) (OID: 1.3.6.1.4.1.25623.1.0.903340)
Summary

This host is installed with Adobe Flash Player and is prone to multiple vulnerabilities.

Vulnerability Detection Result

Vulnerability was detected according to the Vulnerability Detection Method.

Impact

Successful exploitation will allow attackers to, disclose potentially sensitive information and compromise a user's system.

Impact Level: System/Application

Solution

Solution type: VendorFix

Update to Adobe Flash Player version 11.2.202.341 or later, For updates refer to http://get.adobe.com/flashplayer

Affected Software/OS

Adobe Flash Player version before 11.2.202.341 on Linux

Vulnerability Insight

Flaw is due to multiple unspecified and a double free error.

Vulnerability Detection Method

Get the installed version with the help of detect NVT and check the version is vulnerable or not.

Details: Adobe Flash Player Multiple Vulnerabilities - 01 Feb14 (Linux) (OID: 1.3.6.1.4.1.25623.1.0.903340)

Version used: $Revision: 6715 $

References

CVE: CVE-2014-0498, CVE-2014-0499, CVE-2014-0502
BID: 65704, 65703, 65702
CERT: CB-K14/0215, DFN-CERT-2014-0223
Other: http://secunia.com/advisories/57057
http://helpx.adobe.com/security/products/flash-player/apsb14-07.html

general/tcp
High (CVSS: 10.0)
NVT: Ubuntu USN-742-1 (jasper) (OID: 1.3.6.1.4.1.25623.1.0.63698)
Summary

The remote host is missing an update to jasper announced via advisory USN-742-1.

It was discovered that JasPer did not correctly handle memory allocation when parsing certain malformed JPEG2000 images. If a user were tricked into opening a specially crafted image with an application that uses libjasper, an attacker could cause a denial of service and possibly execute arbitrary code with the user's privileges. (CVE-2008-3520)

It was discovered that JasPer created temporary files in an insecure way. Local users could exploit a race condition and cause a denial of service in libjasper applications. (CVE-2008-3521)

It was discovered that JasPer did not correctly handle certain formatting operations. If a user were tricked into opening a specially crafted image with an application that uses libjasper, an attacker could cause a denial of service and possibly execute arbitrary code with the user's privileges. (CVE-2008-3522)

Vulnerability Detection Result
Package libjasper1 version 1.900.1-3 is installed which is known to be vulnerable.
Solution

Solution type: VendorFix

The problem can be corrected by upgrading your system to the following package versions:

Ubuntu 6.06 LTS: libjasper-1.701-1 1.701.0-2ubuntu0.6.06.1

Ubuntu 7.10: libjasper1 1.900.1-3ubuntu0.7.10.1

Ubuntu 8.04 LTS: libjasper1 1.900.1-3ubuntu0.8.04.1

Ubuntu 8.10: libjasper1 1.900.1-5ubuntu0.1

In general, a standard system upgrade is sufficient to effect the necessary changes.

https://secure1.securityspace.com/smysecure/catid.html?in=USN-742-1

Vulnerability Detection Method

Details: Ubuntu USN-742-1 (jasper) (OID: 1.3.6.1.4.1.25623.1.0.63698)

Version used: $Revision: 7969 $

References

CVE: CVE-2008-3520, CVE-2008-3521, CVE-2008-3522, CVE-2009-0583, CVE-2009-0584, CVE-2008-4552, CVE-2009-0352, CVE-2009-0772, CVE-2009-0774, CVE-2009-0776
CERT: CB-K16/1796, CB-K16/1713, CB-K15/0357, DFN-CERT-2016-1901, DFN-CERT-2016-1821, DFN-CERT-2015-0369, DFN-CERT-2010-0969, DFN-CERT-2010-0300, DFN-CERT-2009-1711, DFN-CERT-2009-1698, DFN-CERT-2009-1511, DFN-CERT-2009-1237, DFN-CERT-2009-1172, DFN-CERT-2009-0850
Other: http://www.ubuntu.com/usn/usn-742-1/

general/tcp
High (CVSS: 10.0)
NVT: Adobe Flash Player Multiple Vulnerabilities -01 Dec15 (Linux) (OID: 1.3.6.1.4.1.25623.1.0.807019)
Summary

This host is installed with Adobe Flash Player and is prone to multiple vulnerabilities.

Vulnerability Detection Result
Installed version: 10.3.183.68
Fixed version:   11.2.202.559
Impact

Successful exploitation will allow attackers to bypass execute arbitrary code on the affected system.

Impact Level: System/Application.

Solution

Solution type: VendorFix

Upgrade to Adobe Flash Player version 11.2.202.559 or later. For updates refer to http://get.adobe.com/flashplayer

Affected Software/OS

Adobe Flash Player version before 11.2.202.559 on Linux.

Vulnerability Insight

Multiple flaws exist due to, - A type confusion vulnerability. - An integer overflow vulnerability. - Multiple use-after-free vulnerabilities. - Multiple memory corruption vulnerabilities.

Vulnerability Detection Method

Get the installed version with the help of detect NVT and check the version is vulnerable or not.

Details: Adobe Flash Player Multiple Vulnerabilities -01 Dec15 (Linux) (OID: 1.3.6.1.4.1.25623.1.0.807019)

Version used: $Revision: 6810 $

References

CVE: CVE-2015-8459, CVE-2015-8460, CVE-2015-8634, CVE-2015-8635, CVE-2015-8636, CVE-2015-8638, CVE-2015-8639, CVE-2015-8640, CVE-2015-8641, CVE-2015-8642, CVE-2015-8643, CVE-2015-8644, CVE-2015-8645, CVE-2015-8646, CVE-2015-8647, CVE-2015-8648, CVE-2015-8649, CVE-2015-8650, CVE-2015-8651, CVE-2016-0959
CERT: CB-K15/1895, DFN-CERT-2015-2001
Other: https://helpx.adobe.com/security/products/flash-player/apsb16-01.html

general/tcp
High (CVSS: 10.0)
NVT: Ubuntu USN-757-1 (gs-gpl) (OID: 1.3.6.1.4.1.25623.1.0.63856)
Summary

The remote host is missing an update to gs-gpl announced via advisory USN-757-1.

Vulnerability Detection Result
Package ghostscript-x version 8.61.dfsg.1-1ubuntu3 is installed which is known to be vulnerable.
Package ghostscript version 8.61.dfsg.1-1ubuntu3 is installed which is known to be vulnerable.
Package libgs8 version 8.61.dfsg.1-1ubuntu3 is installed which is known to be vulnerable.
Package libvolume-id0 version 117-8 is installed which is known to be vulnerable.
Package udev version 117-8 is installed which is known to be vulnerable.
Solution

Solution type: VendorFix

The problem can be corrected by upgrading your system to the following package versions:

Ubuntu 6.06 LTS: gs-esp 8.15.2.dfsg.0ubuntu1-0ubuntu1.2 gs-gpl 8.15-4ubuntu3.3

Ubuntu 8.04 LTS: libgs8 8.61.dfsg.1-1ubuntu3.2

Ubuntu 8.10: libgs8 8.63.dfsg.1-0ubuntu6.4

In general, a standard system upgrade is sufficient to effect the necessary changes.

https://secure1.securityspace.com/smysecure/catid.html?in=USN-757-1

Vulnerability Insight

It was discovered that Ghostscript contained a buffer underflow in its CCITTFax decoding filter. If a user or automated system were tricked into opening a crafted PDF file, an attacker could cause a denial of service or execute arbitrary code with privileges of the user invoking the program. (CVE-2007-6725)

It was discovered that Ghostscript contained a buffer overflow in the BaseFont writer module. If a user or automated system were tricked into opening a crafted Postscript file, an attacker could cause a denial of service or execute arbitrary code with privileges of the user invoking the program. (CVE-2008-6679)

It was discovered that Ghostscript contained additional integer overflows in its ICC color management library. If a user or automated system were tricked into opening a crafted Postscript or PDF file, an attacker could cause a denial of service or execute arbitrary code with privileges of the user invoking the program. (CVE-2009-0792)

Alin Rad Pop discovered that Ghostscript contained a buffer overflow in the jbig2dec library. If a user or automated system were tricked into opening a crafted PDF file, an attacker could cause a denial of service or execute arbitrary code with privileges of the user invoking the program. (CVE-2009-0196)

USN-743-1 provided updated ghostscript and gs-gpl packages to fix two security vulnerabilities. This update corrects the same vulnerabilities in the gs-esp package.

Original advisory details: It was discovered that Ghostscript contained multiple integer overflows in its ICC color management library. If a user or automated system were tricked into opening a crafted Postscript file, an attacker could cause a denial of service or execute arbitrary code with privileges of the user invoking the program. (CVE-2009-0583)

It was discovered that Ghostscript did not properly perform bounds checking in its ICC color management library. If a user or automated system were tricked into opening a crafted Postscript file, an attacker could cause a denial of service or execute arbitrary code with privileges of the user invoking the program. (CVE-2009-0584)

Vulnerability Detection Method

Details: Ubuntu USN-757-1 (gs-gpl) (OID: 1.3.6.1.4.1.25623.1.0.63856)

Version used: $Revision: 7969 $

References

CVE: CVE-2008-5259, CVE-2009-0584, CVE-2009-0583, CVE-2009-1012, CVE-2007-6725, CVE-2009-1016, CVE-2009-1185, CVE-2009-0796, CVE-2009-0792, CVE-2009-0196, CVE-2008-6679, CVE-2009-1186
CERT: CB-K15/1514, DFN-CERT-2010-0969, DFN-CERT-2009-1816, DFN-CERT-2009-1698, DFN-CERT-2009-1576, DFN-CERT-2009-1172, DFN-CERT-2009-0598, DFN-CERT-2009-0490
Other: http://www.ubuntu.com/usn/usn-757-1/

general/tcp
High (CVSS: 10.0)
NVT: Wireshark Multiple Unspecified Vulnerability - Apr09 (Linux) (OID: 1.3.6.1.4.1.25623.1.0.800397)
Summary

This host is installed with Wireshark and is prone to multiple unspecified vulnerability.

Vulnerability Detection Result
Installed version: 1.0.0
Fixed version:     1.0.7
Impact

Successful exploitation could result in denial of serivce condition.

Impact Level: Application

Solution

Solution type: VendorFix

Upgrade to Wireshark 1.0.7 http://www.wireshark.org/download.html

Affected Software/OS

Wireshark version 0.9.6 to 1.0.6 on Linux

Vulnerability Insight

- Error exists while processing PN-DCP packet with format string specifiers in PROFINET/DCP (PN-DCP) dissector. - Error in unknown impact and attack vectors. - Error in Lightweight Directory Access Protocol (LDAP) dissector when processing unknown attack vectors. - Error in Check Point High-Availability Protocol (CPHAP) when processing crafted FWHA_MY_STATE packet. - An error exists while processing malformed Tektronix .rf5 file.

Vulnerability Detection Method

Details: Wireshark Multiple Unspecified Vulnerability - Apr09 (Linux) (OID: 1.3.6.1.4.1.25623.1.0.800397)

Version used: $Revision: 4906 $

References

CVE: CVE-2009-1210, CVE-2009-1266, CVE-2009-1267, CVE-2009-1268, CVE-2009-1269
BID: 34291, 34457
CERT: DFN-CERT-2009-1670, DFN-CERT-2009-1556
Other: http://milw0rm.com/exploits/8308
http://secunia.com/advisories/34778
http://secunia.com/advisories/34542
http://securitytracker.com/alerts/2009/Apr/1022027.html

general/tcp
High (CVSS: 10.0)
NVT: Ubuntu Update for libthai vulnerability USN-887-1 (OID: 1.3.6.1.4.1.25623.1.0.840371)
Summary

Ubuntu Update for Linux kernel vulnerabilities USN-887-1

Vulnerability Detection Result
Package libthai0 version 0.1.9-1 is installed which is known to be vulnerable.
Solution

Solution type: VendorFix

Please Install the Updated Packages.

Affected Software/OS

libthai vulnerability on Ubuntu 8.04 LTS , Ubuntu 8.10 , Ubuntu 9.04 , Ubuntu 9.10

Vulnerability Insight

Tim Starling discovered that LibThai did not correctly handle long strings. A remote attacker could use specially-formed strings to execute arbitrary code with the user's privileges.

Vulnerability Detection Method

Details: Ubuntu Update for libthai vulnerability USN-887-1 (OID: 1.3.6.1.4.1.25623.1.0.840371)

Version used: $Revision: 8266 $

References

CVE: CVE-2009-4012
CERT: DFN-CERT-2010-0146, DFN-CERT-2010-0072, DFN-CERT-2010-0069
Other: http://www.ubuntu.com/usn/usn-887-1/
USN:887-1

general/tcp
High (CVSS: 10.0)
NVT: Ubuntu Update for krb5 vulnerabilities USN-924-1 (OID: 1.3.6.1.4.1.25623.1.0.840414)
Summary

Ubuntu Update for Linux kernel vulnerabilities USN-924-1

Vulnerability Detection Result
Package libkrb53 version 1.6.dfsg.3~beta1-2ubuntu1 is installed which is known to be vulnerable.
Solution

Solution type: VendorFix

Please Install the Updated Packages.

Affected Software/OS

krb5 vulnerabilities on Ubuntu 8.04 LTS , Ubuntu 8.10 , Ubuntu 9.04

Vulnerability Insight

Sol Jerome discovered that the Kerberos kadmind service did not correctly free memory. An unauthenticated remote attacker could send specially crafted traffic to crash the kadmind process, leading to a denial of service. (CVE-2010-0629)

It was discovered that Kerberos did not correctly free memory in the GSSAPI library. If a remote attacker were able to manipulate an application using GSSAPI carefully, the service could crash, leading to a denial of service. (Ubuntu 8.10 was not affected.) (CVE-2007-5901, CVE-2007-5971) It was discovered that Kerberos did not correctly free memory in the GSSAPI and kdb libraries. If a remote attacker were able to manipulate an application using these libraries carefully, the service could crash, leading to a denial of service. (Only Ubuntu 8.04 LTS was affected.) (CVE-2007-5902, CVE-2007-5972)

Vulnerability Detection Method

Details: Ubuntu Update for krb5 vulnerabilities USN-924-1 (OID: 1.3.6.1.4.1.25623.1.0.840414)

Version used: $Revision: 8528 $

References

CVE: CVE-2007-5901, CVE-2007-5902, CVE-2007-5971, CVE-2007-5972, CVE-2010-0629
CERT: DFN-CERT-2010-1298, DFN-CERT-2010-0542, DFN-CERT-2010-0527, DFN-CERT-2010-0508, DFN-CERT-2010-0496, DFN-CERT-2010-0487
Other: http://www.ubuntu.com/usn/usn-924-1/
USN:924-1

general/tcp
High (CVSS: 10.0)
NVT: Adobe Flash Player Multiple Vulnerabilities-01 June15 (Linux) (OID: 1.3.6.1.4.1.25623.1.0.805586)
Summary

This host is installed with Adobe Flash Player and is prone to multiple vulnerabilities.

Vulnerability Detection Result
Installed version: 10.3.183.68
Fixed version:     11.2.202.466
Impact

Successful exploitation will allow remote attackers to disclose potentially sensitive information, execute arbitrary code, cause a denial of service, bypass the same origin policy and bypass certain protection mechanism.

Impact Level: System/Application.

Solution

Solution type: VendorFix

Upgrade to Adobe Flash Player version 11.2.202.466 or later. For updates refer to http://get.adobe.com/flashplayer

Affected Software/OS

Adobe Flash Player before version 11.2.202.466 on Linux.

Vulnerability Insight

Multiple flaws exists due to, - An error which does not properly restrict discovery of memory addresseses. - Multiple use-after-free errors. - A memory corruption error. - An integer overflow error. - Multiple unspecified errors bypassing same origin policy. - An error due to permission issue in the flash broker for internet explorer. - A stack overflow error. - An unspecified error.

Vulnerability Detection Method

Get the installed version with the help of detect NVT and check the version is vulnerable or not.

Details: Adobe Flash Player Multiple Vulnerabilities-01 June15 (Linux) (OID: 1.3.6.1.4.1.25623.1.0.805586)

Version used: $Revision: 6211 $

References

CVE: CVE-2015-3108, CVE-2015-3107, CVE-2015-3106, CVE-2015-3105, CVE-2015-3104, CVE-2015-3103, CVE-2015-3102, CVE-2015-3101, CVE-2015-3100, CVE-2015-3099, CVE-2015-3098, CVE-2015-3096
BID: 75084, 75087, 75086, 75081, 75080, 75089, 75085, 75088
CERT: CB-K15/0776, DFN-CERT-2015-0813
Other: https://helpx.adobe.com/security/products/flash-player/apsb15-11.html

general/tcp
High (CVSS: 10.0)
NVT: Adobe Flash Player Unspecified Memory Corruption Vulnerability - Jan15 (Linux) (OID: 1.3.6.1.4.1.25623.1.0.805258)
Summary

This host is installed with Adobe Flash Player and is prone to unspecified memory corruption vulnerability.

Vulnerability Detection Result
Installed version: 10.3.183.68
Fixed version:     11.2.202.438
Impact

Successful exploitation will allow remote attackers to bypass certain security restrictions and potentially conduct more severe attacks.

Impact Level: System/Application.

Solution

Solution type: VendorFix

Upgrade to Adobe Flash Player version 11.2.202.438 or later. For updates refer http://get.adobe.com/flashplayer

Affected Software/OS

Adobe Flash Player before version 11.2.202.438 on Linux.

Vulnerability Insight

The flaw exists due to some unspecified error.

Vulnerability Detection Method

Get the installed version with the help of detect NVT and check the version is vulnerable or not.

Details: Adobe Flash Player Unspecified Memory Corruption Vulnerability - Jan15 (Linux) (OID: 1.3.6.1.4.1.25623.1.0.805258)

Version used: $Revision: 6183 $

References

CVE: CVE-2015-0310
BID: 72261
CERT: CB-K15/0087, DFN-CERT-2015-0089
Other: http://secunia.com/advisories/62452
http://helpx.adobe.com/security/products/flash-player/apsb15-02.html

general/tcp
High (CVSS: 10.0)
NVT: Adobe Flash Player Multiple Vulnerabilities(APSB14-24)-(Linux) (OID: 1.3.6.1.4.1.25623.1.0.804795)
Summary

This host is installed with Adobe Flash Player and is prone to multiple vulnerabilities.

Vulnerability Detection Result

Vulnerability was detected according to the Vulnerability Detection Method.

Impact

Successful exploitation will allow attackers to disclose potentially sensitive information, bypass certain security restrictions, and compromise a user's system.

Impact Level: System/Application

Solution

Solution type: VendorFix

Upgrade to Adobe Flash Player version 11.2.202.418 or later. For updates refer to http://get.adobe.com/flashplayer

Affected Software/OS

Adobe Flash Player version before 11.2.202.418 on Linux

Vulnerability Insight

Multiple Flaws are due to, - An use-after-free error. - A double free error. - Multiple type confusion errors. - An error related to a permission issue. - Multiple unspecified error.

Vulnerability Detection Method

Get the installed version with the help of detect NVT and check the version is vulnerable or not.

Details: Adobe Flash Player Multiple Vulnerabilities(APSB14-24)-(Linux) (OID: 1.3.6.1.4.1.25623.1.0.804795)

Version used: $Revision: 6692 $

References

CVE: CVE-2014-0573, CVE-2014-0574, CVE-2014-0576, CVE-2014-0577, CVE-2014-0581, CVE-2014-0582, CVE-2014-0583, CVE-2014-0584, CVE-2014-0585, CVE-2014-0586, CVE-2014-0588, CVE-2014-0589, CVE-2014-0590, CVE-2014-8437, CVE-2014-8438, CVE-2014-8440, CVE-2014-8441, CVE-2014-8442
BID: 71033, 71041, 71037, 71038, 71042, 71039, 71035, 71043, 71044, 71045, 71048, 71051, 71046, 71036, 71049, 71047, 71050, 71040
CERT: CB-K14/1433, CB-K14/1398, DFN-CERT-2014-1511, DFN-CERT-2014-1474
Other: http://secunia.com/advisories/59978
http://helpx.adobe.com/security/products/flash-player/apsb14-24.html

general/tcp
High (CVSS: 10.0)
NVT: Adobe Flash Player Multiple Vulnerabilities-01 Sep13 (Linux) (OID: 1.3.6.1.4.1.25623.1.0.803899)
Summary

This host is installed with Adobe Flash Player and is prone to multiple vulnerabilities.

Vulnerability Detection Result

Vulnerability was detected according to the Vulnerability Detection Method.

Impact

Successful exploitation will allow attackers to execute arbitrary code, cause memory corruption and compromise a user's system.

Impact Level: System/Application

Solution

Solution type: VendorFix

Update to Adobe Flash Player version 11.2.202.310 or later, For updates refer to http://get.adobe.com/flashplayer

Affected Software/OS

Adobe Flash Player before 11.2.202.310 on Linux

Vulnerability Insight

Flaws are due to multiple unspecified errors.

Vulnerability Detection Method

Get the installed version with the help of detect NVT and check the version is vulnerable or not.

Details: Adobe Flash Player Multiple Vulnerabilities-01 Sep13 (Linux) (OID: 1.3.6.1.4.1.25623.1.0.803899)

Version used: $Revision: 6104 $

References

CVE: CVE-2013-5324, CVE-2013-3361, CVE-2013-3362, CVE-2013-3363
BID: 62296, 62290, 62294, 62295
CERT: CB-K13/0640, DFN-CERT-2013-1620
Other: http://secunia.com/advisories/54697/
https://www.adobe.com/support/security/bulletins/apsb13-21.html

general/tcp
High (CVSS: 10.0)
NVT: Ubuntu USN-743-1 (gs-gpl) (OID: 1.3.6.1.4.1.25623.1.0.64169)
Summary

The remote host is missing an update to gs-gpl announced via advisory USN-743-1.

Vulnerability Detection Result
Package ghostscript-x version 8.61.dfsg.1-1ubuntu3 is installed which is known to be vulnerable.
Package ghostscript version 8.61.dfsg.1-1ubuntu3 is installed which is known to be vulnerable.
Package libgs8 version 8.61.dfsg.1-1ubuntu3 is installed which is known to be vulnerable.
Package liblcms1 version 1.16-7ubuntu1 is installed which is known to be vulnerable.
Package libicu38 version 3.8-6 is installed which is known to be vulnerable.
Solution

Solution type: VendorFix

The problem can be corrected by upgrading your system to the following package versions:

Ubuntu 6.06 LTS: gs-gpl 8.15-4ubuntu3.2

Ubuntu 7.10: libgs8 8.61.dfsg.1~svn8187-0ubuntu3.5

Ubuntu 8.04 LTS: libgs8 8.61.dfsg.1-1ubuntu3.1

Ubuntu 8.10: libgs8 8.63.dfsg.1-0ubuntu6.3

In general, a standard system upgrade is sufficient to effect the necessary changes.

https://secure1.securityspace.com/smysecure/catid.html?in=USN-743-1

Vulnerability Insight

It was discovered that Ghostscript contained multiple integer overflows in its ICC color management library. If a user or automated system were tricked into opening a crafted Postscript file, an attacker could cause a denial of service or execute arbitrary code with privileges of the user invoking the program. (CVE-2009-0583)

It was discovered that Ghostscript did not properly perform bounds checking in its ICC color management library. If a user or automated system were tricked into opening a crafted Postscript file, an attacker could cause a denial of service or execute arbitrary code with privileges of the user invoking the program. (CVE-2009-0584)

Vulnerability Detection Method

Details: Ubuntu USN-743-1 (gs-gpl) (OID: 1.3.6.1.4.1.25623.1.0.64169)

Version used: $Revision: 7969 $

References

CVE: CVE-2009-0583, CVE-2009-0584, CVE-2009-0581, CVE-2009-0723, CVE-2009-0733, CVE-2009-0920, CVE-2009-0921, CVE-2009-0927, CVE-2009-0207, CVE-2009-0928, CVE-2009-0193, CVE-2009-0629, CVE-2009-0626, CVE-2009-0628, CVE-2009-0635, CVE-2009-0633, CVE-2009-0634, CVE-2009-0637, CVE-2009-0784, CVE-2009-0698, CVE-2008-5239, CVE-2008-1036, CVE-2008-4316, CVE-2006-2426, CVE-2009-1093, CVE-2009-1094, CVE-2009-1095, CVE-2009-1096, CVE-2009-1097, CVE-2009-1098, CVE-2009-1100, CVE-2009-1101, CVE-2009-1102
CERT: DFN-CERT-2013-0744, DFN-CERT-2010-0969, DFN-CERT-2010-0300, DFN-CERT-2010-0144, DFN-CERT-2009-1709, DFN-CERT-2009-1698, DFN-CERT-2009-1615, DFN-CERT-2009-1614, DFN-CERT-2009-1481, DFN-CERT-2009-1172, DFN-CERT-2009-1076, DFN-CERT-2009-1046, DFN-CERT-2009-0682, DFN-CERT-2009-0398, DFN-CERT-2009-0397
Other: http://www.ubuntu.com/usn/usn-743-1/

general/tcp
High (CVSS: 10.0)
NVT: Ubuntu Update for cupsys vulnerabilities USN-656-1 (OID: 1.3.6.1.4.1.25623.1.0.840308)
Summary

Ubuntu Update for Linux kernel vulnerabilities USN-656-1

Vulnerability Detection Result
Package cupsys-bsd version 1.3.7-1ubuntu3 is installed which is known to be vulnerable.
Solution

Solution type: VendorFix

Please Install the Updated Packages.

Affected Software/OS

cupsys vulnerabilities on Ubuntu 6.06 LTS , Ubuntu 7.04 , Ubuntu 7.10 , Ubuntu 8.04 LTS

Vulnerability Insight

It was discovered that the SGI image filter in CUPS did not perform proper bounds checking. If a user or automated system were tricked into opening a crafted SGI image, an attacker could cause a denial of service. (CVE-2008-3639)

It was discovered that the texttops filter in CUPS did not properly validate page metrics. If a user or automated system were tricked into opening a crafted text file, an attacker could cause a denial of service. (CVE-2008-3640) It was discovered that the HP-GL filter in CUPS did not properly check for invalid pen parameters. If a user or automated system were tricked into opening a crafted HP-GL or HP-GL/2 file, a remote attacker could cause a denial of service or execute arbitrary code with user privileges. In Ubuntu 7.10 and 8.04 LTS, attackers would be isolated by the AppArmor CUPS profile. (CVE-2008-3641) NOTE: The previous update for CUPS on Ubuntu 6.06 LTS did not have the the fix for CVE-2008-1722 applied. This update includes fixes for the problem. We apologize for the inconvenience.

Vulnerability Detection Method

Details: Ubuntu Update for cupsys vulnerabilities USN-656-1 (OID: 1.3.6.1.4.1.25623.1.0.840308)

Version used: $Revision: 7969 $

References

CVE: CVE-2008-1722, CVE-2008-3639, CVE-2008-3640, CVE-2008-3641
Other: http://www.ubuntu.com/usn/usn-656-1/
USN:656-1

general/tcp
High (CVSS: 10.0)
NVT: Adobe Flash Player Multiple Remote Code Execution Vulnerabilities - Linux (OID: 1.3.6.1.4.1.25623.1.0.812685)
Summary

This host is installed with Adobe Flash Player and is prone to multiple remote code execution vulnerabilities.

Vulnerability Detection Result
Installed version: 10.3.183.68
Fixed version:     28.0.0.161
Installation
path / port:       /usr/lib/firefox-addons/plugins/libflashplayer.so
Impact

Successful exploitation of these vulnerabilities will allow an attacker to execute arbitrary code on affected system and take control of the affected system.

Impact Level: System/Application

Solution

Solution type: VendorFix

Upgrade to Adobe Flash Player version 28.0.0.161, or later. For updates refer to http://get.adobe.com/flashplayer

Affected Software/OS

Adobe Flash Player version 28.0.0.137 and earlier on Linux.

Vulnerability Insight

Multiple flaws exist due to multiple use-after-free errors in the flash player.

Vulnerability Detection Method

Get the installed version with the help of detect NVT and check the version is vulnerable or not.

Details: Adobe Flash Player Multiple Remote Code Execution Vulnerabilities - Linux (OID: 1.3.6.1.4.1.25623.1.0.812685)

Version used: $Revision: 8711 $

References

CVE: CVE-2018-4878, CVE-2018-4877
BID: 102893, 102930
CERT: CB-K18/0210, DFN-CERT-2018-0228
Other: https://helpx.adobe.com/security/products/flash-player/apsa18-01.html

general/tcp
High (CVSS: 10.0)
NVT: Ubuntu USN-726-2 (curl) (OID: 1.3.6.1.4.1.25623.1.0.63508)
Summary

The remote host is missing an update to curl announced via advisory USN-726-2.

Vulnerability Detection Result
Package python-crypto version 2.0.1+dfsg1-2.1ubuntu1 is installed which is known to be vulnerable.
Solution

Solution type: VendorFix

The problem can be corrected by upgrading your system to the following package versions:

Ubuntu 8.10: libcurl3 7.18.2-1ubuntu4.3 libcurl3-gnutls 7.18.2-1ubuntu4.3

In general, a standard system upgrade is sufficient to effect the necessary changes.

https://secure1.securityspace.com/smysecure/catid.html?in=USN-726-2

Vulnerability Insight

USN-726-1 fixed a vulnerability in curl. Due to an incomplete fix, a regression was introduced in Ubuntu 8.10 that caused certain types of URLs to fail. This update fixes the problem. We apologize for the inconvenience.

Original advisory details:

It was discovered that curl did not enforce any restrictions when following URL redirects. If a user or automated system were tricked into opening a URL to an untrusted server, an attacker could use redirects to gain access to abitrary files. This update changes curl behavior to prevent following file URLs after a redirect.

Vulnerability Detection Method

Details: Ubuntu USN-726-2 (curl) (OID: 1.3.6.1.4.1.25623.1.0.63508)

Version used: $Revision: 7969 $

References

CVE: CVE-2009-0619, CVE-2009-0537, CVE-2009-0775, CVE-2007-4850, CVE-2008-5557, CVE-2009-0754, CVE-2009-0544
CERT: DFN-CERT-2010-0588, DFN-CERT-2009-1497
Other: http://www.ubuntu.com/usn/usn-726-2/

general/tcp
High (CVSS: 10.0)
NVT: Ubuntu Update for freetype USN-1403-1 (OID: 1.3.6.1.4.1.25623.1.0.840959)
Summary

Ubuntu Update for Linux kernel vulnerabilities USN-1403-1

Vulnerability Detection Result
Package libfreetype6 version 2.3.5-1ubuntu4 is installed which is known to be vulnerable.
Solution

Solution type: VendorFix

Please Install the Updated Packages.

Affected Software/OS

freetype on Ubuntu 11.10 , Ubuntu 11.04 , Ubuntu 10.10 , Ubuntu 10.04 LTS , Ubuntu 8.04 LTS

Vulnerability Insight

Mateusz Jurczyk discovered that FreeType did not correctly handle certain malformed BDF font files. If a user were tricked into using a specially crafted font file, a remote attacker could cause FreeType to crash. (CVE-2012-1126)

Mateusz Jurczyk discovered that FreeType did not correctly handle certain malformed BDF font files. If a user were tricked into using a specially crafted font file, a remote attacker could cause FreeType to crash. (CVE-2012-1127) Mateusz Jurczyk discovered that FreeType did not correctly handle certain malformed TrueType font files. If a user were tricked into using a specially crafted font file, a remote attacker could cause FreeType to crash. (CVE-2012-1128) Mateusz Jurczyk discovered that FreeType did not correctly handle certain malformed Type42 font files. If a user were tricked into using a specially crafted font file, a remote attacker could cause FreeType to crash. (CVE-2012-1129) Mateusz Jurczyk discovered that FreeType did not correctly handle certain malformed PCF font files. If a user were tricked into using a specially crafted font file, a remote attacker could cause FreeType to crash. (CVE-2012-1130) Mateusz Jurczyk discovered that FreeType did not correctly handle certain malformed TrueType font files. If a user were tricked into using a specially crafted font file, a remote attacker could cause FreeType to crash. (CVE-2012-1131) Mateusz Jurczyk discovered that FreeType did not correctly handle certain malformed Type1 font files. If a user were tricked into using a specially crafted font file, a remote attacker could cause FreeType to crash. (CVE-2012-1132) Mateusz Jurczyk discovered that FreeType did not correctly handle certain malformed BDF font files. If a user were tricked into using a specially crafted font file, a remote attacker could cause FreeType to crash or possibly execute arbitrary code with user privileges. (CVE-2012-1133) Mateusz Jurczyk discovered that FreeType did not correctly handle certain malformed Type1 font files. If a user were tricked into using a specially crafted font file, a remote attacker could cause FreeType to crash or possibly execute arbitrary code with user privileges. (CVE-2012-1134) Mateusz Jurczyk discovered that FreeType did not correctly handle certain malformed TrueType font files. If a user were tricked into using a specially crafted font file, a remote attacker could cause FreeType to crash. (CVE-2012-1135) Mateusz Jurczyk discovere ...

Description truncated, for more information please check the Reference URL

Vulnerability Detection Method

Details: Ubuntu Update for freetype USN-1403-1 (OID: 1.3.6.1.4.1.25623.1.0.840959)

Version used: $Revision: 7960 $

References

CVE: CVE-2012-1126, CVE-2012-1127, CVE-2012-1128, CVE-2012-1129, CVE-2012-1130, CVE-2012-1131, CVE-2012-1132, CVE-2012-1133, CVE-2012-1134, CVE-2012-1135, CVE-2012-1136, CVE-2012-1137, CVE-2012-1138, CVE-2012-1139, CVE-2012-1140, CVE-2012-1141, CVE-2012-1142, CVE-2012-1143, CVE-2012-1144
CERT: DFN-CERT-2013-0178, DFN-CERT-2012-1248, DFN-CERT-2012-1185, DFN-CERT-2012-0820, DFN-CERT-2012-0814, DFN-CERT-2012-0791, DFN-CERT-2012-0777, DFN-CERT-2012-0753, DFN-CERT-2012-0752, DFN-CERT-2012-0711, DFN-CERT-2012-0709, DFN-CERT-2012-0705, DFN-CERT-2012-0700, DFN-CERT-2012-0698, DFN-CERT-2012-0660, DFN-CERT-2012-0450
Other: http://www.ubuntu.com/usn/usn-1403-1/
USN:1403-1

general/tcp
High (CVSS: 10.0)
NVT: Ubuntu USN-761-1 (php5) (OID: 1.3.6.1.4.1.25623.1.0.63896)
Summary

The remote host is missing an update to php5 announced via advisory USN-761-1.

Vulnerability Detection Result
Package php5 version 5.2.4-2ubuntu5 is installed which is known to be vulnerable.
Package libapache2-mod-php5 version 5.2.4-2ubuntu5 is installed which is known to be vulnerable.
Package php5-cgi version 5.2.4-2ubuntu5 is installed which is known to be vulnerable.
Package php5-cli version 5.2.4-2ubuntu5 is installed which is known to be vulnerable.
Package php5-common version 5.2.4-2ubuntu5 is installed which is known to be vulnerable.
Package php5-gd version 5.2.4-2ubuntu5 is installed which is known to be vulnerable.
Package php5-ldap version 5.2.4-2ubuntu5 is installed which is known to be vulnerable.
Package php5-mysql version 5.2.4-2ubuntu5 is installed which is known to be vulnerable.
Package php5-sqlite version 5.2.4-2ubuntu5 is installed which is known to be vulnerable.
Package apt-utils version 0.7.9ubuntu17 is installed which is known to be vulnerable.
Package apt version 0.7.9ubuntu17 is installed which is known to be vulnerable.
Solution

Solution type: VendorFix

The problem can be corrected by upgrading your system to the following package versions:

Ubuntu 6.06 LTS: libapache2-mod-php5 5.1.2-1ubuntu3.14 php5-cgi 5.1.2-1ubuntu3.14 php5-cli 5.1.2-1ubuntu3.14

Ubuntu 8.04 LTS: libapache2-mod-php5 5.2.4-2ubuntu5.6 php5-cgi 5.2.4-2ubuntu5.6 php5-cli 5.2.4-2ubuntu5.6

Ubuntu 8.10: libapache2-mod-php5 5.2.6-2ubuntu4.2 php5-cgi 5.2.6-2ubuntu4.2 php5-cli 5.2.6-2ubuntu4.2

In general, a standard system upgrade is sufficient to effect the necessary changes.

https://secure1.securityspace.com/smysecure/catid.html?in=USN-761-1

Vulnerability Insight

It was discovered that PHP did not sanitize certain error messages when display_errors is enabled, which could result in browsers becoming vulnerable to cross-site scripting attacks when processing the output. With cross-site scripting vulnerabilities, if a user were tricked into viewing server output during a crafted server request, a remote attacker could exploit this to modify the contents, or steal confidential data (such as passwords), within the same domain. (CVE-2008-5814)

It was discovered that PHP did not properly handle the mbstring.func_overload setting within .htaccess files when using virtual hosts. A virtual host administrator could use this flaw to cause settings to be applied to other virtual hosts on the same server. (CVE-2009-0754)

It was discovered that PHP did not properly handle certain malformed strings when being parsed by the json_decode function. A remote attacker could exploit this flaw and cause the PHP server to crash, resulting in a denial of service. This issue only affected Ubuntu 8.04 and 8.10. (CVE-2009-1271)

Vulnerability Detection Method

Details: Ubuntu USN-761-1 (php5) (OID: 1.3.6.1.4.1.25623.1.0.63896)

Version used: $Revision: 7969 $

References

CVE: CVE-2008-5814, CVE-2009-0754, CVE-2009-1271, CVE-2009-1300
CERT: DFN-CERT-2010-0588, DFN-CERT-2010-0263, DFN-CERT-2009-1726
Other: http://www.ubuntu.com/usn/usn-761-1/

general/tcp
High (CVSS: 10.0)
NVT: Adobe Flash Player Multiple Vulnerabilities-01 Dec13 (Linux) (OID: 1.3.6.1.4.1.25623.1.0.804169)
Summary

This host is installed with Adobe Flash Player and is prone to multiple vulnerabilities.

Vulnerability Detection Result

Vulnerability was detected according to the Vulnerability Detection Method.

Impact

Successful exploitation will allow attackers to execute arbitrary code, cause memory corruption(denial of service) and compromise a user's system.

Impact Level: System/Application

Solution

Solution type: VendorFix

Update to Adobe Flash Player version 11.2.202.332 or later For updates refer to http://get.adobe.com/flashplayer

Affected Software/OS

Adobe Flash Player before version 11.2.202.332 on Linux.

Vulnerability Insight

Flaws are due to multiple unspecified errors.

Vulnerability Detection Method

Get the installed version with the help of detect NVT and check the version is vulnerable or not.

Details: Adobe Flash Player Multiple Vulnerabilities-01 Dec13 (Linux) (OID: 1.3.6.1.4.1.25623.1.0.804169)

Version used: $Revision: 6104 $

References

CVE: CVE-2013-5331, CVE-2013-5332
BID: 64199, 64201
CERT: CB-K13/1031, DFN-CERT-2013-2052
Other: http://secunia.com/advisories/55948
http://helpx.adobe.com/security/products/flash-player/apsb13-28.html

general/tcp
High (CVSS: 10.0)
NVT: Adobe Flash Player Security Updates( apsb16-18 )-Linux (OID: 1.3.6.1.4.1.25623.1.0.808169)
Summary

This host is installed with Adobe Flash Player and is prone to multiple vulnerabilities.

Vulnerability Detection Result
Installed version: 10.3.183.68
Fixed version:     11.2.202.626
Impact

Successful exploitation will allow remote attackers to bypass the same-origin-policy and lead to information disclosure, and code execution.

Impact Level: System/Application

Solution

Solution type: VendorFix

Upgrade to Adobe Flash Player version 11.2.202.626 or later. For updates refer to http://get.adobe.com/flashplayer

Affected Software/OS

Adobe Flash Player version before 11.2.202.626 on Linux.

Vulnerability Insight

The multiple flaws exists due to, - A type confusion vulnerabilities. - The use-after-free vulnerabilities. - The heap buffer overflow vulnerabilities. - The memory corruption vulnerabilities. - A vulnerability in the directory search path used to find resources.

Vulnerability Detection Method

Get the installed version with the help of detect NVT and check the version is vulnerable or not.

Details: Adobe Flash Player Security Updates( apsb16-18 )-Linux (OID: 1.3.6.1.4.1.25623.1.0.808169)

Version used: $Revision: 5534 $

References

CVE: CVE-2016-4122, CVE-2016-4123, CVE-2016-4124, CVE-2016-4125, CVE-2016-4127, CVE-2016-4128, CVE-2016-4129, CVE-2016-4130, CVE-2016-4131, CVE-2016-4132, CVE-2016-4133, CVE-2016-4134, CVE-2016-4135, CVE-2016-4136, CVE-2016-4137, CVE-2016-4138, CVE-2016-4139, CVE-2016-4140, CVE-2016-4141, CVE-2016-4142, CVE-2016-4143, CVE-2016-4144, CVE-2016-4145, CVE-2016-4146, CVE-2016-4147, CVE-2016-4148, CVE-2016-4149, CVE-2016-4150, CVE-2016-4151, CVE-2016-4152, CVE-2016-4153, CVE-2016-4154, CVE-2016-4155, CVE-2016-4156, CVE-2016-4166, CVE-2016-4171
CERT: CB-K16/0899, DFN-CERT-2016-0963
Other: https://helpx.adobe.com/security/products/flash-player/apsb16-18.html

general/tcp
High (CVSS: 10.0)
NVT: Ubuntu USN-746-1 (xine-lib) (OID: 1.3.6.1.4.1.25623.1.0.63746)
Summary

The remote host is missing an update to xine-lib announced via advisory USN-746-1.

Vulnerability Detection Result
Package libicu38 version 3.8-6 is installed which is known to be vulnerable.
Solution

Solution type: VendorFix

The problem can be corrected by upgrading your system to the following package versions:

Ubuntu 6.06 LTS: libxine-main1 1.1.1+ubuntu2-7.11

Ubuntu 7.10: libxine1 1.1.7-1ubuntu1.5

Ubuntu 8.04 LTS: libxine1 1.1.11.1-1ubuntu3.3

Ubuntu 8.10: libxine1 1.1.15-0ubuntu3.2

After a standard system upgrade you need to restart applications linked against xine-lib, such as Totem-xine and Amarok, to effect the necessary changes.

https://secure1.securityspace.com/smysecure/catid.html?in=USN-746-1

Vulnerability Insight

It was discovered that the 4xm demuxer in xine-lib did not correctly handle a large current_track value in a 4xm file, resulting in an integer overflow. If a user or automated system were tricked into opening a specially crafted 4xm movie file, an attacker could crash xine-lib or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2009-0698)

USN-710-1 provided updated xine-lib packages to fix multiple security vulnerabilities. The security patch to fix CVE-2008-5239 introduced a regression causing some media files to be unplayable. This update corrects the problem. We apologize for the inconvenience.

Original advisory details: It was discovered that the input handlers in xine-lib did not correctly handle certain error codes, resulting in out-of-bounds reads and heap- based buffer overflows. If a user or automated system were tricked into opening a specially crafted file, stream, or URL, an attacker could execute arbitrary code as the user invoking the program. (CVE-2008-5239)

Vulnerability Detection Method

Details: Ubuntu USN-746-1 (xine-lib) (OID: 1.3.6.1.4.1.25623.1.0.63746)

Version used: $Revision: 7969 $

References

CVE: CVE-2009-0698, CVE-2008-5239, CVE-2008-1036, CVE-2008-4316, CVE-2006-2426, CVE-2009-1093, CVE-2009-1094, CVE-2009-1095, CVE-2009-1096, CVE-2009-1097, CVE-2009-1098, CVE-2009-1100, CVE-2009-1101, CVE-2009-1102
CERT: DFN-CERT-2013-0744, DFN-CERT-2010-0300, DFN-CERT-2010-0144, DFN-CERT-2009-1709, DFN-CERT-2009-1615, DFN-CERT-2009-1614, DFN-CERT-2009-1481, DFN-CERT-2009-1076, DFN-CERT-2009-1046
Other: http://www.ubuntu.com/usn/usn-746-1/

general/tcp
High (CVSS: 10.0)
NVT: Ubuntu USN-720-1 (php5) (OID: 1.3.6.1.4.1.25623.1.0.64167)
Summary

The remote host is missing an update to php5 announced via advisory USN-720-1.

For details, please visit the referenced security advisories.

Vulnerability Detection Result
Package php5 version 5.2.4-2ubuntu5 is installed which is known to be vulnerable.
Package libapache2-mod-php5 version 5.2.4-2ubuntu5 is installed which is known to be vulnerable.
Package php5-cgi version 5.2.4-2ubuntu5 is installed which is known to be vulnerable.
Package php5-cli version 5.2.4-2ubuntu5 is installed which is known to be vulnerable.
Package php5-common version 5.2.4-2ubuntu5 is installed which is known to be vulnerable.
Package php5-gd version 5.2.4-2ubuntu5 is installed which is known to be vulnerable.
Package php5-ldap version 5.2.4-2ubuntu5 is installed which is known to be vulnerable.
Package php5-mysql version 5.2.4-2ubuntu5 is installed which is known to be vulnerable.
Package php5-sqlite version 5.2.4-2ubuntu5 is installed which is known to be vulnerable.
Solution

Solution type: VendorFix

The problem can be corrected by upgrading your system to the following package versions:

Ubuntu 6.06 LTS: libapache2-mod-php5 5.1.2-1ubuntu3.13 php5-cgi 5.1.2-1ubuntu3.13 php5-cli 5.1.2-1ubuntu3.13 php5-gd 5.1.2-1ubuntu3.13

Ubuntu 7.10: libapache2-mod-php5 5.2.3-1ubuntu6.5 php5-cgi 5.2.3-1ubuntu6.5 php5-cli 5.2.3-1ubuntu6.5 php5-gd 5.2.3-1ubuntu6.5

Ubuntu 8.04 LTS: libapache2-mod-php5 5.2.4-2ubuntu5.5 php5-cgi 5.2.4-2ubuntu5.5 php5-cli 5.2.4-2ubuntu5.5 php5-gd 5.2.4-2ubuntu5.5

Ubuntu 8.10: libapache2-mod-php5 5.2.6-2ubuntu4.1 libapache2-mod-php5filter 5.2.6-2ubuntu4.1 php5-cgi 5.2.6-2ubuntu4.1 php5-cli 5.2.6-2ubuntu4.1 php5-gd 5.2.6-2ubuntu4.1

In general, a standard system upgrade is sufficient to effect the necessary changes.

https://secure1.securityspace.com/smysecure/catid.html?in=USN-720-1

Vulnerability Detection Method

Details: Ubuntu USN-720-1 (php5) (OID: 1.3.6.1.4.1.25623.1.0.64167)

Version used: $Revision: 7969 $

References

CVE: CVE-2007-3996, CVE-2007-5900, CVE-2008-3658, CVE-2008-3659, CVE-2008-3660, CVE-2008-5557, CVE-2008-5624, CVE-2008-5625, CVE-2008-5658, CVE-2007-5625, CVE-2007-6420, CVE-2008-1232, CVE-2008-1947, CVE-2008-2364, CVE-2008-2370, CVE-2008-2938, CVE-2008-2939
CERT: DFN-CERT-2012-1832, DFN-CERT-2010-0712, DFN-CERT-2010-0588, DFN-CERT-2010-0263, DFN-CERT-2009-1725, DFN-CERT-2009-1497, DFN-CERT-2009-1418, DFN-CERT-2009-0251
Other: http://www.ubuntu.com/usn/usn-720-1/

general/tcp
High (CVSS: 10.0)
NVT: Adobe Flash Player Security Updates( apsb16-25 )-Linux (OID: 1.3.6.1.4.1.25623.1.0.808579)
Summary

This host is installed with Adobe Flash Player and is prone to multiple vulnerabilities.

Vulnerability Detection Result
Installed version: 10.3.183.68
Fixed version:     11.2.202.632
Impact

Successful exploitation of this vulnerability will allow remote attackers lead to information disclosure, and code execution.

Impact Level: System/Application.

Solution

Solution type: VendorFix

Upgrade to Adobe Flash Player version 11.2.202.632 or later. For updates refer to http://get.adobe.com/flashplayer

Affected Software/OS

Adobe Flash Player version before 11.2.202.632 on Linux.

Vulnerability Insight

The multiple flaws exists due to, - A race condition vulnerability. - A type confusion vulnerabilities. - An use-after-free vulnerabilities. - A heap buffer overflow vulnerability. - A memory corruption vulnerabilities. - A stack corruption vulnerabilities. - A security bypass vulnerability.

Vulnerability Detection Method

Get the installed version with the help of detect NVT and check the version is vulnerable or not.

Details: Adobe Flash Player Security Updates( apsb16-25 )-Linux (OID: 1.3.6.1.4.1.25623.1.0.808579)

Version used: $Revision: 5732 $

References

CVE: CVE-2016-4172, CVE-2016-4173, CVE-2016-4174, CVE-2016-4175, CVE-2016-4176, CVE-2016-4177, CVE-2016-4178, CVE-2016-4179, CVE-2016-4180, CVE-2016-4181, CVE-2016-4182, CVE-2016-4183, CVE-2016-4184, CVE-2016-4185, CVE-2016-4186, CVE-2016-4187, CVE-2016-4188, CVE-2016-4189, CVE-2016-4190, CVE-2016-4217, CVE-2016-4218, CVE-2016-4219, CVE-2016-4220, CVE-2016-4221, CVE-2016-4222, CVE-2016-4223, CVE-2016-4224, CVE-2016-4225, CVE-2016-4226, CVE-2016-4227, CVE-2016-4228, CVE-2016-4229, CVE-2016-4230, CVE-2016-4231, CVE-2016-4232, CVE-2016-4233, CVE-2016-4234, CVE-2016-4235, CVE-2016-4236, CVE-2016-4237, CVE-2016-4238, CVE-2016-4239, CVE-2016-4240, CVE-2016-4241, CVE-2016-4242, CVE-2016-4243, CVE-2016-4244, CVE-2016-4245, CVE-2016-4246, CVE-2016-4247, CVE-2016-4248, CVE-2016-4249, CVE-2016-7020
CERT: CB-K16/1056, DFN-CERT-2016-1121
Other: https://helpx.adobe.com/security/products/flash-player/apsb16-25.html

general/tcp
High (CVSS: 10.0)
NVT: GNU Bash Environment Variable Handling Shell RCE Vulnerability (LSC) - 04 (OID: 1.3.6.1.4.1.25623.1.0.802086)
Summary

This host is installed with GNU Bash Shell and is prone to remote command execution vulnerability.

Vulnerability Detection Result
Used command: openvas_test='() { x() { _;}; x() { _;} <<a; }' bash -c date 2>/dev/null || echo vulnerable

Result: vulnerable
bash: line 1: 11584 Segmentation fault      openvas_test='() { x() { _;}; x() { _;} <<a; }' bash -c date 2> /dev/null
Impact

Successful exploitation will allow remote or local attackers to inject shell commmands, allowing local privilege escalation or remote command execution depending on the application vector.

Impact Level: System/Application

Solution

Solution type: VendorFix

Apply the patch from the link below, https://ftp.gnu.org/gnu/bash/

Affected Software/OS

GNU Bash through 4.3 bash43-026

Vulnerability Insight

GNU bash contains a flaw that is triggered when evaluating environment variables passed from another environment. After processing a function definition, bash continues to process trailing strings. Incomplete fix to CVE-2014-7169, CVE-2014-6271

Vulnerability Detection Method

Login to the target machine with ssh credentials and check its possible to execute the commands via GNU bash shell.

Details: GNU Bash Environment Variable Handling Shell RCE Vulnerability (LSC) - 04 (OID: 1.3.6.1.4.1.25623.1.0.802086)

Version used: $Revision: 7530 $

References

CVE: CVE-2014-6277
BID: 70165
CERT: CB-K17/1709, CB-K16/1819, CB-K15/1437, CB-K15/0118, CB-K14/1196, DFN-CERT-2017-1785, DFN-CERT-2016-1928, DFN-CERT-2015-1514, DFN-CERT-2014-1258
Other: https://shellshocker.net
http://lcamtuf.blogspot.in/2014/09/bash-bug-apply-unofficial-patch-now.html

general/tcp
High (CVSS: 10.0)
NVT: GNU Bash Environment Variable Handling Shell RCE Vulnerability (LSC) (OID: 1.3.6.1.4.1.25623.1.0.804490)
Summary

This host is installed with GNU Bash Shell and is prone to remote command execution vulnerability.

Vulnerability Detection Result
Used command: env x="() { :;}; echo vulnerable" bash -c "echo this is a test"

Result: vulnerable
this is a test
Impact

Successful exploitation will allow remote or local attackers to inject shell commmands, allowing local privilege escalation or remote command execution depending on the application vector.

Impact Level: Application

Solution

Solution type: VendorFix

Apply the patch or upgrade to latest version, For updates refer to http://www.gnu.org/software/bash/

Affected Software/OS

GNU Bash through 4.3

Vulnerability Insight

GNU bash contains a flaw that is triggered when evaluating environment variables passed from another environment. After processing a function definition, bash continues to process trailing strings.

Vulnerability Detection Method

Login to the target machine with ssh credentials and check its possible to execute the commands via GNU bash shell.

Details: GNU Bash Environment Variable Handling Shell RCE Vulnerability (LSC) (OID: 1.3.6.1.4.1.25623.1.0.804490)

Version used: $Revision: 7530 $

References

CVE: CVE-2014-6271
BID: 70103
CERT: CB-K17/1709, CB-K14/1313, CB-K14/1245, CB-K14/1199, CB-K14/1196, DFN-CERT-2017-1785, DFN-CERT-2014-1307, DFN-CERT-2014-1261, DFN-CERT-2014-1258
Other: https://access.redhat.com/solutions/1207723
https://bugzilla.redhat.com/show_bug.cgi?id=1141597
https://blogs.akamai.com/2014/09/environment-bashing.html
https://community.qualys.com/blogs/securitylabs/2014/09/24/

general/tcp
High (CVSS: 10.0)
NVT: GNU Bash Environment Variable Handling Shell RCE Vulnerability (LSC) - 02 (OID: 1.3.6.1.4.1.25623.1.0.802082)
Summary

This host is installed with GNU Bash Shell and is prone to remote command execution vulnerability.

Vulnerability Detection Result
Used command: cd /tmp; rm -f /tmp/echo; env X='() { (OpenVAS Test)=>\' bash -c 'echo id';cat echo ;rm -f /tmp/echo

Result: uid=0(root) gid=0(root) groups=0(root)
bash: X: line 1: syntax error near unexpected token `='
bash: X: line 1: `'
bash: error importing function definition for `X'
Impact

Successful exploitation will allow remote or local attackers to inject shell commmands, allowing local privilege escalation or remote command execution depending on the application vector.

Impact Level: System/Application

Solution

Solution type: VendorFix

Apply the patch from the below link, https://ftp.gnu.org/gnu/bash/

Affected Software/OS

GNU Bash through 4.3 bash43-025

Vulnerability Insight

GNU bash contains a flaw that is triggered when evaluating environment variables passed from another environment. After processing a function definition, bash continues to process trailing strings. Incomplete fix to CVE-2014-6271

Vulnerability Detection Method

Login to the target machine with ssh credentials and check its possible to execute the commands via GNU bash shell.

Details: GNU Bash Environment Variable Handling Shell RCE Vulnerability (LSC) - 02 (OID: 1.3.6.1.4.1.25623.1.0.802082)

Version used: $Revision: 7530 $

References

CVE: CVE-2014-7169
BID: 70137
CERT: CB-K17/1709, CB-K14/1313, CB-K14/1245, CB-K14/1196, DFN-CERT-2017-1785, DFN-CERT-2014-1307, DFN-CERT-2014-1258
Other: https://shellshocker.net/
http://www.kb.cert.org/vuls/id/252743
http://www.openwall.com/lists/oss-security/2014/09/24/32
https://community.qualys.com/blogs/securitylabs/2014/09/24/bash-remote-code-execution-vulnerability-cve-2014-6271

general/tcp
High (CVSS: 10.0)
NVT: GNU Bash Environment Variable Handling Shell RCE Vulnerability (LSC) - 03 (OID: 1.3.6.1.4.1.25623.1.0.802085)
Summary

This host is installed with GNU Bash Shell and is prone to remote command execution vulnerability.

Vulnerability Detection Result
Used command: openvas_test='() { echo vulnerable; }' bash -c openvas_test

Result: vulnerable
Impact

Successful exploitation will allow remote or local attackers to inject shell commmands, allowing local privilege escalation or remote command execution depending on the application vector.

Impact Level: System/Application

Solution

Solution type: VendorFix

Apply the patch from the link below, https://ftp.gnu.org/gnu/bash/

Affected Software/OS

GNU Bash through 4.3 bash43-026

Vulnerability Insight

GNU bash contains a flaw that is triggered when evaluating environment variables passed from another environment. After processing a function definition, bash continues to process trailing strings. Incomplete fix to CVE-2014-7169, CVE-2014-6271, and CVE-2014-6277

Vulnerability Detection Method

Login to the target machine with ssh credentials and check its possible to execute the commands via GNU bash shell.

Details: GNU Bash Environment Variable Handling Shell RCE Vulnerability (LSC) - 03 (OID: 1.3.6.1.4.1.25623.1.0.802085)

Version used: $Revision: 7530 $

References

CVE: CVE-2014-6278
BID: 70166
CERT: CB-K17/1709, CB-K16/1819, CB-K14/1196, DFN-CERT-2017-1785, DFN-CERT-2016-1928, DFN-CERT-2014-1258
Other: https://shellshocker.net/
http://lcamtuf.blogspot.in/2014/09/bash-bug-apply-unofficial-patch-now.html

general/tcp
High (CVSS: 10.0)
NVT: GNU Bash Stacked Redirects aka 'redir_stack' Memory Corruption Vulnerability (L... (OID: 1.3.6.1.4.1.25623.1.0.802083)
Summary

This host is installed with GNU Bash Shell and is prone to command execution vulnerability.

Vulnerability Detection Result
Used command: bash -c 'true <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF' || echo 'redir_stack vulnerable'

Result: redir_stack vulnerable
bash: line 1: 12261 Segmentation fault      bash -c 'true <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF'
Impact

Successful exploitation will allow attackers to corrupt memory to cause a crash or potentially execute arbitrary coommands.

Impact Level: System/Application

Solution

Solution type: VendorFix

Apply the appropriate patch. For updates refer to refer to http://www.gnu.org/software/bash/

Affected Software/OS

GNU Bash through 4.3 bash43-026

Vulnerability Insight

GNU bash contains a flaw that is triggered when evaluating untrusted input during stacked redirects handling.

Vulnerability Detection Method

Login to the target machine with ssh credentials and check its possible to execute the commands via GNU bash shell.

Details: GNU Bash Stacked Redirects aka 'redir_stack' Memory Corruption Vulnerability (L... (OID: 1.3.6.1.4.1.25623.1.0.802083)

Version used: $Revision: 7530 $

References

CVE: CVE-2014-7186
BID: 70152
CERT: CB-K15/1437, CB-K15/0118, CB-K14/1245, CB-K14/1196, DFN-CERT-2015-1514, DFN-CERT-2014-1307, DFN-CERT-2014-1258
Other: https://shellshocker.net/
http://openwall.com/lists/oss-security/2014/09/26/2
http://openwall.com/lists/oss-security/2014/09/25/32
http://lcamtuf.blogspot.in/2014/09/bash-bug-apply-unofficial-patch-now.html

general/tcp
High (CVSS: 9.3)
NVT: OpenOffice EMF Files Multiple Buffer Overflow Vulnerabilities (Linux) (OID: 1.3.6.1.4.1.25623.1.0.900955)
Summary

The host has OpenOffice installed and is prone to Multiple Buffer Overflow vulnerabilities.

Vulnerability Detection Result

Vulnerability was detected according to the Vulnerability Detection Method.

Impact

Successful remote exploitation could result in arbitrary code execution. Impact Level: Application

Solution

Solution type: VendorFix

Upgrade to OpenOffice 3.0.1 or later. http://www.openoffice.org/

Affected Software/OS

OpenOffice 2.x and 3.x before 3.0.1 on Linux.

Vulnerability Insight

The Multiple flaws are due to buffer overflow error in cppcanvas/source/ mtfrenderer/emfplus.cxx' when processing crafted EMF+ files.

Vulnerability Detection Method

Details: OpenOffice EMF Files Multiple Buffer Overflow Vulnerabilities (Linux) (OID: 1.3.6.1.4.1.25623.1.0.900955)

Version used: $Revision: 5122 $

References

CVE: CVE-2009-2140
CERT: DFN-CERT-2010-0693, DFN-CERT-2010-0625, DFN-CERT-2010-0309, DFN-CERT-2010-0204
Other: http://marc.info/?l=oss-security&m=125258116800739&w=2
http://marc.info/?l=oss-security&m=125265261125765&w=2

general/tcp
High (CVSS: 9.3)
NVT: Ubuntu Update for openoffice.org, openoffice.org-amd64 vulnerabilities USN-677-1 (OID: 1.3.6.1.4.1.25623.1.0.840322)
Summary

Ubuntu Update for Linux kernel vulnerabilities USN-677-1

Vulnerability Detection Result
Package openoffice.org-base-core version 2.4.0-3ubuntu6 is installed which is known to be vulnerable.
Solution

Solution type: VendorFix

Please Install the Updated Packages.

Affected Software/OS

openoffice.org, openoffice.org-amd64 vulnerabilities on Ubuntu 6.06 LTS , Ubuntu 7.10 , Ubuntu 8.04 LTS , Ubuntu 8.10

Vulnerability Insight

Multiple memory overflow flaws were discovered in OpenOffice.org's handling of WMF and EMF files. If a user were tricked into opening a specially crafted document, a remote attacker might be able to execute arbitrary code with user privileges. (CVE-2008-2237, CVE-2008-2238)

Dmitry E. Oboukhov discovered that senddoc, as included in OpenOffice.org, created temporary files in an insecure way. Local users could exploit a race condition to create or overwrite files with the privileges of the user invoking the program. This issue only affected Ubuntu 8.04 LTS. (CVE-2008-4937)

Vulnerability Detection Method

Details: Ubuntu Update for openoffice.org, openoffice.org-amd64 vulnerabilities USN-677-1 (OID: 1.3.6.1.4.1.25623.1.0.840322)

Version used: $Revision: 7969 $

References

CVE: CVE-2008-2237, CVE-2008-2238, CVE-2008-4937
Other: http://www.ubuntu.com/usn/usn-677-1/
USN:677-1

general/tcp
High (CVSS: 9.3)
NVT: Ubuntu Update for speex vulnerability USN-611-1 (OID: 1.3.6.1.4.1.25623.1.0.840318)
Summary

Ubuntu Update for Linux kernel vulnerabilities USN-611-1

Vulnerability Detection Result
Package libspeex1 version 1.1.12-3 is installed which is known to be vulnerable.
Solution

Solution type: VendorFix

Please Install the Updated Packages.

Affected Software/OS

speex vulnerability on Ubuntu 6.06 LTS , Ubuntu 7.04 , Ubuntu 7.10 , Ubuntu 8.04 LTS

Vulnerability Insight

It was discovered that Speex did not properly validate its input when processing Speex file headers. If a user or automated system were tricked into opening a specially crafted Speex file, an attacker could create a denial of service in applications linked against Speex or possibly execute arbitrary code as the user invoking the program.

Vulnerability Detection Method

Details: Ubuntu Update for speex vulnerability USN-611-1 (OID: 1.3.6.1.4.1.25623.1.0.840318)

Version used: $Revision: 7969 $

References

CVE: CVE-2008-1686
Other: http://www.ubuntu.com/usn/usn-611-1/
USN:611-1

general/tcp
High (CVSS: 9.3)
NVT: Ubuntu Update for firefox-3.0, xulrunner-1.9 vulnerabilities USN-626-1 (OID: 1.3.6.1.4.1.25623.1.0.840327)
Summary

Ubuntu Update for Linux kernel vulnerabilities USN-626-1

Vulnerability Detection Result
Package firefox-gnome-support version 3.0~b5+nobinonly-0ubuntu3 is installed which is known to be vulnerable.
Solution

Solution type: VendorFix

Please Install the Updated Packages.

Affected Software/OS

firefox-3.0, xulrunner-1.9 vulnerabilities on Ubuntu 8.04 LTS

Vulnerability Insight

A flaw was discovered in the browser engine. A variable could be made to overflow causing the browser to crash. If a user were tricked into opening a malicious web page, an attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2008-2785)

Billy Rios discovered that Firefox and xulrunner, as used by browsers such as Epiphany, did not properly perform URI splitting with pipe symbols when passed a command-line URI. If Firefox or xulrunner were passed a malicious URL, an attacker may be able to execute local content with chrome privileges. (CVE-2008-2933)

Vulnerability Detection Method

Details: Ubuntu Update for firefox-3.0, xulrunner-1.9 vulnerabilities USN-626-1 (OID: 1.3.6.1.4.1.25623.1.0.840327)

Version used: $Revision: 7969 $

References

CVE: CVE-2008-2785, CVE-2008-2933, CVE-2008-2934
Other: http://www.ubuntu.com/usn/usn-626-1/
USN:626-1

general/tcp
High (CVSS: 9.3)
NVT: Ubuntu Update for ghostscript vulnerabilities USN-961-1 (OID: 1.3.6.1.4.1.25623.1.0.840459)
Summary

Ubuntu Update for Linux kernel vulnerabilities USN-961-1

Vulnerability Detection Result
Package ghostscript-x version 8.61.dfsg.1-1ubuntu3 is installed which is known to be vulnerable.
Solution

Solution type: VendorFix

Please Install the Updated Packages.

Affected Software/OS

ghostscript vulnerabilities on Ubuntu 8.04 LTS , Ubuntu 9.04 , Ubuntu 9.10 , Ubuntu 10.04 LTS

Vulnerability Insight

David Srbecky discovered that Ghostscript incorrectly handled debug logging. If a user or automated system were tricked into opening a crafted PDF file, an attacker could cause a denial of service or execute arbitrary code with privileges of the user invoking the program. This issue only affected Ubuntu 9.04 and Ubuntu 9.10. The default compiler options for affected releases should reduce the vulnerability to a denial of service. (CVE-2009-4270)

It was discovered that Ghostscript incorrectly handled certain malformed files. If a user or automated system were tricked into opening a crafted Postscript or PDF file, an attacker could cause a denial of service or execute arbitrary code with privileges of the user invoking the program. This issue only affected Ubuntu 8.04 LTS and Ubuntu 9.04. (CVE-2009-4897) Dan Rosenberg discovered that Ghostscript incorrectly handled certain recursive Postscript files. If a user or automated system were tricked into opening a crafted Postscript file, an attacker could cause a denial of service or execute arbitrary code with privileges of the user invoking the program. (CVE-2010-1628) Rodrigo Rubira Branco and Dan Rosenberg discovered that Ghostscript incorrectly handled certain malformed Postscript files. If a user or automated system were tricked into opening a crafted Postscript file, an attacker could cause a denial of service or execute arbitrary code with privileges of the user invoking the program. This issue only affected Ubuntu 8.04 LTS, 9.04 and 9.10. (CVE-2010-1869)

Vulnerability Detection Method

Details: Ubuntu Update for ghostscript vulnerabilities USN-961-1 (OID: 1.3.6.1.4.1.25623.1.0.840459)

Version used: $Revision: 8447 $

References

CVE: CVE-2009-4270, CVE-2009-4897, CVE-2010-1628, CVE-2010-1869
CERT: DFN-CERT-2012-0627, DFN-CERT-2010-1063, DFN-CERT-2010-1050, DFN-CERT-2010-0984, DFN-CERT-2010-0969, DFN-CERT-2010-0911, DFN-CERT-2010-0910, DFN-CERT-2010-0909, DFN-CERT-2010-0684
Other: http://www.ubuntu.com/usn/usn-961-1/
USN:961-1

general/tcp
High (CVSS: 9.3)
NVT: Ubuntu Update for python2.4, python2.5 vulnerabilities USN-632-1 (OID: 1.3.6.1.4.1.25623.1.0.840343)
Summary

Ubuntu Update for Linux kernel vulnerabilities USN-632-1

Vulnerability Detection Result
Package python2.5-dbg version 2.5.2-2ubuntu4 is installed which is known to be vulnerable.
Solution

Solution type: VendorFix

Please Install the Updated Packages.

Affected Software/OS

python2.4, python2.5 vulnerabilities on Ubuntu 6.06 LTS , Ubuntu 7.04 , Ubuntu 7.10 , Ubuntu 8.04 LTS

Vulnerability Insight

It was discovered that there were new integer overflows in the imageop module. If an attacker were able to trick a Python application into processing a specially crafted image, they could execute arbitrary code with user privileges. (CVE-2008-1679)

Justin Ferguson discovered that the zlib module did not correctly handle certain archives. If an attacker were able to trick a Python application into processing a specially crafted archive file, they could execute arbitrary code with user privileges. (CVE-2008-1721) Justin Ferguson discovered that certain string manipulations in Python could be made to overflow. If an attacker were able to pass a specially crafted string through the PyString_FromStringAndSize function, they could execute arbitrary code with user privileges. (CVE-2008-1887) Multiple integer overflows were discovered in Python's core and modules including hashlib, binascii, pickle, md5, stringobject, unicodeobject, bufferobject, longobject, tupleobject, stropmodule, gcmodule, and mmapmodule. If an attacker were able to exploit these flaws they could execute arbitrary code with user privileges or cause Python applications to crash, leading to a denial of service. (CVE-2008-2315, CVE-2008-2316, CVE-2008-3142, CVE-2008-3143, CVE-2008-3144).

Vulnerability Detection Method

Details: Ubuntu Update for python2.4, python2.5 vulnerabilities USN-632-1 (OID: 1.3.6.1.4.1.25623.1.0.840343)

Version used: $Revision: 7969 $

References

CVE: CVE-2008-1679, CVE-2008-1721, CVE-2008-1887, CVE-2008-2315, CVE-2008-2316, CVE-2008-3142, CVE-2008-3143, CVE-2008-3144
CERT: DFN-CERT-2010-1482, DFN-CERT-2010-0117, DFN-CERT-2009-1714, DFN-CERT-2009-1644
Other: http://www.ubuntu.com/usn/usn-632-1/
USN:632-1

general/tcp
High (CVSS: 9.3)
NVT: Ubuntu USN-737-1 (libsoup) (OID: 1.3.6.1.4.1.25623.1.0.63622)
Summary

The remote host is missing an update to libsoup announced via advisory USN-737-1.

Vulnerability Detection Result
Package libnss3-1d version 3.12.0~beta3-0ubuntu1 is installed which is known to be vulnerable.
Solution

Solution type: VendorFix

The problem can be corrected by upgrading your system to the following package versions:

Ubuntu 6.06 LTS: libsoup2.2-8 2.2.93-0ubuntu1.2

Ubuntu 7.10: libsoup2.2-8 2.2.100-1ubuntu0.1

In general, a standard system upgrade is sufficient to effect the necessary changes.

https://secure1.securityspace.com/smysecure/catid.html?in=USN-737-1

Vulnerability Insight

It was discovered that the Base64 encoding functions in libsoup did not properly handle large strings. If a user were tricked into connecting to a malicious server, an attacker could possibly execute arbitrary code with user privileges.

Vulnerability Detection Method

Details: Ubuntu USN-737-1 (libsoup) (OID: 1.3.6.1.4.1.25623.1.0.63622)

Version used: $Revision: 7969 $

References

CVE: CVE-2009-0585, CVE-2009-0135, CVE-2009-0136, CVE-2008-4564, CVE-2009-0538, CVE-2004-2761
CERT: DFN-CERT-2009-0137
Other: http://www.ubuntu.com/usn/usn-737-1/

general/tcp
High (CVSS: 9.3)
NVT: Ubuntu Update for openoffice.org vulnerabilities USN-903-1 (OID: 1.3.6.1.4.1.25623.1.0.840394)
Summary

Ubuntu Update for Linux kernel vulnerabilities USN-903-1

Vulnerability Detection Result
Package openoffice.org-base-core version 2.4.0-3ubuntu6 is installed which is known to be vulnerable.
Solution

Solution type: VendorFix

Please Install the Updated Packages.

Affected Software/OS

openoffice.org vulnerabilities on Ubuntu 8.04 LTS , Ubuntu 8.10 , Ubuntu 9.04 , Ubuntu 9.10

Vulnerability Insight

It was discovered that the XML HMAC signature system did not correctly check certain lengths. If an attacker sent a truncated HMAC, it could bypass authentication, leading to potential privilege escalation. (CVE-2009-0217)

Sebastian Apelt and Frank Rei&#223 ner discovered that OpenOffice did not correctly import XPM and GIF images. If a user were tricked into opening a specially crafted image, an attacker could execute arbitrary code with user privileges. (CVE-2009-2949, CVE-2009-2950) Nicolas Joly discovered that OpenOffice did not correctly handle certain Word documents. If a user were tricked into opening a specially crafted document, an attacker could execute arbitrary code with user privileges. (CVE-2009-3301, CVE-2009-3302) It was discovered that OpenOffice did not correctly handle certain VBA macros correctly. If a user were tricked into opening a specially crafted document, an attacker could execute arbitrary macro commands, bypassing security controls. (CVE-2010-0136)

Vulnerability Detection Method

Details: Ubuntu Update for openoffice.org vulnerabilities USN-903-1 (OID: 1.3.6.1.4.1.25623.1.0.840394)

Version used: $Revision: 8228 $

References

CVE: CVE-2009-0217, CVE-2009-2949, CVE-2009-2950, CVE-2009-3301, CVE-2009-3302, CVE-2010-0136
CERT: DFN-CERT-2010-0914, DFN-CERT-2010-0749, DFN-CERT-2010-0365, DFN-CERT-2010-0219, DFN-CERT-2010-0212, DFN-CERT-2010-0208, DFN-CERT-2010-0046, DFN-CERT-2009-1830, DFN-CERT-2009-1724, DFN-CERT-2009-1710, DFN-CERT-2009-1581, DFN-CERT-2009-1552, DFN-CERT-2009-1541, DFN-CERT-2009-1492, DFN-CERT-2009-1430, DFN-CERT-2009-1424, DFN-CERT-2009-1421, DFN-CERT-2009-1268, DFN-CERT-2009-1167, DFN-CERT-2009-1114, DFN-CERT-2009-1080, DFN-CERT-2009-1078, DFN-CERT-2009-1077, DFN-CERT-2009-1058, DFN-CERT-2009-1044, DFN-CERT-2009-1037
Other: http://www.ubuntu.com/usn/usn-903-1/
USN:903-1

general/tcp
High (CVSS: 9.3)
NVT: Ubuntu USN-839-1 (samba) (OID: 1.3.6.1.4.1.25623.1.0.65011)
Summary

The remote host is missing an update to samba announced via advisory USN-839-1.

Vulnerability Detection Result
Package libsmbclient version 3.0.28a-1ubuntu4 is installed which is known to be vulnerable.
Package samba-common version 3.0.28a-1ubuntu4 is installed which is known to be vulnerable.
Package samba version 3.0.28a-1ubuntu4 is installed which is known to be vulnerable.
Package smbclient version 3.0.28a-1ubuntu4 is installed which is known to be vulnerable.
Solution

Solution type: VendorFix

The problem can be corrected by upgrading your system to the following package versions:

Ubuntu 6.06 LTS: samba 3.0.22-1ubuntu3.9 smbfs 3.0.22-1ubuntu3.9

Ubuntu 8.04 LTS: samba 3.0.28a-1ubuntu4.9 smbfs 3.0.28a-1ubuntu4.9

Ubuntu 8.10: samba 2:3.2.3-1ubuntu3.6 smbclient 2:3.2.3-1ubuntu3.6 smbfs 2:3.2.3-1ubuntu3.6

Ubuntu 9.04: samba 2:3.3.2-1ubuntu3.2 smbfs 2:3.3.2-1ubuntu3.2

In general, a standard system upgrade is sufficient to effect the necessary changes.

https://secure1.securityspace.com/smysecure/catid.html?in=USN-839-1

Vulnerability Insight

J. David Hester discovered that Samba incorrectly handled users that lack home directories when the automated [homes] share is enabled. An authenticated user could connect to that share name and gain access to the whole filesystem. (CVE-2009-2813)

Tim Prouty discovered that the smbd daemon in Samba incorrectly handled certain unexpected network replies. A remote attacker could send malicious replies to the server and cause smbd to use all available CPU, leading to a denial of service. (CVE-2009-2906)

Ronald Volgers discovered that the mount.cifs utility, when installed as a setuid program, would not verify user permissions before opening a credentials file. A local user could exploit this to use or read the contents of unauthorized credential files. (CVE-2009-2948)

Reinhard Nißl discovered that the smbclient utility contained format string vulnerabilities in its file name handling. Because of security features in Ubuntu, exploitation of this vulnerability is limited. If a user or automated system were tricked into processing a specially crafted file name, smbclient could be made to crash, possibly leading to a denial of service. This only affected Ubuntu 8.10. (CVE-2009-1886)

Jeremy Allison discovered that the smbd daemon in Samba incorrectly handled permissions to modify access control lists when dos filemode is enabled. A remote attacker could exploit this to modify access control lists. This only affected Ubuntu 8.10 and Ubuntu 9.04. (CVE-2009-1886)

Vulnerability Detection Method

Details: Ubuntu USN-839-1 (samba) (OID: 1.3.6.1.4.1.25623.1.0.65011)

Version used: $Revision: 7969 $

References

CVE: CVE-2009-1886, CVE-2009-1888, CVE-2009-2813, CVE-2009-2906, CVE-2009-2948
CERT: DFN-CERT-2010-0482, DFN-CERT-2010-0157, DFN-CERT-2010-0133, DFN-CERT-2009-1708, DFN-CERT-2009-1632, DFN-CERT-2009-1621, DFN-CERT-2009-1523, DFN-CERT-2009-1522, DFN-CERT-2009-1508, DFN-CERT-2009-1455, DFN-CERT-2009-1439, DFN-CERT-2009-1399, DFN-CERT-2009-1363, DFN-CERT-2009-1086
Other: http://www.ubuntu.com/usn/usn-839-1/

general/tcp
High (CVSS: 9.3)
NVT: Ubuntu USN-784-1 (imagemagick) (OID: 1.3.6.1.4.1.25623.1.0.64197)
Summary

The remote host is missing an update to imagemagick announced via advisory USN-784-1.

Vulnerability Detection Result
Package libmagick++10 version 6.3.7.9.dfsg1-2ubuntu1 is installed which is known to be vulnerable.
Package libmagick10 version 6.3.7.9.dfsg1-2ubuntu1 is installed which is known to be vulnerable.
Solution

Solution type: VendorFix

The problem can be corrected by upgrading your system to the following package versions:

Ubuntu 6.06 LTS: libmagick9 6:6.2.4.5-0.6ubuntu0.9

Ubuntu 8.04 LTS: libmagick10 7:6.3.7.9.dfsg1-2ubuntu1.1

Ubuntu 8.10: libmagick10 7:6.3.7.9.dfsg1-2ubuntu3.1

Ubuntu 9.04: libmagickcore1 7:6.4.5.4.dfsg1-1ubuntu3.1

In general, a standard system upgrade is sufficient to effect the necessary changes.

https://secure1.securityspace.com/smysecure/catid.html?in=USN-784-1

Vulnerability Insight

It was discovered that ImageMagick did not properly verify the dimensions of TIFF files. If a user or automated system were tricked into opening a crafted TIFF file, an attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program.

Vulnerability Detection Method

Details: Ubuntu USN-784-1 (imagemagick) (OID: 1.3.6.1.4.1.25623.1.0.64197)

Version used: $Revision: 7969 $

References

CVE: CVE-2009-1882
CERT: DFN-CERT-2010-1101, DFN-CERT-2010-1100, DFN-CERT-2010-0043, DFN-CERT-2010-0027, DFN-CERT-2009-1412, DFN-CERT-2009-1411, DFN-CERT-2009-1410, DFN-CERT-2009-1104
Other: http://www.ubuntu.com/usn/usn-784-1/

general/tcp
High (CVSS: 9.3)
NVT: Wireshark 'wiretap/erf.c' Unsigned Integer Wrap Vulnerability - Nov09 (Linux) (OID: 1.3.6.1.4.1.25623.1.0.801037)
Summary

This host is installed with Wireshark and is prone unsigned integer wrap vulnerability.

Vulnerability Detection Result
Installed version: 1.0.0
Fixed version:     1.2.2
Impact

Successful remote exploitation will allow attacker to execute arbitrary code or cause a Denial of Service.

Impact Level: Application.

Solution

Solution type: VendorFix

Upgrade to Wireshark 1.2.2 http://www.wireshark.org/download.html

Affected Software/OS

Wireshark version prior to 1.2.2 on Linux.

Vulnerability Insight

The flaw exists due to an integer overflow error in 'wiretap/erf.c' when processing an 'erf' file causes Wireshark to allocate a very large buffer.

Vulnerability Detection Method

Details: Wireshark 'wiretap/erf.c' Unsigned Integer Wrap Vulnerability - Nov09 (Linux) (OID: 1.3.6.1.4.1.25623.1.0.801037)

Version used: $Revision: 4970 $

References

CVE: CVE-2009-3829
BID: 36846
CERT: DFN-CERT-2010-0577, DFN-CERT-2010-0036, DFN-CERT-2009-1670, DFN-CERT-2009-1551
Other: http://www.kb.cert.org/vuls/id/676492
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=3849

general/tcp
High (CVSS: 9.3)
NVT: Ubuntu Update for Firefox and Xulrunner regression USN-975-2 (OID: 1.3.6.1.4.1.25623.1.0.840502)
Summary

Ubuntu Update for Linux kernel vulnerabilities USN-975-2

Vulnerability Detection Result
Package firefox-gnome-support version 3.0~b5+nobinonly-0ubuntu3 is installed which is known to be vulnerable.
Solution

Solution type: VendorFix

Please Install the Updated Packages.

Affected Software/OS

Firefox and Xulrunner regression on Ubuntu 8.04 LTS , Ubuntu 9.04 , Ubuntu 9.10 , Ubuntu 10.04 LTS

Vulnerability Insight

USN-975-1 fixed vulnerabilities in Firefox and Xulrunner. Some users reported stability problems under certain circumstances. This update fixes the problem.

We apologize for the inconvenience. Original advisory details: Several dangling pointer vulnerabilities were discovered in Firefox. An attacker could exploit this to crash the browser or possibly run arbitrary code as the user invoking the program. (CVE-2010-2760, CVE-2010-2767, CVE-2010-3167) Blake Kaplan and Michal Zalewski discovered several weaknesses in the XPCSafeJSObjectWrapper (SJOW) security wrapper. If a user were tricked into viewing a malicious site, a remote attacker could use this to run arbitrary JavaScript with chrome privileges. (CVE-2010-2762) Matt Haggard discovered that Firefox did not honor same-origin policy when processing the statusText property of an XMLHttpRequest object. If a user were tricked into viewing a malicious site, a remote attacker could use this to gather information about servers on internal private networks. (CVE-2010-2764) Chris Rohlf discovered an integer overflow when Firefox processed the HTML frameset element. If a user were tricked into viewing a malicious site, a remote attacker could use this to crash the browser or possibly run arbitrary code as the user invoking the program. (CVE-2010-2765) Several issues were discovered in the browser engine. If a user were tricked into viewing a malicious site, a remote attacker could use this to crash the browser or possibly run arbitrary code as the user invoking the program. (CVE-2010-2766, CVE-2010-3168) David Huang and Collin Jackson discovered that the &lt object&gt tag could override the charset of a framed HTML document in another origin. An attacker could utilize this to perform cross-site scripting attacks. (CVE-2010-2768) Paul Stone discovered that with designMode enabled an HTML selection containing JavaScript could be copied and pasted into a document and have the JavaScript execute within the context of the site where the code was dropped. An attacker could utilize this to perform cross-site scripting attacks. (CVE-2010-2769) A buffer overflow was discovered in Firefox when processing text runs. If a user were tricked into viewing a malicious site, a remote attacker could use this to crash the browser or possibly run arbitrary code as the user invoking the program. (CVE-2010-3166) Peter Van der Beken, Jason Oster, Jesse Ruderman, Igor Bukanov, Jeff ...

Description truncated, for more information please check the Reference URL

Vulnerability Detection Method

Details: Ubuntu Update for Firefox and Xulrunner regression USN-975-2 (OID: 1.3.6.1.4.1.25623.1.0.840502)

Version used: $Revision: 8187 $

References

CVE: CVE-2010-2760, CVE-2010-2767, CVE-2010-3167, CVE-2010-2762, CVE-2010-2764, CVE-2010-2765, CVE-2010-2766, CVE-2010-3168, CVE-2010-2768, CVE-2010-2769, CVE-2010-3166, CVE-2010-3169
CERT: DFN-CERT-2011-0696, DFN-CERT-2011-0386, DFN-CERT-2011-0033, DFN-CERT-2010-1513, DFN-CERT-2010-1347, DFN-CERT-2010-1319, DFN-CERT-2010-1200, DFN-CERT-2010-1176, DFN-CERT-2010-1172, DFN-CERT-2010-1164, DFN-CERT-2010-1161, DFN-CERT-2010-1160
Other: http://www.ubuntu.com/usn/usn-975-2/
USN:975-2

general/tcp
High (CVSS: 9.3)
NVT: Ubuntu Update for x11-xserver-utils vulnerability USN-1107-1 (OID: 1.3.6.1.4.1.25623.1.0.840631)
Summary

Ubuntu Update for Linux kernel vulnerabilities USN-1107-1

Vulnerability Detection Result
Package x11-xserver-utils version 7.3+2 is installed which is known to be vulnerable.
Solution

Solution type: VendorFix

Please Install the Updated Packages.

Affected Software/OS

x11-xserver-utils vulnerability on Ubuntu 8.04 LTS , Ubuntu 9.10 , Ubuntu 10.04 LTS , Ubuntu 10.10

Vulnerability Insight

Sebastian Krahmer discovered that the xrdb utility incorrectly filtered crafted hostnames. An attacker could use this flaw with a malicious DHCP server or with a remote xdmcp login and execute arbitrary code, resulting in root privilege escalation.

Vulnerability Detection Method

Details: Ubuntu Update for x11-xserver-utils vulnerability USN-1107-1 (OID: 1.3.6.1.4.1.25623.1.0.840631)

Version used: $Revision: 7964 $

References

CVE: CVE-2011-0465
CERT: DFN-CERT-2013-1230, DFN-CERT-2012-0627, DFN-CERT-2011-0914, DFN-CERT-2011-0648, DFN-CERT-2011-0590, DFN-CERT-2011-0582, DFN-CERT-2011-0572, DFN-CERT-2011-0546, DFN-CERT-2011-0536
Other: http://www.ubuntu.com/usn/usn-1107-1/
USN:1107-1

general/tcp
High (CVSS: 9.3)
NVT: Ubuntu Update for libxml2 USN-1153-1 (OID: 1.3.6.1.4.1.25623.1.0.840679)
Summary

Ubuntu Update for Linux kernel vulnerabilities USN-1153-1

Vulnerability Detection Result
Package libxml2 version 2.6.31.dfsg-2ubuntu1 is installed which is known to be vulnerable.
Solution

Solution type: VendorFix

Please Install the Updated Packages.

Affected Software/OS

libxml2 on Ubuntu 11.04 , Ubuntu 10.10 , Ubuntu 10.04 LTS , Ubuntu 8.04 LTS

Vulnerability Insight

Chris Evans discovered that libxml2 incorrectly handled memory allocation. If an application using libxml2 opened a specially crafted XML file, an attacker could cause a denial of service or possibly execute code as the user invoking the program.

Vulnerability Detection Method

Details: Ubuntu Update for libxml2 USN-1153-1 (OID: 1.3.6.1.4.1.25623.1.0.840679)

Version used: $Revision: 7964 $

References

CVE: CVE-2011-1944
CERT: CB-K15/0079, CB-K15/0050, DFN-CERT-2015-0079, DFN-CERT-2015-0049, DFN-CERT-2013-0196, DFN-CERT-2012-1873, DFN-CERT-2012-1361, DFN-CERT-2012-1276, DFN-CERT-2012-1191, DFN-CERT-2012-0812, DFN-CERT-2012-0208, DFN-CERT-2012-0066, DFN-CERT-2011-1854, DFN-CERT-2011-1563, DFN-CERT-2011-1340, DFN-CERT-2011-1015
Other: http://www.ubuntu.com/usn/usn-1153-1/
USN:1153-1

general/tcp
High (CVSS: 9.3)
NVT: Ubuntu Update for firefox-3.0, xulrunner-1.9 regression USN-877-1 (OID: 1.3.6.1.4.1.25623.1.0.840361)
Summary

Ubuntu Update for Linux kernel vulnerabilities USN-877-1

Vulnerability Detection Result
Package firefox-gnome-support version 3.0~b5+nobinonly-0ubuntu3 is installed which is known to be vulnerable.
Solution

Solution type: VendorFix

Please Install the Updated Packages.

Affected Software/OS

firefox-3.0, xulrunner-1.9 regression on Ubuntu 8.04 LTS , Ubuntu 8.10 , Ubuntu 9.04

Vulnerability Insight

USN-873-1 fixed vulnerabilities in Firefox and Xulrunner. The upstream changes introduced a regression when using NTLM authentication. This update fixes the problem and added additional stability fixes.

We apologize for the inconvenience. Original advisory details: Jesse Ruderman, Josh Soref, Martijn Wargers, Jose Angel, Olli Pettay, and David James discovered several flaws in the browser and JavaScript engines of Firefox. If a user were tricked into viewing a malicious website, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2009-3979, CVE-2009-3981, CVE-2009-3986) Takehiro Takahashi discovered flaws in the NTLM implementation in Firefox. If an NTLM authenticated user visited a malicious website, a remote attacker could send requests to other applications, authenticated as the user. (CVE-2009-3983) Jonathan Morgan discovered that Firefox did not properly display SSL indicators under certain circumstances. This could be used by an attacker to spoof an encrypted page, such as in a phishing attack. (CVE-2009-3984) Jordi Chancel discovered that Firefox did not properly display invalid URLs for a blank page. If a user were tricked into accessing a malicious website, an attacker could exploit this to spoof the location bar, such as in a phishing attack. (CVE-2009-3985)

Vulnerability Detection Method

Details: Ubuntu Update for firefox-3.0, xulrunner-1.9 regression USN-877-1 (OID: 1.3.6.1.4.1.25623.1.0.840361)

Version used: $Revision: 8244 $

References

CVE: CVE-2009-3979, CVE-2009-3981, CVE-2009-3986, CVE-2009-3983, CVE-2009-3984, CVE-2009-3985
CERT: DFN-CERT-2010-0775, DFN-CERT-2010-0593, DFN-CERT-2010-0584, DFN-CERT-2010-0369, DFN-CERT-2010-0036, DFN-CERT-2009-1827, DFN-CERT-2009-1826, DFN-CERT-2009-1825, DFN-CERT-2009-1802, DFN-CERT-2009-1800, DFN-CERT-2009-1795, DFN-CERT-2009-1790, DFN-CERT-2009-1784, DFN-CERT-2009-1783
Other: http://www.ubuntu.com/usn/usn-877-1/
USN:877-1

general/tcp
High (CVSS: 9.3)
NVT: Ubuntu USN-749-1 (libsndfile) (OID: 1.3.6.1.4.1.25623.1.0.63750)
Summary

The remote host is missing an update to libsndfile announced via advisory USN-749-1.

Vulnerability Detection Result
Package libsndfile1 version 1.0.17-4 is installed which is known to be vulnerable.
Package openssl version 0.9.8g-4ubuntu3 is installed which is known to be vulnerable.
Solution

Solution type: VendorFix

The problem can be corrected by upgrading your system to the following package versions:

Ubuntu 6.06 LTS: libsndfile1 1.0.12-3ubuntu1.1

Ubuntu 7.10: libsndfile1 1.0.17-4ubuntu0.7.10.1

Ubuntu 8.04 LTS: libsndfile1 1.0.17-4ubuntu0.8.04.1

Ubuntu 8.10: libsndfile1 1.0.17-4ubuntu0.8.10.1

After a standard system upgrade you need to restart your session to effect the necessary changes.

https://secure1.securityspace.com/smysecure/catid.html?in=USN-749-1

Vulnerability Insight

It was discovered that libsndfile did not correctly handle description chunks in CAF audio files. If a user or automated system were tricked into opening a specially crafted CAF audio file, an attacker could execute arbitrary code with the privileges of the user invoking the program.

Vulnerability Detection Method

Details: Ubuntu USN-749-1 (libsndfile) (OID: 1.3.6.1.4.1.25623.1.0.63750)

Version used: $Revision: 7969 $

References

CVE: CVE-2009-0186, CVE-2009-1073, CVE-2009-1044, CVE-2009-0590
CERT: DFN-CERT-2011-1138, DFN-CERT-2011-1137, DFN-CERT-2011-0617, DFN-CERT-2011-0321, DFN-CERT-2010-1650, DFN-CERT-2010-0795, DFN-CERT-2010-0720, DFN-CERT-2010-0410, DFN-CERT-2010-0300, DFN-CERT-2009-1684, DFN-CERT-2009-1238, DFN-CERT-2009-1129
Other: http://www.ubuntu.com/usn/usn-749-1/

general/tcp
High (CVSS: 9.3)
NVT: Ubuntu USN-736-1 (gst-plugins-good0.10) (OID: 1.3.6.1.4.1.25623.1.0.63620)
Summary

The remote host is missing an update to gst-plugins-good0.10 announced via advisory USN-736-1.

Vulnerability Detection Result
Package gstreamer0.10-plugins-good version 0.10.7-3 is installed which is known to be vulnerable.
Package libnss3-1d version 3.12.0~beta3-0ubuntu1 is installed which is known to be vulnerable.
Solution

Solution type: VendorFix

The problem can be corrected by upgrading your system to the following package versions:

Ubuntu 7.10: gstreamer0.10-plugins-good 0.10.6-0ubuntu4.2

Ubuntu 8.04 LTS: gstreamer0.10-plugins-good 0.10.7-3ubuntu0.2

Ubuntu 8.10: gstreamer0.10-plugins-good 0.10.10.4-1ubuntu1.1

In general, a standard system upgrade is sufficient to effect the necessary changes.

https://secure1.securityspace.com/smysecure/catid.html?in=USN-736-1

Vulnerability Insight

It was discovered that GStreamer Good Plugins did not correctly handle malformed Composition Time To Sample (ctts) atom data in Quicktime (mov) movie files. If a user were tricked into opening a crafted mov file, an attacker could execute arbitrary code with the privileges of the user invoking the program. (CVE-2009-0386)

It was discovered that GStreamer Good Plugins did not correctly handle malformed Sync Sample (aka stss) atom data in Quicktime (mov) movie files. If a user were tricked into opening a crafted mov file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2009-0387)

It was discovered that GStreamer Good Plugins did not correctly handle malformed Time-to-sample (aka stts) atom data in Quicktime (mov) movie files. If a user were tricked into opening a crafted mov file, an attacker could execute arbitrary code with the privileges of the user invoking the program. (CVE-2009-0397)

Vulnerability Detection Method

Details: Ubuntu USN-736-1 (gst-plugins-good0.10) (OID: 1.3.6.1.4.1.25623.1.0.63620)

Version used: $Revision: 7969 $

References

CVE: CVE-2009-0386, CVE-2009-0387, CVE-2009-0397, CVE-2007-5137, CVE-2007-5378, CVE-2009-0586, CVE-2009-0585, CVE-2009-0135, CVE-2009-0136, CVE-2008-4564, CVE-2009-0538, CVE-2004-2761
CERT: DFN-CERT-2009-0137
Other: http://www.ubuntu.com/usn/usn-736-1/

general/tcp
High (CVSS: 9.3)
NVT: Ubuntu Update for openssl USN-1357-1 (OID: 1.3.6.1.4.1.25623.1.0.840887)
Summary

Ubuntu Update for Linux kernel vulnerabilities USN-1357-1

Vulnerability Detection Result
Package openssl version 0.9.8g-4ubuntu3 is installed which is known to be vulnerable.
Solution

Solution type: VendorFix

Please Install the Updated Packages.

Affected Software/OS

openssl on Ubuntu 11.04 , Ubuntu 10.10 , Ubuntu 10.04 LTS , Ubuntu 8.04 LTS

Vulnerability Insight

It was discovered that the elliptic curve cryptography (ECC) subsystem in OpenSSL, when using the Elliptic Curve Digital Signature Algorithm (ECDSA) for the ECDHE_ECDSA cipher suite, did not properly implement curves over binary fields. This could allow an attacker to determine private keys via a timing attack. This issue only affected Ubuntu 8.04 LTS, Ubuntu 10.04 LTS, Ubuntu 10.10 and Ubuntu 11.04. (CVE-2011-1945)

Adam Langley discovered that the ephemeral Elliptic Curve Diffie-Hellman (ECDH) functionality in OpenSSL did not ensure thread safety while processing handshake messages from clients. This could allow a remote attacker to cause a denial of service via out-of-order messages that violate the TLS protocol. This issue only affected Ubuntu 8.04 LTS, Ubuntu 10.04 LTS, Ubuntu 10.10 and Ubuntu 11.04. (CVE-2011-3210)

Nadhem Alfardan and Kenny Paterson discovered that the Datagram Transport Layer Security (DTLS) implementation in OpenSSL performed a MAC check only if certain padding is valid. This could allow a remote attacker to recover plaintext. (CVE-2011-4108)

Antonio Martin discovered that a flaw existed in the fix to address CVE-2011-4108, the DTLS MAC check failure. This could allow a remote attacker to cause a denial of service. (CVE-2012-0050)

Ben Laurie discovered a double free vulnerability in OpenSSL that could be triggered when the X509_V_FLAG_POLICY_CHECK flag is enabled. This could allow a remote attacker to cause a denial of service. This issue only affected Ubuntu 8.04 LTS, Ubuntu 10.04 LTS, Ubuntu 10.10 and Ubuntu 11.04. (CVE-2011-4109)

It was discovered that OpenSSL, in certain circumstances involving ECDH or ECDHE cipher suites, used an incorrect modular reduction algorithm in its implementation of the P-256 and P-384 NIST elliptic curves. This could allow a remote attacker to obtain the private key of a TLS server via multiple handshake attempts. This issue only affected Ubuntu 8.04 LTS. (CVE-2011-4354)

Adam Langley discovered that the SSL 3.0 implementation in OpenSSL did not properly initialize data structures for block cipher padding. This could allow a remote attacker to obtain sensitive information. (CVE-2011-4576)

Andrew Chi discovered that OpenSSL, when RFC 3779 support is enabled, could trigger an assert when handling an X.509 certificate containing certificate-extension data associated with IP address blocks or Autonomous System (AS) identifiers. This could allow a remote attacker to cause a denial of servi ...

Description truncated, for more information please check the Reference URL

Vulnerability Detection Method

Details: Ubuntu Update for openssl USN-1357-1 (OID: 1.3.6.1.4.1.25623.1.0.840887)

Version used: $Revision: 7960 $

References

CVE: CVE-2011-1945, CVE-2011-3210, CVE-2011-4108, CVE-2012-0050, CVE-2011-4109, CVE-2011-4354, CVE-2011-4576, CVE-2011-4577, CVE-2011-4619, CVE-2012-0027
CERT: CB-K14/1017, CB-K14/0893, CB-K14/0881, CB-K14/0708, CB-K14/0262, DFN-CERT-2014-1063, DFN-CERT-2014-0924, DFN-CERT-2014-0922, DFN-CERT-2014-0738, DFN-CERT-2014-0262, DFN-CERT-2013-0391, DFN-CERT-2012-1697, DFN-CERT-2012-1276, DFN-CERT-2012-1112, DFN-CERT-2012-1036, DFN-CERT-2012-0959, DFN-CERT-2012-0859, DFN-CERT-2012-0731, DFN-CERT-2012-0627, DFN-CERT-2012-0555, DFN-CERT-2012-0514, DFN-CERT-2012-0302, DFN-CERT-2012-0183, DFN-CERT-2012-0166, DFN-CERT-2012-0157, DFN-CERT-2012-0145, DFN-CERT-2012-0137, DFN-CERT-2012-0135, DFN-CERT-2012-0131, DFN-CERT-2012-0125, DFN-CERT-2012-0117, DFN-CERT-2012-0087, DFN-CERT-2012-0086, DFN-CERT-2012-0085, DFN-CERT-2012-0084, DFN-CERT-2012-0083, DFN-CERT-2012-0081, DFN-CERT-2012-0060, DFN-CERT-2011-1490, DFN-CERT-2011-1489, DFN-CERT-2011-1413
Other: http://www.ubuntu.com/usn/usn-1357-1/
USN:1357-1

general/tcp
High (CVSS: 9.3)
NVT: Ubuntu Update for Firefox and Xulrunner vulnerabilities USN-957-1 (OID: 1.3.6.1.4.1.25623.1.0.840463)
Summary

Ubuntu Update for Linux kernel vulnerabilities USN-957-1

Vulnerability Detection Result
Package firefox-gnome-support version 3.0~b5+nobinonly-0ubuntu3 is installed which is known to be vulnerable.
Solution

Solution type: VendorFix

Please Install the Updated Packages.

Affected Software/OS

Firefox and Xulrunner vulnerabilities on Ubuntu 8.04 LTS , Ubuntu 10.04 LTS

Vulnerability Insight

Several flaws were discovered in the browser engine of Firefox. If a user were tricked into viewing a malicious site, a remote attacker could use this to crash the browser or possibly run arbitrary code as the user invoking the program. (CVE-2010-1208, CVE-2010-1209, CVE-2010-1211, CVE-2010-1212)

An integer overflow was discovered in how Firefox processed plugin parameters. An attacker could exploit this to crash the browser or possibly run arbitrary code as the user invoking the program. (CVE-2010-1214) A flaw was discovered in the Firefox JavaScript engine. If a user were tricked into viewing a malicious site, a remote attacker code execute arbitrary JavaScript with chrome privileges. (CVE-2010-1215) An integer overflow was discovered in how Firefox processed CSS values. An attacker could exploit this to crash the browser or possibly run arbitrary code as the user invoking the program. (CVE-2010-2752) An integer overflow was discovered in how Firefox interpreted the XUL &lt tree&gt element. If a user were tricked into viewing a malicious site, a remote attacker could use this to crash the browser or possibly run arbitrary code as the user invoking the program. (CVE-2010-2753) Aki Helin discovered that libpng did not properly handle certain malformed PNG images. If a user were tricked into opening a crafted PNG file, an attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2010-1205) Yosuke Hasegawa and Vladimir Vukicevic discovered that the same-origin check in Firefox could be bypassed by utilizing the importScripts Web Worker method. If a user were tricked into viewing a malicious website, an attacker could exploit this to read data from other domains. (CVE-2010-1213, CVE-2010-1207) O. Andersen that Firefox did not properly map undefined positions within certain 8 bit encodings. An attacker could utilize this to perform cross-site scripting attacks. (CVE-2010-1210) Michal Zalewski discovered flaws in how Firefox processed the HTTP 204 (no content) code. An attacker could exploit this to spoof the location bar, such as in a phishing attack. (CVE-2010-1206) Jordi Chancel discovered that Firefox did not properly handle when a server responds to an HTTPS request with plaintext and then processes JavaScript history events. An attacker could exploit this to spoof the location bar, such as in a phishing attack. (CVE-2010-2751) Chris Evans discovered that Firef ...

Description truncated, for more information please check the Reference URL

Vulnerability Detection Method

Details: Ubuntu Update for Firefox and Xulrunner vulnerabilities USN-957-1 (OID: 1.3.6.1.4.1.25623.1.0.840463)

Version used: $Revision: 8258 $

References

CVE: CVE-2010-0654, CVE-2010-1205, CVE-2010-1206, CVE-2010-1207, CVE-2010-1208, CVE-2010-1209, CVE-2010-1210, CVE-2010-1211, CVE-2010-1212, CVE-2010-1213, CVE-2010-1214, CVE-2010-1215, CVE-2010-2751, CVE-2010-2752, CVE-2010-2753, CVE-2010-2754
CERT: DFN-CERT-2011-0409, DFN-CERT-2010-1745, DFN-CERT-2010-1743, DFN-CERT-2010-1513, DFN-CERT-2010-1347, DFN-CERT-2010-1271, DFN-CERT-2010-1247, DFN-CERT-2010-1200, DFN-CERT-2010-1147, DFN-CERT-2010-1142, DFN-CERT-2010-1019, DFN-CERT-2010-0965, DFN-CERT-2010-0952, DFN-CERT-2010-0942, DFN-CERT-2010-0934, DFN-CERT-2010-0933, DFN-CERT-2010-0932, DFN-CERT-2010-0928, DFN-CERT-2010-0927, DFN-CERT-2010-0926, DFN-CERT-2010-0925, DFN-CERT-2010-0921, DFN-CERT-2010-0916, DFN-CERT-2010-0908, DFN-CERT-2010-0904, DFN-CERT-2010-0853, DFN-CERT-2010-0846
Other: http://www.ubuntu.com/usn/usn-957-1/
USN:957-1

general/tcp
High (CVSS: 9.3)
NVT: Ubuntu Update for Firefox and Xulrunner vulnerabilities USN-1019-1 (OID: 1.3.6.1.4.1.25623.1.0.840553)
Summary

Ubuntu Update for Linux kernel vulnerabilities USN-1019-1

Vulnerability Detection Result
Package firefox-gnome-support version 3.0~b5+nobinonly-0ubuntu3 is installed which is known to be vulnerable.
Solution

Solution type: VendorFix

Please Install the Updated Packages.

Affected Software/OS

Firefox and Xulrunner vulnerabilities on Ubuntu 8.04 LTS , Ubuntu 9.10 , Ubuntu 10.04 LTS , Ubuntu 10.10

Vulnerability Insight

Jesse Ruderman, Andreas Gal, Nils, Brian Hackett, and Igor Bukanov discovered several memory issues in the browser engine. An attacker could exploit these to crash the browser or possibly run arbitrary code as the user invoking the program. (CVE-2010-3776, CVE-2010-3777, CVE-2010-3778)

It was discovered that Firefox did not properly verify the about:blank location elements when it was opened via window.open(). An attacker could exploit this to run arbitrary code with chrome privileges. (CVE-2010-3771) It was discovered that Firefox did not properly handle &lt div&gt elements when processing a XUL tree. If a user were tricked into opening a malicious web page, an attacker could exploit this to crash the browser or possibly run arbitrary code as the user invoking the program. (CVE-2010-3772) Marc Schoenefeld and Christoph Diehl discovered several problems when handling downloadable fonts. The new OTS font sanitizing library was added to mitigate these issues. (CVE-2010-3768) Gregory Fleischer discovered that the Java LiveConnect script could be made to run in the wrong security context. An attacker could exploit this to read local files and run arbitrary code as the user invoking the program. (CVE-2010-3775) Several problems were discovered in the JavaScript engine. If a user were tricked into opening a malicious web page, an attacker could exploit this to crash the browser or possibly run arbitrary code as the user invoking the program. (CVE-2010-3766, CVE-2010-3767, CVE-2010-3773) Michal Zalewski discovered that Firefox did not always properly handle displaying pages from network or certificate errors. An attacker could exploit this to spoof the location bar, such as in a phishing attack. (CVE-2010-3774) Yosuke Hasegawa and Masatoshi Kimura discovered that several character encodings would have some characters converted to angle brackets. An attacker could utilize this to perform cross-site scripting attacks. (CVE-2010-3770)

Vulnerability Detection Method

Details: Ubuntu Update for Firefox and Xulrunner vulnerabilities USN-1019-1 (OID: 1.3.6.1.4.1.25623.1.0.840553)

Version used: $Revision: 8469 $

References

CVE: CVE-2010-3766, CVE-2010-3767, CVE-2010-3768, CVE-2010-3770, CVE-2010-3771, CVE-2010-3772, CVE-2010-3773, CVE-2010-3774, CVE-2010-3775, CVE-2010-3776, CVE-2010-3777, CVE-2010-3778
CERT: DFN-CERT-2011-0696, DFN-CERT-2011-0373, DFN-CERT-2011-0018, DFN-CERT-2010-1752, DFN-CERT-2010-1737, DFN-CERT-2010-1682, DFN-CERT-2010-1681, DFN-CERT-2010-1675, DFN-CERT-2010-1674, DFN-CERT-2010-1673, DFN-CERT-2010-1671, DFN-CERT-2010-1670, DFN-CERT-2010-1669, DFN-CERT-2010-1667
Other: http://www.ubuntu.com/usn/usn-1019-1/
USN:1019-1

general/tcp
High (CVSS: 9.3)
NVT: Ubuntu Update for openoffice.org vulnerability USN-949-1 (OID: 1.3.6.1.4.1.25623.1.0.840443)
Summary

Ubuntu Update for Linux kernel vulnerabilities USN-949-1

Vulnerability Detection Result
Package openoffice.org-base-core version 2.4.0-3ubuntu6 is installed which is known to be vulnerable.
Solution

Solution type: VendorFix

Please Install the Updated Packages.

Affected Software/OS

openoffice.org vulnerability on Ubuntu 8.04 LTS , Ubuntu 9.04 , Ubuntu 9.10 , Ubuntu 10.04 LTS

Vulnerability Insight

Marc Schoenefeld discovered that OpenOffice.org would run document macros from the macro browser, even when macros were disabled. If a user were tricked into opening a specially crafted document and examining a macro, a remote attacker could execute arbitrary code with user privileges.

Vulnerability Detection Method

Details: Ubuntu Update for openoffice.org vulnerability USN-949-1 (OID: 1.3.6.1.4.1.25623.1.0.840443)

Version used: $Revision: 8495 $

References

CVE: CVE-2010-0395
CERT: DFN-CERT-2011-0212, DFN-CERT-2010-0984, DFN-CERT-2010-0739, DFN-CERT-2010-0738, DFN-CERT-2010-0734
Other: http://www.ubuntu.com/usn/usn-949-1/
USN:949-1

general/tcp
High (CVSS: 9.3)
NVT: Ubuntu Update for evolution vulnerabilities USN-615-1 (OID: 1.3.6.1.4.1.25623.1.0.840324)
Summary

Ubuntu Update for Linux kernel vulnerabilities USN-615-1

Vulnerability Detection Result
Package evolution-plugins version 2.22.1-0ubuntu3 is installed which is known to be vulnerable.
Solution

Solution type: VendorFix

Please Install the Updated Packages.

Affected Software/OS

evolution vulnerabilities on Ubuntu 6.06 LTS , Ubuntu 7.04 , Ubuntu 7.10 , Ubuntu 8.04 LTS

Vulnerability Insight

Alin Rad Pop of Secunia Research discovered that Evolution did not properly validate timezone data when processing iCalendar attachments. If a user disabled the ITip Formatter plugin and viewed a crafted iCalendar attachment, an attacker could cause a denial of service or possibly execute code with user privileges. Note that the ITip Formatter plugin is enabled by default in Ubuntu. (CVE-2008-1108)

Alin Rad Pop of Secunia Research discovered that Evolution did not properly validate the DESCRIPTION field when processing iCalendar attachments. If a user were tricked into accepting a crafted iCalendar attachment and replied to it from the calendar window, an attacker code cause a denial of service or execute code with user privileges. (CVE-2008-1109) Matej Cepl discovered that Evolution did not properly validate date fields when processing iCalendar attachments. If a user disabled the ITip Formatter plugin and viewed a crafted iCalendar attachment, an attacker could cause a denial of service. Note that the ITip Formatter plugin is enabled by default in Ubuntu.

Vulnerability Detection Method

Details: Ubuntu Update for evolution vulnerabilities USN-615-1 (OID: 1.3.6.1.4.1.25623.1.0.840324)

Version used: $Revision: 7969 $

References

CVE: CVE-2008-1108, CVE-2008-1109
CERT: DFN-CERT-2011-0625
Other: http://www.ubuntu.com/usn/usn-615-1/
USN:615-1

general/tcp
High (CVSS: 9.3)
NVT: Ubuntu Update for freetype USN-1267-1 (OID: 1.3.6.1.4.1.25623.1.0.840810)
Summary

Ubuntu Update for Linux kernel vulnerabilities USN-1267-1

Vulnerability Detection Result
Package libfreetype6 version 2.3.5-1ubuntu4 is installed which is known to be vulnerable.
Solution

Solution type: VendorFix

Please Install the Updated Packages.

Affected Software/OS

freetype on Ubuntu 11.04 , Ubuntu 10.10 , Ubuntu 10.04 LTS , Ubuntu 8.04 LTS

Vulnerability Insight

It was discovered that FreeType did not correctly handle certain malformed Type 1 font files. If a user were tricked into using a specially crafted font file, a remote attacker could cause FreeType to crash or possibly execute arbitrary code with user privileges. (CVE-2011-3256)

It was discovered that FreeType did not correctly handle certain malformed CID-keyed PostScript font files. If a user were tricked into using a specially crafted font file, a remote attacker could cause FreeType to crash or possibly execute arbitrary code with user privileges. (CVE-2011-3439)

Vulnerability Detection Method

Details: Ubuntu Update for freetype USN-1267-1 (OID: 1.3.6.1.4.1.25623.1.0.840810)

Version used: $Revision: 7964 $

References

CVE: CVE-2011-3256, CVE-2011-3439
CERT: DFN-CERT-2012-0777, DFN-CERT-2012-0627, DFN-CERT-2012-0190, DFN-CERT-2012-0020, DFN-CERT-2011-1868, DFN-CERT-2011-1867, DFN-CERT-2011-1835, DFN-CERT-2011-1815, DFN-CERT-2011-1793, DFN-CERT-2011-1792, DFN-CERT-2011-1781, DFN-CERT-2011-1767, DFN-CERT-2011-1735, DFN-CERT-2011-1650, DFN-CERT-2011-1645, DFN-CERT-2011-1638
Other: http://www.ubuntu.com/usn/usn-1267-1/
USN:1267-1

general/tcp
High (CVSS: 9.3)
NVT: Ubuntu Update for pidgin vulnerabilities USN-886-1 (OID: 1.3.6.1.4.1.25623.1.0.840370)
Summary

Ubuntu Update for Linux kernel vulnerabilities USN-886-1

Vulnerability Detection Result
Package libpurple0 version 2.4.1-1ubuntu2 is installed which is known to be vulnerable.
Solution

Solution type: VendorFix

Please Install the Updated Packages.

Affected Software/OS

pidgin vulnerabilities on Ubuntu 8.04 LTS , Ubuntu 8.10 , Ubuntu 9.04 , Ubuntu 9.10

Vulnerability Insight

It was discovered that Pidgin did not properly handle certain topic messages in the IRC protocol handler. If a user were tricked into connecting to a malicious IRC server, an attacker could cause Pidgin to crash, leading to a denial of service. This issue only affected Ubuntu 8.04 LTS, Ubuntu 8.10 and Ubuntu 9.04. (CVE-2009-2703)

It was discovered that Pidgin did not properly enforce the &quot require TLS/SSL&quot setting when connecting to certain older Jabber servers. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to view sensitive information. This issue only affected Ubuntu 8.04 LTS, Ubuntu 8.10 and Ubuntu 9.04. (CVE-2009-3026) It was discovered that Pidgin did not properly handle certain SLP invite messages in the MSN protocol handler. A remote attacker could send a specially crafted invite message and cause Pidgin to crash, leading to a denial of service. This issue only affected Ubuntu 8.04 LTS, Ubuntu 8.10 and Ubuntu 9.04. (CVE-2009-3083) It was discovered that Pidgin did not properly handle certain errors in the XMPP protocol handler. A remote attacker could send a specially crafted message and cause Pidgin to crash, leading to a denial of service. This issue only affected Ubuntu 8.10 and Ubuntu 9.04. (CVE-2009-3085) It was discovered that Pidgin did not properly handle malformed contact-list data in the OSCAR protocol handler. A remote attacker could send specially crafted contact-list data and cause Pidgin to crash, leading to a denial of service. (CVE-2009-3615) It was discovered that Pidgin did not properly handle custom smiley requests in the MSN protocol handler. A remote attacker could send a specially crafted filename in a custom smiley request and obtain arbitrary files via directory traversal. This issue only affected Ubuntu 8.10, Ubuntu 9.04 and Ubuntu 9.10. (CVE-2010-0013) Pidgin for Ubuntu 8.04 LTS was also updated to fix connection issues with the MSN protocol. USN-675-1 and USN-781-1 provided updated Pidgin packages to fix multiple security vulnerabilities in Ubuntu 8.04 LTS. The security patches to fix CVE-2008-2955 and CVE-2009-1376 were incomplete. This update corrects the problem. Original advisory details: It was discovered that Pidgin did not properly handle file transfers containing a long filename and special characters in the MSN protocol handler. A remote attacker could send a specially crafted filename in a file transfer request and cause Pidgin ...

Description truncated, for more information please check the Reference URL

Vulnerability Detection Method

Details: Ubuntu Update for pidgin vulnerabilities USN-886-1 (OID: 1.3.6.1.4.1.25623.1.0.840370)

Version used: $Revision: 8274 $

References

CVE: CVE-2008-2955, CVE-2009-1376, CVE-2009-2703, CVE-2009-3026, CVE-2009-3083, CVE-2009-3085, CVE-2009-3615, CVE-2010-0013
CERT: DFN-CERT-2010-1533, DFN-CERT-2010-0605, DFN-CERT-2010-0348, DFN-CERT-2010-0260, DFN-CERT-2010-0067, DFN-CERT-2010-0041, DFN-CERT-2010-0036, DFN-CERT-2010-0035, DFN-CERT-2009-1707, DFN-CERT-2009-1604, DFN-CERT-2009-1575, DFN-CERT-2009-1537, DFN-CERT-2009-1489, DFN-CERT-2009-1321, DFN-CERT-2009-1283, DFN-CERT-2009-1154, DFN-CERT-2009-1116
Other: http://www.ubuntu.com/usn/usn-886-1/
USN:886-1

general/tcp
High (CVSS: 9.3)
NVT: Ubuntu Update for tiff vulnerabilities USN-1085-1 (OID: 1.3.6.1.4.1.25623.1.0.840610)
Summary

Ubuntu Update for Linux kernel vulnerabilities USN-1085-1

Vulnerability Detection Result
Package libtiff4 version 3.8.2-7ubuntu3 is installed which is known to be vulnerable.
Solution

Solution type: VendorFix

Please Install the Updated Packages.

Affected Software/OS

tiff vulnerabilities on Ubuntu 6.06 LTS , Ubuntu 8.04 LTS , Ubuntu 9.10 , Ubuntu 10.04 LTS , Ubuntu 10.10

Vulnerability Insight

Sauli Pahlman discovered that the TIFF library incorrectly handled invalid td_stripbytecount fields. If a user or automated system were tricked into opening a specially crafted TIFF image, a remote attacker could crash the application, leading to a denial of service. This issue only affected Ubuntu 10.04 LTS and 10.10. (CVE-2010-2482)

Sauli Pahlman discovered that the TIFF library incorrectly handled TIFF files with an invalid combination of SamplesPerPixel and Photometric values. If a user or automated system were tricked into opening a specially crafted TIFF image, a remote attacker could crash the application, leading to a denial of service. This issue only affected Ubuntu 10.10. (CVE-2010-2482) Nicolae Ghimbovschi discovered that the TIFF library incorrectly handled invalid ReferenceBlackWhite values. If a user or automated system were tricked into opening a specially crafted TIFF image, a remote attacker could crash the application, leading to a denial of service. (CVE-2010-2595) Sauli Pahlman discovered that the TIFF library incorrectly handled certain default fields. If a user or automated system were tricked into opening a specially crafted TIFF image, a remote attacker could crash the application, leading to a denial of service. (CVE-2010-2597, CVE-2010-2598) It was discovered that the TIFF library incorrectly validated certain data types. If a user or automated system were tricked into opening a specially crafted TIFF image, a remote attacker could crash the application, leading to a denial of service. (CVE-2010-2630) It was discovered that the TIFF library incorrectly handled downsampled JPEG data. If a user or automated system were tricked into opening a specially crafted TIFF image, a remote attacker could execute arbitrary code with user privileges, or crash the application, leading to a denial of service. This issue only affected Ubuntu 10.04 LTS and 10.10. (CVE-2010-3087) It was discovered that the TIFF library incorrectly handled certain JPEG data. If a user or automated system were tricked into opening a specially crafted TIFF image, a remote attacker could execute arbitrary code with user privileges, or crash the application, leading to a denial of service. This issue only affected Ubuntu 6.06 LTS, 8.04 LTS and 9.10. (CVE-2011-0191) It was discovered that the TIFF library incorrectly handled certain TIFF FAX images. If a user or automated system were tricked into opening a specially crafted TIFF FAX image, a remote attacker could execute arbitrary code with user privileges, or crash the application, leading to a denial of service. (CVE-2011-0191)

Vulnerability Detection Method

Details: Ubuntu Update for tiff vulnerabilities USN-1085-1 (OID: 1.3.6.1.4.1.25623.1.0.840610)

Version used: $Revision: 7964 $

References

CVE: CVE-2010-2482, CVE-2010-2483, CVE-2010-2595, CVE-2010-2597, CVE-2010-2598, CVE-2010-2630, CVE-2010-3087, CVE-2011-0191, CVE-2011-0192
CERT: DFN-CERT-2012-1879, DFN-CERT-2012-0627, DFN-CERT-2011-1002, DFN-CERT-2011-1001, DFN-CERT-2011-0803, DFN-CERT-2011-0771, DFN-CERT-2011-0695, DFN-CERT-2011-0681, DFN-CERT-2011-0667, DFN-CERT-2011-0541, DFN-CERT-2011-0537, DFN-CERT-2011-0503, DFN-CERT-2011-0493, DFN-CERT-2011-0492, DFN-CERT-2011-0455, DFN-CERT-2011-0360, DFN-CERT-2011-0329, DFN-CERT-2011-0317, DFN-CERT-2011-0291, DFN-CERT-2010-1295, DFN-CERT-2010-1247, DFN-CERT-2010-1005, DFN-CERT-2010-1004, DFN-CERT-2010-0876, DFN-CERT-2010-0873
Other: http://www.ubuntu.com/usn/usn-1085-1/
USN:1085-1

general/tcp
High (CVSS: 9.3)
NVT: Ubuntu Update for freetype vulnerabilities USN-972-1 (OID: 1.3.6.1.4.1.25623.1.0.840480)
Summary

Ubuntu Update for Linux kernel vulnerabilities USN-972-1

Vulnerability Detection Result
Package libfreetype6 version 2.3.5-1ubuntu4 is installed which is known to be vulnerable.
Solution

Solution type: VendorFix

Please Install the Updated Packages.

Affected Software/OS

freetype vulnerabilities on Ubuntu 6.06 LTS , Ubuntu 8.04 LTS , Ubuntu 9.04 , Ubuntu 9.10 , Ubuntu 10.04 LTS

Vulnerability Insight

It was discovered that FreeType did not correctly handle certain malformed font files. If a user were tricked into using a specially crafted font file, a remote attacker could cause FreeType to crash or possibly execute arbitrary code with user privileges.

Vulnerability Detection Method

Details: Ubuntu Update for freetype vulnerabilities USN-972-1 (OID: 1.3.6.1.4.1.25623.1.0.840480)

Version used: $Revision: 8510 $

References

CVE: CVE-2010-1797, CVE-2010-2541, CVE-2010-2805, CVE-2010-2806, CVE-2010-2807, CVE-2010-2808
CERT: DFN-CERT-2012-0777, DFN-CERT-2010-1647, DFN-CERT-2010-1546, DFN-CERT-2010-1474, DFN-CERT-2010-1390, DFN-CERT-2010-1364, DFN-CERT-2010-1307, DFN-CERT-2010-1306, DFN-CERT-2010-1297, DFN-CERT-2010-1162, DFN-CERT-2010-1117, DFN-CERT-2010-1086, DFN-CERT-2010-1081, DFN-CERT-2010-1038, DFN-CERT-2010-0996, DFN-CERT-2010-0968, DFN-CERT-2010-0905
Other: http://www.ubuntu.com/usn/usn-972-1/
USN:972-1

general/tcp
High (CVSS: 9.3)
NVT: Ubuntu USN-781-1 (pidgin) (OID: 1.3.6.1.4.1.25623.1.0.64177)
Summary

The remote host is missing an update to pidgin announced via advisory USN-781-1.

Vulnerability Detection Result
Package pidgin-data version 2.4.1-1ubuntu2 is installed which is known to be vulnerable.
Package libpurple0 version 2.4.1-1ubuntu2 is installed which is known to be vulnerable.
Package pidgin version 2.4.1-1ubuntu2 is installed which is known to be vulnerable.
Solution

Solution type: VendorFix

The problem can be corrected by upgrading your system to the following package versions:

Ubuntu 8.04 LTS: pidgin 1:2.4.1-1ubuntu2.4

Ubuntu 8.10: pidgin 1:2.5.2-0ubuntu1.2

Ubuntu 9.04: pidgin 1:2.5.5-1ubuntu8.1

After a standard system upgrade you need to restart Pidgin to effect the necessary changes.

https://secure1.securityspace.com/smysecure/catid.html?in=USN-781-1

Vulnerability Insight

It was discovered that Pidgin did not properly handle certain malformed messages when sending a file using the XMPP protocol handler. If a user were tricked into sending a file, a remote attacker could send a specially crafted response and cause Pidgin to crash, or possibly execute arbitrary code with user privileges. (CVE-2009-1373)

It was discovered that Pidgin did not properly handle certain malformed messages in the QQ protocol handler. A remote attacker could send a specially crafted message and cause Pidgin to crash. This issue only affected Ubuntu 8.10 and 9.04. (CVE-2009-1374)

It was discovered that Pidgin did not properly handle certain malformed messages in the XMPP and Sametime protocol handlers. A remote attacker could send a specially crafted message and cause Pidgin to crash. (CVE-2009-1375)

It was discovered that Pidgin did not properly handle certain malformed messages in the MSN protocol handler. A remote attacker could send a specially crafted message and possibly execute arbitrary code with user privileges. (CVE-2009-1376)

Vulnerability Detection Method

Details: Ubuntu USN-781-1 (pidgin) (OID: 1.3.6.1.4.1.25623.1.0.64177)

Version used: $Revision: 7969 $

References

CVE: CVE-2009-1373, CVE-2009-1374, CVE-2009-1375, CVE-2009-1376
CERT: DFN-CERT-2009-1707, DFN-CERT-2009-1283, DFN-CERT-2009-1154, DFN-CERT-2009-1116
Other: http://www.ubuntu.com/usn/usn-781-1/

general/tcp
High (CVSS: 9.3)
NVT: Ubuntu Update for Firefox and Xulrunner vulnerabilities USN-975-1 (OID: 1.3.6.1.4.1.25623.1.0.840495)
Summary

Ubuntu Update for Linux kernel vulnerabilities USN-975-1

Vulnerability Detection Result
Package firefox-gnome-support version 3.0~b5+nobinonly-0ubuntu3 is installed which is known to be vulnerable.
Solution

Solution type: VendorFix

Please Install the Updated Packages.

Affected Software/OS

Firefox and Xulrunner vulnerabilities on Ubuntu 8.04 LTS , Ubuntu 9.04 , Ubuntu 9.10 , Ubuntu 10.04 LTS

Vulnerability Insight

Several dangling pointer vulnerabilities were discovered in Firefox. An attacker could exploit this to crash the browser or possibly run arbitrary code as the user invoking the program. (CVE-2010-2760, CVE-2010-2767, CVE-2010-3167)

Blake Kaplan and Michal Zalewski discovered several weaknesses in the XPCSafeJSObjectWrapper (SJOW) security wrapper. If a user were tricked into viewing a malicious site, a remote attacker could use this to run arbitrary JavaScript with chrome privileges. (CVE-2010-2762)

Matt Haggard discovered that Firefox did not honor same-origin policy when processing the statusText property of an XMLHttpRequest object. If a user were tricked into viewing a malicious site, a remote attacker could use this to gather information about servers on internal private networks. (CVE-2010-2764)

Chris Rohlf discovered an integer overflow when Firefox processed the HTML frameset element. If a user were tricked into viewing a malicious site, a remote attacker could use this to crash the browser or possibly run arbitrary code as the user invoking the program. (CVE-2010-2765)

Several issues were discovered in the browser engine. If a user were tricked into viewing a malicious site, a remote attacker could use this to crash the browser or possibly run arbitrary code as the user invoking the program. (CVE-2010-2766, CVE-2010-3168)

David Huang and Collin Jackson discovered that the &lt object&gt tag could override the charset of a framed HTML document in another origin. An attacker could utilize this to perform cross-site scripting attacks. (CVE-2010-2768)

Paul Stone discovered that with designMode enabled an HTML selection containing JavaScript could be copied and pasted into a document and have the JavaScript execute within the context of the site where the code was dropped. An attacker could utilize this to perform cross-site scripting attacks. (CVE-2010-2769)

A buffer overflow was discovered in Firefox when processing text runs. If a user were tricked into viewing a malicious site, a remote attacker could use this to crash the browser or possibly run arbitrary code as the user invoking the program. (CVE-2010-3166)

Peter Van der Beken, Jason Oster, Jesse Ruderman, Igor Bukanov, Jeff Walden, Gary Kwong and Olli Pettay discovered several flaws in the browser engine. If a user were tricked into viewing a malicious site, a remote attacker could use this to crash the browser or possibly run arbitrary code as the user invoking the program. (CVE-2010-3169)

Vulnerability Detection Method

Details: Ubuntu Update for Firefox and Xulrunner vulnerabilities USN-975-1 (OID: 1.3.6.1.4.1.25623.1.0.840495)

Version used: $Revision: 8207 $

References

CVE: CVE-2010-2760, CVE-2010-2762, CVE-2010-2764, CVE-2010-2765, CVE-2010-2766, CVE-2010-2767, CVE-2010-2768, CVE-2010-2769, CVE-2010-3166, CVE-2010-3167, CVE-2010-3168, CVE-2010-3169
CERT: DFN-CERT-2011-0696, DFN-CERT-2011-0386, DFN-CERT-2011-0033, DFN-CERT-2010-1513, DFN-CERT-2010-1347, DFN-CERT-2010-1319, DFN-CERT-2010-1200, DFN-CERT-2010-1176, DFN-CERT-2010-1172, DFN-CERT-2010-1164, DFN-CERT-2010-1161, DFN-CERT-2010-1160
Other: http://www.ubuntu.com/usn/usn-975-1/
USN:975-1

general/tcp
High (CVSS: 9.3)
NVT: Ubuntu Update for tiff regression USN-1085-2 (OID: 1.3.6.1.4.1.25623.1.0.840613)
Summary

Ubuntu Update for Linux kernel vulnerabilities USN-1085-2

Vulnerability Detection Result
Package libtiff4 version 3.8.2-7ubuntu3 is installed which is known to be vulnerable.
Solution

Solution type: VendorFix

Please Install the Updated Packages.

Affected Software/OS

tiff regression on Ubuntu 6.06 LTS , Ubuntu 8.04 LTS , Ubuntu 9.10 , Ubuntu 10.04 LTS , Ubuntu 10.10

Vulnerability Insight

USN-1085-1 fixed vulnerabilities in the system TIFF library. The upstream fixes were incomplete and created problems for certain CCITTFAX4 files. This update fixes the problem.

We apologize for the inconvenience. Original advisory details: Sauli Pahlman discovered that the TIFF library incorrectly handled invalid td_stripbytecount fields. If a user or automated system were tricked into opening a specially crafted TIFF image, a remote attacker could crash the application, leading to a denial of service. This issue only affected Ubuntu 10.04 LTS and 10.10. (CVE-2010-2482) Sauli Pahlman discovered that the TIFF library incorrectly handled TIFF files with an invalid combination of SamplesPerPixel and Photometric values. If a user or automated system were tricked into opening a specially crafted TIFF image, a remote attacker could crash the application, leading to a denial of service. This issue only affected Ubuntu 10.10. (CVE-2010-2482) Nicolae Ghimbovschi discovered that the TIFF library incorrectly handled invalid ReferenceBlackWhite values. If a user or automated system were tricked into opening a specially crafted TIFF image, a remote attacker could crash the application, leading to a denial of service. (CVE-2010-2595) Sauli Pahlman discovered that the TIFF library incorrectly handled certain default fields. If a user or automated system were tricked into opening a specially crafted TIFF image, a remote attacker could crash the application, leading to a denial of service. (CVE-2010-2597, CVE-2010-2598) It was discovered that the TIFF library incorrectly validated certain data types. If a user or automated system were tricked into opening a specially crafted TIFF image, a remote attacker could crash the application, leading to a denial of service. (CVE-2010-2630) It was discovered that the TIFF library incorrectly handled downsampled JPEG data. If a user or automated system were tricked into opening a specially crafted TIFF image, a remote attacker could execute arbitrary code with user privileges, or crash the application, leading to a denial of service. This issue only affected Ubuntu 10.04 LTS and 10.10. (CVE-2010-3087) It was discovered that the TIFF library incorrectly handled certain JPEG data. If a user or automated system were tricked into opening a specially crafted TIFF image, a remote attacker could execute arbitrary code with user privileges, or crash the application, leading to a denial of servi ...

Description truncated, for more information please check the Reference URL

Vulnerability Detection Method

Details: Ubuntu Update for tiff regression USN-1085-2 (OID: 1.3.6.1.4.1.25623.1.0.840613)

Version used: $Revision: 7964 $

References

CVE: CVE-2010-2482, CVE-2010-2595, CVE-2010-2597, CVE-2010-2598, CVE-2010-2630, CVE-2010-3087, CVE-2011-0191
CERT: DFN-CERT-2012-1879, DFN-CERT-2012-0627, DFN-CERT-2011-1002, DFN-CERT-2011-1001, DFN-CERT-2011-0803, DFN-CERT-2011-0771, DFN-CERT-2011-0695, DFN-CERT-2011-0681, DFN-CERT-2011-0503, DFN-CERT-2011-0493, DFN-CERT-2011-0492, DFN-CERT-2010-1295, DFN-CERT-2010-1247, DFN-CERT-2010-1005, DFN-CERT-2010-1004, DFN-CERT-2010-0876, DFN-CERT-2010-0873
Other: http://www.ubuntu.com/usn/usn-1085-2/
USN:1085-2

general/tcp
High (CVSS: 9.3)
NVT: Ubuntu USN-745-1 (xulrunner-1.9) (OID: 1.3.6.1.4.1.25623.1.0.63749)
Summary

The remote host is missing an update to xulrunner-1.9 announced via advisory USN-745-1.

Vulnerability Detection Result
Package firefox-gnome-support version 3.0~b5+nobinonly-0ubuntu3 is installed which is known to be vulnerable.
Package xulrunner-1.9-gnome-support version 1.9~b5+nobinonly-0ubuntu3 is installed which is known to be vulnerable.
Package xulrunner-1.9 version 1.9~b5+nobinonly-0ubuntu3 is installed which is known to be vulnerable.
Solution

Solution type: VendorFix

The problem can be corrected by upgrading your system to the following package versions:

Ubuntu 6.06 LTS: firefox 1.5.dfsg+1.5.0.15~prepatch080614l-0ubuntu1

Ubuntu 7.10: firefox 2.0.0.21~tb.21.308+nobinonly-0ubuntu0.7.10.1

Ubuntu 8.04 LTS: firefox-3.0 3.0.8+nobinonly-0ubuntu0.8.04.2 xulrunner-1.9 1.9.0.8+nobinonly-0ubuntu0.8.04.1

Ubuntu 8.10: abrowser 3.0.8+nobinonly-0ubuntu0.8.10.2 firefox-3.0 3.0.8+nobinonly-0ubuntu0.8.10.2 xulrunner-1.9 1.9.0.8+nobinonly-0ubuntu0.8.10.1

After a standard system upgrade you need to restart Firefox and any applications that use xulrunner, such as Epiphany, to effect the necessary changes.

https://secure1.securityspace.com/smysecure/catid.html?in=USN-745-1

Vulnerability Insight

It was discovered that Firefox did not properly perform XUL garbage collection. If a user were tricked into viewing a malicious website, a remote attacker could cause a denial of service or execute arbitrary code with the privileges of the user invoking the program. This issue only affected Ubuntu 8.04 LTS and 8.10. (CVE-2009-1044)

A flaw was discovered in the way Firefox performed XSLT transformations. If a user were tricked into opening a crafted XSL stylesheet, an attacker could cause a denial of service or execute arbitrary code with the privileges of the user invoking the program. (CVE-2009-1169)

Vulnerability Detection Method

Details: Ubuntu USN-745-1 (xulrunner-1.9) (OID: 1.3.6.1.4.1.25623.1.0.63749)

Version used: $Revision: 7969 $

References

CVE: CVE-2009-1044, CVE-2009-1169
Other: http://www.ubuntu.com/usn/usn-745-1/

general/tcp
High (CVSS: 9.3)
NVT: Adobe Flash Player Font Parsing Code Execution Vulnerability - (Linux) (OID: 1.3.6.1.4.1.25623.1.0.802941)
Summary

This host is installed with Adobe Flash Player and is prone to unspecified code execution vulnerability.

Vulnerability Detection Result

Vulnerability was detected according to the Vulnerability Detection Method.

Impact

Successful exploitation will let attackers to execute arbitrary code or cause the application to crash and take control of the affected system. Impact Level: System/Application

Solution

Solution type: VendorFix

Upgrade to Adobe Flash Player version 11.2.202.238 or later, For details refer, http://www.adobe.com/downloads/

Affected Software/OS

Adobe Flash Player version 11.2.202.236 and prior on Linux

Vulnerability Insight

An unspecified error occurs when handling SWF content in a word document. This may allow a context-dependent attacker to execute arbitrary code.

Vulnerability Detection Method

Details: Adobe Flash Player Font Parsing Code Execution Vulnerability - (Linux) (OID: 1.3.6.1.4.1.25623.1.0.802941)

Version used: $Revision: 5940 $

References

CVE: CVE-2012-1535
BID: 55009
CERT: DFN-CERT-2013-0433, DFN-CERT-2012-1652, DFN-CERT-2012-1609, DFN-CERT-2012-1599, DFN-CERT-2012-1592, DFN-CERT-2012-1576
Other: http://secunia.com/advisories/50285/
http://www.adobe.com/support/security/bulletins/apsb12-18.html

general/tcp
High (CVSS: 9.3)
NVT: Pidgin Multiple Buffer Overflow Vulnerabilities (Linux) (OID: 1.3.6.1.4.1.25623.1.0.900663)
Summary

This host has installed pidgin and is prone to Multiple Buffer Overflow Vulnerabilities

Vulnerability Detection Result

Vulnerability was detected according to the Vulnerability Detection Method.

Impact

Successful exploits allow attackers to run arbitrary code, corrupt memory and cause cause denial of service. Impact Level: Application

Solution

Solution type: VendorFix

Upgrade to version 2.5.6 or later. http://pidgin.im/download/

Affected Software/OS

Pidgin version prior to 2.5.6 on Linux.

Vulnerability Insight

The multiple flaws are due to, - a boundary error in the XMPP SOCKS5 'bytestream' server when initiating an outbound XMPP file transfer. - a boundary error in the 'decrypt_out()' function while processing malicious QQ packet. - a boundary error exists in the implementation of the 'PurpleCircBuffer' structure and can be exploited via vectors involving XMPP or Sametime protocol. - a truncation error in function 'libpurple/protocols/msn/slplink.c' and 'libpurple/protocols/msnp9/slplink.c' when processing MSN SLP messages with a crafted offset value.

Vulnerability Detection Method

Details: Pidgin Multiple Buffer Overflow Vulnerabilities (Linux) (OID: 1.3.6.1.4.1.25623.1.0.900663)

Version used: $Revision: 5122 $

References

CVE: CVE-2009-1373, CVE-2009-1374, CVE-2009-1375, CVE-2009-1376
BID: 35067
CERT: DFN-CERT-2009-1707, DFN-CERT-2009-1283, DFN-CERT-2009-1154, DFN-CERT-2009-1116
Other: http://secunia.com/advisories/35194
http://secunia.com/advisories/35202
http://xforce.iss.net/xforce/xfdb/50680
http://rhn.redhat.com/errata/RHSA-2009-1059.html

general/tcp
High (CVSS: 9.3)
NVT: Ubuntu USN-735-1 (gst-plugins-base0.10) (OID: 1.3.6.1.4.1.25623.1.0.63621)
Summary

The remote host is missing an update to gst-plugins-base0.10 announced via advisory USN-735-1.

Vulnerability Detection Result
Package libnss3-1d version 3.12.0~beta3-0ubuntu1 is installed which is known to be vulnerable.
Solution

Solution type: VendorFix

The problem can be corrected by upgrading your system to the following package versions:

Ubuntu 8.10: gstreamer0.10-plugins-base 0.10.21-3ubuntu0.1

In general, a standard system upgrade is sufficient to effect the necessary changes.

https://secure1.securityspace.com/smysecure/catid.html?in=USN-735-1

Vulnerability Insight

It was discovered that the Base64 decoding functions in GStreamer Base Plugins did not properly handle large images in Vorbis file tags. If a user were tricked into opening a specially crafted Vorbis file, an attacker could possibly execute arbitrary code with user privileges.

Vulnerability Detection Method

Details: Ubuntu USN-735-1 (gst-plugins-base0.10) (OID: 1.3.6.1.4.1.25623.1.0.63621)

Version used: $Revision: 7969 $

References

CVE: CVE-2009-0586, CVE-2009-0585, CVE-2009-0135, CVE-2009-0136, CVE-2008-4564, CVE-2009-0538, CVE-2004-2761
CERT: DFN-CERT-2009-0137
Other: http://www.ubuntu.com/usn/usn-735-1/

general/tcp
High (CVSS: 9.3)
NVT: Ubuntu Update for devhelp, epiphany-browser, midbrowser, yelp update USN-626-2 (OID: 1.3.6.1.4.1.25623.1.0.840226)
Summary

Ubuntu Update for Linux kernel vulnerabilities USN-626-2

Vulnerability Detection Result
Package yelp version 2.22.1-0ubuntu2 is installed which is known to be vulnerable.
Solution

Solution type: VendorFix

Please Install the Updated Packages.

Affected Software/OS

devhelp, epiphany-browser, midbrowser, yelp update on Ubuntu 8.04 LTS

Vulnerability Insight

USN-626-1 fixed vulnerabilities in xulrunner-1.9. The changes required that Devhelp, Epiphany, Midbrowser and Yelp also be updated to use the new xulrunner-1.9.

Original advisory details: A flaw was discovered in the browser engine. A variable could be made to overflow causing the browser to crash. If a user were tricked into opening a malicious web page, an attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2008-2785) Billy Rios discovered that Firefox and xulrunner, as used by browsers such as Epiphany, did not properly perform URI splitting with pipe symbols when passed a command-line URI. If Firefox or xulrunner were passed a malicious URL, an attacker may be able to execute local content with chrome privileges. (CVE-2008-2933)

Vulnerability Detection Method

Details: Ubuntu Update for devhelp, epiphany-browser, midbrowser, yelp update USN-626-2 (OID: 1.3.6.1.4.1.25623.1.0.840226)

Version used: $Revision: 7969 $

References

CVE: CVE-2008-2785, CVE-2008-2933
Other: http://www.ubuntu.com/usn/usn-626-2/
USN:626-2

general/tcp
High (CVSS: 9.3)
NVT: Ubuntu USN-761-2 (php5) (OID: 1.3.6.1.4.1.25623.1.0.64148)
Summary

The remote host is missing an update to php5 announced via advisory USN-761-2.

Vulnerability Detection Result
Package acpid version 1.0.4-5ubuntu9 is installed which is known to be vulnerable.
Package firefox-gnome-support version 3.0~b5+nobinonly-0ubuntu3 is installed which is known to be vulnerable.
Package xulrunner-1.9-gnome-support version 1.9~b5+nobinonly-0ubuntu3 is installed which is known to be vulnerable.
Package xulrunner-1.9 version 1.9~b5+nobinonly-0ubuntu3 is installed which is known to be vulnerable.
Solution

Solution type: VendorFix

The problem can be corrected by upgrading your system to the following package versions:

Ubuntu 9.04: libapache2-mod-php5 5.2.6.dfsg.1-3ubuntu4.1 php5-cgi 5.2.6.dfsg.1-3ubuntu4.1 php5-cli 5.2.6.dfsg.1-3ubuntu4.1

In general, a standard system upgrade is sufficient to effect the necessary changes.

https://secure1.securityspace.com/smysecure/catid.html?in=USN-761-2

Vulnerability Insight

USN-761-1 fixed vulnerabilities in PHP. This update provides the corresponding updates for Ubuntu 9.04.

Original advisory details:

It was discovered that PHP did not sanitize certain error messages when display_errors is enabled, which could result in browsers becoming vulnerable to cross-site scripting attacks when processing the output. With cross-site scripting vulnerabilities, if a user were tricked into viewing server output during a crafted server request, a remote attacker could exploit this to modify the contents, or steal confidential data (such as passwords), within the same domain. (CVE-2008-5814) It was discovered that PHP did not properly handle certain malformed strings when being parsed by the json_decode function. A remote attacker could exploit this flaw and cause the PHP server to crash, resulting in a denial of service. This issue only affected Ubuntu 8.04 and 8.10. (CVE-2009-1271)

Vulnerability Detection Method

Details: Ubuntu USN-761-2 (php5) (OID: 1.3.6.1.4.1.25623.1.0.64148)

Version used: $Revision: 7969 $

References

CVE: CVE-2008-5814, CVE-2009-1271, CVE-2009-0798, CVE-2009-1313
CERT: DFN-CERT-2010-0588, DFN-CERT-2010-0482, DFN-CERT-2010-0263, DFN-CERT-2009-1726, DFN-CERT-2009-0622
Other: http://www.ubuntu.com/usn/usn-761-2/

general/tcp
High (CVSS: 9.3)
NVT: Ubuntu Update for libvorbis vulnerabilities USN-682-1 (OID: 1.3.6.1.4.1.25623.1.0.840247)
Summary

Ubuntu Update for Linux kernel vulnerabilities USN-682-1

Vulnerability Detection Result
Package libvorbis0a version 1.2.0.dfsg-2 is installed which is known to be vulnerable.
Solution

Solution type: VendorFix

Please Install the Updated Packages.

Affected Software/OS

libvorbis vulnerabilities on Ubuntu 6.06 LTS , Ubuntu 7.10 , Ubuntu 8.04 LTS

Vulnerability Insight

It was discovered that libvorbis did not correctly handle certain malformed sound files. If a user were tricked into opening a specially crafted sound file with an application that uses libvorbis, an attacker could execute arbitrary code with the user's privileges.

Vulnerability Detection Method

Details: Ubuntu Update for libvorbis vulnerabilities USN-682-1 (OID: 1.3.6.1.4.1.25623.1.0.840247)

Version used: $Revision: 7969 $

References

CVE: CVE-2008-1419, CVE-2008-1420, CVE-2008-1423
Other: http://www.ubuntu.com/usn/usn-682-1/
USN:682-1

general/tcp
High (CVSS: 9.3)
NVT: OpenOffice.org Word Documents Parsing Buffer Overflow Vulnerability (Linux) (OID: 1.3.6.1.4.1.25623.1.0.800695)
Summary

The host has OpenOffice installed and is prone to Buffer Overflow vulnerability.

Vulnerability Detection Result

Vulnerability was detected according to the Vulnerability Detection Method.

Impact

Successful remote exploitation could result in arbitrary code execution on the affected system which leads to application crash and compromise a vulnerable system. Impact Level: System/Application

Solution

Solution type: VendorFix

Upgrade to OpenOffice Version 3.1.1 or later For updates refer to http://www.openoffice.org/

Affected Software/OS

OpenOffice Version prior to 3.1.1 on Linux.

Vulnerability Insight

- An integer underflow error occurs when parsing certain records in a Word document table. - An heap overflow error occurs when parsing certain records in a Word document when opening a malicious Word document.

Vulnerability Detection Method

Details: OpenOffice.org Word Documents Parsing Buffer Overflow Vulnerability (Linux) (OID: 1.3.6.1.4.1.25623.1.0.800695)

Version used: $Revision: 4869 $

References

CVE: CVE-2009-0200, CVE-2009-0201
BID: 36200
CERT: DFN-CERT-2010-0693, DFN-CERT-2010-0625, DFN-CERT-2010-0309, DFN-CERT-2010-0204, DFN-CERT-2009-1308, DFN-CERT-2009-1297, DFN-CERT-2009-1251, DFN-CERT-2009-1250, DFN-CERT-2009-1249
Other: http://secunia.com/secunia_research/2009-27/
http://www.vupen.com/english/advisories/2009/2490

general/tcp
High (CVSS: 9.3)
NVT: Ubuntu Update for gimp vulnerabilities USN-880-1 (OID: 1.3.6.1.4.1.25623.1.0.840362)
Summary

Ubuntu Update for Linux kernel vulnerabilities USN-880-1

Vulnerability Detection Result
Package gimp-gnomevfs version 2.4.5-1ubuntu2 is installed which is known to be vulnerable.
Solution

Solution type: VendorFix

Please Install the Updated Packages.

Affected Software/OS

gimp vulnerabilities on Ubuntu 8.04 LTS , Ubuntu 8.10 , Ubuntu 9.04 , Ubuntu 9.10

Vulnerability Insight

Stefan Cornelius discovered that GIMP did not correctly handle certain malformed BMP files. If a user were tricked into opening a specially crafted BMP file, an attacker could execute arbitrary code with the user's privileges. (CVE-2009-1570)

Stefan Cornelius discovered that GIMP did not correctly handle certain malformed PSD files. If a user were tricked into opening a specially crafted PSD file, an attacker could execute arbitrary code with the user's privileges. This issue only applied to Ubuntu 8.10, 9.04 and 9.10. (CVE-2009-3909)

Vulnerability Detection Method

Details: Ubuntu Update for gimp vulnerabilities USN-880-1 (OID: 1.3.6.1.4.1.25623.1.0.840362)

Version used: $Revision: 8438 $

References

CVE: CVE-2009-1570, CVE-2009-3909
CERT: DFN-CERT-2012-1618, DFN-CERT-2011-0855, DFN-CERT-2011-0853, DFN-CERT-2010-0606, DFN-CERT-2010-0542, DFN-CERT-2010-0010, DFN-CERT-2009-1818, DFN-CERT-2009-1765, DFN-CERT-2009-1612
Other: http://www.ubuntu.com/usn/usn-880-1/
USN:880-1

general/tcp
High (CVSS: 9.3)
NVT: Ubuntu Update for Firefox vulnerability USN-1011-1 (OID: 1.3.6.1.4.1.25623.1.0.840526)
Summary

Ubuntu Update for Linux kernel vulnerabilities USN-1011-1

Vulnerability Detection Result
Package firefox-gnome-support version 3.0~b5+nobinonly-0ubuntu3 is installed which is known to be vulnerable.
Solution

Solution type: VendorFix

Please Install the Updated Packages.

Affected Software/OS

Firefox vulnerability on Ubuntu 8.04 LTS , Ubuntu 9.10 , Ubuntu 10.04 LTS

Vulnerability Insight

Morten Krakvik discovered a heap-based buffer overflow in Firefox. If a user were tricked into navigating to a malicious site, an attacker could cause a denial of service or possibly execute arbitrary code as the user invoking the program.

Vulnerability Detection Method

Details: Ubuntu Update for Firefox vulnerability USN-1011-1 (OID: 1.3.6.1.4.1.25623.1.0.840526)

Version used: $Revision: 8528 $

References

CVE: CVE-2010-3765
CERT: DFN-CERT-2011-0696, DFN-CERT-2011-0386, DFN-CERT-2011-0033, DFN-CERT-2010-1584, DFN-CERT-2010-1536, DFN-CERT-2010-1529, DFN-CERT-2010-1513, DFN-CERT-2010-1485, DFN-CERT-2010-1478, DFN-CERT-2010-1477, DFN-CERT-2010-1473, DFN-CERT-2010-1463, DFN-CERT-2010-1449, DFN-CERT-2010-1447, DFN-CERT-2010-1446, DFN-CERT-2010-1441, DFN-CERT-2010-1436, DFN-CERT-2010-1435, DFN-CERT-2010-1434
Other: http://www.ubuntu.com/usn/usn-1011-1/
USN:1011-1

general/tcp
High (CVSS: 9.3)
NVT: Ubuntu Update for samba vulnerabilities USN-617-1 (OID: 1.3.6.1.4.1.25623.1.0.840348)
Summary

Ubuntu Update for Linux kernel vulnerabilities USN-617-1

Vulnerability Detection Result
Package libsmbclient version 3.0.28a-1ubuntu4 is installed which is known to be vulnerable.
Solution

Solution type: VendorFix

Please Install the Updated Packages.

Affected Software/OS

samba vulnerabilities on Ubuntu 6.06 LTS , Ubuntu 7.04 , Ubuntu 7.10 , Ubuntu 8.04 LTS

Vulnerability Insight

Samba developers discovered that nmbd could be made to overrun a buffer during the processing of GETDC logon server requests. When samba is configured as a Primary or Backup Domain Controller, a remote attacker could send malicious logon requests and possibly cause a denial of service. (CVE-2007-4572)

Alin Rad Pop of Secunia Research discovered that Samba did not properly perform bounds checking when parsing SMB replies. A remote attacker could send crafted SMB packets and execute arbitrary code. (CVE-2008-1105)

Vulnerability Detection Method

Details: Ubuntu Update for samba vulnerabilities USN-617-1 (OID: 1.3.6.1.4.1.25623.1.0.840348)

Version used: $Revision: 7969 $

References

CVE: CVE-2007-4572, CVE-2008-1105
Other: http://www.ubuntu.com/usn/usn-617-1/
USN:617-1

general/tcp
High (CVSS: 9.3)
NVT: Ubuntu USN-854-1 (libgd2) (OID: 1.3.6.1.4.1.25623.1.0.66306)
Summary

The remote host is missing an update to libgd2 announced via advisory USN-854-1.

Vulnerability Detection Result
Package libgd2-xpm version 2.0.35.dfsg-3ubuntu2 is installed which is known to be vulnerable.
Solution

Solution type: VendorFix

The problem can be corrected by upgrading your system to the following package versions:

Ubuntu 6.06 LTS: libgd2-noxpm 2.0.33-2ubuntu5.4 libgd2-xpm 2.0.33-2ubuntu5.4

Ubuntu 8.04 LTS: libgd2-noxpm 2.0.35.dfsg-3ubuntu2.1 libgd2-xpm 2.0.35.dfsg-3ubuntu2.1

Ubuntu 8.10: libgd2-noxpm 2.0.36~rc1~dfsg-3ubuntu1.8.10.1 libgd2-xpm 2.0.36~rc1~dfsg-3ubuntu1.8.10.1

Ubuntu 9.04: libgd2-noxpm 2.0.36~rc1~dfsg-3ubuntu1.9.04.1 libgd2-xpm 2.0.36~rc1~dfsg-3ubuntu1.9.04.1

Ubuntu 9.10: libgd2-noxpm 2.0.36~rc1~dfsg-3ubuntu1.9.10.1 libgd2-xpm 2.0.36~rc1~dfsg-3ubuntu1.9.10.1

In general, a standard system upgrade is sufficient to effect the necessary changes.

https://secure1.securityspace.com/smysecure/catid.html?in=USN-854-1

Vulnerability Insight

Tomas Hoger discovered that the GD library did not properly handle the number of colors in certain malformed GD images. If a user or automated system were tricked into processing a specially crafted GD image, an attacker could cause a denial of service or possibly execute arbitrary code. (CVE-2009-3546)

It was discovered that the GD library did not properly handle incorrect color indexes. An attacker could send specially crafted input to applications linked against libgd2 and cause a denial of service or possibly execute arbitrary code. This issue only affected Ubuntu 6.06 LTS. (CVE-2009-3293)

It was discovered that the GD library did not properly handle certain malformed GIF images. If a user or automated system were tricked into processing a specially crafted GIF image, an attacker could cause a denial of service. This issue only affected Ubuntu 6.06 LTS. (CVE-2007-3475, CVE-2007-3476)

It was discovered that the GD library did not properly handle large angle degree values. An attacker could send specially crafted input to applications linked against libgd2 and cause a denial of service. This issue only affected Ubuntu 6.06 LTS. (CVE-2007-3477)

Vulnerability Detection Method

Details: Ubuntu USN-854-1 (libgd2) (OID: 1.3.6.1.4.1.25623.1.0.66306)

Version used: $Revision: 7969 $

References

CVE: CVE-2007-3475, CVE-2007-3476, CVE-2007-3477, CVE-2009-3293, CVE-2009-3546
CERT: DFN-CERT-2012-1278, DFN-CERT-2011-0014, DFN-CERT-2010-0802, DFN-CERT-2010-0263, DFN-CERT-2010-0143, DFN-CERT-2010-0140, DFN-CERT-2010-0060, DFN-CERT-2010-0011, DFN-CERT-2009-1726, DFN-CERT-2009-1720, DFN-CERT-2009-1629, DFN-CERT-2009-1508, DFN-CERT-2009-1490, DFN-CERT-2009-1487, DFN-CERT-2009-1376, DFN-CERT-2009-1375, DFN-CERT-2009-1374
Other: http://www.ubuntu.com/usn/usn-854-1/

general/tcp
High (CVSS: 9.3)
NVT: Ubuntu USN-765-1 (xulrunner-1.9) (OID: 1.3.6.1.4.1.25623.1.0.64150)
Summary

The remote host is missing an update to xulrunner-1.9 announced via advisory USN-765-1.

Vulnerability Detection Result
Package firefox-gnome-support version 3.0~b5+nobinonly-0ubuntu3 is installed which is known to be vulnerable.
Package xulrunner-1.9-gnome-support version 1.9~b5+nobinonly-0ubuntu3 is installed which is known to be vulnerable.
Package xulrunner-1.9 version 1.9~b5+nobinonly-0ubuntu3 is installed which is known to be vulnerable.
Solution

Solution type: VendorFix

The problem can be corrected by upgrading your system to the following package versions:

Ubuntu 8.04 LTS: firefox-3.0 3.0.10+nobinonly-0ubuntu0.8.04.1 xulrunner-1.9 1.9.0.10+nobinonly-0ubuntu0.8.04.1

Ubuntu 8.10: abrowser 3.0.10+nobinonly-0ubuntu0.8.10.1 firefox-3.0 3.0.10+nobinonly-0ubuntu0.8.10.1 xulrunner-1.9 1.9.0.10+nobinonly-0ubuntu0.8.10.1

Ubuntu 9.04: abrowser 3.0.10+nobinonly-0ubuntu0.9.04.1 firefox-3.0 3.0.10+nobinonly-0ubuntu0.9.04.1 xulrunner-1.9 1.9.0.10+nobinonly-0ubuntu0.9.04.1

After a standard system upgrade you need to restart Firefox and any applications that use xulrunner, such as Epiphany, to effect the necessary changes.

https://secure1.securityspace.com/smysecure/catid.html?in=USN-765-1

Vulnerability Insight

It was discovered that the upstream security fixes in USN-764-1 introduced a regression which could cause the browser to crash. If a user were tricked into viewing a malicious website, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program.

Vulnerability Detection Method

Details: Ubuntu USN-765-1 (xulrunner-1.9) (OID: 1.3.6.1.4.1.25623.1.0.64150)

Version used: $Revision: 7969 $

References

CVE: CVE-2009-1313
Other: http://www.ubuntu.com/usn/usn-765-1/

general/tcp
High (CVSS: 9.3)
NVT: Ubuntu Update for openoffice.org vulnerabilities USN-1056-1 (OID: 1.3.6.1.4.1.25623.1.0.840576)
Summary

Ubuntu Update for Linux kernel vulnerabilities USN-1056-1

Vulnerability Detection Result
Package openoffice.org-base-core version 2.4.0-3ubuntu6 is installed which is known to be vulnerable.
Solution

Solution type: VendorFix

Please Install the Updated Packages.

Affected Software/OS

openoffice.org vulnerabilities on Ubuntu 8.04 LTS , Ubuntu 9.10 , Ubuntu 10.04 LTS , Ubuntu 10.10

Vulnerability Insight

Charlie Miller discovered several heap overflows in PPT processing. If a user or automated system were tricked into opening a specially crafted PPT document, a remote attacker could execute arbitrary code with user privileges. Ubuntu 10.10 was not affected. (CVE-2010-2935, CVE-2010-2936)

Marc Schoenefeld discovered that directory traversal was not correctly handled in XSLT, OXT, JAR, or ZIP files. If a user or automated system were tricked into opening a specially crafted document, a remote attacker overwrite arbitrary files, possibly leading to arbitrary code execution with user privileges. (CVE-2010-3450) Dan Rosenberg discovered multiple heap overflows in RTF and DOC processing. If a user or automated system were tricked into opening a specially crafted RTF or DOC document, a remote attacker could execute arbitrary code with user privileges. (CVE-2010-3451, CVE-2010-3452, CVE-2010-3453, CVE-2010-3454) Dmitri Gribenko discovered that OpenOffice.org did not correctly handle LD_LIBRARY_PATH in various tools. If a local attacker tricked a user or automated system into using OpenOffice.org from an attacker-controlled directory, they could execute arbitrary code with user privileges. (CVE-2010-3689) Marc Schoenefeld discovered that OpenOffice.org did not correctly process PNG images. If a user or automated system were tricked into opening a specially crafted document, a remote attacker could execute arbitrary code with user privileges. (CVE-2010-4253) It was discovered that OpenOffice.org did not correctly process TGA images. If a user or automated system were tricked into opening a specially crafted document, a remote attacker could execute arbitrary code with user privileges. (CVE-2010-4643)

Vulnerability Detection Method

Details: Ubuntu Update for openoffice.org vulnerabilities USN-1056-1 (OID: 1.3.6.1.4.1.25623.1.0.840576)

Version used: $Revision: 7964 $

References

CVE: CVE-2010-2935, CVE-2010-2936, CVE-2010-3450, CVE-2010-3451, CVE-2010-3452, CVE-2010-3453, CVE-2010-3454, CVE-2010-3689, CVE-2010-4253, CVE-2010-4643
CERT: DFN-CERT-2011-0608, DFN-CERT-2011-0212, DFN-CERT-2011-0195, DFN-CERT-2011-0133, DFN-CERT-2011-0130, DFN-CERT-2011-0125, DFN-CERT-2010-1762, DFN-CERT-2010-1424, DFN-CERT-2010-1120, DFN-CERT-2010-1092
Other: http://www.ubuntu.com/usn/usn-1056-1/
USN:1056-1

general/tcp
High (CVSS: 9.3)
NVT: Ubuntu USN-810-2 (fixed) (OID: 1.3.6.1.4.1.25623.1.0.64574)
Summary

The remote host is missing an update to fixed announced via advisory USN-810-2.

Original advisory details:

Moxie Marlinspike discovered that NSS did not properly handle regular expressions in certificate names. A remote attacker could create a specially crafted certificate to cause a denial of service (via application crash) or execute arbitrary code as the user invoking the program. (CVE-2009-2404) Moxie Marlinspike and Dan Kaminsky independently discovered that NSS did not properly handle certificates with NULL characters in the certificate name. An attacker could exploit this to perform a man in the middle attack to view sensitive information or alter encrypted communications. (CVE-2009-2408) Dan Kaminsky discovered NSS would still accept certificates with MD2 hash signatures. As a result, an attacker could potentially create a malicious trusted certificate to impersonate another site. (CVE-2009-2409)

Vulnerability Detection Result
Package libnspr4-0d version 4.7.1~beta2-0ubuntu1 is installed which is known to be vulnerable.
Solution

Solution type: VendorFix

https://secure1.securityspace.com/smysecure/catid.html?in=USN-810-2

Vulnerability Detection Method

Details: Ubuntu USN-810-2 (fixed) (OID: 1.3.6.1.4.1.25623.1.0.64574)

Version used: $Revision: 7969 $

References

CVE: CVE-2009-2404, CVE-2009-2408, CVE-2009-2409
CERT: CB-K15/1514, CB-K14/1259, DFN-CERT-2014-1324, DFN-CERT-2013-1890, DFN-CERT-2012-0627, DFN-CERT-2011-1672, DFN-CERT-2011-0626, DFN-CERT-2011-0321, DFN-CERT-2010-1650, DFN-CERT-2010-1315, DFN-CERT-2010-1293, DFN-CERT-2010-0720, DFN-CERT-2010-0603, DFN-CERT-2010-0530, DFN-CERT-2010-0461, DFN-CERT-2010-0413, DFN-CERT-2010-0410, DFN-CERT-2010-0120, DFN-CERT-2010-0119, DFN-CERT-2010-0118, DFN-CERT-2010-0111, DFN-CERT-2010-0051, DFN-CERT-2010-0014, DFN-CERT-2009-1758, DFN-CERT-2009-1713, DFN-CERT-2009-1699, DFN-CERT-2009-1687, DFN-CERT-2009-1625, DFN-CERT-2009-1620, DFN-CERT-2009-1616, DFN-CERT-2009-1598, DFN-CERT-2009-1597, DFN-CERT-2009-1583, DFN-CERT-2009-1505, DFN-CERT-2009-1491, DFN-CERT-2009-1476, DFN-CERT-2009-1452, DFN-CERT-2009-1425, DFN-CERT-2009-1405, DFN-CERT-2009-1325, DFN-CERT-2009-1318, DFN-CERT-2009-1317, DFN-CERT-2009-1305, DFN-CERT-2009-1282, DFN-CERT-2009-1275, DFN-CERT-2009-1266, DFN-CERT-2009-1230, DFN-CERT-2009-1206, DFN-CERT-2009-1198, DFN-CERT-2009-1184, DFN-CERT-2009-1153, DFN-CERT-2009-1148, DFN-CERT-2009-1138, DFN-CERT-2009-1123, DFN-CERT-2009-1122, DFN-CERT-2009-1091, DFN-CERT-2009-1088, DFN-CERT-2009-1087, DFN-CERT-2009-1041
Other: http://www.ubuntu.com/usn/usn-810-2/

general/tcp
High (CVSS: 9.3)
NVT: Ubuntu USN-698-3 (nagios2) (OID: 1.3.6.1.4.1.25623.1.0.64164)
Summary

The remote host is missing an update to nagios2 announced via advisory USN-698-3.

Vulnerability Detection Result
Package xterm version 229-1ubuntu1 is installed which is known to be vulnerable.
Solution

Solution type: VendorFix

The problem can be corrected by upgrading your system to the following package versions:

Ubuntu 8.04 LTS: nagios2 2.11-1ubuntu1.4

After a standard system upgrade you need to restart Nagios to effect the necessary changes.

https://secure1.securityspace.com/smysecure/catid.html?in=USN-698-3

Vulnerability Insight

It was discovered that Nagios was vulnerable to a Cross-site request forgery (CSRF) vulnerability. If an authenticated nagios user were tricked into clicking a link on a specially crafted web page, an attacker could trigger commands to be processed by Nagios and execute arbitrary programs. This update alters Nagios behaviour by disabling submission of CMD_CHANGE commands. (CVE-2008-5028)

It was discovered that Nagios did not properly parse commands submitted using the web interface. An authenticated user could use a custom form or a browser addon to bypass security restrictions and submit unauthorized commands. (CVE-2008-5027)

Vulnerability Detection Method

Details: Ubuntu USN-698-3 (nagios2) (OID: 1.3.6.1.4.1.25623.1.0.64164)

Version used: $Revision: 7969 $

References

CVE: CVE-2008-5027, CVE-2008-5028, CVE-2007-2739, CVE-2008-5033, CVE-2008-4933, CVE-2008-5025, CVE-2007-2865, CVE-2007-5728, CVE-2008-5587, CVE-2008-2383, CVE-2008-3443, CVE-2008-5029, CVE-2009-0022, CVE-2006-7236, CVE-2008-2382
CERT: DFN-CERT-2012-0704, DFN-CERT-2010-0824, DFN-CERT-2009-1546, DFN-CERT-2009-1169
Other: http://www.ubuntu.com/usn/usn-698-3/

general/tcp
High (CVSS: 9.3)
NVT: Ubuntu USN-766-1 (acpid) (OID: 1.3.6.1.4.1.25623.1.0.64149)
Summary

The remote host is missing an update to acpid announced via advisory USN-766-1.

Vulnerability Detection Result
Package acpid version 1.0.4-5ubuntu9 is installed which is known to be vulnerable.
Package firefox-gnome-support version 3.0~b5+nobinonly-0ubuntu3 is installed which is known to be vulnerable.
Package xulrunner-1.9-gnome-support version 1.9~b5+nobinonly-0ubuntu3 is installed which is known to be vulnerable.
Package xulrunner-1.9 version 1.9~b5+nobinonly-0ubuntu3 is installed which is known to be vulnerable.
Solution

Solution type: VendorFix

The problem can be corrected by upgrading your system to the following package versions:

Ubuntu 6.06 LTS: acpid 1.0.4-1ubuntu11.2

Ubuntu 8.04 LTS: acpid 1.0.4-5ubuntu9.3

Ubuntu 8.10: acpid 1.0.6-9ubuntu4.8.10.2

Ubuntu 9.04: acpid 1.0.6-9ubuntu4.9.04.2

In general, a standard system upgrade is sufficient to effect the necessary changes.

https://secure1.securityspace.com/smysecure/catid.html?in=USN-766-1

Vulnerability Insight

It was discovered that acpid did not properly handle a large number of connections. A local user could exploit this and monopolize CPU resources, leading to a denial of service.

Vulnerability Detection Method

Details: Ubuntu USN-766-1 (acpid) (OID: 1.3.6.1.4.1.25623.1.0.64149)

Version used: $Revision: 7969 $

References

CVE: CVE-2009-0798, CVE-2009-1313
CERT: DFN-CERT-2010-0482, DFN-CERT-2009-0622
Other: http://www.ubuntu.com/usn/usn-766-1/

general/tcp
High (CVSS: 9.3)
NVT: Ubuntu USN-739-1 (amarok) (OID: 1.3.6.1.4.1.25623.1.0.63623)
Summary

The remote host is missing an update to amarok announced via advisory USN-739-1.

Vulnerability Detection Result
Package libnss3-1d version 3.12.0~beta3-0ubuntu1 is installed which is known to be vulnerable.
Solution

Solution type: VendorFix

The problem can be corrected by upgrading your system to the following package versions:

Ubuntu 7.10: amarok 2:1.4.7-0ubuntu3.2

Ubuntu 8.04 LTS: amarok 2:1.4.9.1-0ubuntu3.2

Ubuntu 8.10: amarok 2:1.4.10-0ubuntu3.1

In general, a standard system upgrade is sufficient to effect the necessary changes.

https://secure1.securityspace.com/smysecure/catid.html?in=USN-739-1

Vulnerability Insight

It was discovered that Amarok did not correctly handle certain malformed tags in Audible Audio (.aa) files. If a user were tricked into opening a crafted Audible Audio file, an attacker could execute arbitrary code with the privileges of the user invoking the program.

Vulnerability Detection Method

Details: Ubuntu USN-739-1 (amarok) (OID: 1.3.6.1.4.1.25623.1.0.63623)

Version used: $Revision: 7969 $

References

CVE: CVE-2009-0135, CVE-2009-0136, CVE-2008-4564, CVE-2009-0538, CVE-2004-2761
CERT: DFN-CERT-2009-0137
Other: http://www.ubuntu.com/usn/usn-739-1/

general/tcp
High (CVSS: 9.3)
NVT: Ubuntu USN-677-2 (OpenOffice) (OID: 1.3.6.1.4.1.25623.1.0.63074)
Summary

The remote host is missing an update to OpenOffice announced via advisory USN-677-2.

Original advisory details:

Multiple memory overflow flaws were discovered in OpenOffice.org's handling of WMF and EMF files. If a user were tricked into opening a specially crafted document, a remote attacker might be able to execute arbitrary code with user privileges. (CVE-2008-2237, CVE-2008-2238) Dmitry E. Oboukhov discovered that senddoc, as included in OpenOffice.org, created temporary files in an insecure way. Local users could exploit a race condition to create or overwrite files with the privileges of the user invoking the program. This issue only affected Ubuntu 8.04 LTS. (CVE-2008-4937)

Vulnerability Detection Result
Package openoffice.org-help-en-gb version 2.4.0-3ubuntu1 is installed which is known to be vulnerable.
Package openoffice.org-help-en-us version 2.4.0-3ubuntu1 is installed which is known to be vulnerable.
Package openoffice.org-l10n-common version 2.4.0-3ubuntu1 is installed which is known to be vulnerable.
Package openoffice.org-l10n-en-gb version 2.4.0-3ubuntu1 is installed which is known to be vulnerable.
Package openoffice.org-l10n-en-za version 2.4.0-3ubuntu1 is installed which is known to be vulnerable.
Solution

Solution type: VendorFix

https://secure1.securityspace.com/smysecure/catid.html?in=USN-677-2

Vulnerability Detection Method

Details: Ubuntu USN-677-2 (OpenOffice) (OID: 1.3.6.1.4.1.25623.1.0.63074)

Version used: $Revision: 7969 $

References

CVE: CVE-2008-2237, CVE-2008-2238, CVE-2008-4937
Other: http://www.ubuntu.com/usn/usn-677-2/

general/tcp
High (CVSS: 9.3)
NVT: Ubuntu USN-810-1 (nss) (OID: 1.3.6.1.4.1.25623.1.0.64573)
Summary

The remote host is missing an update to nss announced via advisory USN-810-1.

Vulnerability Detection Result
Package libnss3-1d version 3.12.0~beta3-0ubuntu1 is installed which is known to be vulnerable.
Solution

Solution type: VendorFix

The problem can be corrected by upgrading your system to the following package versions:

Ubuntu 8.04 LTS: libnss3-1d 3.12.3.1-0ubuntu0.8.04.1

Ubuntu 8.10: libnss3-1d 3.12.3.1-0ubuntu0.8.10.1

Ubuntu 9.04: libnss3-1d 3.12.3.1-0ubuntu0.9.04.1

After a standard system upgrade you need to restart an applications that use NSS, such as Firefox, to effect the necessary changes.

https://secure1.securityspace.com/smysecure/catid.html?in=USN-810-1

Vulnerability Insight

Moxie Marlinspike discovered that NSS did not properly handle regular expressions in certificate names. A remote attacker could create a specially crafted certificate to cause a denial of service (via application crash) or execute arbitrary code as the user invoking the program. (CVE-2009-2404)

Moxie Marlinspike and Dan Kaminsky independently discovered that NSS did not properly handle certificates with NULL characters in the certificate name. An attacker could exploit this to perform a man in the middle attack to view sensitive information or alter encrypted communications. (CVE-2009-2408)

Dan Kaminsky discovered NSS would still accept certificates with MD2 hash signatures. As a result, an attacker could potentially create a malicious trusted certificate to impersonate another site. (CVE-2009-2409)

Vulnerability Detection Method

Details: Ubuntu USN-810-1 (nss) (OID: 1.3.6.1.4.1.25623.1.0.64573)

Version used: $Revision: 7969 $

References

CVE: CVE-2009-2404, CVE-2009-2408, CVE-2009-2409
CERT: CB-K15/1514, CB-K14/1259, DFN-CERT-2014-1324, DFN-CERT-2013-1890, DFN-CERT-2012-0627, DFN-CERT-2011-1672, DFN-CERT-2011-0626, DFN-CERT-2011-0321, DFN-CERT-2010-1650, DFN-CERT-2010-1315, DFN-CERT-2010-1293, DFN-CERT-2010-0720, DFN-CERT-2010-0603, DFN-CERT-2010-0530, DFN-CERT-2010-0461, DFN-CERT-2010-0413, DFN-CERT-2010-0410, DFN-CERT-2010-0120, DFN-CERT-2010-0119, DFN-CERT-2010-0118, DFN-CERT-2010-0111, DFN-CERT-2010-0051, DFN-CERT-2010-0014, DFN-CERT-2009-1758, DFN-CERT-2009-1713, DFN-CERT-2009-1699, DFN-CERT-2009-1687, DFN-CERT-2009-1625, DFN-CERT-2009-1620, DFN-CERT-2009-1616, DFN-CERT-2009-1598, DFN-CERT-2009-1597, DFN-CERT-2009-1583, DFN-CERT-2009-1505, DFN-CERT-2009-1491, DFN-CERT-2009-1476, DFN-CERT-2009-1452, DFN-CERT-2009-1425, DFN-CERT-2009-1405, DFN-CERT-2009-1325, DFN-CERT-2009-1318, DFN-CERT-2009-1317, DFN-CERT-2009-1305, DFN-CERT-2009-1282, DFN-CERT-2009-1275, DFN-CERT-2009-1266, DFN-CERT-2009-1230, DFN-CERT-2009-1206, DFN-CERT-2009-1198, DFN-CERT-2009-1184, DFN-CERT-2009-1153, DFN-CERT-2009-1148, DFN-CERT-2009-1138, DFN-CERT-2009-1123, DFN-CERT-2009-1122, DFN-CERT-2009-1091, DFN-CERT-2009-1088, DFN-CERT-2009-1087, DFN-CERT-2009-1041
Other: http://www.ubuntu.com/usn/usn-810-1/

general/tcp
High (CVSS: 9.3)
NVT: Ubuntu Update for libxml2 USN-1334-1 (OID: 1.3.6.1.4.1.25623.1.0.840868)
Summary

Ubuntu Update for Linux kernel vulnerabilities USN-1334-1

Vulnerability Detection Result
Package libxml2 version 2.6.31.dfsg-2ubuntu1 is installed which is known to be vulnerable.
Solution

Solution type: VendorFix

Please Install the Updated Packages.

Affected Software/OS

libxml2 on Ubuntu 11.04 , Ubuntu 10.10 , Ubuntu 10.04 LTS , Ubuntu 8.04 LTS

Vulnerability Insight

It was discovered that libxml2 contained an off by one error. If a user or application linked against libxml2 were tricked into opening a specially crafted XML file, an attacker could cause the application to crash or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2011-0216)

It was discovered that libxml2 is vulnerable to double-free conditions when parsing certain XML documents. This could allow a remote attacker to cause a denial of service. (CVE-2011-2821, CVE-2011-2834)

It was discovered that libxml2 did not properly detect end of file when parsing certain XML documents. An attacker could exploit this to crash applications linked against libxml2. (CVE-2011-3905)

It was discovered that libxml2 did not properly decode entity references with long names. If a user or application linked against libxml2 were tricked into opening a specially crafted XML file, an attacker could cause the application to crash or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2011-3919)

Vulnerability Detection Method

Details: Ubuntu Update for libxml2 USN-1334-1 (OID: 1.3.6.1.4.1.25623.1.0.840868)

Version used: $Revision: 7960 $

References

CVE: CVE-2011-0216, CVE-2011-2821, CVE-2011-2834, CVE-2011-3905, CVE-2011-3919
CERT: DFN-CERT-2013-0196, DFN-CERT-2012-1873, DFN-CERT-2012-1361, DFN-CERT-2012-1276, DFN-CERT-2012-1191, DFN-CERT-2012-0812, DFN-CERT-2012-0215, DFN-CERT-2012-0208, DFN-CERT-2012-0152, DFN-CERT-2012-0139, DFN-CERT-2012-0107, DFN-CERT-2012-0082, DFN-CERT-2012-0072, DFN-CERT-2012-0067, DFN-CERT-2012-0066, DFN-CERT-2012-0065, DFN-CERT-2011-1927, DFN-CERT-2011-1854, DFN-CERT-2011-1573
Other: http://www.ubuntu.com/usn/usn-1334-1/
USN:1334-1

general/tcp
High (CVSS: 9.3)
NVT: OpenOffice EMF File Parser Remote Command Execution Vulnerability (Linux) (OID: 1.3.6.1.4.1.25623.1.0.901019)
Summary

The host has OpenOffice installed and is prone to Remote Command Execution Vulnerability

Vulnerability Detection Result

Vulnerability was detected according to the Vulnerability Detection Method.

Impact

Successful remote exploitation could result in arbitrary code execution. Impact Level: System/Application

Solution

Solution type: VendorFix

Upgrade to OpenOffice Version 3.1.1 or later For updates refer to http://www.openoffice.org/

Affected Software/OS

OpenOffice Version 2.x and 3.x on windows.

Vulnerability Insight

An Unspecified error occurs in the parser of EMF files when parsing certain crafted EMF files.

Vulnerability Detection Method

Details: OpenOffice EMF File Parser Remote Command Execution Vulnerability (Linux) (OID: 1.3.6.1.4.1.25623.1.0.901019)

Version used: $Revision: 5122 $

References

CVE: CVE-2009-2139
BID: 36291
CERT: DFN-CERT-2010-0693, DFN-CERT-2010-0625, DFN-CERT-2010-0204, DFN-CERT-2009-1249
Other: http://www.debian.org/security/2009/dsa-1880

general/tcp
High (CVSS: 9.3)
NVT: Ubuntu USN-850-1 (poppler) (OID: 1.3.6.1.4.1.25623.1.0.66111)
Summary

The remote host is missing an update to poppler announced via advisory USN-850-1.

Vulnerability Detection Result
Package libpoppler-glib2 version 0.6.4-1ubuntu1 is installed which is known to be vulnerable.
Package libpoppler2 version 0.6.4-1ubuntu1 is installed which is known to be vulnerable.
Package poppler-utils version 0.6.4-1ubuntu1 is installed which is known to be vulnerable.
Solution

Solution type: VendorFix

The problem can be corrected by upgrading your system to the following package versions:

Ubuntu 6.06 LTS: libpoppler1 0.5.1-0ubuntu7.6 libpoppler1-glib 0.5.1-0ubuntu7.6

Ubuntu 8.04 LTS: libpoppler-glib2 0.6.4-1ubuntu3.3 libpoppler2 0.6.4-1ubuntu3.3

Ubuntu 8.10: libpoppler-glib3 0.8.7-1ubuntu0.4 libpoppler3 0.8.7-1ubuntu0.4

Ubuntu 9.04: libpoppler-glib4 0.10.5-1ubuntu2.4 libpoppler4 0.10.5-1ubuntu2.4

In general, a standard system upgrade is sufficient to effect the necessary changes.

https://secure1.securityspace.com/smysecure/catid.html?in=USN-850-1

Vulnerability Insight

It was discovered that poppler contained multiple security issues when parsing malformed PDF documents. If a user or automated system were tricked into opening a crafted PDF file, an attacker could cause a denial of service or execute arbitrary code with privileges of the user invoking the program.

Vulnerability Detection Method

Details: Ubuntu USN-850-1 (poppler) (OID: 1.3.6.1.4.1.25623.1.0.66111)

Version used: $Revision: 7969 $

References

CVE: CVE-2009-0755, CVE-2009-3603, CVE-2009-3604, CVE-2009-3605, CVE-2009-3607, CVE-2009-3608, CVE-2009-3609
CERT: DFN-CERT-2011-1762, DFN-CERT-2010-1647, DFN-CERT-2010-1326, DFN-CERT-2010-0697, DFN-CERT-2010-0665, DFN-CERT-2010-0659, DFN-CERT-2010-0636, DFN-CERT-2010-0635, DFN-CERT-2010-0634, DFN-CERT-2010-0610, DFN-CERT-2010-0609, DFN-CERT-2010-0477, DFN-CERT-2010-0313, DFN-CERT-2010-0288, DFN-CERT-2010-0259, DFN-CERT-2010-0036, DFN-CERT-2009-1841, DFN-CERT-2009-1798, DFN-CERT-2009-1785, DFN-CERT-2009-1658, DFN-CERT-2009-1646, DFN-CERT-2009-1583, DFN-CERT-2009-1512, DFN-CERT-2009-1495, DFN-CERT-2009-1488, DFN-CERT-2009-1485, DFN-CERT-2009-1484, DFN-CERT-2009-1483, DFN-CERT-2009-1482, DFN-CERT-2009-1473, DFN-CERT-2009-1472, DFN-CERT-2009-1471, DFN-CERT-2009-1470, DFN-CERT-2009-1469, DFN-CERT-2009-1466, DFN-CERT-2009-1465
Other: http://www.ubuntu.com/usn/usn-850-1/

general/tcp
High (CVSS: 9.3)
NVT: Ubuntu USN-825-1 (libvorbis) (OID: 1.3.6.1.4.1.25623.1.0.64781)
Summary

The remote host is missing an update to libvorbis announced via advisory USN-825-1.

Vulnerability Detection Result
Package libvorbis0a version 1.2.0.dfsg-2 is installed which is known to be vulnerable.
Package libvorbisenc2 version 1.2.0.dfsg-2 is installed which is known to be vulnerable.
Package libvorbisfile3 version 1.2.0.dfsg-2 is installed which is known to be vulnerable.
Solution

Solution type: VendorFix

The problem can be corrected by upgrading your system to the following package versions:

Ubuntu 8.04 LTS: libvorbis0a 1.2.0.dfsg-2ubuntu0.2

Ubuntu 8.10: libvorbis0a 1.2.0.dfsg-3.1ubuntu0.8.10.1

Ubuntu 9.04: libvorbis0a 1.2.0.dfsg-3.1ubuntu0.9.04.1

After a standard system upgrade you need to restart any applications that use libvorbis, such as Totem and gtkpod, to effect the necessary changes.

https://secure1.securityspace.com/smysecure/catid.html?in=USN-825-1

Vulnerability Insight

It was discovered that libvorbis did not correctly handle certain malformed ogg files. If a user were tricked into opening a specially crafted ogg file with an application that uses libvorbis, an attacker could execute arbitrary code with the user's privileges. (CVE-2009-2663)

USN-682-1 provided updated libvorbis packages to fix multiple security vulnerabilities. The upstream security patch to fix CVE-2008-1420 introduced a regression when reading sound files encoded with libvorbis 1.0beta1. This update corrects the problem.

Original advisory details:

It was discovered that libvorbis did not correctly handle certain malformed sound files. If a user were tricked into opening a specially crafted sound file with an application that uses libvorbis, an attacker could execute arbitrary code with the user's privileges. (CVE-2008-1420)

Vulnerability Detection Method

Details: Ubuntu USN-825-1 (libvorbis) (OID: 1.3.6.1.4.1.25623.1.0.64781)

Version used: $Revision: 7969 $

References

CVE: CVE-2008-1420, CVE-2009-2663
CERT: DFN-CERT-2010-0984, DFN-CERT-2009-1650, DFN-CERT-2009-1491, DFN-CERT-2009-1155, DFN-CERT-2009-1105
Other: http://www.ubuntu.com/usn/usn-825-1/

general/tcp
High (CVSS: 9.3)
NVT: Ubuntu USN-702-1 (samba) (OID: 1.3.6.1.4.1.25623.1.0.63102)
Summary

The remote host is missing an update to samba announced via advisory USN-702-1.

Vulnerability Detection Result
Package xterm version 229-1ubuntu1 is installed which is known to be vulnerable.
Solution

Solution type: VendorFix

The problem can be corrected by upgrading your system to the following package versions:

Ubuntu 8.10: samba 2:3.2.3-1ubuntu3.4

In general, a standard system upgrade is sufficient to effect the necessary changes.

https://secure1.securityspace.com/smysecure/catid.html?in=USN-702-1

Vulnerability Insight

Gunter Höckel discovered that Samba with registry shares enabled did not properly validate share names. An authenticated user could gain access to the root filesystem by using an older version of smbclient and specifying an empty string as a share name. This is only an issue if registry shares are enabled on the server by setting registry shares = yes, include = registry, or config backend = registry, which is not the default.

Vulnerability Detection Method

Details: Ubuntu USN-702-1 (samba) (OID: 1.3.6.1.4.1.25623.1.0.63102)

Version used: $Revision: 7969 $

References

CVE: CVE-2009-0022, CVE-2006-7236, CVE-2008-2383, CVE-2008-2382
Other: http://www.ubuntu.com/usn/usn-702-1/

general/tcp
High (CVSS: 9.3)
NVT: Ubuntu Update for rdesktop vulnerabilities USN-646-1 (OID: 1.3.6.1.4.1.25623.1.0.840349)
Summary

Ubuntu Update for Linux kernel vulnerabilities USN-646-1

Vulnerability Detection Result
Package rdesktop version 1.5.0-3+cvs20071006 is installed which is known to be vulnerable.
Solution

Solution type: VendorFix

Please Install the Updated Packages.

Affected Software/OS

rdesktop vulnerabilities on Ubuntu 6.06 LTS , Ubuntu 7.04 , Ubuntu 7.10 , Ubuntu 8.04 LTS

Vulnerability Insight

It was discovered that rdesktop did not properly validate the length of packet headers when processing RDP requests. If a user were tricked into connecting to a malicious server, an attacker could cause a denial of service or possible execute arbitrary code with the privileges of the user. (CVE-2008-1801)

Multiple buffer overflows were discovered in rdesktop when processing RDP redirect requests. If a user were tricked into connecting to a malicious server, an attacker could cause a denial of service or possible execute arbitrary code with the privileges of the user. (CVE-2008-1802) It was discovered that rdesktop performed a signed integer comparison when reallocating dynamic buffers which could result in a heap-based overflow. If a user were tricked into connecting to a malicious server, an attacker could cause a denial of service or possible execute arbitrary code with the privileges of the user. (CVE-2008-1802)

Vulnerability Detection Method

Details: Ubuntu Update for rdesktop vulnerabilities USN-646-1 (OID: 1.3.6.1.4.1.25623.1.0.840349)

Version used: $Revision: 7969 $

References

CVE: CVE-2008-1801, CVE-2008-1802, CVE-2008-1803
Other: http://www.ubuntu.com/usn/usn-646-1/
USN:646-1

general/tcp
High (CVSS: 9.3)
NVT: Ubuntu Update for gst-plugins-good0.10 vulnerability USN-611-3 (OID: 1.3.6.1.4.1.25623.1.0.840235)
Summary

Ubuntu Update for Linux kernel vulnerabilities USN-611-3

Vulnerability Detection Result
Package gstreamer0.10-plugins-good version 0.10.7-3 is installed which is known to be vulnerable.
Solution

Solution type: VendorFix

Please Install the Updated Packages.

Affected Software/OS

gst-plugins-good0.10 vulnerability on Ubuntu 6.06 LTS , Ubuntu 7.04 , Ubuntu 7.10 , Ubuntu 8.04 LTS

Vulnerability Insight

USN-611-1 fixed a vulnerability in Speex. This update provides the corresponding update for GStreamer Good Plugins.

Original advisory details: It was discovered that Speex did not properly validate its input when processing Speex file headers. If a user or automated system were tricked into opening a specially crafted Speex file, an attacker could create a denial of service in applications linked against Speex or possibly execute arbitrary code as the user invoking the program.

Vulnerability Detection Method

Details: Ubuntu Update for gst-plugins-good0.10 vulnerability USN-611-3 (OID: 1.3.6.1.4.1.25623.1.0.840235)

Version used: $Revision: 7969 $

References

CVE: CVE-2008-1686
Other: http://www.ubuntu.com/usn/usn-611-3/
USN:611-3

general/tcp
High (CVSS: 9.3)
NVT: Ubuntu Update for freetype vulnerabilities USN-1013-1 (OID: 1.3.6.1.4.1.25623.1.0.840532)
Summary

Ubuntu Update for Linux kernel vulnerabilities USN-1013-1

Vulnerability Detection Result
Package libfreetype6 version 2.3.5-1ubuntu4 is installed which is known to be vulnerable.
Solution

Solution type: VendorFix

Please Install the Updated Packages.

Affected Software/OS

freetype vulnerabilities on Ubuntu 6.06 LTS , Ubuntu 8.04 LTS , Ubuntu 9.10 , Ubuntu 10.04 LTS

Vulnerability Insight

Marc Schoenefeld discovered that FreeType did not correctly handle certain malformed font files. If a user were tricked into using a specially crafted font file, a remote attacker could cause FreeType to crash or possibly execute arbitrary code with user privileges. This issue only affected Ubuntu 6.06 LTS, 8.04 LTS, 9.10 and 10.04 LTS. (CVE-2010-3311)

Chris Evans discovered that FreeType did not correctly handle certain malformed TrueType font files. If a user were tricked into using a specially crafted TrueType file, a remote attacker could cause FreeType to crash or possibly execute arbitrary code with user privileges. This issue only affected Ubuntu 8.04 LTS, 9.10, 10.04 LTS and 10.10. (CVE-2010-3814) It was discovered that FreeType did not correctly handle certain malformed TrueType font files. If a user were tricked into using a specially crafted TrueType file, a remote attacker could cause FreeType to crash or possibly execute arbitrary code with user privileges. (CVE-2010-3855)

Vulnerability Detection Method

Details: Ubuntu Update for freetype vulnerabilities USN-1013-1 (OID: 1.3.6.1.4.1.25623.1.0.840532)

Version used: $Revision: 8287 $

References

CVE: CVE-2010-3311, CVE-2010-3814, CVE-2010-3855
CERT: DFN-CERT-2012-0777, DFN-CERT-2011-0608, DFN-CERT-2011-0401, DFN-CERT-2011-0129, DFN-CERT-2010-1591, DFN-CERT-2010-1575, DFN-CERT-2010-1572, DFN-CERT-2010-1569, DFN-CERT-2010-1567, DFN-CERT-2010-1546, DFN-CERT-2010-1474, DFN-CERT-2010-1424, DFN-CERT-2010-1390, DFN-CERT-2010-1364, DFN-CERT-2010-1361, DFN-CERT-2010-1307, DFN-CERT-2010-1306, DFN-CERT-2010-1305
Other: http://www.ubuntu.com/usn/usn-1013-1/
USN:1013-1

general/tcp
High (CVSS: 9.3)
NVT: Ubuntu USN-703-1 (xterm) (OID: 1.3.6.1.4.1.25623.1.0.63103)
Summary

The remote host is missing an update to xterm announced via advisory USN-703-1.

Vulnerability Detection Result
Package xterm version 229-1ubuntu1 is installed which is known to be vulnerable.
Solution

Solution type: VendorFix

The problem can be corrected by upgrading your system to the following package versions:

Ubuntu 6.06 LTS: xterm 208-3.1ubuntu3.1

Ubuntu 7.10: xterm 229-1ubuntu0.1

Ubuntu 8.04 LTS: xterm 229-1ubuntu1.1

Ubuntu 8.10: xterm 235-1ubuntu1.1

After a standard system upgrade you need to restart any running xterms to effect the necessary changes.

https://secure1.securityspace.com/smysecure/catid.html?in=USN-703-1

Vulnerability Insight

Paul Szabo discovered that the DECRQSS escape sequences were not handled correctly by xterm. Additionally, window title operations were also not safely handled. If a user were tricked into viewing a specially crafted series of characters while in xterm, a remote attacker could execute arbitrary commands with user privileges. (CVE-2006-7236, CVE-2008-2382)

Vulnerability Detection Method

Details: Ubuntu USN-703-1 (xterm) (OID: 1.3.6.1.4.1.25623.1.0.63103)

Version used: $Revision: 7969 $

References

CVE: CVE-2006-7236, CVE-2008-2383, CVE-2008-2382
Other: http://www.ubuntu.com/usn/usn-703-1/

general/tcp
High (CVSS: 9.3)
NVT: Ubuntu USN-779-1 (xulrunner-1.9) (OID: 1.3.6.1.4.1.25623.1.0.64261)
Summary

The remote host is missing an update to xulrunner-1.9 announced via advisory USN-779-1.

Vulnerability Detection Result
Package firefox-gnome-support version 3.0~b5+nobinonly-0ubuntu3 is installed which is known to be vulnerable.
Package xulrunner-1.9-gnome-support version 1.9~b5+nobinonly-0ubuntu3 is installed which is known to be vulnerable.
Package xulrunner-1.9 version 1.9~b5+nobinonly-0ubuntu3 is installed which is known to be vulnerable.
Solution

Solution type: VendorFix

The problem can be corrected by upgrading your system to the following package versions:

Ubuntu 8.04 LTS: firefox-3.0 3.0.11+build2+nobinonly-0ubuntu0.8.04.1 xulrunner-1.9 1.9.0.11+build2+nobinonly-0ubuntu0.8.04.1

Ubuntu 8.10: abrowser 3.0.11+build2+nobinonly-0ubuntu0.8.10.1 firefox-3.0 3.0.11+build2+nobinonly-0ubuntu0.8.10.1 xulrunner-1.9 1.9.0.11+build2+nobinonly-0ubuntu0.8.10.2

Ubuntu 9.04: abrowser 3.0.11+build2+nobinonly-0ubuntu0.9.04.1 firefox-3.0 3.0.11+build2+nobinonly-0ubuntu0.9.04.1 xulrunner-1.9 1.9.0.11+build2+nobinonly-0ubuntu0.9.04.1

After a standard system upgrade you need to restart Firefox and any applications that use xulrunner, such as Epiphany, to effect the necessary changes.

https://secure1.securityspace.com/smysecure/catid.html?in=USN-779-1

Vulnerability Insight

Several flaws were discovered in the browser and JavaScript engines of Firefox. If a user were tricked into viewing a malicious website, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2009-1392, CVE-2009-1832, CVE-2009-1833, CVE-2009-1837, CVE-2009-1838)

Pavel Cvrcek discovered that Firefox would sometimes display certain invalid Unicode characters as whitespace. An attacker could exploit this to spoof the location bar, such as in a phishing attack. (CVE-2009-1834)

Gregory Fleischer, Adam Barth and Collin Jackson discovered that Firefox would allow access to local files from resources loaded via the file: protocol. If a user were tricked into downloading then opening a malicious file, an attacker could steal potentially sensitive information. (CVE-2009-1835, CVE-2009-1839)

Shuo Chen, Ziqing Mao, Yi-Min Wang, and Ming Zhang discovered that Firefox did not properly handle error responses when connecting to a proxy server. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to view sensitive information. (CVE-2009-1836)

Wladimir Palant discovered Firefox did not check content-loading policies when loading external script files into XUL documents. As a result, Firefox might load malicious content under certain circumstances. (CVE-2009-1840)

It was discovered that Firefox could be made to run scripts with elevated privileges. If a user were tricked into viewing a malicious website, an attacker could cause a chrome privileged object, such as the browser sidebar, to run arbitrary code via interactions with the attacker controlled website. (CVE-2009-1841)

Vulnerability Detection Method

Details: Ubuntu USN-779-1 (xulrunner-1.9) (OID: 1.3.6.1.4.1.25623.1.0.64261)

Version used: $Revision: 7969 $

References

CVE: CVE-2009-1832, CVE-2009-1833, CVE-2009-1834, CVE-2009-1835, CVE-2009-1836, CVE-2009-1837, CVE-2009-1838, CVE-2009-1839, CVE-2009-1840, CVE-2009-1841, CVE-2009-1392
CERT: DFN-CERT-2009-1148, DFN-CERT-2009-1062, DFN-CERT-2009-1032
Other: http://www.ubuntu.com/usn/usn-779-1/

general/tcp
High (CVSS: 9.3)
NVT: Adobe Flash Player Multiple Vulnerabilities - 02 Apr14 (Linux) (OID: 1.3.6.1.4.1.25623.1.0.804539)
Summary

This host is installed with Adobe Flash Player and is prone to multiple vulnerabilities.

Vulnerability Detection Result

Vulnerability was detected according to the Vulnerability Detection Method.

Impact

Successful exploitation will allow attackers to conduct cross-site scripting attacks, bypass certain security restrictions, and compromise a user's system.

Impact Level: System/Application

Solution

Solution type: VendorFix

Update to Adobe Flash Player version 11.2.202.350 or later, For updates refer to http://get.adobe.com/flashplayer

Affected Software/OS

Adobe Flash Player version before 11.2.202.350 on Linux

Vulnerability Insight

Multiple flaws are due to, - An error related to regular expressions in ActionScript. - An use-after-free error and multiple unspecified errors.

Vulnerability Detection Method

Get the installed version with the help of detect NVT and check the version is vulnerable or not.

Details: Adobe Flash Player Multiple Vulnerabilities - 02 Apr14 (Linux) (OID: 1.3.6.1.4.1.25623.1.0.804539)

Version used: $Revision: 6759 $

References

CVE: CVE-2014-0507, CVE-2014-0508, CVE-2014-0509
BID: 66701, 66699, 66703
CERT: CB-K14/0409, DFN-CERT-2014-0428
Other: http://secunia.com/advisories/57661
http://helpx.adobe.com/security/products/flash-player/apsb14-09.html

general/tcp
High (CVSS: 9.3)
NVT: Ubuntu USN-697-1 (imlib2) (OID: 1.3.6.1.4.1.25623.1.0.63073)
Summary

The remote host is missing an update to imlib2 announced via advisory USN-697-1.

Vulnerability Detection Result
Package openoffice.org-help-en-gb version 2.4.0-3ubuntu1 is installed which is known to be vulnerable.
Package openoffice.org-help-en-us version 2.4.0-3ubuntu1 is installed which is known to be vulnerable.
Package openoffice.org-l10n-common version 2.4.0-3ubuntu1 is installed which is known to be vulnerable.
Package openoffice.org-l10n-en-gb version 2.4.0-3ubuntu1 is installed which is known to be vulnerable.
Package openoffice.org-l10n-en-za version 2.4.0-3ubuntu1 is installed which is known to be vulnerable.
Solution

Solution type: VendorFix

The problem can be corrected by upgrading your system to the following package versions:

Ubuntu 6.06 LTS: libimlib2 1.2.1-2ubuntu0.4

Ubuntu 7.10: libimlib2 1.3.0.0debian1-4ubuntu0.2

Ubuntu 8.04 LTS: libimlib2 1.4.0-1ubuntu1.2

After a standard system upgrade you need to restart any applications that use Imlib2 to effect the necessary changes.

https://secure1.securityspace.com/smysecure/catid.html?in=USN-697-1

Vulnerability Insight

It was discovered that Imlib2 did not correctly handle certain malformed XPM and PNG images. If a user were tricked into opening a specially crafted image with an application that uses Imlib2, an attacker could cause a denial of service and possibly execute arbitrary code with the user's privileges.

Vulnerability Detection Method

Details: Ubuntu USN-697-1 (imlib2) (OID: 1.3.6.1.4.1.25623.1.0.63073)

Version used: $Revision: 7969 $

References

CVE: CVE-2008-2426, CVE-2008-2434, CVE-2008-5027, CVE-2008-4242, CVE-2007-3372, CVE-2008-5081, CVE-2008-4577, CVE-2008-4870, CVE-2008-5140, CVE-2008-5312, CVE-2008-5313, CVE-2008-4844, CVE-2008-2237, CVE-2008-2238, CVE-2008-4937
CERT: DFN-CERT-2010-1370
Other: http://www.ubuntu.com/usn/usn-697-1/

general/tcp
High (CVSS: 9.3)
NVT: Ubuntu Update for samba regression USN-617-2 (OID: 1.3.6.1.4.1.25623.1.0.840293)
Summary

Ubuntu Update for Linux kernel vulnerabilities USN-617-2

Vulnerability Detection Result
Package libsmbclient version 3.0.28a-1ubuntu4 is installed which is known to be vulnerable.
Solution

Solution type: VendorFix

Please Install the Updated Packages.

Affected Software/OS

samba regression on Ubuntu 6.06 LTS , Ubuntu 7.04 , Ubuntu 7.10 , Ubuntu 8.04 LTS

Vulnerability Insight

USN-617-1 fixed vulnerabilities in Samba. The upstream patch introduced a regression where under certain circumstances accessing large files might cause the client to report an invalid packet length error. This update fixes the problem.

We apologize for the inconvenience. Original advisory details: Samba developers discovered that nmbd could be made to overrun a buffer during the processing of GETDC logon server requests. When samba is configured as a Primary or Backup Domain Controller, a remote attacker could send malicious logon requests and possibly cause a denial of service. (CVE-2007-4572) Alin Rad Pop of Secunia Research discovered that Samba did not properly perform bounds checking when parsing SMB replies. A remote attacker could send crafted SMB packets and execute arbitrary code. (CVE-2008-1105)

Vulnerability Detection Method

Details: Ubuntu Update for samba regression USN-617-2 (OID: 1.3.6.1.4.1.25623.1.0.840293)

Version used: $Revision: 7969 $

References

CVE: CVE-2008-1105, CVE-2007-4572
Other: http://www.ubuntu.com/usn/usn-617-2/
USN:617-2

general/tcp
High (CVSS: 9.3)
NVT: Ubuntu Update for linux, linux-source-2.6.15/22 vulnerabilities USN-659-1 (OID: 1.3.6.1.4.1.25623.1.0.840224)
Summary

Ubuntu Update for Linux kernel vulnerabilities USN-659-1

Vulnerability Detection Result
Package linux-libc-dev version 2.6.24-16.30 is installed which is known to be vulnerable.
Solution

Solution type: VendorFix

Please Install the Updated Packages.

Affected Software/OS

linux, linux-source-2.6.15/22 vulnerabilities on Ubuntu 6.06 LTS , Ubuntu 7.10 , Ubuntu 8.04 LTS

Vulnerability Insight

It was discovered that the direct-IO subsystem did not correctly validate certain structures. A local attacker could exploit this to cause a system crash, leading to a denial of service. (CVE-2007-6716)

It was discovered that the disabling of the ZERO_PAGE optimization could lead to large memory consumption. A local attacker could exploit this to allocate all available memory, leading to a denial of service. (CVE-2008-2372) It was discovered that the Datagram Congestion Control Protocol (DCCP) did not correctly validate its arguments. If DCCP was in use, a remote attacker could send specially crafted network traffic and cause a system crash, leading to a denial of service. (CVE-2008-3276) It was discovered that the SBNI WAN driver did not correctly check for the NET_ADMIN capability. A malicious local root user lacking CAP_NET_ADMIN would be able to change the WAN device configuration, leading to a denial of service. (CVE-2008-3525) It was discovered that the Stream Control Transmission Protocol (SCTP) did not correctly validate the key length in the SCTP_AUTH_KEY option. If SCTP is in use, a remote attacker could send specially crafted network traffic that would crash the system, leading to a denial of service. (CVE-2008-3526) It was discovered that the tmpfs implementation did not correctly handle certain sequences of inode operations. A local attacker could exploit this to crash the system, leading to a denial of service. (CVE-2008-3534) It was discovered that the readv/writev functions did not correctly handle certain sequences of file operations. A local attacker could exploit this to crash the system, leading to a denial of service. (CVE-2008-3535) It was discovered that SCTP did not correctly validate its userspace arguments. A local attacker could call certain sctp_* functions with malicious options and cause a system crash, leading to a denial of service. (CVE-2008-3792, CVE-2008-4113, CVE-2008-4445) Johann Dahm and David Richter discovered that NFSv4 did not correctly handle certain file ACLs. If NFSv4 is in use, a local attacker could create a malicious ACL that could cause a system crash, leading to a denial of service. (CVE-2008-3915)

Vulnerability Detection Method

Details: Ubuntu Update for linux, linux-source-2.6.15/22 vulnerabilities USN-659-1 (OID: 1.3.6.1.4.1.25623.1.0.840224)

Version used: $Revision: 7969 $

References

CVE: CVE-2007-6716, CVE-2008-2372, CVE-2008-3276, CVE-2008-3525, CVE-2008-3526, CVE-2008-3534, CVE-2008-3535, CVE-2008-3792, CVE-2008-3915, CVE-2008-4113, CVE-2008-4445
CERT: DFN-CERT-2009-1481
Other: http://www.ubuntu.com/usn/usn-659-1/
USN:659-1

general/tcp
High (CVSS: 9.3)
NVT: Ubuntu USN-873-1 (xulrunner-1.9) (OID: 1.3.6.1.4.1.25623.1.0.66605)
Summary

The remote host is missing an update to xulrunner-1.9 announced via advisory USN-873-1.

Vulnerability Detection Result
Package firefox-gnome-support version 3.0~b5+nobinonly-0ubuntu3 is installed which is known to be vulnerable.
Package xulrunner-1.9-gnome-support version 1.9~b5+nobinonly-0ubuntu3 is installed which is known to be vulnerable.
Package xulrunner-1.9 version 1.9~b5+nobinonly-0ubuntu3 is installed which is known to be vulnerable.
Solution

Solution type: VendorFix

The problem can be corrected by upgrading your system to the following package versions:

Ubuntu 8.04 LTS: firefox-3.0 3.0.16+nobinonly-0ubuntu0.8.04.1 xulrunner-1.9 1.9.0.16+nobinonly-0ubuntu0.8.04.1

Ubuntu 8.10: abrowser 3.0.16+nobinonly-0ubuntu0.8.10.1 firefox-3.0 3.0.16+nobinonly-0ubuntu0.8.10.1 xulrunner-1.9 1.9.0.16+nobinonly-0ubuntu0.8.10.1

Ubuntu 9.04: abrowser 3.0.16+nobinonly-0ubuntu0.9.04.1 firefox-3.0 3.0.16+nobinonly-0ubuntu0.9.04.1 xulrunner-1.9 1.9.0.16+nobinonly-0ubuntu0.9.04.1

After a standard system upgrade you need to restart Firefox and any applications that use xulrunner to effect the necessary changes.

https://secure1.securityspace.com/smysecure/catid.html?in=USN-873-1

Vulnerability Insight

Jesse Ruderman, Josh Soref, Martijn Wargers, Jose Angel, Olli Pettay, and David James discovered several flaws in the browser and JavaScript engines of Firefox. If a user were tricked into viewing a malicious website, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2009-3979, CVE-2009-3981, CVE-2009-3986)

Takehiro Takahashi discovered flaws in the NTLM implementation in Firefox. If an NTLM authenticated user visited a malicious website, a remote attacker could send requests to other applications, authenticated as the user. (CVE-2009-3983)

Jonathan Morgan discovered that Firefox did not properly display SSL indicators under certain circumstances. This could be used by an attacker to spoof an encrypted page, such as in a phishing attack. (CVE-2009-3984)

Jordi Chancel discovered that Firefox did not properly display invalid URLs for a blank page. If a user were tricked into accessing a malicious website, an attacker could exploit this to spoof the location bar, such as in a phishing attack. (CVE-2009-3985)

Vulnerability Detection Method

Details: Ubuntu USN-873-1 (xulrunner-1.9) (OID: 1.3.6.1.4.1.25623.1.0.66605)

Version used: $Revision: 7969 $

References

CVE: CVE-2009-3979, CVE-2009-3981, CVE-2009-3983, CVE-2009-3984, CVE-2009-3985, CVE-2009-3986
CERT: DFN-CERT-2010-0775, DFN-CERT-2010-0593, DFN-CERT-2010-0584, DFN-CERT-2010-0369, DFN-CERT-2010-0036, DFN-CERT-2009-1827, DFN-CERT-2009-1826, DFN-CERT-2009-1825, DFN-CERT-2009-1802, DFN-CERT-2009-1800, DFN-CERT-2009-1795, DFN-CERT-2009-1790, DFN-CERT-2009-1784, DFN-CERT-2009-1783
Other: http://www.ubuntu.com/usn/usn-873-1/

general/tcp
High (CVSS: 9.3)
NVT: Adobe Flash Player Security Updates( apsb17-23 )-Linux (OID: 1.3.6.1.4.1.25623.1.0.811609)
Summary

This host is installed with Adobe Flash Player and is prone to multiple vulnerabilities.

Vulnerability Detection Result
Installed version: 10.3.183.68
Fixed version:     26.0.0.151
Impact

Successful exploitation of this vulnerability will allow remote attackers to execute remote code and can get sensitive information.

Impact Level: System/Application

Solution

Solution type: VendorFix

Upgrade to Adobe Flash Player version 26.0.0.151, or later. For updates refer to http://get.adobe.com/flashplayer

Affected Software/OS

Adobe Flash Player version before 26.0.0.151 on Linux.

Vulnerability Insight

The multiple flaws exists due to, - A security bypass vulnerability.

- A type confusion.

Vulnerability Detection Method

Get the installed version with the help of detect NVT and check the version is vulnerable or not.

Details: Adobe Flash Player Security Updates( apsb17-23 )-Linux (OID: 1.3.6.1.4.1.25623.1.0.811609)

Version used: $Revision: 6971 $

References

CVE: CVE-2017-3085, CVE-2017-3106
CERT: CB-K17/1334, DFN-CERT-2017-1391
Other: https://helpx.adobe.com/security/products/flash-player/apsb17-23.html

general/tcp
High (CVSS: 9.3)
NVT: Ubuntu Update for Firefox and Xulrunner vulnerabilities USN-997-1 (OID: 1.3.6.1.4.1.25623.1.0.840518)
Summary

Ubuntu Update for Linux kernel vulnerabilities USN-997-1

Vulnerability Detection Result
Package firefox-gnome-support version 3.0~b5+nobinonly-0ubuntu3 is installed which is known to be vulnerable.
Solution

Solution type: VendorFix

Please Install the Updated Packages.

Affected Software/OS

Firefox and Xulrunner vulnerabilities on Ubuntu 8.04 LTS , Ubuntu 9.04 , Ubuntu 9.10 , Ubuntu 10.04 LTS

Vulnerability Insight

Paul Nickerson, Jesse Ruderman, Olli Pettay, Igor Bukanov, Josh Soref, Gary Kwong, Martijn Wargers, Siddharth Agarwal and Michal Zalewski discovered various flaws in the browser engine. An attacker could exploit this to crash the browser or possibly run arbitrary code as the user invoking the program. (CVE-2010-3175, CVE-2010-3176)

Alexander Miller, Sergey Glazunov, and others discovered several flaws in the JavaScript engine. An attacker could exploit this to crash the browser or possibly run arbitrary code as the user invoking the program. (CVE-2010-3179, CVE-2010-3180, CVE-2010-3183) Robert Swiecki discovered that Firefox did not properly validate Gopher URLs. If a user were tricked into opening a crafted file via Gopher, an attacker could possibly run arbitrary JavaScript. (CVE-2010-3177) Eduardo Vela Nava discovered that Firefox could be made to violate the same-origin policy by using modal calls with JavaScript. An attacker could exploit this to steal information from another site. (CVE-2010-3178) Dmitri GribenkoDmitri Gribenko discovered that Firefox did not properly setup the LD_LIBRARY_PATH environment variable. A local attacker could exploit this to execute arbitrary code as the user invoking the program. (CVE-2010-3182)

Vulnerability Detection Method

Details: Ubuntu Update for Firefox and Xulrunner vulnerabilities USN-997-1 (OID: 1.3.6.1.4.1.25623.1.0.840518)

Version used: $Revision: 8338 $

References

CVE: CVE-2010-3175, CVE-2010-3176, CVE-2010-3177, CVE-2010-3178, CVE-2010-3179, CVE-2010-3180, CVE-2010-3182, CVE-2010-3183
CERT: DFN-CERT-2011-0696, DFN-CERT-2011-0386, DFN-CERT-2011-0033, DFN-CERT-2010-1584, DFN-CERT-2010-1536, DFN-CERT-2010-1529, DFN-CERT-2010-1513, DFN-CERT-2010-1485, DFN-CERT-2010-1478, DFN-CERT-2010-1477, DFN-CERT-2010-1463, DFN-CERT-2010-1446, DFN-CERT-2010-1438, DFN-CERT-2010-1418, DFN-CERT-2010-1417, DFN-CERT-2010-1399, DFN-CERT-2010-1398, DFN-CERT-2010-1397
Other: http://www.ubuntu.com/usn/usn-997-1/
USN:997-1

general/tcp
High (CVSS: 9.3)
NVT: Ubuntu Update for gimp vulnerabilities USN-1109-1 (OID: 1.3.6.1.4.1.25623.1.0.840634)
Summary

Ubuntu Update for Linux kernel vulnerabilities USN-1109-1

Vulnerability Detection Result
Package gimp-gnomevfs version 2.4.5-1ubuntu2 is installed which is known to be vulnerable.
Solution

Solution type: VendorFix

Please Install the Updated Packages.

Affected Software/OS

gimp vulnerabilities on Ubuntu 8.04 LTS , Ubuntu 9.10 , Ubuntu 10.04 LTS , Ubuntu 10.10

Vulnerability Insight

It was discovered that GIMP incorrectly handled malformed data in certain plugin configuration files. If a user were tricked into opening a specially crafted plugin configuration file, an attacker could cause GIMP to crash, or possibly execute arbitrary code with the user's privileges. The default compiler options for affected releases should reduce the vulnerability to a denial of service. (CVE-2010-4540, CVE-2010-4541, CVE-2010-4542)

It was discovered that GIMP incorrectly handled malformed PSP image files. If a user were tricked into opening a specially crafted PSP image file, an attacker could cause GIMP to crash, or possibly execute arbitrary code with the user's privileges. (CVE-2010-4543)

Vulnerability Detection Method

Details: Ubuntu Update for gimp vulnerabilities USN-1109-1 (OID: 1.3.6.1.4.1.25623.1.0.840634)

Version used: $Revision: 7964 $

References

CVE: CVE-2010-4540, CVE-2010-4541, CVE-2010-4542, CVE-2010-4543
CERT: DFN-CERT-2012-0422, DFN-CERT-2011-1676, DFN-CERT-2011-0894, DFN-CERT-2011-0889, DFN-CERT-2011-0855, DFN-CERT-2011-0854, DFN-CERT-2011-0853, DFN-CERT-2011-0837, DFN-CERT-2011-0835, DFN-CERT-2011-0492
Other: http://www.ubuntu.com/usn/usn-1109-1/
USN:1109-1

3632/tcp
High (CVSS: 9.3)
NVT: DistCC Remote Code Execution Vulnerability (OID: 1.3.6.1.4.1.25623.1.0.103553)
Summary

DistCC 2.x, as used in XCode 1.5 and others, when not configured to restrict access to the server port, allows remote attackers to execute arbitrary commands via compilation jobs, which are executed by the server without authorization checks.

Vulnerability Detection Result
It was possible to execute the "id" command.

Result: uid=0(root) gid=0(root)
Solution

Solution type: VendorFix

Vendor updates are available. Please see the references for more information.

Vulnerability Detection Method

Details: DistCC Remote Code Execution Vulnerability (OID: 1.3.6.1.4.1.25623.1.0.103553)

Version used: $Revision: 5120 $

References

CVE: CVE-2004-2687
Other: http://distcc.samba.org/security.html
http://archives.neohapsis.com/archives/bugtraq/2005-03/0183.html

general/tcp
High (CVSS: 8.5)
NVT: Ubuntu Update for MySQL vulnerabilities USN-897-1 (OID: 1.3.6.1.4.1.25623.1.0.840384)
Summary

Ubuntu Update for Linux kernel vulnerabilities USN-897-1

Vulnerability Detection Result
Package libmysqlclient15-dev version 5.0.51a-3ubuntu5 is installed which is known to be vulnerable.
Solution

Solution type: VendorFix

Please Install the Updated Packages.

Affected Software/OS

MySQL vulnerabilities on Ubuntu 6.06 LTS , Ubuntu 8.04 LTS , Ubuntu 8.10 , Ubuntu 9.04 , Ubuntu 9.10

Vulnerability Insight

It was discovered that MySQL could be made to overwrite existing table files in the data directory. An authenticated user could use the DATA DIRECTORY and INDEX DIRECTORY options to possibly bypass privilege checks. This update alters table creation behaviour by disallowing the use of the MySQL data directory in DATA DIRECTORY and INDEX DIRECTORY options. This issue only affected Ubuntu 8.10. (CVE-2008-4098)

It was discovered that MySQL contained a cross-site scripting vulnerability in the command-line client when the --html option is enabled. An attacker could place arbitrary web script or html in a database cell, which would then get placed in the html document output by the command-line tool. This issue only affected Ubuntu 6.06 LTS, 8.04 LTS, 8.10 and 9.04. (CVE-2008-4456) It was discovered that MySQL could be made to overwrite existing table files in the data directory. An authenticated user could use symlinks combined with the DATA DIRECTORY and INDEX DIRECTORY options to possibly bypass privilege checks. This issue only affected Ubuntu 9.10. (CVE-2008-7247) It was discovered that MySQL contained multiple format string flaws when logging database creation and deletion. An authenticated user could use specially crafted database names to make MySQL crash, causing a denial of service. This issue only affected Ubuntu 6.06 LTS, 8.04 LTS, 8.10 and 9.04. (CVE-2009-2446) It was discovered that MySQL incorrectly handled errors when performing certain SELECT statements, and did not preserve correct flags when performing statements that use the GeomFromWKB function. An authenticated user could exploit this to make MySQL crash, causing a denial of service. (CVE-2009-4019) It was discovered that MySQL incorrectly checked symlinks when using the DATA DIRECTORY and INDEX DIRECTORY options. A local user could use symlinks to create tables that pointed to tables known to be created at a later time, bypassing access restrictions. (CVE-2009-4030) It was discovered that MySQL contained a buffer overflow when parsing ssl certificates. A remote attacker could send crafted requests and cause a denial of service or possibly execute arbitrary code. This issue did not affect Ubuntu 6.06 LTS and the default compiler options for affected releases should reduce the vulnerability to a denial of service. In the default installation, attackers would also be isolated by the AppArmor MySQL profile. (CVE-2009-4484)

Vulnerability Detection Method

Details: Ubuntu Update for MySQL vulnerabilities USN-897-1 (OID: 1.3.6.1.4.1.25623.1.0.840384)

Version used: $Revision: 8287 $

References

CVE: CVE-2008-4098, CVE-2008-4456, CVE-2008-7247, CVE-2009-2446, CVE-2009-4019, CVE-2009-4030, CVE-2009-4484
CERT: DFN-CERT-2013-0042, DFN-CERT-2010-1568, DFN-CERT-2010-0639, DFN-CERT-2010-0462, DFN-CERT-2010-0256, DFN-CERT-2010-0232, DFN-CERT-2010-0214, DFN-CERT-2010-0145, DFN-CERT-2010-0078, DFN-CERT-2009-1814, DFN-CERT-2009-1769, DFN-CERT-2009-1728, DFN-CERT-2009-1340, DFN-CERT-2009-1243, DFN-CERT-2009-1235, DFN-CERT-2009-1231
Other: http://www.ubuntu.com/usn/usn-897-1/
USN:897-1

general/tcp
High (CVSS: 8.5)
NVT: Ubuntu Update for perl USN-1129-1 (OID: 1.3.6.1.4.1.25623.1.0.840647)
Summary

Ubuntu Update for Linux kernel vulnerabilities USN-1129-1

Vulnerability Detection Result
Package perl version 5.8.8-12 is installed which is known to be vulnerable.
Solution

Solution type: VendorFix

Please Install the Updated Packages.

Affected Software/OS

perl on Ubuntu 11.04 , Ubuntu 10.10 , Ubuntu 10.04 LTS , Ubuntu 8.04 LTS , Ubuntu 6.06 LTS

Vulnerability Insight

It was discovered that the Safe.pm Perl module incorrectly handled Safe::reval and Safe::rdo access restrictions. An attacker could use this flaw to bypass intended restrictions and possibly execute arbitrary code. (CVE-2010-1168, CVE-2010-1447)

It was discovered that the CGI.pm Perl module incorrectly handled certain MIME boundary strings. An attacker could use this flaw to inject arbitrary HTTP headers and perform HTTP response splitting and cross-site scripting attacks. This issue only affected Ubuntu 6.06 LTS, 8.04 LTS, 10.04 LTS and 10.10. (CVE-2010-2761, CVE-2010-4411) It was discovered that the CGI.pm Perl module incorrectly handled newline characters. An attacker could use this flaw to inject arbitrary HTTP headers and perform HTTP response splitting and cross-site scripting attacks. This issue only affected Ubuntu 6.06 LTS, 8.04 LTS, 10.04 LTS and 10.10. (CVE-2010-4410) It was discovered that the lc, lcfirst, uc, and ucfirst functions did not properly apply the taint attribute when processing tainted input. An attacker could use this flaw to bypass intended restrictions. This issue only affected Ubuntu 8.04 LTS, 10.04 LTS and 10.10. (CVE-2011-1487)

Vulnerability Detection Method

Details: Ubuntu Update for perl USN-1129-1 (OID: 1.3.6.1.4.1.25623.1.0.840647)

Version used: $Revision: 7964 $

References

CVE: CVE-2010-1168, CVE-2010-1447, CVE-2010-2761, CVE-2010-4411, CVE-2010-4410, CVE-2011-1487
CERT: CB-K16/0564, CB-K15/1514, DFN-CERT-2012-1908, DFN-CERT-2012-1697, DFN-CERT-2011-1870, DFN-CERT-2011-1011, DFN-CERT-2011-0967, DFN-CERT-2011-0791, DFN-CERT-2011-0775, DFN-CERT-2011-0771, DFN-CERT-2011-0703, DFN-CERT-2011-0650, DFN-CERT-2011-0624, DFN-CERT-2011-0595, DFN-CERT-2011-0578, DFN-CERT-2011-0492, DFN-CERT-2011-0181, DFN-CERT-2011-0142, DFN-CERT-2011-0135, DFN-CERT-2011-0127, DFN-CERT-2011-0111, DFN-CERT-2011-0066, DFN-CERT-2011-0038, DFN-CERT-2010-1704, DFN-CERT-2010-1689, DFN-CERT-2010-1647, DFN-CERT-2010-1135, DFN-CERT-2010-1117, DFN-CERT-2010-1046, DFN-CERT-2010-0976, DFN-CERT-2010-0774, DFN-CERT-2010-0773, DFN-CERT-2010-0740
Other: http://www.ubuntu.com/usn/usn-1129-1/
USN:1129-1

3632/tcp
High (CVSS: 8.5)
NVT: DistCC Detection (OID: 1.3.6.1.4.1.25623.1.0.12638)
Summary

DistCC is a program to distribute builds of C, C++, Objective C or Objective C++ code across several machines on a network. DistCC should always generate the same results as a local build, is simple to install and use, and is often two or more times faster than a local compile.

Vulnerability Detection Result

Vulnerability was detected according to the Vulnerability Detection Method.

Impact

DistCC by default trusts its clients completely that in turn could allow a malicious client to execute arbitrary commands on the server.

Solution

Solution type: Mitigation

For more information about DistCC's security see: http://distcc.samba.org/security.html

Vulnerability Detection Method

Details: DistCC Detection (OID: 1.3.6.1.4.1.25623.1.0.12638)

Version used: $Revision: 8143 $

general/tcp
High (CVSS: 7.9)
NVT: Ubuntu Update for samba USN-1374-1 (OID: 1.3.6.1.4.1.25623.1.0.840908)
Summary

Ubuntu Update for Linux kernel vulnerabilities USN-1374-1

Vulnerability Detection Result
Package samba version 3.0.28a-1ubuntu4 is installed which is known to be vulnerable.
Solution

Solution type: VendorFix

Please Install the Updated Packages.

Affected Software/OS

samba on Ubuntu 8.04 LTS

Vulnerability Insight

Andy Davis discovered that Samba incorrectly handled certain AndX offsets. A remote attacker could send a specially crafted request to the server and cause a denial of service, or possibly execute arbitrary code.

Vulnerability Detection Method

Details: Ubuntu Update for samba USN-1374-1 (OID: 1.3.6.1.4.1.25623.1.0.840908)

Version used: $Revision: 8671 $

References

CVE: CVE-2012-0870
CERT: DFN-CERT-2012-0730, DFN-CERT-2012-0727, DFN-CERT-2012-0721, DFN-CERT-2012-0462, DFN-CERT-2012-0444, DFN-CERT-2012-0390, DFN-CERT-2012-0356
Other: http://www.ubuntu.com/usn/usn-1374-1/
USN:1374-1

general/tcp
High (CVSS: 7.9)
NVT: Ubuntu Update for linux vulnerabilities USN-1072-1 (OID: 1.3.6.1.4.1.25623.1.0.840594)
Summary

Ubuntu Update for Linux kernel vulnerabilities USN-1072-1

Vulnerability Detection Result
Package linux-libc-dev version 2.6.24-16.30 is installed which is known to be vulnerable.
Solution

Solution type: VendorFix

Please Install the Updated Packages.

Affected Software/OS

linux vulnerabilities on Ubuntu 8.04 LTS

Vulnerability Insight

Gleb Napatov discovered that KVM did not correctly check certain privileged operations. A local attacker with access to a guest kernel could exploit this to crash the host system, leading to a denial of service. (CVE-2010-0435)

Dave Chinner discovered that the XFS filesystem did not correctly order inode lookups when exported by NFS. A remote attacker could exploit this to read or write disk blocks that had changed file assignment or had become unlinked, leading to a loss of privacy. (CVE-2010-2943) Dan Rosenberg discovered that several network ioctls did not clear kernel memory correctly. A local user could exploit this to read kernel stack memory, leading to a loss of privacy. (CVE-2010-3296, CVE-2010-3297) Dan Jacobson discovered that ThinkPad video output was not correctly access controlled. A local attacker could exploit this to hang the system, leading to a denial of service. (CVE-2010-3448) It was discovered that KVM did not correctly initialize certain CPU registers. A local attacker could exploit this to crash the system, leading to a denial of service. (CVE-2010-3698) It was discovered that Xen did not correctly clean up threads. A local attacker in a guest system could exploit this to exhaust host system resources, leading to a denial of serivce. (CVE-2010-3699) Brad Spengler discovered that stack memory for new a process was not correctly calculated. A local attacker could exploit this to crash the system, leading to a denial of service. (CVE-2010-3858) Dan Rosenberg discovered that the Linux kernel TIPC implementation contained multiple integer signedness errors. A local attacker could exploit this to gain root privileges. (CVE-2010-3859) Dan Rosenberg discovered that the Linux kernel X.25 implementation incorrectly parsed facilities. A remote attacker could exploit this to crash the kernel, leading to a denial of service. (CVE-2010-3873) Vasiliy Kulikov discovered that the Linux kernel X.25 implementation did not correctly clear kernel memory. A local attacker could exploit this to read kernel stack memory, leading to a loss of privacy. (CVE-2010-3875) Vasiliy Kulikov discovered that the Linux kernel sockets implementation did not properly initialize certain structures. A local attacker could exploit this to read kernel stack memory, leading to a loss of privacy. (CVE-2010-3876) Vasiliy Kulikov discovered that the TIPC interface did not correctly initialize certain structures. A local attacker could exploit this to read kernel stack memory, leading to a l ...

Description truncated, for more information please check the Reference URL

Vulnerability Detection Method

Details: Ubuntu Update for linux vulnerabilities USN-1072-1 (OID: 1.3.6.1.4.1.25623.1.0.840594)

Version used: $Revision: 7964 $

References

CVE: CVE-2010-0435, CVE-2010-2943, CVE-2010-3296, CVE-2010-3297, CVE-2010-3448, CVE-2010-3698, CVE-2010-3699, CVE-2010-3858, CVE-2010-3859, CVE-2010-3873, CVE-2010-3875, CVE-2010-3876, CVE-2010-3877, CVE-2010-3880, CVE-2010-4072, CVE-2010-4074, CVE-2010-4078, CVE-2010-4079, CVE-2010-4080, CVE-2010-4081, CVE-2010-4083, CVE-2010-4157, CVE-2010-4160, CVE-2010-4248
CERT: DFN-CERT-2013-1068, DFN-CERT-2013-1066, DFN-CERT-2013-0889, DFN-CERT-2012-2075, DFN-CERT-2012-1272, DFN-CERT-2012-0473, DFN-CERT-2012-0239, DFN-CERT-2012-0238, DFN-CERT-2012-0209, DFN-CERT-2012-0204, DFN-CERT-2011-1704, DFN-CERT-2011-1670, DFN-CERT-2011-1594, DFN-CERT-2011-1259, DFN-CERT-2011-0979, DFN-CERT-2011-0964, DFN-CERT-2011-0918, DFN-CERT-2011-0864, DFN-CERT-2011-0819, DFN-CERT-2011-0731, DFN-CERT-2011-0681, DFN-CERT-2011-0676, DFN-CERT-2011-0598, DFN-CERT-2011-0525, DFN-CERT-2011-0443, DFN-CERT-2011-0411, DFN-CERT-2011-0351, DFN-CERT-2011-0338, DFN-CERT-2011-0324, DFN-CERT-2011-0225, DFN-CERT-2011-0187, DFN-CERT-2011-0186, DFN-CERT-2011-0150, DFN-CERT-2011-0134, DFN-CERT-2011-0110, DFN-CERT-2011-0077, DFN-CERT-2011-0065, DFN-CERT-2011-0050, DFN-CERT-2011-0042, DFN-CERT-2011-0030, DFN-CERT-2011-0008, DFN-CERT-2011-0005, DFN-CERT-2011-0004, DFN-CERT-2010-1761, DFN-CERT-2010-1717, DFN-CERT-2010-1715, DFN-CERT-2010-1668, DFN-CERT-2010-1657, DFN-CERT-2010-1649, DFN-CERT-2010-1646, DFN-CERT-2010-1636, DFN-CERT-2010-1623, DFN-CERT-2010-1540, DFN-CERT-2010-1489, DFN-CERT-2010-1440, DFN-CERT-2010-1372, DFN-CERT-2010-1363, DFN-CERT-2010-1292, DFN-CERT-2010-1270, DFN-CERT-2010-1267, DFN-CERT-2010-1262, DFN-CERT-2010-1071
Other: http://www.ubuntu.com/usn/usn-1072-1/
USN:1072-1

general/tcp
High (CVSS: 7.9)
NVT: Ubuntu Update for cups, cupsys vulnerability USN-1012-1 (OID: 1.3.6.1.4.1.25623.1.0.840531)
Summary

Ubuntu Update for Linux kernel vulnerabilities USN-1012-1

Vulnerability Detection Result
Package cupsys-bsd version 1.3.7-1ubuntu3 is installed which is known to be vulnerable.
Solution

Solution type: VendorFix

Please Install the Updated Packages.

Affected Software/OS

cups, cupsys vulnerability on Ubuntu 6.06 LTS , Ubuntu 8.04 LTS , Ubuntu 9.10 , Ubuntu 10.04 LTS

Vulnerability Insight

Emmanuel Bouillon discovered that CUPS did not properly handle certain Internet Printing Protocol (IPP) packets. A remote attacker could use this flaw to cause a denial of service or possibly execute arbitrary code. In the default installation in Ubuntu 8.04 LTS and later, attackers would be isolated by the CUPS AppArmor profile.

Vulnerability Detection Method

Details: Ubuntu Update for cups, cupsys vulnerability USN-1012-1 (OID: 1.3.6.1.4.1.25623.1.0.840531)

Version used: $Revision: 8258 $

References

CVE: CVE-2010-2941
CERT: DFN-CERT-2011-0389, DFN-CERT-2011-0279, DFN-CERT-2011-0033, DFN-CERT-2010-1664, DFN-CERT-2010-1598, DFN-CERT-2010-1576, DFN-CERT-2010-1565, DFN-CERT-2010-1564, DFN-CERT-2010-1528, DFN-CERT-2010-1468
Other: http://www.ubuntu.com/usn/usn-1012-1/
USN:1012-1

general/tcp
High (CVSS: 7.8)
NVT: Ubuntu Update for Linux kernel vulnerabilities USN-947-1 (OID: 1.3.6.1.4.1.25623.1.0.840440)
Summary

Ubuntu Update for Linux kernel vulnerabilities USN-947-1

Vulnerability Detection Result
Package linux-libc-dev version 2.6.24-16.30 is installed which is known to be vulnerable.
Solution

Solution type: VendorFix

Please Install the Updated Packages.

Affected Software/OS

Linux kernel vulnerabilities on Ubuntu 6.06 LTS , Ubuntu 8.04 LTS , Ubuntu 9.04 , Ubuntu 9.10 , Ubuntu 10.04 LTS

Vulnerability Insight

It was discovered that the Linux kernel did not correctly handle memory protection of the Virtual Dynamic Shared Object page when running a 32-bit application on a 64-bit kernel. A local attacker could exploit this to cause a denial of service. (Only affected Ubuntu 6.06 LTS.) (CVE-2009-4271)

It was discovered that the r8169 network driver did not correctly check the size of Ethernet frames. A remote attacker could send specially crafted traffic to crash the system, leading to a denial of service. (CVE-2009-4537) Wei Yongjun discovered that SCTP did not correctly validate certain chunks. A remote attacker could send specially crafted traffic to monopolize CPU resources, leading to a denial of service. (Only affected Ubuntu 6.06 LTS.) (CVE-2010-0008) It was discovered that KVM did not correctly limit certain privileged IO accesses on x86. Processes in the guest OS with access to IO regions could gain further privileges within the guest OS. (Did not affect Ubuntu 6.06 LTS.) (CVE-2010-0298, CVE-2010-0306, CVE-2010-0419) Evgeniy Polyakov discovered that IPv6 did not correctly handle certain TUN packets. A remote attacker could exploit this to crash the system, leading to a denial of service. (Only affected Ubuntu 8.04 LTS.) (CVE-2010-0437) Sachin Prabhu discovered that GFS2 did not correctly handle certain locks. A local attacker with write access to a GFS2 filesystem could exploit this to crash the system, leading to a denial of service. (CVE-2010-0727) Jamie Strandboge discovered that network virtio in KVM did not correctly handle certain high-traffic conditions. A remote attacker could exploit this by sending specially crafted traffic to a guest OS, causing the guest to crash, leading to a denial of service. (Only affected Ubuntu 8.04 LTS.) (CVE-2010-0741) Marcus Meissner discovered that the USB subsystem did not correctly handle certain error conditions. A local attacker with access to a USB device could exploit this to read recently used kernel memory, leading to a loss of privacy and potentially root privilege escalation. (CVE-2010-1083) Neil Brown discovered that the Bluetooth subsystem did not correctly handle large amounts of traffic. A physically proximate remote attacker could exploit this by sending specially crafted traffic that would consume all available system memory, leading to a denial of service. (Ubuntu 6.06 LTS and 10.04 LTS were not affected.) (CVE-2010-1084) Jody Brucho ...

Description truncated, for more information please check the Reference URL

Vulnerability Detection Method

Details: Ubuntu Update for Linux kernel vulnerabilities USN-947-1 (OID: 1.3.6.1.4.1.25623.1.0.840440)

Version used: $Revision: 8254 $

References

CVE: CVE-2009-4271, CVE-2009-4537, CVE-2010-0008, CVE-2010-0298, CVE-2010-0306, CVE-2010-0419, CVE-2010-0437, CVE-2010-0727, CVE-2010-0741, CVE-2010-1083, CVE-2010-1084, CVE-2010-1085, CVE-2010-1086, CVE-2010-1087, CVE-2010-1088, CVE-2010-1146, CVE-2010-1148, CVE-2010-1162, CVE-2010-1187, CVE-2010-1188, CVE-2010-1488
CERT: CB-K15/0576, DFN-CERT-2015-0600, DFN-CERT-2013-1066, DFN-CERT-2011-1594, DFN-CERT-2011-1002, DFN-CERT-2011-1001, DFN-CERT-2011-0873, DFN-CERT-2011-0803, DFN-CERT-2011-0185, DFN-CERT-2010-1566, DFN-CERT-2010-1552, DFN-CERT-2010-1333, DFN-CERT-2010-1292, DFN-CERT-2010-1262, DFN-CERT-2010-1258, DFN-CERT-2010-1151, DFN-CERT-2010-1133, DFN-CERT-2010-1058, DFN-CERT-2010-1057, DFN-CERT-2010-1023, DFN-CERT-2010-0979, DFN-CERT-2010-0922, DFN-CERT-2010-0892, DFN-CERT-2010-0845, DFN-CERT-2010-0778, DFN-CERT-2010-0720, DFN-CERT-2010-0704, DFN-CERT-2010-0702, DFN-CERT-2010-0670, DFN-CERT-2010-0667, DFN-CERT-2010-0631, DFN-CERT-2010-0630, DFN-CERT-2010-0626, DFN-CERT-2010-0613, DFN-CERT-2010-0598, DFN-CERT-2010-0486, DFN-CERT-2010-0448, DFN-CERT-2010-0447, DFN-CERT-2010-0445, DFN-CERT-2010-0442, DFN-CERT-2010-0438, DFN-CERT-2010-0396, DFN-CERT-2010-0391, DFN-CERT-2010-0368, DFN-CERT-2010-0367, DFN-CERT-2010-0366, DFN-CERT-2010-0364, DFN-CERT-2010-0334, DFN-CERT-2010-0278, DFN-CERT-2010-0231, DFN-CERT-2010-0226, DFN-CERT-2010-0213, DFN-CERT-2010-0199, DFN-CERT-2010-0165, DFN-CERT-2010-0152, DFN-CERT-2010-0151, DFN-CERT-2010-0105, DFN-CERT-2010-0084, DFN-CERT-2010-0029, DFN-CERT-2010-0028
Other: http://www.ubuntu.com/usn/usn-947-1/
USN:947-1

general/tcp
High (CVSS: 7.8)
NVT: Ubuntu Update for libpng vulnerabilities USN-913-1 (OID: 1.3.6.1.4.1.25623.1.0.840401)
Summary

Ubuntu Update for Linux kernel vulnerabilities USN-913-1

Vulnerability Detection Result
Package libpng12-0 version 1.2.15~beta5-3 is installed which is known to be vulnerable.
Solution

Solution type: VendorFix

Please Install the Updated Packages.

Affected Software/OS

libpng vulnerabilities on Ubuntu 6.06 LTS , Ubuntu 8.04 LTS , Ubuntu 8.10 , Ubuntu 9.04 , Ubuntu 9.10

Vulnerability Insight

It was discovered that libpng did not properly initialize memory when decoding certain 1-bit interlaced images. If a user or automated system were tricked into processing crafted PNG images, an attacker could possibly use this flaw to read sensitive information stored in memory. This issue only affected Ubuntu 6.06 LTS, 8.04 LTS, 8.10 and 9.04. (CVE-2009-2042)

It was discovered that libpng did not properly handle certain excessively compressed PNG images. If a user or automated system were tricked into processing a crafted PNG image, an attacker could possibly use this flaw to consume all available resources, resulting in a denial of service. (CVE-2010-0205)

Vulnerability Detection Method

Details: Ubuntu Update for libpng vulnerabilities USN-913-1 (OID: 1.3.6.1.4.1.25623.1.0.840401)

Version used: $Revision: 8168 $

References

CVE: CVE-2009-2042, CVE-2010-0205
CERT: DFN-CERT-2012-0627, DFN-CERT-2011-0409, DFN-CERT-2010-1271, DFN-CERT-2010-0904, DFN-CERT-2010-0775, DFN-CERT-2010-0705, DFN-CERT-2010-0639, DFN-CERT-2010-0509, DFN-CERT-2010-0507, DFN-CERT-2010-0415, DFN-CERT-2010-0392, DFN-CERT-2010-0384, DFN-CERT-2010-0377, DFN-CERT-2010-0354, DFN-CERT-2010-0344, DFN-CERT-2009-1486
Other: http://www.ubuntu.com/usn/usn-913-1/
USN:913-1

general/tcp
High (CVSS: 7.8)
NVT: Ubuntu Update for linux vulnerabilities USN-614-1 (OID: 1.3.6.1.4.1.25623.1.0.840267)
Summary

Ubuntu Update for Linux kernel vulnerabilities USN-614-1

Vulnerability Detection Result
Package linux-libc-dev version 2.6.24-16.30 is installed which is known to be vulnerable.
Solution

Solution type: VendorFix

Please Install the Updated Packages.

Affected Software/OS

linux vulnerabilities on Ubuntu 8.04 LTS

Vulnerability Insight

It was discovered that PowerPC kernels did not correctly handle reporting certain system details. By requesting a specific set of information, a local attacker could cause a system crash resulting in a denial of service. (CVE-2007-6694)

A race condition was discovered between dnotify fcntl() and close() in the kernel. If a local attacker performed malicious dnotify requests, they could cause memory consumption leading to a denial of service, or possibly send arbitrary signals to any process. (CVE-2008-1375) On SMP systems, a race condition existed in fcntl(). Local attackers could perform malicious locks, causing system crashes and leading to a denial of service. (CVE-2008-1669) The tehuti network driver did not correctly handle certain IO functions. A local attacker could perform malicious requests to the driver, potentially accessing kernel memory, leading to privilege escalation or access to private system information. (CVE-2008-1675)

Vulnerability Detection Method

Details: Ubuntu Update for linux vulnerabilities USN-614-1 (OID: 1.3.6.1.4.1.25623.1.0.840267)

Version used: $Revision: 7969 $

References

CVE: CVE-2007-6694, CVE-2008-1375, CVE-2008-1669, CVE-2008-1675
Other: http://www.ubuntu.com/usn/usn-614-1/
USN:614-1

general/tcp
High (CVSS: 7.8)
NVT: Ubuntu Update for ssl-cert vulnerability USN-612-4 (OID: 1.3.6.1.4.1.25623.1.0.840338)
Summary

Ubuntu Update for Linux kernel vulnerabilities USN-612-4

Vulnerability Detection Result
Package ssl-cert version 1.0.14-0ubuntu2 is installed which is known to be vulnerable.
Solution

Solution type: VendorFix

Please Install the Updated Packages.

Affected Software/OS

ssl-cert vulnerability on Ubuntu 7.04 , Ubuntu 7.10 , Ubuntu 8.04 LTS

Vulnerability Insight

USN-612-1 fixed vulnerabilities in openssl. This update provides the corresponding updates for ssl-cert -- potentially compromised snake-oil SSL certificates will be regenerated.

Original advisory details: A weakness has been discovered in the random number generator used by OpenSSL on Debian and Ubuntu systems. As a result of this weakness, certain encryption keys are much more common than they should be, such that an attacker could guess the key through a brute-force attack given minimal knowledge of the system. This particularly affects the use of encryption keys in OpenSSH, OpenVPN and SSL certificates. This vulnerability only affects operating systems which (like Ubuntu) are based on Debian. However, other systems can be indirectly affected if weak keys are imported into them. We consider this an extremely serious vulnerability, and urge all users to act immediately to secure their systems. (CVE-2008-0166) == Who is affected == Systems which are running any of the following releases: * Ubuntu 7.04 (Feisty) * Ubuntu 7.10 (Gutsy) * Ubuntu 8.04 LTS (Hardy) * Ubuntu &quot Intrepid Ibex&quot (development): libssl &lt = 0.9.8g-8 * Debian 4.0 (etch) (see corresponding Debian security advisory) and have openssh-server installed or have been used to create an OpenSSH key or X.509 (SSL) certificate. All OpenSSH and X.509 keys generated on such systems must be considered untrustworthy, regardless of the system on which they are used, even after the update has been applied. This includes the automatically generated host keys used by OpenSSH, which are the basis for its server spoofing and man-in-the-middle protection.

Vulnerability Detection Method

Details: Ubuntu Update for ssl-cert vulnerability USN-612-4 (OID: 1.3.6.1.4.1.25623.1.0.840338)

Version used: $Revision: 7969 $

References

CVE: CVE-2008-0166
CERT: CB-K17/1582, DFN-CERT-2017-1651
Other: http://www.ubuntu.com/usn/usn-612-4/
USN:612-4

general/tcp
High (CVSS: 7.8)
NVT: Ubuntu Update for linux vulnerabilities USN-1105-1 (OID: 1.3.6.1.4.1.25623.1.0.840632)
Summary

Ubuntu Update for Linux kernel vulnerabilities USN-1105-1

Vulnerability Detection Result
Package linux-libc-dev version 2.6.24-16.30 is installed which is known to be vulnerable.
Solution

Solution type: VendorFix

Please Install the Updated Packages.

Affected Software/OS

linux vulnerabilities on Ubuntu 8.04 LTS

Vulnerability Insight

Dan Rosenberg discovered that multiple terminal ioctls did not correctly initialize structure memory. A local attacker could exploit this to read portions of kernel stack memory, leading to a loss of privacy. (CVE-2010-4075, CVE-2010-4076, CVE-2010-4077)

Dan Rosenberg discovered that the socket filters did not correctly initialize structure memory. A local attacker could create malicious filters to read portions of kernel stack memory, leading to a loss of privacy. (CVE-2010-4158) Dan Rosenberg discovered that certain iovec operations did not calculate page counts correctly. A local attacker could exploit this to crash the system, leading to a denial of service. (CVE-2010-4162) Dan Rosenberg discovered that the SCSI subsystem did not correctly validate iov segments. A local attacker with access to a SCSI device could send specially crafted requests to crash the system, leading to a denial of service. (CVE-2010-4163) Dan Rosenberg discovered multiple flaws in the X.25 facilities parsing. If a system was using X.25, a remote attacker could exploit this to crash the system, leading to a denial of service. (CVE-2010-4164) Alan Cox discovered that the HCI UART driver did not correctly check if a write operation was available. A local attacker could exploit this flaw to gain root privileges. (CVE-2010-4242) Nelson Elhage discovered that the kernel did not correctly handle process cleanup after triggering a recoverable kernel bug. If a local attacker were able to trigger certain kinds of kernel bugs, they could create a specially crafted process to gain root privileges. (CVE-2010-4258) Tavis Ormandy discovered that the install_special_mapping function could bypass the mmap_min_addr restriction. A local attacker could exploit this to mmap 4096 bytes below the mmap_min_addr area, possibly improving the chances of performing NULL pointer dereference attacks. (CVE-2010-4346)

Vulnerability Detection Method

Details: Ubuntu Update for linux vulnerabilities USN-1105-1 (OID: 1.3.6.1.4.1.25623.1.0.840632)

Version used: $Revision: 7964 $

References

CVE: CVE-2010-4075, CVE-2010-4076, CVE-2010-4077, CVE-2010-4158, CVE-2010-4162, CVE-2010-4163, CVE-2010-4164, CVE-2010-4242, CVE-2010-4258, CVE-2010-4346
CERT: DFN-CERT-2013-1066, DFN-CERT-2012-2075, DFN-CERT-2012-1272, DFN-CERT-2012-0209, DFN-CERT-2012-0204, DFN-CERT-2011-1594, DFN-CERT-2011-0979, DFN-CERT-2011-0964, DFN-CERT-2011-0676, DFN-CERT-2011-0598, DFN-CERT-2011-0571, DFN-CERT-2011-0525, DFN-CERT-2011-0443, DFN-CERT-2011-0351, DFN-CERT-2011-0338, DFN-CERT-2011-0324, DFN-CERT-2011-0225, DFN-CERT-2011-0187, DFN-CERT-2011-0186, DFN-CERT-2011-0150, DFN-CERT-2011-0134, DFN-CERT-2011-0110, DFN-CERT-2011-0077, DFN-CERT-2011-0065, DFN-CERT-2011-0050, DFN-CERT-2011-0042, DFN-CERT-2011-0008, DFN-CERT-2011-0005, DFN-CERT-2011-0004, DFN-CERT-2010-1761, DFN-CERT-2010-1715, DFN-CERT-2010-1668, DFN-CERT-2010-1657, DFN-CERT-2010-1646, DFN-CERT-2010-1623
Other: http://www.ubuntu.com/usn/usn-1105-1/
USN:1105-1

general/tcp
High (CVSS: 7.8)
NVT: Ubuntu USN-787-1 (apache2) (OID: 1.3.6.1.4.1.25623.1.0.64201)
Summary

The remote host is missing an update to apache2 announced via advisory USN-787-1.

Vulnerability Detection Result
Package apache2 version 2.2.8-1 is installed which is known to be vulnerable.
Solution

Solution type: VendorFix

The problem can be corrected by upgrading your system to the following package versions:

Ubuntu 6.06 LTS: apache2-common 2.0.55-4ubuntu2.5 apache2-mpm-perchild 2.0.55-4ubuntu2.5 apache2-mpm-prefork 2.0.55-4ubuntu2.5 apache2-mpm-worker 2.0.55-4ubuntu2.5 libapr0 2.0.55-4ubuntu2.5

Ubuntu 8.04 LTS: apache2-mpm-event 2.2.8-1ubuntu0.8 apache2-mpm-perchild 2.2.8-1ubuntu0.8 apache2-mpm-prefork 2.2.8-1ubuntu0.8 apache2-mpm-worker 2.2.8-1ubuntu0.8 apache2.2-common 2.2.8-1ubuntu0.8

Ubuntu 8.10: apache2-mpm-event 2.2.9-7ubuntu3.1 apache2-mpm-prefork 2.2.9-7ubuntu3.1 apache2-mpm-worker 2.2.9-7ubuntu3.1 apache2.2-common 2.2.9-7ubuntu3.1

Ubuntu 9.04: apache2-mpm-event 2.2.11-2ubuntu2.1 apache2-mpm-prefork 2.2.11-2ubuntu2.1 apache2-mpm-worker 2.2.11-2ubuntu2.1 apache2.2-common 2.2.11-2ubuntu2.1

In general, a standard system upgrade is sufficient to effect the necessary changes.

https://secure1.securityspace.com/smysecure/catid.html?in=USN-787-1

Vulnerability Insight

Matthew Palmer discovered an underflow flaw in apr-util as included in Apache. An attacker could cause a denial of service via application crash in Apache using a crafted SVNMasterURI directive, .htaccess file, or when using mod_apreq2. This issue only affected Ubuntu 6.06 LTS. (CVE-2009-0023)

Sander de Boer discovered that mod_proxy_ajp would reuse connections when a client closed a connection without sending a request body. A remote attacker could exploit this to obtain sensitive response data. This issue only affected Ubuntu 9.04. (CVE-2009-1191)

Jonathan Peatfield discovered that Apache did not process Includes options correctly. With certain configurations of Options and AllowOverride, a local attacker could use an .htaccess file to override intended restrictions and execute arbitrary code via a Server-Side-Include file. This issue affected Ubuntu 8.04 LTS, 8.10 and 9.04. (CVE-2009-1195)

It was discovered that the XML parser did not properly handle entity expansion. A remote attacker could cause a denial of service via memory resource consumption by sending a crafted request to an Apache server configured to use mod_dav or mod_dav_svn. This issue only affected Ubuntu 6.06 LTS. (CVE-2009-1955)

C. Michael Pilato discovered an off-by-one buffer overflow in apr-util when formatting certain strings. For big-endian machines (powerpc, hppa and sparc in Ubuntu), a remote attacker could cause a denial of service or information disclosure leak. All other architectures for Ubuntu are not considered to be at risk. This issue only affected Ubuntu 6.06 LTS. (CVE-2009-1956)

Vulnerability Detection Method

Details: Ubuntu USN-787-1 (apache2) (OID: 1.3.6.1.4.1.25623.1.0.64201)

Version used: $Revision: 7969 $

References

CVE: CVE-2009-0023, CVE-2009-1191, CVE-2009-1195, CVE-2009-1955, CVE-2009-1956
CERT: DFN-CERT-2011-0700, DFN-CERT-2011-0699, DFN-CERT-2010-1665, DFN-CERT-2010-1647, DFN-CERT-2010-0639, DFN-CERT-2009-1725, DFN-CERT-2009-1695, DFN-CERT-2009-1507, DFN-CERT-2009-1225, DFN-CERT-2009-1116
Other: http://www.ubuntu.com/usn/usn-787-1/

general/tcp
High (CVSS: 7.8)
NVT: Ubuntu Update for linux, linux-source-2.6.15/22 vulnerabilities USN-679-1 (OID: 1.3.6.1.4.1.25623.1.0.840288)
Summary

Ubuntu Update for Linux kernel vulnerabilities USN-679-1

Vulnerability Detection Result
Package linux-libc-dev version 2.6.24-16.30 is installed which is known to be vulnerable.
Solution

Solution type: VendorFix

Please Install the Updated Packages.

Affected Software/OS

linux, linux-source-2.6.15/22 vulnerabilities on Ubuntu 6.06 LTS , Ubuntu 7.10 , Ubuntu 8.04 LTS , Ubuntu 8.10

Vulnerability Insight

It was discovered that the Xen hypervisor block driver did not correctly validate requests. A user with root privileges in a guest OS could make a malicious IO request with a large number of blocks that would crash the host OS, leading to a denial of service. This only affected Ubuntu 7.10. (CVE-2007-5498)

It was discovered the the i915 video driver did not correctly validate memory addresses. A local attacker could exploit this to remap memory that could cause a system crash, leading to a denial of service. This issue did not affect Ubuntu 6.06 and was previous fixed for Ubuntu 7.10 and 8.04 in USN-659-1. Ubuntu 8.10 has now been corrected as well. (CVE-2008-3831) David Watson discovered that the kernel did not correctly strip permissions when creating files in setgid directories. A local user could exploit this to gain additional group privileges. This issue only affected Ubuntu 6.06. (CVE-2008-4210) Olaf Kirch and Miklos Szeredi discovered that the Linux kernel did not correctly reject the &quot append&quot flag when handling file splice requests. A local attacker could bypass append mode and make changes to arbitrary locations in a file. This issue only affected Ubuntu 7.10 and 8.04. (CVE-2008-4554) It was discovered that the SCTP stack did not correctly handle INIT-ACK. A remote user could exploit this by sending specially crafted SCTP traffic which would trigger a crash in the system, leading to a denial of service. This issue did not affect Ubuntu 8.10. (CVE-2008-4576) It was discovered that the SCTP stack did not correctly handle bad packet lengths. A remote user could exploit this by sending specially crafted SCTP traffic which would trigger a crash in the system, leading to a denial of service. This issue did not affect Ubuntu 8.10. (CVE-2008-4618) Eric Sesterhenn discovered multiple flaws in the HFS+ filesystem. If a local user or automated system were tricked into mounting a malicious HFS+ filesystem, the system could crash, leading to a denial of service. (CVE-2008-4933, CVE-2008-4934, CVE-2008-5025) It was discovered that the Unix Socket handler did not correctly process the SCM_RIGHTS message. A local attacker could make a malicious socket request that would crash the system, leading to a denial of service. (CVE-2008-5029) It was discovered that the driver for simple i2c audio interfaces did not correctly validate certain function pointers. A local user could exploit this to gain root privileges or crash the system, leading to a denial of service. (CVE-2008-5033)

Vulnerability Detection Method

Details: Ubuntu Update for linux, linux-source-2.6.15/22 vulnerabilities USN-679-1 (OID: 1.3.6.1.4.1.25623.1.0.840288)

Version used: $Revision: 7969 $

References

CVE: CVE-2007-5498, CVE-2008-3831, CVE-2008-4210, CVE-2008-4554, CVE-2008-4576, CVE-2008-4618, CVE-2008-4933, CVE-2008-4934, CVE-2008-5025, CVE-2008-5029, CVE-2008-5033
CERT: DFN-CERT-2010-0824, DFN-CERT-2009-1546, DFN-CERT-2009-1481, DFN-CERT-2009-1169
Other: http://www.ubuntu.com/usn/usn-679-1/
USN:679-1

general/tcp
High (CVSS: 7.8)
NVT: Ubuntu USN-789-1 (gst-plugins-good0.10) (OID: 1.3.6.1.4.1.25623.1.0.64318)
Summary

The remote host is missing an update to gst-plugins-good0.10 announced via advisory USN-789-1.

Vulnerability Detection Result
Package gstreamer0.10-plugins-good version 0.10.7-3 is installed which is known to be vulnerable.
Package libsasl2-2 version 2.1.22.dfsg1-18ubuntu2 is installed which is known to be vulnerable.
Package libsasl2-modules version 2.1.22.dfsg1-18ubuntu2 is installed which is known to be vulnerable.
Solution

Solution type: VendorFix

The problem can be corrected by upgrading your system to the following package versions:

Ubuntu 6.06 LTS: gstreamer0.10-plugins-good 0.10.3-0ubuntu4.2

Ubuntu 8.04 LTS: gstreamer0.10-plugins-good 0.10.7-3ubuntu0.3

Ubuntu 8.10: gstreamer0.10-plugins-good 0.10.10.4-1ubuntu1.2

Ubuntu 9.04: gstreamer0.10-plugins-good 0.10.14-1ubuntu0.1

In general, a standard system upgrade is sufficient to effect the necessary changes.

https://secure1.securityspace.com/smysecure/catid.html?in=USN-789-1

Vulnerability Insight

Tielei Wang discovered that GStreamer Good Plugins did not correctly handle malformed PNG image files. If a user were tricked into opening a crafted PNG image file with a GStreamer application, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program.

Vulnerability Detection Method

Details: Ubuntu USN-789-1 (gst-plugins-good0.10) (OID: 1.3.6.1.4.1.25623.1.0.64318)

Version used: $Revision: 7969 $

References

CVE: CVE-2009-1932, CVE-2008-5515, CVE-2009-0033, CVE-2009-0580, CVE-2009-0781, CVE-2009-0783, CVE-2009-1440, CVE-2009-1201, CVE-2009-1202, CVE-2009-1203, CVE-2009-1760, CVE-2009-1163, CVE-2009-2045, CVE-2009-2046, CVE-2009-0688
CERT: DFN-CERT-2012-1832, DFN-CERT-2011-0465, DFN-CERT-2010-1607, DFN-CERT-2010-1190, DFN-CERT-2010-0986, DFN-CERT-2010-0690, DFN-CERT-2010-0530, DFN-CERT-2010-0491, DFN-CERT-2009-1674, DFN-CERT-2009-1580, DFN-CERT-2009-1579, DFN-CERT-2009-1498, DFN-CERT-2009-1261, DFN-CERT-2009-1116, DFN-CERT-2009-0746, DFN-CERT-2009-0658
Other: http://www.ubuntu.com/usn/usn-789-1/

general/tcp
High (CVSS: 7.8)
NVT: Wireshark OpcUa Dissector Denial of Service Vulnerability (Linux) (OID: 1.3.6.1.4.1.25623.1.0.901032)
Summary

This host is installed with Wireshark and is prone to Denial of Service vulnerability.

Vulnerability Detection Result
Installed version: 1.0.0
Fixed version:     1.0.9 or 1.2.2
Impact

Successful exploitation could result in Denial of Serivce condition. Impact Level: Application

Solution

Solution type: VendorFix

Upgrade to Wireshark 1.0.9 or 1.2.2 http://www.wireshark.org/download.html

Affected Software/OS

Wireshark version 0.99.6 to 1.0.8, 1.2.0 to 1.2.1 on Linux

Vulnerability Insight

The flaw is due to unspecified error in 'OpcUa' dissector which can be exploited by sending malformed OPCUA Service CallRequest packets.

Vulnerability Detection Method

Details: Wireshark OpcUa Dissector Denial of Service Vulnerability (Linux) (OID: 1.3.6.1.4.1.25623.1.0.901032)

Version used: $Revision: 5148 $

References

CVE: CVE-2009-3241
BID: 36408
CERT: DFN-CERT-2009-1670, DFN-CERT-2009-1556, DFN-CERT-2009-1452, DFN-CERT-2009-1429
Other: http://secunia.com/advisories/36754
http://www.wireshark.org/security/wnpa-sec-2009-06.html
http://www.wireshark.org/security/wnpa-sec-2009-05.html
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=3986

general/tcp
High (CVSS: 7.8)
NVT: Ubuntu Update for avahi vulnerabilities USN-992-1 (OID: 1.3.6.1.4.1.25623.1.0.840511)
Summary

Ubuntu Update for Linux kernel vulnerabilities USN-992-1

Vulnerability Detection Result
Package avahi-autoipd version 0.6.22-2ubuntu4 is installed which is known to be vulnerable.
Solution

Solution type: VendorFix

Please Install the Updated Packages.

Affected Software/OS

avahi vulnerabilities on Ubuntu 8.04 LTS , Ubuntu 9.04 , Ubuntu 9.10 , Ubuntu 10.04 LTS

Vulnerability Insight

It was discovered that Avahi incorrectly handled certain mDNS query packets when the reflector feature is enabled, which is not the default configuration on Ubuntu. A remote attacker could send crafted mDNS queries and perform a denial of service on the server and on the network. This issue only affected Ubuntu 8.04 LTS and 9.04. (CVE-2009-0758)

It was discovered that Avahi incorrectly handled mDNS packets with corrupted checksums. A remote attacker could send crafted mDNS packets and cause Avahi to crash, resulting in a denial of service. (CVE-2010-2244)

Vulnerability Detection Method

Details: Ubuntu Update for avahi vulnerabilities USN-992-1 (OID: 1.3.6.1.4.1.25623.1.0.840511)

Version used: $Revision: 8457 $

References

CVE: CVE-2009-0758, CVE-2010-2244
CERT: DFN-CERT-2011-1388, DFN-CERT-2011-0570, DFN-CERT-2011-0473, DFN-CERT-2011-0253, DFN-CERT-2010-1370, DFN-CERT-2010-0989, DFN-CERT-2010-0894, DFN-CERT-2010-0862, DFN-CERT-2010-0146
Other: http://www.ubuntu.com/usn/usn-992-1/
USN:992-1

general/tcp
High (CVSS: 7.8)
NVT: Ubuntu Update for openssh vulnerability USN-612-2 (OID: 1.3.6.1.4.1.25623.1.0.840271)
Summary

Ubuntu Update for Linux kernel vulnerabilities USN-612-2

Vulnerability Detection Result
Package openssh-client version 4.7p1-8ubuntu1 is installed which is known to be vulnerable.
Solution

Solution type: VendorFix

Please Install the Updated Packages.

Affected Software/OS

openssh vulnerability on Ubuntu 7.04 , Ubuntu 7.10 , Ubuntu 8.04 LTS

Vulnerability Insight

1. Install the security updates

Ubuntu 7.04: openssh-client 1:4.3p2-8ubuntu1.3 openssh-server 1:4.3p2-8ubuntu1.3 Ubuntu 7.10: openssh-client 1:4.6p1-5ubuntu0.3 openssh-server 1:4.6p1-5ubuntu0.3 Ubuntu 8.04 LTS: openssh-client 1:4.7p1-8ubuntu1.1 openssh-server 1:4.7p1-8ubuntu1.1 Once the update is applied, weak user keys will be automatically rejected where possible (though they cannot be detected in all cases). If you are using such keys for user authentication, they will immediately stop working and will need to be replaced (see step 3). OpenSSH host keys can be automatically regenerated when the OpenSSH security update is applied. The update will prompt for confirmation before taking this step. 2. Update OpenSSH known_hosts files The regeneration of host keys will cause a warning to be displayed when connecting to the system using SSH until the host key is updated in the known_hosts file. The warning will look like this: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY! Someone could be eavesdropping on you right now (man-in-the-middle attack)! It is also possible that the RSA host key has just been changed. In this case, the host key has simply been changed, and you should update the relevant known_hosts file as indicated in the error message. 3. Check all OpenSSH user keys The safest course of action is to regenerate all OpenSSH user keys, except where it can be established to a high degree of certainty that the key was generated on an unaffected system. Check whether your key is affected by running the ssh-vulnkey tool, included in the security update. By default, ssh-vulnkey will check the standard location for user keys (~/.ssh/id_rsa, ~/.ssh/id_dsa and ~/.ssh/identity), your authorized_keys file (~/.ssh/authorized_keys and ~/.ssh/authorized_keys2), and the system's host keys (/etc/ssh/ssh_host_dsa_key and /etc/ssh/ssh_host_rsa_key). To check all your own keys, assuming they are in the standard locations (~/.ssh/id_rsa, ~/.ssh/id_dsa, or ~/.ssh/identity): $ ssh-vulnkey To check all keys on your system: $ sudo ssh-vulnkey -a To check a key in a non-standard location: $ ssh-vulnkey /path/to/key If ssh-vul ...

Description truncated, for more information please check the Reference URL

Vulnerability Detection Method

Details: Ubuntu Update for openssh vulnerability USN-612-2 (OID: 1.3.6.1.4.1.25623.1.0.840271)

Version used: $Revision: 7969 $

References

CVE: CVE-2008-0166
CERT: CB-K17/1582, DFN-CERT-2017-1651
Other: http://www.ubuntu.com/usn/usn-612-2/
USN:612-2

general/tcp
High (CVSS: 7.6)
NVT: Ubuntu Update for openssl vulnerability USN-1018-1 (OID: 1.3.6.1.4.1.25623.1.0.840540)
Summary

Ubuntu Update for Linux kernel vulnerabilities USN-1018-1

Vulnerability Detection Result
Package openssl version 0.9.8g-4ubuntu3 is installed which is known to be vulnerable.
Solution

Solution type: VendorFix

Please Install the Updated Packages.

Affected Software/OS

openssl vulnerability on Ubuntu 8.04 LTS , Ubuntu 9.10 , Ubuntu 10.10

Vulnerability Insight

Rob Hulswit discovered a race condition in the OpenSSL TLS server extension parsing code when used within a threaded server. A remote attacker could trigger this flaw to cause a denial of service or possibly execute arbitrary code with application privileges. (CVE-2010-3864)

Vulnerability Detection Method

Details: Ubuntu Update for openssl vulnerability USN-1018-1 (OID: 1.3.6.1.4.1.25623.1.0.840540)

Version used: $Revision: 8228 $

References

CVE: CVE-2010-3864
CERT: DFN-CERT-2012-0191, DFN-CERT-2011-1700, DFN-CERT-2011-0751, DFN-CERT-2011-0631, DFN-CERT-2011-0286, DFN-CERT-2011-0185, DFN-CERT-2010-1724, DFN-CERT-2010-1672, DFN-CERT-2010-1647, DFN-CERT-2010-1624, DFN-CERT-2010-1621, DFN-CERT-2010-1599, DFN-CERT-2010-1592, DFN-CERT-2010-1587, DFN-CERT-2010-1582, DFN-CERT-2010-1580, DFN-CERT-2010-1578
Other: http://www.ubuntu.com/usn/usn-1018-1/
USN:1018-1

general/tcp
High (CVSS: 7.6)
NVT: Ubuntu Update for evince vulnerabilities USN-1035-1 (OID: 1.3.6.1.4.1.25623.1.0.840557)
Summary

Ubuntu Update for Linux kernel vulnerabilities USN-1035-1

Vulnerability Detection Result
Package evince version 2.22.1.1-0ubuntu1 is installed which is known to be vulnerable.
Solution

Solution type: VendorFix

Please Install the Updated Packages.

Affected Software/OS

evince vulnerabilities on Ubuntu 8.04 LTS , Ubuntu 9.10 , Ubuntu 10.04 LTS , Ubuntu 10.10

Vulnerability Insight

Jon Larimer discovered that Evince's font parsers incorrectly handled certain buffer lengths when rendering a DVI file. By tricking a user into opening or previewing a DVI file that uses a specially crafted font file, an attacker could crash evince or execute arbitrary code with the user's privileges.

In the default installation of Ubuntu 9.10 and later, attackers would be isolated by the Evince AppArmor profile.

Vulnerability Detection Method

Details: Ubuntu Update for evince vulnerabilities USN-1035-1 (OID: 1.3.6.1.4.1.25623.1.0.840557)

Version used: $Revision: 7964 $

References

CVE: CVE-2010-2640, CVE-2010-2641, CVE-2010-2642, CVE-2010-2643
CERT: DFN-CERT-2012-1653, DFN-CERT-2012-0290, DFN-CERT-2012-0159, DFN-CERT-2012-0140, DFN-CERT-2012-0075, DFN-CERT-2011-1837, DFN-CERT-2011-0492, DFN-CERT-2011-0111, DFN-CERT-2011-0100, DFN-CERT-2011-0094, DFN-CERT-2011-0056, DFN-CERT-2011-0045, DFN-CERT-2011-0035, DFN-CERT-2011-0025
Other: http://www.ubuntu.com/usn/usn-1035-1/
USN:1035-1

general/tcp
High (CVSS: 7.5)
NVT: Ubuntu Update for curl USN-1158-1 (OID: 1.3.6.1.4.1.25623.1.0.840685)
Summary

Ubuntu Update for Linux kernel vulnerabilities USN-1158-1

Vulnerability Detection Result
Package libcurl3 version 7.18.0-1ubuntu2 is installed which is known to be vulnerable.
Solution

Solution type: VendorFix

Please Install the Updated Packages.

Affected Software/OS

curl on Ubuntu 11.04 , Ubuntu 10.10 , Ubuntu 10.04 LTS , Ubuntu 8.04 LTS

Vulnerability Insight

Richard Silverman discovered that when doing GSSAPI authentication, libcurl unconditionally performs credential delegation, handing the server a copy of the client's security credential. (CVE-2011-2192)

Wesley Miaw discovered that when zlib is enabled, libcurl does not properly restrict the amount of callback data sent to an application that requests automatic decompression. This might allow an attacker to cause a denial of service via an application crash or possibly execute arbitrary code with the privilege of the application. This issue only affected Ubuntu 8.04 LTS and Ubuntu 10.04 LTS. (CVE-2010-0734) USN 818-1 fixed an issue with curl's handling of SSL certificates with zero bytes in the Common Name. Due to a packaging error, the fix for this issue was not being applied during the build. This issue only affected Ubuntu 8.04 LTS. We apologize for the error. (CVE-2009-2417) Original advisory details: Scott Cantor discovered that curl did not correctly handle SSL certificates with zero bytes in the Common Name. A remote attacker could exploit this to perform a man in the middle attack to view sensitive information or alter encrypted communications.

Vulnerability Detection Method

Details: Ubuntu Update for curl USN-1158-1 (OID: 1.3.6.1.4.1.25623.1.0.840685)

Version used: $Revision: 7964 $

References

CVE: CVE-2011-2192, CVE-2010-0734, CVE-2009-2417
CERT: DFN-CERT-2012-0731, DFN-CERT-2012-0235, DFN-CERT-2012-0171, DFN-CERT-2011-1106, DFN-CERT-2011-1024, DFN-CERT-2011-1023, DFN-CERT-2011-1014, DFN-CERT-2011-0986, DFN-CERT-2011-0185, DFN-CERT-2010-1293, DFN-CERT-2010-0437, DFN-CERT-2010-0420, DFN-CERT-2010-0379, DFN-CERT-2009-1644, DFN-CERT-2009-1231, DFN-CERT-2009-1163, DFN-CERT-2009-1138, DFN-CERT-2009-1131
Other: http://www.ubuntu.com/usn/usn-1158-1/
USN:1158-1

general/tcp
High (CVSS: 7.5)
NVT: Ubuntu Update for poppler vulnerability USN-631-1 (OID: 1.3.6.1.4.1.25623.1.0.840277)
Summary

Ubuntu Update for Linux kernel vulnerabilities USN-631-1

Vulnerability Detection Result
Package libpoppler-glib2 version 0.6.4-1ubuntu1 is installed which is known to be vulnerable.
Solution

Solution type: VendorFix

Please Install the Updated Packages.

Affected Software/OS

poppler vulnerability on Ubuntu 7.10 , Ubuntu 8.04 LTS

Vulnerability Insight

Felipe Andres Manzano discovered that poppler did not correctly initialize certain page widgets. If a user were tricked into viewing a malicious PDF file, a remote attacker could exploit this to crash applications linked against poppler, leading to a denial of service.

Vulnerability Detection Method

Details: Ubuntu Update for poppler vulnerability USN-631-1 (OID: 1.3.6.1.4.1.25623.1.0.840277)

Version used: $Revision: 7969 $

References

CVE: CVE-2008-2950
Other: http://www.ubuntu.com/usn/usn-631-1/
USN:631-1

general/tcp
High (CVSS: 7.5)
NVT: Ubuntu Update for modemmanager USN-1138-2 (OID: 1.3.6.1.4.1.25623.1.0.840665)
Summary

Ubuntu Update for Linux kernel vulnerabilities USN-1138-2

Vulnerability Detection Result
Package libnm-glib0 version 0.6.6-0ubuntu5 is installed which is known to be vulnerable.
Solution

Solution type: VendorFix

Please Install the Updated Packages.

Affected Software/OS

modemmanager on Ubuntu 10.04 LTS , Ubuntu 8.04 LTS

Vulnerability Insight

USN-1138-1 fixed a vulnerability in DBus-GLib. NetworkManager and ModemManager required rebuilding against the updated DBus-GLib to incorporate the changes.

Original advisory details: It was discovered that DBus-GLib did not properly verify the access flag of exported GObject properties under certain circumstances. A local attacker could exploit this to bypass intended access restrictions or possibly cause a denial of service.

Vulnerability Detection Method

Details: Ubuntu Update for modemmanager USN-1138-2 (OID: 1.3.6.1.4.1.25623.1.0.840665)

Version used: $Revision: 7964 $

References

Other: http://www.ubuntu.com/usn/usn-1138-2/
USN:1138-2

general/tcp
High (CVSS: 7.5)
NVT: Ubuntu Update for dhcp3 vulnerability USN-1108-1 (OID: 1.3.6.1.4.1.25623.1.0.840633)
Summary

Ubuntu Update for Linux kernel vulnerabilities USN-1108-1

Vulnerability Detection Result
Package dhcp3-client version 3.0.6.dfsg-1ubuntu9 is installed which is known to be vulnerable.
Solution

Solution type: VendorFix

Please Install the Updated Packages.

Affected Software/OS

dhcp3 vulnerability on Ubuntu 6.06 LTS , Ubuntu 8.04 LTS , Ubuntu 9.10 , Ubuntu 10.04 LTS , Ubuntu 10.10

Vulnerability Insight

Sebastian Krahmer discovered that the dhclient utility incorrectly filtered crafted responses. An attacker could use this flaw with a malicious DHCP server to execute arbitrary code, resulting in root privilege escalation.

Vulnerability Detection Method

Details: Ubuntu Update for dhcp3 vulnerability USN-1108-1 (OID: 1.3.6.1.4.1.25623.1.0.840633)

Version used: $Revision: 7964 $

References

CVE: CVE-2011-0997
CERT: DFN-CERT-2012-0514, DFN-CERT-2011-1356, DFN-CERT-2011-1148, DFN-CERT-2011-0850, DFN-CERT-2011-0712, DFN-CERT-2011-0668, DFN-CERT-2011-0608, DFN-CERT-2011-0599, DFN-CERT-2011-0587, DFN-CERT-2011-0575, DFN-CERT-2011-0540, DFN-CERT-2011-0539, DFN-CERT-2011-0538, DFN-CERT-2011-0513
Other: http://www.ubuntu.com/usn/usn-1108-1/
USN:1108-1

general/tcp
High (CVSS: 7.5)
NVT: Ubuntu Update for nss vulnerabilities USN-1106-1 (OID: 1.3.6.1.4.1.25623.1.0.840630)
Summary

Ubuntu Update for Linux kernel vulnerabilities USN-1106-1

Vulnerability Detection Result
Package libnss3-1d version 3.12.0~beta3-0ubuntu1 is installed which is known to be vulnerable.
Solution

Solution type: VendorFix

Please Install the Updated Packages.

Affected Software/OS

nss vulnerabilities on Ubuntu 8.04 LTS , Ubuntu 9.10 , Ubuntu 10.04 LTS , Ubuntu 10.10

Vulnerability Insight

It was discovered that several invalid HTTPS certificates were issued and revoked. An attacker could exploit these to perform a man in the middle attack to view sensitive information or alter encrypted communications. These certificates were marked as explicitly not trusted to prevent their misuse.

Vulnerability Detection Method

Details: Ubuntu Update for nss vulnerabilities USN-1106-1 (OID: 1.3.6.1.4.1.25623.1.0.840630)

Version used: $Revision: 7964 $

References

Other: http://www.ubuntu.com/usn/usn-1106-1/
USN:1106-1

general/tcp
High (CVSS: 7.5)
NVT: Ubuntu Update for php5 USN-1231-1 (OID: 1.3.6.1.4.1.25623.1.0.840782)
Summary

Ubuntu Update for Linux kernel vulnerabilities USN-1231-1

Vulnerability Detection Result
Package libapache2-mod-php5 version 5.2.4-2ubuntu5 is installed which is known to be vulnerable.
Solution

Solution type: VendorFix

Please Install the Updated Packages.

Affected Software/OS

php5 on Ubuntu 11.04 , Ubuntu 10.10 , Ubuntu 10.04 LTS , Ubuntu 8.04 LTS

Vulnerability Insight

Mateusz Kocielski, Marek Kroemeke and Filip Palian discovered that a stack-based buffer overflow existed in the socket_connect function's handling of long pathnames for AF_UNIX sockets. A remote attacker might be able to exploit this to execute arbitrary code however, the default compiler options for affected releases should reduce the vulnerability to a denial of service. This issue affected Ubuntu 10.04 LTS, Ubuntu 10.10 and Ubuntu 11.04. (CVE-2011-1938)

Krzysztof Kotowicz discovered that the PHP post handler function does not properly restrict filenames in multipart/form-data POST requests. This may allow remote attackers to conduct absolute path traversal attacks and possibly create or overwrite arbitrary files. This issue affected Ubuntu 8.04 LTS, Ubuntu 10.04 LTS, Ubuntu 10.10 and Ubuntu 11.04. (CVE-2011-2202) It was discovered that the crypt function for blowfish does not properly handle 8-bit characters. This could make it easier for an attacker to discover a cleartext password containing an 8-bit character that has a matching blowfish crypt value. This issue affected Ubuntu 10.04 LTS, Ubuntu 10.10 and Ubuntu 11.04. (CVE-2011-2483) It was discovered that PHP did not properly check the return values of the malloc(3), calloc(3) and realloc(3) library functions in multiple locations. This could allow an attacker to cause a denial of service via a NULL pointer dereference or possibly execute arbitrary code. This issue affected Ubuntu 8.04 LTS, Ubuntu 10.04 LTS, Ubuntu 10.10 and Ubuntu 11.04. (CVE-2011-3182) Maksymilian Arciemowicz discovered that PHP did not properly implement the error_log function. This could allow an attacker to cause a denial of service via an application crash. This issue affected Ubuntu 10.04 LTS, Ubuntu 10.10, Ubuntu 11.04 and Ubuntu 11.10. (CVE-2011-3267) Maksymilian Arciemowicz discovered that the ZipArchive functions addGlob() and addPattern() did not properly check their flag arguments. This could allow a malicious script author to cause a denial of service via application crash. This issue affected Ubuntu 10.04 LTS, Ubuntu 10.10, Ubuntu 11.04 and Ubuntu 11.10. (CVE-2011-1657) It was discovered that the Xend opcode parser in PHP could be interrupted while handling the shift-left, shift-right, and bitwise-xor opcodes. This could allow a malicious script author to expose memory contents. This issue affected Ubuntu 10.04 LTS. (CVE-2010-1914) It was discovered that the strrchr function in PHP could be interrupted by a malicious script, allowing the exposure of memory contents. This issue affected Ubuntu 8.04 LTS. (CVE-2010-2484)

Vulnerability Detection Method

Details: Ubuntu Update for php5 USN-1231-1 (OID: 1.3.6.1.4.1.25623.1.0.840782)

Version used: $Revision: 7964 $

References

CVE: CVE-2011-1938, CVE-2011-2202, CVE-2011-2483, CVE-2011-3182, CVE-2011-3267, CVE-2011-1657, CVE-2010-1914, CVE-2010-2484
CERT: CB-K15/1514, CB-K13/0921, DFN-CERT-2013-1938, DFN-CERT-2013-1494, DFN-CERT-2012-0914, DFN-CERT-2012-0731, DFN-CERT-2012-0714, DFN-CERT-2012-0678, DFN-CERT-2012-0172, DFN-CERT-2012-0167, DFN-CERT-2012-0165, DFN-CERT-2012-0099, DFN-CERT-2011-1816, DFN-CERT-2011-1814, DFN-CERT-2011-1813, DFN-CERT-2011-1708, DFN-CERT-2011-1698, DFN-CERT-2011-1686, DFN-CERT-2011-1643, DFN-CERT-2011-1603, DFN-CERT-2011-1602, DFN-CERT-2011-1443, DFN-CERT-2011-1433, DFN-CERT-2011-1402, DFN-CERT-2011-1396, DFN-CERT-2011-1387, DFN-CERT-2011-1276, DFN-CERT-2011-1005, DFN-CERT-2011-0642, DFN-CERT-2010-1620, DFN-CERT-2010-1321, DFN-CERT-2010-1247, DFN-CERT-2010-1079, DFN-CERT-2010-0997, DFN-CERT-2010-0953
Other: http://www.ubuntu.com/usn/usn-1231-1/
USN:1231-1

general/tcp
High (CVSS: 7.5)
NVT: Ubuntu Update for pcre3 vulnerability USN-624-1 (OID: 1.3.6.1.4.1.25623.1.0.840351)
Summary

Ubuntu Update for Linux kernel vulnerabilities USN-624-1

Vulnerability Detection Result
Package libpcre3 version 7.4-1ubuntu2 is installed which is known to be vulnerable.
Solution

Solution type: VendorFix

Please Install the Updated Packages.

Affected Software/OS

pcre3 vulnerability on Ubuntu 6.06 LTS , Ubuntu 7.04 , Ubuntu 7.10 , Ubuntu 8.04 LTS

Vulnerability Insight

Tavis Ormandy discovered that the PCRE library did not correctly handle certain in-pattern options. An attacker could cause applications linked against pcre3 to crash, leading to a denial of service.

Vulnerability Detection Method

Details: Ubuntu Update for pcre3 vulnerability USN-624-1 (OID: 1.3.6.1.4.1.25623.1.0.840351)

Version used: $Revision: 7969 $

References

CVE: CVE-2008-2371
CERT: DFN-CERT-2009-1497
Other: http://www.ubuntu.com/usn/usn-624-1/
USN:624-1

general/tcp
High (CVSS: 7.5)
NVT: Adobe Flash Player Security Updates(apsb17-28)-Linux (OID: 1.3.6.1.4.1.25623.1.0.811682)
Summary

This host is installed with Adobe Flash Player and is prone to multiple vulnerabilities.

Vulnerability Detection Result
Installed version: 10.3.183.68
Fixed version:     27.0.0.130
Impact

Successful exploitation of this vulnerability will allow remote attackers to perform code execution.

Impact Level: System/Application

Solution

Solution type: VendorFix

Upgrade to Adobe Flash Player version 27.0.0.130 or later, For updates refer to http://get.adobe.com/flashplayer

Affected Software/OS

Adobe Flash Player version before 27.0.0.130 on Linux.

Vulnerability Insight

Multiple flaws exists due to memory corruption vulnerabilities.

Vulnerability Detection Method

Get the installed version with the help of detect NVT and check the version is vulnerable or not.

Details: Adobe Flash Player Security Updates(apsb17-28)-Linux (OID: 1.3.6.1.4.1.25623.1.0.811682)

Version used: $Revision: 8192 $

References

CVE: CVE-2017-11281, CVE-2017-11282
BID: 100710, 100716
CERT: CB-K17/1541, DFN-CERT-2017-1608
Other: https://helpx.adobe.com/security/products/flash-player/apsb17-28.html

general/tcp
High (CVSS: 7.5)
NVT: Ubuntu Update for php5 USN-1437-1 (OID: 1.3.6.1.4.1.25623.1.0.841002)
Summary

Ubuntu Update for Linux kernel vulnerabilities USN-1437-1

Vulnerability Detection Result
Package php5-cgi version 5.2.4-2ubuntu5 is installed which is known to be vulnerable.
Solution

Solution type: VendorFix

Please Install the Updated Packages.

Affected Software/OS

php5 on Ubuntu 12.04 LTS , Ubuntu 11.10 , Ubuntu 11.04 , Ubuntu 10.04 LTS , Ubuntu 8.04 LTS

Vulnerability Insight

It was discovered that PHP, when used as a stand alone CGI processor for the Apache Web Server, did not properly parse and filter query strings. This could allow a remote attacker to execute arbitrary code running with the privilege of the web server. Configurations using mod_php5 and FastCGI were not vulnerable.

This update addresses the issue when the PHP CGI interpreter is configured using mod_cgi and mod_actions as described in /usr/share/doc/php5-cgi/README.Debian.gz however, if an alternate configuration is used to enable PHP CGI processing, it should be reviewed to ensure that command line arguments cannot be passed to the PHP interpreter. Please see http://people.canonical.com/~ubuntu-security/cve/2012/CVE-2012-2311.html for more details and potential mitigation approaches.

Vulnerability Detection Method

Details: Ubuntu Update for php5 USN-1437-1 (OID: 1.3.6.1.4.1.25623.1.0.841002)

Version used: $Revision: 7960 $

References

CVE: CVE-2012-2311, CVE-2012-1823
CERT: DFN-CERT-2013-1494, DFN-CERT-2012-1276, DFN-CERT-2012-1268, DFN-CERT-2012-1267, DFN-CERT-2012-1266, DFN-CERT-2012-1173, DFN-CERT-2012-0994, DFN-CERT-2012-0993, DFN-CERT-2012-0992, DFN-CERT-2012-0920, DFN-CERT-2012-0915, DFN-CERT-2012-0914, DFN-CERT-2012-0913, DFN-CERT-2012-0907, DFN-CERT-2012-0906, DFN-CERT-2012-0900, DFN-CERT-2012-0880, DFN-CERT-2012-0878
Other: http://www.ubuntu.com/usn/usn-1437-1/
USN:1437-1

general/tcp
High (CVSS: 7.5)
NVT: Ubuntu Update for libpng USN-1367-1 (OID: 1.3.6.1.4.1.25623.1.0.840897)
Summary

Ubuntu Update for Linux kernel vulnerabilities USN-1367-1

Vulnerability Detection Result
Package libpng12-0 version 1.2.15~beta5-3 is installed which is known to be vulnerable.
Solution

Solution type: VendorFix

Please Install the Updated Packages.

Affected Software/OS

libpng on Ubuntu 11.04 , Ubuntu 10.10 , Ubuntu 10.04 LTS , Ubuntu 8.04 LTS

Vulnerability Insight

It was discovered that libpng did not properly verify the embedded profile length of iCCP chunks. An attacker could exploit this to cause a denial of service via application crash. This issue only affected Ubuntu 8.04 LTS. (CVE-2009-5063)

Jueri Aedla discovered that libpng did not properly verify the size used when allocating memory during chunk decompression. If a user or automated system using libpng were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service or execute code with the privileges of the user invoking the program. (CVE-2011-3026)

Vulnerability Detection Method

Details: Ubuntu Update for libpng USN-1367-1 (OID: 1.3.6.1.4.1.25623.1.0.840897)

Version used: $Revision: 7960 $

References

CVE: CVE-2009-5063, CVE-2011-3026
CERT: DFN-CERT-2012-1531, DFN-CERT-2012-0680, DFN-CERT-2012-0639, DFN-CERT-2012-0599, DFN-CERT-2012-0421, DFN-CERT-2012-0410, DFN-CERT-2012-0409, DFN-CERT-2012-0391, DFN-CERT-2012-0388, DFN-CERT-2012-0378, DFN-CERT-2012-0376, DFN-CERT-2012-0375, DFN-CERT-2012-0367, DFN-CERT-2012-0364, DFN-CERT-2012-0363, DFN-CERT-2012-0355, DFN-CERT-2012-0353, DFN-CERT-2012-0341, DFN-CERT-2012-0316, DFN-CERT-2012-0315, DFN-CERT-2012-0307, DFN-CERT-2012-0295, DFN-CERT-2012-0289
Other: http://www.ubuntu.com/usn/usn-1367-1/
USN:1367-1

general/tcp
High (CVSS: 7.5)
NVT: Ubuntu Update for php5 USN-1126-1 (OID: 1.3.6.1.4.1.25623.1.0.840646)
Summary

Ubuntu Update for Linux kernel vulnerabilities USN-1126-1

Vulnerability Detection Result
Package libapache2-mod-php5 version 5.2.4-2ubuntu5 is installed which is known to be vulnerable.
Solution

Solution type: VendorFix

Please Install the Updated Packages.

Affected Software/OS

php5 on Ubuntu 11.04 , Ubuntu 10.10 , Ubuntu 10.04 LTS , Ubuntu 9.10 , Ubuntu 8.04 LTS , Ubuntu 6.06 LTS

Vulnerability Insight

Stephane Chazelas discovered that the /etc/cron.d/php5 cron job for PHP 5.3.5 allows local users to delete arbitrary files via a symlink attack on a directory under /var/lib/php5/. (CVE-2011-0441)

Raphael Geisert and Dan Rosenberg discovered that the PEAR installer allows local users to overwrite arbitrary files via a symlink attack on the package.xml file, related to the (1) download_dir, (2) cache_dir, (3) tmp_dir, and (4) pear-build-download directories. (CVE-2011-1072, CVE-2011-1144) Ben Schmidt discovered that a use-after-free vulnerability in the PHP Zend engine could allow an attacker to cause a denial of service (heap memory corruption) or possibly execute arbitrary code. (CVE-2010-4697) Martin Barbella discovered a buffer overflow in the PHP GD extension that allows an attacker to cause a denial of service (application crash) via a large number of anti- aliasing steps in an argument to the imagepstext function. (CVE-2010-4698) It was discovered that PHP accepts the \0 character in a pathname, which might allow an attacker to bypass intended access restrictions by placing a safe file extension after this character. This issue is addressed in Ubuntu 10.04 LTS, Ubuntu 10.10, and Ubuntu 11.04. (CVE-2006-7243) Maksymilian Arciemowicz discovered that the grapheme_extract function in the PHP Internationalization extension (Intl) for ICU allow an attacker to cause a denial of service (crash) via an invalid size argument, which triggers a NULL pointer dereference. This issue affected Ubuntu 10.04 LTS, Ubuntu 10.10, and Ubuntu 11.04. (CVE-2011-0420) Maksymilian Arciemowicz discovered that the _zip_name_locate function in the PHP Zip extension does not properly handle a ZIPARCHIVE::FL_UNCHANGED argument, which might allow an attacker to cause a denial of service (NULL pointer dereference) via an empty ZIP archive. This issue affected Ubuntu 8.04 LTS, Ubuntu 9.10, Ubuntu 10.04 LTS, Ubuntu 10.10, and Ubuntu 11.04. (CVE-2011-0421) Luca Carettoni discovered that the PHP Exif extension performs an incorrect cast on 64bit platforms, which allows a remote attacker to cause a denial of service (application crash) via an image with a crafted Image File Directory (IFD). (CVE-2011-0708) Jose Carlos Norte discovered that an integer overflow in the PHP shmop extension could allow an attacker to cause a denial of service (crash) and possibly read sensitive memory function. (CVE-2011-1092) Felipe Pena discovered that ...

Description truncated, for more information please check the Reference URL

Vulnerability Detection Method

Details: Ubuntu Update for php5 USN-1126-1 (OID: 1.3.6.1.4.1.25623.1.0.840646)

Version used: $Revision: 7964 $

References

CVE: CVE-2011-0441, CVE-2011-1072, CVE-2011-1144, CVE-2010-4697, CVE-2010-4698, CVE-2006-7243, CVE-2011-0420, CVE-2011-0421, CVE-2011-0708, CVE-2011-1092, CVE-2011-1148, CVE-2011-1153, CVE-2011-1464, CVE-2011-1466, CVE-2011-1467, CVE-2011-1468, CVE-2011-1469, CVE-2011-1470, CVE-2011-1471
CERT: CB-K16/0944, CB-K15/0703, CB-K14/0323, CB-K13/0712, DFN-CERT-2016-1004, DFN-CERT-2015-0732, DFN-CERT-2014-0336, DFN-CERT-2013-1713, DFN-CERT-2013-1494, DFN-CERT-2012-0914, DFN-CERT-2012-0731, DFN-CERT-2012-0714, DFN-CERT-2012-0586, DFN-CERT-2012-0268, DFN-CERT-2012-0210, DFN-CERT-2012-0165, DFN-CERT-2012-0099, DFN-CERT-2011-1924, DFN-CERT-2011-1851, DFN-CERT-2011-1698, DFN-CERT-2011-1686, DFN-CERT-2011-1443, DFN-CERT-2011-1433, DFN-CERT-2011-1402, DFN-CERT-2011-1396, DFN-CERT-2011-1387, DFN-CERT-2011-1005, DFN-CERT-2011-0807, DFN-CERT-2011-0771, DFN-CERT-2011-0530, DFN-CERT-2011-0520, DFN-CERT-2011-0518, DFN-CERT-2011-0517, DFN-CERT-2011-0515, DFN-CERT-2011-0445, DFN-CERT-2011-0444, DFN-CERT-2011-0442, DFN-CERT-2011-0441, DFN-CERT-2011-0432, DFN-CERT-2011-0402, DFN-CERT-2011-0013, DFN-CERT-2011-0012, DFN-CERT-2011-0011, DFN-CERT-2010-1729
Other: http://www.ubuntu.com/usn/usn-1126-1/
USN:1126-1

general/tcp
High (CVSS: 7.5)
NVT: Ubuntu Update for php5 USN-1481-1 (OID: 1.3.6.1.4.1.25623.1.0.841052)
Summary

Ubuntu Update for Linux kernel vulnerabilities USN-1481-1

Vulnerability Detection Result
Package php5 version 5.2.4-2ubuntu5 is installed which is known to be vulnerable.
Solution

Solution type: VendorFix

Please Install the Updated Packages.

Affected Software/OS

php5 on Ubuntu 12.04 LTS , Ubuntu 11.10 , Ubuntu 11.04 , Ubuntu 10.04 LTS , Ubuntu 8.04 LTS

Vulnerability Insight

It was discovered that PHP incorrectly handled certain Tidy::diagnose operations on invalid objects. A remote attacker could use this flaw to cause PHP to crash, leading to a denial of service. (CVE-2012-0781)

It was discovered that PHP incorrectly handled certain multi-file upload filenames. A remote attacker could use this flaw to cause a denial of service, or to perform a directory traversal attack. (CVE-2012-1172)

Rubin Xu and Joseph Bonneau discovered that PHP incorrectly handled certain Unicode characters in passwords passed to the crypt() function. A remote attacker could possibly use this flaw to bypass authentication. (CVE-2012-2143)

It was discovered that a Debian/Ubuntu specific patch caused PHP to incorrectly handle empty salt strings. A remote attacker could possibly use this flaw to bypass authentication. This issue only affected Ubuntu 10.04 LTS and Ubuntu 11.04. (CVE-2012-2317)

It was discovered that PHP, when used as a stand alone CGI processor for the Apache Web Server, did not properly parse and filter query strings. This could allow a remote attacker to execute arbitrary code running with the privilege of the web server, or to perform a denial of service. Configurations using mod_php5 and FastCGI were not vulnerable. (CVE-2012-2335, CVE-2012-2336)

Alexander Gavrun discovered that the PHP Phar extension incorrectly handled certain malformed TAR files. A remote attacker could use this flaw to perform a denial of service, or possibly execute arbitrary code. (CVE-2012-2386)

Vulnerability Detection Method

Details: Ubuntu Update for php5 USN-1481-1 (OID: 1.3.6.1.4.1.25623.1.0.841052)

Version used: $Revision: 8671 $

References

CVE: CVE-2012-0781, CVE-2012-1172, CVE-2012-2143, CVE-2012-2317, CVE-2012-2335, CVE-2012-2336, CVE-2012-2386
CERT: CB-K15/1514, DFN-CERT-2013-1494, DFN-CERT-2012-1922, DFN-CERT-2012-1917, DFN-CERT-2012-1878, DFN-CERT-2012-1446, DFN-CERT-2012-1316, DFN-CERT-2012-1302, DFN-CERT-2012-1289, DFN-CERT-2012-1288, DFN-CERT-2012-1287, DFN-CERT-2012-1280, DFN-CERT-2012-1279, DFN-CERT-2012-1268, DFN-CERT-2012-1267, DFN-CERT-2012-1266, DFN-CERT-2012-1243, DFN-CERT-2012-1242, DFN-CERT-2012-1173, DFN-CERT-2012-1162, DFN-CERT-2012-1159, DFN-CERT-2012-1148, DFN-CERT-2012-1107, DFN-CERT-2012-1101, DFN-CERT-2012-1100, DFN-CERT-2012-1067, DFN-CERT-2012-1035, DFN-CERT-2012-0914, DFN-CERT-2012-0913, DFN-CERT-2012-0907, DFN-CERT-2012-0906, DFN-CERT-2012-0900, DFN-CERT-2012-0870, DFN-CERT-2012-0869, DFN-CERT-2012-0866, DFN-CERT-2012-0813, DFN-CERT-2012-0773, DFN-CERT-2012-0714, DFN-CERT-2012-0586, DFN-CERT-2012-0538, DFN-CERT-2012-0268
Other: http://www.ubuntu.com/usn/usn-1481-1/
USN:1481-1

general/tcp
High (CVSS: 7.5)
NVT: Ubuntu USN-730-1 (libpng) (OID: 1.3.6.1.4.1.25623.1.0.63513)
Summary

The remote host is missing an update to libpng announced via advisory USN-730-1.

Vulnerability Detection Result
Package libpng12-0 version 1.2.15~beta5-3 is installed which is known to be vulnerable.
Solution

Solution type: VendorFix

The problem can be corrected by upgrading your system to the following package versions:

Ubuntu 6.06 LTS: libpng12-0 1.2.8rel-5ubuntu0.4

Ubuntu 7.10: libpng12-0 1.2.15~beta5-2ubuntu0.2

Ubuntu 8.04 LTS: libpng12-0 1.2.15~beta5-3ubuntu0.1

Ubuntu 8.10: libpng12-0 1.2.27-1ubuntu0.1

After a standard system upgrade you need to reboot your computer to effect the necessary changes.

https://secure1.securityspace.com/smysecure/catid.html?in=USN-730-1

Vulnerability Insight

It was discovered that libpng did not properly perform bounds checking in certain operations. An attacker could send a specially crafted PNG image and cause a denial of service in applications linked against libpng. This issue only affected Ubuntu 8.04 LTS. (CVE-2007-5268, CVE-2007-5269)

Tavis Ormandy discovered that libpng did not properly initialize memory. If a user or automated system were tricked into opening a crafted PNG image, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program. This issue did not affect Ubuntu 8.10. (CVE-2008-1382)

Harald van Dijk discovered an off-by-one error in libpng. An attacker could could cause an application crash in programs using pngtest. (CVE-2008-3964)

It was discovered that libpng did not properly NULL terminate a keyword string. An attacker could exploit this to set arbitrary memory locations to zero. (CVE-2008-5907)

Glenn Randers-Pehrson discovered that libpng did not properly initialize pointers. If a user or automated system were tricked into opening a crafted PNG file, an attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2009-0040)

Vulnerability Detection Method

Details: Ubuntu USN-730-1 (libpng) (OID: 1.3.6.1.4.1.25623.1.0.63513)

Version used: $Revision: 7969 $

References

CVE: CVE-2007-5268, CVE-2007-5269, CVE-2008-1382, CVE-2008-3964, CVE-2008-5907, CVE-2009-0040
CERT: DFN-CERT-2012-0627, DFN-CERT-2009-1170
Other: http://www.ubuntu.com/usn/usn-730-1/

general/tcp
High (CVSS: 7.5)
NVT: Adobe Flash Player Multiple Vulnerabilities-01 July14 (Linux) (OID: 1.3.6.1.4.1.25623.1.0.804716)
Summary

This host is installed with Adobe Flash Player and is prone to multiple vulnerabilities.

Vulnerability Detection Result

Vulnerability was detected according to the Vulnerability Detection Method.

Impact

Successful exploitation will allow attackers to bypass certain security restrictions.

Impact Level: System/Application

Solution

Solution type: VendorFix

Update to Adobe Flash Player version 11.2.202.394 or later, For updates refer to http://get.adobe.com/flashplayer

Affected Software/OS

Adobe Flash Player version before 11.2.202.394 on Linux.

Vulnerability Insight

Multiple Flaws are due to, - An error when handling JSONP callbacks. - Multiple Unspecified error.

Vulnerability Detection Method

Get the installed version with the help of detect NVT and check the version is vulnerable or not.

Details: Adobe Flash Player Multiple Vulnerabilities-01 July14 (Linux) (OID: 1.3.6.1.4.1.25623.1.0.804716)

Version used: $Revision: 6692 $

References

CVE: CVE-2014-4671, CVE-2014-0539, CVE-2014-0537
BID: 68457, 68454, 68455
CERT: CB-K15/0814, CB-K14/0843, DFN-CERT-2015-0855, DFN-CERT-2014-0879
Other: http://secunia.com/advisories/59774
http://helpx.adobe.com/security/products/flash-player/apsb14-17.html

general/tcp
High (CVSS: 7.5)
NVT: Ubuntu Update for Firefox and Xulrunner vulnerabilities USN-1091-1 (OID: 1.3.6.1.4.1.25623.1.0.840617)
Summary

Ubuntu Update for Linux kernel vulnerabilities USN-1091-1

Vulnerability Detection Result
Package firefox-gnome-support version 3.0~b5+nobinonly-0ubuntu3 is installed which is known to be vulnerable.
Solution

Solution type: VendorFix

Please Install the Updated Packages.

Affected Software/OS

Firefox and Xulrunner vulnerabilities on Ubuntu 8.04 LTS , Ubuntu 9.10 , Ubuntu 10.04 LTS , Ubuntu 10.10

Vulnerability Insight

It was discovered that several invalid HTTPS certificates were issued and revoked. An attacker could use these to perform a man-in-the-middle attack. These were placed on the certificate blacklist to prevent their misuse.

Vulnerability Detection Method

Details: Ubuntu Update for Firefox and Xulrunner vulnerabilities USN-1091-1 (OID: 1.3.6.1.4.1.25623.1.0.840617)

Version used: $Revision: 7964 $

References

Other: http://www.ubuntu.com/usn/usn-1091-1/
USN:1091-1

general/tcp
High (CVSS: 7.5)
NVT: Ubuntu Update for tiff USN-1498-1 (OID: 1.3.6.1.4.1.25623.1.0.841073)
Summary

Ubuntu Update for Linux kernel vulnerabilities USN-1498-1

Vulnerability Detection Result
Package libtiff4 version 3.8.2-7ubuntu3 is installed which is known to be vulnerable.
Solution

Solution type: VendorFix

Please Install the Updated Packages.

Affected Software/OS

tiff on Ubuntu 12.04 LTS , Ubuntu 11.10 , Ubuntu 11.04 , Ubuntu 10.04 LTS , Ubuntu 8.04 LTS

Vulnerability Insight

It was discovered that the TIFF library incorrectly handled certain malformed TIFF images. If a user or automated system were tricked into opening a specially crafted TIFF image, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges. (CVE-2012-2088)

It was discovered that the tiff2pdf utility incorrectly handled certain malformed TIFF images. If a user or automated system were tricked into opening a specially crafted TIFF image, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges. (CVE-2012-2113)

Vulnerability Detection Method

Details: Ubuntu Update for tiff USN-1498-1 (OID: 1.3.6.1.4.1.25623.1.0.841073)

Version used: $Revision: 8649 $

References

CVE: CVE-2012-2088, CVE-2012-2113
CERT: CB-K14/0283, CB-K13/0930, DFN-CERT-2014-0292, DFN-CERT-2013-1950, DFN-CERT-2012-1879, DFN-CERT-2012-1635, DFN-CERT-2012-1412, DFN-CERT-2012-1365, DFN-CERT-2012-1314, DFN-CERT-2012-1304, DFN-CERT-2012-1296
Other: http://www.ubuntu.com/usn/usn-1498-1/
USN:1498-1

general/tcp
High (CVSS: 7.5)
NVT: Ubuntu Update for libxslt vulnerabilities USN-633-1 (OID: 1.3.6.1.4.1.25623.1.0.840252)
Summary

Ubuntu Update for Linux kernel vulnerabilities USN-633-1

Vulnerability Detection Result
Package libxslt1.1 version 1.1.22-1ubuntu1 is installed which is known to be vulnerable.
Solution

Solution type: VendorFix

Please Install the Updated Packages.

Affected Software/OS

libxslt vulnerabilities on Ubuntu 6.06 LTS , Ubuntu 7.04 , Ubuntu 7.10 , Ubuntu 8.04 LTS

Vulnerability Insight

It was discovered that long transformation matches in libxslt could overflow. If an attacker were able to make an application linked against libxslt process malicious XSL style sheet input, they could execute arbitrary code with user privileges or cause the application to crash, leading to a denial of serivce. (CVE-2008-1767)

Chris Evans discovered that the RC4 processing code in libxslt did not correctly handle corrupted key information. If a remote attacker were able to make an application linked against libxslt process malicious XML input, they could crash the application, leading to a denial of service. (CVE-2008-2935)

Vulnerability Detection Method

Details: Ubuntu Update for libxslt vulnerabilities USN-633-1 (OID: 1.3.6.1.4.1.25623.1.0.840252)

Version used: $Revision: 7969 $

References

CVE: CVE-2008-1767, CVE-2008-2935
CERT: DFN-CERT-2011-0623
Other: http://www.ubuntu.com/usn/usn-633-1/
USN:633-1

general/tcp
High (CVSS: 7.5)
NVT: Ubuntu Update for samba vulnerability USN-987-1 (OID: 1.3.6.1.4.1.25623.1.0.840498)
Summary

Ubuntu Update for Linux kernel vulnerabilities USN-987-1

Vulnerability Detection Result
Package libsmbclient version 3.0.28a-1ubuntu4 is installed which is known to be vulnerable.
Solution

Solution type: VendorFix

Please Install the Updated Packages.

Affected Software/OS

samba vulnerability on Ubuntu 6.06 LTS , Ubuntu 8.04 LTS , Ubuntu 9.04 , Ubuntu 9.10 , Ubuntu 10.04 LTS

Vulnerability Insight

Andrew Bartlett discovered that Samba did not correctly validate the length when parsing SIDs. A remote attacker could send a specially crafted request to the server and cause a denial of service, or possibly execute arbitrary code with the privileges of the Samba service (smbd).

The default compiler options for Ubuntu 8.04 LTS and newer should reduce the vulnerability to a denial of service.

Vulnerability Detection Method

Details: Ubuntu Update for samba vulnerability USN-987-1 (OID: 1.3.6.1.4.1.25623.1.0.840498)

Version used: $Revision: 8314 $

References

CVE: CVE-2010-3069
CERT: DFN-CERT-2012-0462, DFN-CERT-2011-0962, DFN-CERT-2011-0321, DFN-CERT-2011-0046, DFN-CERT-2010-1650, DFN-CERT-2010-1543, DFN-CERT-2010-1424, DFN-CERT-2010-1321, DFN-CERT-2010-1232, DFN-CERT-2010-1230, DFN-CERT-2010-1220, DFN-CERT-2010-1219, DFN-CERT-2010-1218
Other: http://www.ubuntu.com/usn/usn-987-1/
USN:987-1

general/tcp
High (CVSS: 7.5)
NVT: Ubuntu Update for freetype vulnerabilities USN-643-1 (OID: 1.3.6.1.4.1.25623.1.0.840299)
Summary

Ubuntu Update for Linux kernel vulnerabilities USN-643-1

Vulnerability Detection Result
Package libfreetype6 version 2.3.5-1ubuntu4 is installed which is known to be vulnerable.
Solution

Solution type: VendorFix

Please Install the Updated Packages.

Affected Software/OS

freetype vulnerabilities on Ubuntu 6.06 LTS , Ubuntu 7.04 , Ubuntu 7.10 , Ubuntu 8.04 LTS

Vulnerability Insight

Multiple flaws were discovered in the PFB and TTF font handling code in freetype. If a user were tricked into using a specially crafted font file, a remote attacker could execute arbitrary code with user privileges or cause the application linked against freetype to crash, leading to a denial of service.

Vulnerability Detection Method

Details: Ubuntu Update for freetype vulnerabilities USN-643-1 (OID: 1.3.6.1.4.1.25623.1.0.840299)

Version used: $Revision: 7969 $

References

CVE: CVE-2008-1806, CVE-2008-1807, CVE-2008-1808
Other: http://www.ubuntu.com/usn/usn-643-1/
USN:643-1

general/tcp
High (CVSS: 7.5)
NVT: Ubuntu USN-790-1 (cyrus-sasl2) (OID: 1.3.6.1.4.1.25623.1.0.64319)
Summary

The remote host is missing an update to cyrus-sasl2 announced via advisory USN-790-1.

Vulnerability Detection Result
Package libsasl2-2 version 2.1.22.dfsg1-18ubuntu2 is installed which is known to be vulnerable.
Package libsasl2-modules version 2.1.22.dfsg1-18ubuntu2 is installed which is known to be vulnerable.
Solution

Solution type: VendorFix

The problem can be corrected by upgrading your system to the following package versions:

Ubuntu 6.06 LTS: libsasl2 2.1.19.dfsg1-0.1ubuntu3.1

Ubuntu 8.04 LTS: libsasl2-2 2.1.22.dfsg1-18ubuntu2.1

Ubuntu 8.10: libsasl2-2 2.1.22.dfsg1-21ubuntu2.1

Ubuntu 9.04: libsasl2-2 2.1.22.dfsg1-23ubuntu3.1

After a standard system upgrade you need to restart services using SASL to effect the necessary changes.

https://secure1.securityspace.com/smysecure/catid.html?in=USN-790-1

Vulnerability Insight

James Ralston discovered that the Cyrus SASL base64 encoding function could be used unsafely. If a remote attacker sent a specially crafted request to a service that used SASL, it could lead to a loss of privacy, or crash the application, resulting in a denial of service.

Vulnerability Detection Method

Details: Ubuntu USN-790-1 (cyrus-sasl2) (OID: 1.3.6.1.4.1.25623.1.0.64319)

Version used: $Revision: 7969 $

References

CVE: CVE-2009-0688
CERT: DFN-CERT-2010-0530, DFN-CERT-2009-0658
Other: http://www.ubuntu.com/usn/usn-790-1/

general/tcp
High (CVSS: 7.5)
NVT: Evolution Data Server Multiple Integer Overflow Vulnerabilities (OID: 1.3.6.1.4.1.25623.1.0.800254)
Summary

This host is installed with Evolution Data Server and is prone to multiple integer overflow vulnerabilities.

Vulnerability Detection Result
Installed version: 2.22.1
Fixed version:     2.26
Impact

Successful exploitation will let the attacker execute arbitrary codes through long string that is converted to a base64 representation and can cause a client crash via NTLM authentication type 2 packet with a length value that exceeds the amount of packet data.

Solution

Solution type: VendorFix

Upgrade to latest version 2.26 http://projects.gnome.org/evolution/download.shtml

Affected Software/OS

Evolution Data Server version 2.24.5 and prior. Evolution Data Server version in range 2.25.x to 2.25.92

Vulnerability Insight

- bug in Camel library while processing NTLM SASL packets. - bug in glib library while encoding and decoding Base64 data.

Vulnerability Detection Method

Details: Evolution Data Server Multiple Integer Overflow Vulnerabilities (OID: 1.3.6.1.4.1.25623.1.0.800254)

Version used: $Revision: 4865 $

References

CVE: CVE-2009-0582, CVE-2009-0587
BID: 34109, 34100
CERT: DFN-CERT-2010-0705
Other: http://secunia.com/advisories/34286
http://securitytracker.com/id?1021845
http://openwall.com/lists/oss-security/2009/03/12/2
http://mail.gnome.org/archives/release-team/2009-March/msg00096.html

general/tcp
High (CVSS: 7.5)
NVT: Ubuntu USN-809-1 (gnutls26) (OID: 1.3.6.1.4.1.25623.1.0.64775)
Summary

The remote host is missing an update to gnutls26 announced via advisory USN-809-1.

Vulnerability Detection Result
Package libgnutls13 version 2.0.4-1ubuntu2 is installed which is known to be vulnerable.
Solution

Solution type: VendorFix

The problem can be corrected by upgrading your system to the following package versions:

Ubuntu 6.06 LTS: libgnutls12 1.2.9-2ubuntu1.7

Ubuntu 8.04 LTS: libgnutls13 2.0.4-1ubuntu2.6

Ubuntu 8.10: libgnutls26 2.4.1-1ubuntu0.4

Ubuntu 9.04: libgnutls26 2.4.2-6ubuntu0.1

In general, a standard system upgrade is sufficient to effect the necessary changes.

https://secure1.securityspace.com/smysecure/catid.html?in=USN-809-1

Vulnerability Insight

Moxie Marlinspike and Dan Kaminsky independently discovered that GnuTLS did not properly handle certificates with NULL characters in the certificate name. An attacker could exploit this to perform a man in the middle attack to view sensitive information or alter encrypted communications. (CVE-2009-2730)

Dan Kaminsky discovered GnuTLS would still accept certificates with MD2 hash signatures. As a result, an attacker could potentially create a malicious trusted certificate to impersonate another site. This issue only affected Ubuntu 6.06 LTS and Ubuntu 8.10. (CVE-2009-2409)

USN-678-1 fixed a vulnerability and USN-678-2 a regression in GnuTLS. The upstream patches introduced a regression when validating certain certificate chains that would report valid certificates as untrusted. This update fixes the problem, and only affected Ubuntu 6.06 LTS and Ubuntu 8.10 (Ubuntu 8.04 LTS and 9.04 were fixed at an earlier date). In an effort to maintain a strong security stance and address all known regressions, this update deprecates X.509 validation chains using MD2 and MD5 signatures. To accommodate sites which must still use a deprected RSA-MD5 certificate, GnuTLS has been updated to stop looking when it has found a trusted intermediary certificate. This new handling of intermediary certificates is in accordance with other SSL implementations.

Original advisory details:

Martin von Gagern discovered that GnuTLS did not properly verify certificate chains when the last certificate in the chain was self-signed. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to view sensitive information. (CVE-2008-4989)

Vulnerability Detection Method

Details: Ubuntu USN-809-1 (gnutls26) (OID: 1.3.6.1.4.1.25623.1.0.64775)

Version used: $Revision: 7969 $

References

CVE: CVE-2009-2409, CVE-2009-2730, CVE-2008-4989
CERT: CB-K14/1259, DFN-CERT-2014-1324, DFN-CERT-2012-0627, DFN-CERT-2011-0321, DFN-CERT-2010-1650, DFN-CERT-2010-1293, DFN-CERT-2010-0720, DFN-CERT-2010-0603, DFN-CERT-2010-0413, DFN-CERT-2010-0410, DFN-CERT-2010-0218, DFN-CERT-2010-0111, DFN-CERT-2010-0014, DFN-CERT-2009-1701, DFN-CERT-2009-1699, DFN-CERT-2009-1625, DFN-CERT-2009-1620, DFN-CERT-2009-1616, DFN-CERT-2009-1598, DFN-CERT-2009-1597, DFN-CERT-2009-1405, DFN-CERT-2009-1367, DFN-CERT-2009-1325, DFN-CERT-2009-1318, DFN-CERT-2009-1317, DFN-CERT-2009-1305, DFN-CERT-2009-1297, DFN-CERT-2009-1275, DFN-CERT-2009-1230, DFN-CERT-2009-1206, DFN-CERT-2009-1205, DFN-CERT-2009-1184, DFN-CERT-2009-1168, DFN-CERT-2009-1123, DFN-CERT-2009-1087, DFN-CERT-2009-1041
Other: http://www.ubuntu.com/usn/usn-809-1/

general/tcp
High (CVSS: 7.5)
NVT: Ubuntu Update for php5 USN-1358-2 (OID: 1.3.6.1.4.1.25623.1.0.840895)
Summary

Ubuntu Update for Linux kernel vulnerabilities USN-1358-2

Vulnerability Detection Result
Package libapache2-mod-php5 version 5.2.4-2ubuntu5 is installed which is known to be vulnerable.
Solution

Solution type: VendorFix

Please Install the Updated Packages.

Affected Software/OS

php5 on Ubuntu 11.04 , Ubuntu 10.10 , Ubuntu 10.04 LTS , Ubuntu 8.04 LTS

Vulnerability Insight

USN 1358-1 fixed multiple vulnerabilities in PHP. The fix for CVE-2012-0831 introduced a regression where the state of the magic_quotes_gpc setting was not correctly reflected when calling the ini_get() function.

We apologize for the inconvenience.

Original advisory details:

It was discovered that PHP computed hash values for form parameters without restricting the ability to trigger hash collisions predictably. This could allow a remote attacker to cause a denial of service by sending many crafted parameters. (CVE-2011-4885)

ATTENTION: this update changes previous PHP behavior by limiting the number of external input variables to 1000. This may be increased by adding a &quot max_input_vars&quot

directive to the php.ini configuration file. See http://www.php.net/manual/en/info.configuration.php#ini.max-input-vars for more information.

Stefan Esser discovered that the fix to address the predictable hash collision issue, CVE-2011-4885, did not properly handle the situation where the limit was reached. This could allow a remote attacker to cause a denial of service or execute arbitrary code via a request containing a large number of variables. (CVE-2012-0830)

It was discovered that PHP did not always check the return value of the zend_strndup function. This could allow a remote attacker to cause a denial of service. (CVE-2011-4153)

It was discovered that PHP did not properly enforce libxslt security settings. This could allow a remote attacker to create arbitrary files via a crafted XSLT stylesheet that uses the libxslt output extension. (CVE-2012-0057)

It was discovered that PHP did not properly enforce that PDORow objects could not be serialized and not be saved in a session. A remote attacker could use this to cause a denial of service via an application crash. (CVE-2012-0788)

It was discovered that PHP allowed the magic_quotes_gpc setting to be disabled remotely. This could allow a remote attacker to bypass restrictions that could prevent an SQL injection. (CVE-2012-0831)

USN 1126-1 addressed an issue where the /etc/cron.d/php5 cron job for PHP allowed local users to delete arbitrary files via a symlink attack on a directory under /var/lib/php5/. Emese Revfy discovered that the fix had not been applied to PHP for Ubuntu 10.04 LTS. This update corrects the issue. We apologize for the error. (CVE-2011-0441)

Vulnerability Detection Method

Details: Ubuntu Update for php5 USN-1358-2 (OID: 1.3.6.1.4.1.25623.1.0.840895)

Version used: $Revision: 8649 $

References

CVE: CVE-2012-0831, CVE-2011-4885, CVE-2012-0830, CVE-2011-4153, CVE-2012-0057, CVE-2012-0788, CVE-2011-0441
CERT: CB-K13/0712, DFN-CERT-2013-1713, DFN-CERT-2013-1494, DFN-CERT-2013-0357, DFN-CERT-2012-1276, DFN-CERT-2012-1268, DFN-CERT-2012-1267, DFN-CERT-2012-1266, DFN-CERT-2012-1173, DFN-CERT-2012-0914, DFN-CERT-2012-0870, DFN-CERT-2012-0869, DFN-CERT-2012-0813, DFN-CERT-2012-0714, DFN-CERT-2012-0641, DFN-CERT-2012-0586, DFN-CERT-2012-0538, DFN-CERT-2012-0268, DFN-CERT-2012-0267, DFN-CERT-2012-0266, DFN-CERT-2012-0265, DFN-CERT-2012-0214, DFN-CERT-2012-0213, DFN-CERT-2012-0211, DFN-CERT-2012-0210, DFN-CERT-2012-0197, DFN-CERT-2012-0196, DFN-CERT-2012-0195, DFN-CERT-2012-0172, DFN-CERT-2012-0167, DFN-CERT-2012-0165, DFN-CERT-2012-0149, DFN-CERT-2012-0130, DFN-CERT-2012-0111, DFN-CERT-2012-0099, DFN-CERT-2012-0070, DFN-CERT-2012-0003, DFN-CERT-2011-0530, DFN-CERT-2011-0402
Other: http://www.ubuntu.com/usn/usn-1358-2/
USN:1358-2

general/tcp
High (CVSS: 7.5)
NVT: Ubuntu USN-831-1 (openexr) (OID: 1.3.6.1.4.1.25623.1.0.64891)
Summary

The remote host is missing an update to openexr announced via advisory USN-831-1.

Vulnerability Detection Result
Package libopenexr2ldbl version 1.2.2-4.4ubuntu1 is installed which is known to be vulnerable.
Solution

Solution type: VendorFix

The problem can be corrected by upgrading your system to the following package versions:

Ubuntu 8.04 LTS: libopenexr2ldbl 1.2.2-4.4ubuntu1.1

Ubuntu 8.10: libopenexr6 1.6.1-3ubuntu1.8.10.1

Ubuntu 9.04: libopenexr6 1.6.1-3ubuntu1.9.04.1

In general, a standard system upgrade is sufficient to effect the necessary changes.

https://secure1.securityspace.com/smysecure/catid.html?in=USN-831-1

Vulnerability Insight

Drew Yao discovered several flaws in the way OpenEXR handled certain malformed EXR image files. If a user were tricked into opening a crafted EXR image file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2009-1720, CVE-2009-1721)

It was discovered that OpenEXR did not properly handle certain malformed EXR image files. If a user were tricked into opening a crafted EXR image file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program. This issue only affected Ubuntu 8.04 LTS. (CVE-2009-1722)

Vulnerability Detection Method

Details: Ubuntu USN-831-1 (openexr) (OID: 1.3.6.1.4.1.25623.1.0.64891)

Version used: $Revision: 7969 $

References

CVE: CVE-2009-1720, CVE-2009-1721, CVE-2009-1722
CERT: DFN-CERT-2009-1231, DFN-CERT-2009-1040, DFN-CERT-2009-1039
Other: http://www.ubuntu.com/usn/usn-831-1/

general/tcp
High (CVSS: 7.5)
NVT: Ubuntu Update for perl USN-1770-1 (OID: 1.3.6.1.4.1.25623.1.0.841369)
Summary

Check for the Version of perl

Vulnerability Detection Result
Package perl version 5.8.8-12 is installed which is known to be vulnerable.
Solution

Solution type: VendorFix

Please Install the Updated Packages.

Affected Software/OS

perl on Ubuntu 12.10 , Ubuntu 12.04 LTS , Ubuntu 11.10 , Ubuntu 10.04 LTS , Ubuntu 8.04 LTS

Vulnerability Insight

Yves Orton discovered that Perl incorrectly handled hashing when using user-provided hash keys. An attacker could use this flaw to perform a denial of service attack against software written in Perl.

Vulnerability Detection Method

Details: Ubuntu Update for perl USN-1770-1 (OID: 1.3.6.1.4.1.25623.1.0.841369)

Version used: $Revision: 8456 $

References

CVE: CVE-2013-1667
CERT: CB-K16/1107, CB-K16/0564, CB-K15/1514, CB-K13/0845, DFN-CERT-2016-1174, DFN-CERT-2013-1847, DFN-CERT-2013-0872, DFN-CERT-2013-0668, DFN-CERT-2013-0648, DFN-CERT-2013-0628, DFN-CERT-2013-0617, DFN-CERT-2013-0611, DFN-CERT-2013-0560, DFN-CERT-2013-0559, DFN-CERT-2013-0517
Other: http://www.ubuntu.com/usn/usn-1770-1/
USN:1770-1

general/tcp
High (CVSS: 7.5)
NVT: Ubuntu Update for libpng vulnerabilities USN-960-1 (OID: 1.3.6.1.4.1.25623.1.0.840456)
Summary

Ubuntu Update for Linux kernel vulnerabilities USN-960-1

Vulnerability Detection Result
Package libpng12-0 version 1.2.15~beta5-3 is installed which is known to be vulnerable.
Solution

Solution type: VendorFix

Please Install the Updated Packages.

Affected Software/OS

libpng vulnerabilities on Ubuntu 6.06 LTS , Ubuntu 8.04 LTS , Ubuntu 9.04 , Ubuntu 9.10 , Ubuntu 10.04 LTS

Vulnerability Insight

It was discovered that libpng did not properly handle certain malformed PNG images. If a user or automated system were tricked into opening a crafted PNG file, an attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2010-1205)

It was discovered that libpng did not properly handle certain malformed PNG images. If a user or automated system were tricked into processing a crafted PNG image, an attacker could possibly use this flaw to consume all available resources, resulting in a denial of service. (CVE-2010-2249)

Vulnerability Detection Method

Details: Ubuntu Update for libpng vulnerabilities USN-960-1 (OID: 1.3.6.1.4.1.25623.1.0.840456)

Version used: $Revision: 8438 $

References

CVE: CVE-2010-1205, CVE-2010-2249
CERT: DFN-CERT-2011-0409, DFN-CERT-2010-1271, DFN-CERT-2010-1247, DFN-CERT-2010-1142, DFN-CERT-2010-0965, DFN-CERT-2010-0952, DFN-CERT-2010-0942, DFN-CERT-2010-0934, DFN-CERT-2010-0933, DFN-CERT-2010-0932, DFN-CERT-2010-0928, DFN-CERT-2010-0927, DFN-CERT-2010-0925, DFN-CERT-2010-0921, DFN-CERT-2010-0916, DFN-CERT-2010-0908, DFN-CERT-2010-0904, DFN-CERT-2010-0853, DFN-CERT-2010-0846
Other: http://www.ubuntu.com/usn/usn-960-1/
USN:960-1

general/tcp
High (CVSS: 7.5)
NVT: Ubuntu Update for libexif USN-1513-1 (OID: 1.3.6.1.4.1.25623.1.0.841092)
Summary

Ubuntu Update for Linux kernel vulnerabilities USN-1513-1

Vulnerability Detection Result
Package libexif12 version 0.6.16-2.1 is installed which is known to be vulnerable.
Solution

Solution type: VendorFix

Please Install the Updated Packages.

Affected Software/OS

libexif on Ubuntu 12.04 LTS , Ubuntu 11.10 , Ubuntu 11.04 , Ubuntu 10.04 LTS , Ubuntu 8.04 LTS

Vulnerability Insight

Mateusz Jurczyk discovered that libexif incorrectly parsed certain malformed EXIF tags. If a user or automated system were tricked into processing a specially crafted image file, an attacker could cause libexif to crash, leading to a denial of service, or possibly obtain sensitive information. (CVE-2012-2812, CVE-2012-2813)

Mateusz Jurczyk discovered that libexif incorrectly parsed certain malformed EXIF tags. If a user or automated system were tricked into processing a specially crafted image file, an attacker could cause libexif to crash, leading to a denial of service, or possibly execute arbitrary code. (CVE-2012-2814)

Yunho Kim discovered that libexif incorrectly parsed certain malformed EXIF tags. If a user or automated system were tricked into processing a specially crafted image file, an attacker could cause libexif to crash, leading to a denial of service, or possibly obtain sensitive information. (CVE-2012-2836)

Yunho Kim discovered that libexif incorrectly parsed certain malformed EXIF tags. If a user or automated system were tricked into processing a specially crafted image file, an attacker could cause libexif to crash, leading to a denial of service. (CVE-2012-2837)

Dan Fandrich discovered that libexif incorrectly parsed certain malformed EXIF tags. If a user or automated system were tricked into processing a specially crafted image file, an attacker could cause libexif to crash, leading to a denial of service, or possibly execute arbitrary code. (CVE-2012-2840, CVE-2012-2841)

Vulnerability Detection Method

Details: Ubuntu Update for libexif USN-1513-1 (OID: 1.3.6.1.4.1.25623.1.0.841092)

Version used: $Revision: 8649 $

References

CVE: CVE-2012-2812, CVE-2012-2813, CVE-2012-2814, CVE-2012-2836, CVE-2012-2837, CVE-2012-2840, CVE-2012-2841
CERT: DFN-CERT-2013-1307, DFN-CERT-2013-0244, DFN-CERT-2012-1993, DFN-CERT-2012-1978, DFN-CERT-2012-1752, DFN-CERT-2012-1429, DFN-CERT-2012-1421, DFN-CERT-2012-1420, DFN-CERT-2012-1364
Other: http://www.ubuntu.com/usn/usn-1513-1/
USN:1513-1

general/tcp
High (CVSS: 7.5)
NVT: Wireshark Multiple Buffer Overflow Vulnerabilities (Linux) (OID: 1.3.6.1.4.1.25623.1.0.800289)
Summary

This host is installed with Wireshark and is prone to multiple Buffer Overflow vulnerabilities.

Vulnerability Detection Result
Installed version: 1.0.0
Fixed version:     1.0.11/1.2.6
Impact

Successful exploitation allows attackers to crash an affected application or potentially execute arbitrary code.

Impact Level: Application.

Solution

Solution type: VendorFix

Upgrade to Wireshark 1.2.6 or 1.0.11 For updates refer to http://www.wireshark.org/download.html

Affected Software/OS

Wireshark version 1.2.0 to 1.2.5 and 0.9.15 to 1.0.10

Vulnerability Insight

The flaws are caused by buffer overflow errors in the LWRES dissector when processing malformed data or packets.

Vulnerability Detection Method

Details: Wireshark Multiple Buffer Overflow Vulnerabilities (Linux) (OID: 1.3.6.1.4.1.25623.1.0.800289)

Version used: $Revision: 5388 $

References

CVE: CVE-2010-0304
BID: 37985
CERT: DFN-CERT-2010-0577, DFN-CERT-2010-0462, DFN-CERT-2010-0299, DFN-CERT-2010-0138
Other: http://xforce.iss.net/xforce/xfdb/55951
http://www.securityfocus.com/bid/37985/info
http://www.vupen.com/english/advisories/2010/0239

general/tcp
High (CVSS: 7.5)
NVT: Ubuntu Update for glibc, eglibc vulnerabilities USN-944-1 (OID: 1.3.6.1.4.1.25623.1.0.840435)
Summary

Ubuntu Update for Linux kernel vulnerabilities USN-944-1

Vulnerability Detection Result
Package libc6-amd64 version 2.7-10ubuntu3 is installed which is known to be vulnerable.
Solution

Solution type: VendorFix

Please Install the Updated Packages.

Affected Software/OS

glibc, eglibc vulnerabilities on Ubuntu 6.06 LTS , Ubuntu 8.04 LTS , Ubuntu 9.04 , Ubuntu 9.10 , Ubuntu 10.04 LTS

Vulnerability Insight

Maksymilian Arciemowicz discovered that the GNU C library did not correctly handle integer overflows in the strfmon function. If a user or automated system were tricked into processing a specially crafted format string, a remote attacker could crash applications, leading to a denial of service. (Ubuntu 10.04 was not affected.) (CVE-2008-1391)

Jeff Layton and Dan Rosenberg discovered that the GNU C library did not correctly handle newlines in the mntent family of functions. If a local attacker were able to inject newlines into a mount entry through other vulnerable mount helpers, they could disrupt the system or possibly gain root privileges. (CVE-2010-0296) Dan Rosenberg discovered that the GNU C library did not correctly validate certain ELF program headers. If a user or automated system were tricked into verifying a specially crafted ELF program, a remote attacker could execute arbitrary code with user privileges. (CVE-2010-0830)

Vulnerability Detection Method

Details: Ubuntu Update for glibc, eglibc vulnerabilities USN-944-1 (OID: 1.3.6.1.4.1.25623.1.0.840435)

Version used: $Revision: 8287 $

References

CVE: CVE-2008-1391, CVE-2010-0296, CVE-2010-0830
CERT: DFN-CERT-2012-2288, DFN-CERT-2012-1697, DFN-CERT-2012-0261, DFN-CERT-2012-0260, DFN-CERT-2011-1594, DFN-CERT-2011-1148, DFN-CERT-2011-0505, DFN-CERT-2010-1442, DFN-CERT-2010-0760, DFN-CERT-2010-0755
Other: http://www.ubuntu.com/usn/usn-944-1/
USN:944-1

general/tcp
High (CVSS: 7.5)
NVT: Ubuntu USN-733-1 (evolution-data-server) (OID: 1.3.6.1.4.1.25623.1.0.63618)
Summary

The remote host is missing an update to evolution-data-server announced via advisory USN-733-1.

Vulnerability Detection Result
Package libglib2.0-0 version 2.16.3-1 is installed which is known to be vulnerable.
Solution

Solution type: VendorFix

The problem can be corrected by upgrading your system to the following package versions:

Ubuntu 6.06 LTS: libcamel1.2-8 1.6.1-0ubuntu7.2 libebook1.2-5 1.6.1-0ubuntu7.2

Ubuntu 7.10: libcamel1.2-10 1.12.1-0ubuntu2.1 libebook1.2-9 1.12.1-0ubuntu2.1

After a standard system upgrade you need to restart Evolution to effect the necessary changes.

https://secure1.securityspace.com/smysecure/catid.html?in=USN-733-1

Vulnerability Insight

It was discovered that the Base64 encoding functions in evolution-data-server did not properly handle large strings. If a user were tricked into opening a specially crafted image file, or tricked into connecting to a malicious server, an attacker could possibly execute arbitrary code with user privileges.

Vulnerability Detection Method

Details: Ubuntu USN-733-1 (evolution-data-server) (OID: 1.3.6.1.4.1.25623.1.0.63618)

Version used: $Revision: 7969 $

References

CVE: CVE-2009-0587, CVE-2008-4316
CERT: DFN-CERT-2013-0744, DFN-CERT-2010-0705, DFN-CERT-2010-0300
Other: http://www.ubuntu.com/usn/usn-733-1/

general/tcp
High (CVSS: 7.5)
NVT: Ubuntu Update for samba vulnerability USN-951-1 (OID: 1.3.6.1.4.1.25623.1.0.840444)
Summary

Ubuntu Update for Linux kernel vulnerabilities USN-951-1

Vulnerability Detection Result
Package libsmbclient version 3.0.28a-1ubuntu4 is installed which is known to be vulnerable.
Solution

Solution type: VendorFix

Please Install the Updated Packages.

Affected Software/OS

samba vulnerability on Ubuntu 6.06 LTS , Ubuntu 8.04 LTS , Ubuntu 9.04

Vulnerability Insight

Jun Mao discovered that Samba did not correctly validate SMB1 packet contents. An unauthenticated remote attacker could send specially crafted network traffic that could execute arbitrary code as the root user.

Vulnerability Detection Method

Details: Ubuntu Update for samba vulnerability USN-951-1 (OID: 1.3.6.1.4.1.25623.1.0.840444)

Version used: $Revision: 8274 $

References

CVE: CVE-2010-2063
CERT: DFN-CERT-2012-0462, DFN-CERT-2011-0962, DFN-CERT-2010-1643, DFN-CERT-2010-1135, DFN-CERT-2010-0984, DFN-CERT-2010-0842, DFN-CERT-2010-0799, DFN-CERT-2010-0794, DFN-CERT-2010-0789
Other: http://www.ubuntu.com/usn/usn-951-1/
USN:951-1

general/tcp
High (CVSS: 7.5)
NVT: Adobe Flash Player Multiple Vulnerabilities - May14 (Linux) (OID: 1.3.6.1.4.1.25623.1.0.804591)
Summary

This host is installed with Adobe Flash Player and is prone to multiple vulnerabilities.

Vulnerability Detection Result

Vulnerability was detected according to the Vulnerability Detection Method.

Impact

Successful exploitation will allow attackers to bypass certain security restrictions and compromise a user's system.

Impact Level: System/Application

Solution

Solution type: VendorFix

Update to Adobe Flash Player version 11.2.202.359 or later, For updates refer to http://get.adobe.com/flashplayer

Affected Software/OS

Adobe Flash Player version before 11.2.202.359 on Linux

Vulnerability Insight

Multiple flaws are due to an use-after free error when handling display objects and multiple unspecified errors.

Vulnerability Detection Method

Get the installed version with the help of detect NVT and check the version is vulnerable or not.

Details: Adobe Flash Player Multiple Vulnerabilities - May14 (Linux) (OID: 1.3.6.1.4.1.25623.1.0.804591)

Version used: $Revision: 6663 $

References

CVE: CVE-2014-0516, CVE-2014-0517, CVE-2014-0518, CVE-2014-0519, CVE-2014-0520
BID: 67361, 67364, 67371, 67373, 67372
CERT: CB-K14/0569, DFN-CERT-2014-0586
Other: http://secunia.com/advisories/58074
http://helpx.adobe.com/security/products/flash-player/apsb14-14.html

general/tcp
High (CVSS: 7.5)
NVT: Ubuntu Update for eglibc USN-1396-1 (OID: 1.3.6.1.4.1.25623.1.0.840929)
Summary

Ubuntu Update for Linux kernel vulnerabilities USN-1396-1

Vulnerability Detection Result
Package libc6 version 2.7-10ubuntu3 is installed which is known to be vulnerable.
Solution

Solution type: VendorFix

Please Install the Updated Packages.

Affected Software/OS

eglibc on Ubuntu 11.04 , Ubuntu 10.10 , Ubuntu 10.04 LTS , Ubuntu 8.04 LTS

Vulnerability Insight

It was discovered that the GNU C Library did not properly handle integer overflows in the timezone handling code. An attacker could use this to possibly execute arbitrary code by convincing an application to load a maliciously constructed tzfile. (CVE-2009-5029)

It was discovered that the GNU C Library did not properly handle passwd.adjunct.byname map entries in the Network Information Service (NIS) code in the name service caching daemon (nscd). An attacker could use this to obtain the encrypted passwords of NIS accounts. This issue only affected Ubuntu 8.04 LTS. (CVE-2010-0015)

Chris Evans reported that the GNU C Library did not properly calculate the amount of memory to allocate in the fnmatch() code. An attacker could use this to cause a denial of service or possibly execute arbitrary code via a maliciously crafted UTF-8 string. This issue only affected Ubuntu 8.04 LTS, Ubuntu 10.04 LTS and Ubuntu 10.10. (CVE-2011-1071)

Tomas Hoger reported that an additional integer overflow was possible in the GNU C Library fnmatch() code. An attacker could use this to cause a denial of service via a maliciously crafted UTF-8 string. This issue only affected Ubuntu 8.04 LTS, Ubuntu 10.04 LTS, Ubuntu 10.10 and Ubuntu 11.04. (CVE-2011-1659)

Dan Rosenberg discovered that the addmntent() function in the GNU C Library did not report an error status for failed attempts to write to the /etc/mtab file. This could allow an attacker to corrupt /etc/mtab, possibly causing a denial of service or otherwise manipulate mount options. This issue only affected Ubuntu 8.04 LTS, Ubuntu 10.04 LTS, Ubuntu 10.10 and Ubuntu 11.04. (CVE-2011-1089)

Harald van Dijk discovered that the locale program included with the GNU C library did not properly quote its output. This could allow a local attacker to possibly execute arbitrary code using a crafted localization string that was evaluated in a shell script. This issue only affected Ubuntu 8.04 LTS, Ubuntu 10.04 LTS and Ubuntu 10.10. (CVE-2011-1095)

It was discovered that the GNU C library loader expanded the $ORIGIN dynamic string token when RPATH is composed entirely of this token. This could allow an attacker to gain privilege via a setuid program that had this RPATH value. (CVE-2011-1658)

It was discovered that the GNU C library implementation of memcpy optimized for Supplemental Streaming SIMD Extensions 3 (SSSE3) contained a possible integer overflow. An attacker could use this to cause a denial of service or possibly exec ...

Description truncated, for more information please check the Reference URL

Vulnerability Detection Method

Details: Ubuntu Update for eglibc USN-1396-1 (OID: 1.3.6.1.4.1.25623.1.0.840929)

Version used: $Revision: 7960 $

References

CVE: CVE-2009-5029, CVE-2010-0015, CVE-2011-1071, CVE-2011-1659, CVE-2011-1089, CVE-2011-1095, CVE-2011-1658, CVE-2011-2702, CVE-2011-4609, CVE-2012-0864
CERT: CB-K16/1278, CB-K14/1476, DFN-CERT-2016-1358, DFN-CERT-2014-1559, DFN-CERT-2012-2288, DFN-CERT-2012-1697, DFN-CERT-2012-0509, DFN-CERT-2012-0490, DFN-CERT-2012-0440, DFN-CERT-2012-0377, DFN-CERT-2012-0366, DFN-CERT-2012-0261, DFN-CERT-2012-0260, DFN-CERT-2012-0144, DFN-CERT-2012-0091, DFN-CERT-2012-0046, DFN-CERT-2012-0031, DFN-CERT-2012-0027, DFN-CERT-2011-1852, DFN-CERT-2011-1814, DFN-CERT-2011-1813, DFN-CERT-2011-1594, DFN-CERT-2011-1148, DFN-CERT-2011-0507, DFN-CERT-2011-0505, DFN-CERT-2010-1442, DFN-CERT-2010-0755, DFN-CERT-2010-0086
Other: http://www.ubuntu.com/usn/usn-1396-1/
USN:1396-1

general/tcp
High (CVSS: 7.5)
NVT: Ubuntu Update for lftp vulnerability USN-984-1 (OID: 1.3.6.1.4.1.25623.1.0.840494)
Summary

Ubuntu Update for Linux kernel vulnerabilities USN-984-1

Vulnerability Detection Result
Package lftp version 3.6.1-1 is installed which is known to be vulnerable.
Solution

Solution type: VendorFix

Please Install the Updated Packages.

Affected Software/OS

lftp vulnerability on Ubuntu 8.04 LTS , Ubuntu 9.04 , Ubuntu 9.10 , Ubuntu 10.04 LTS

Vulnerability Insight

It was discovered that LFTP incorrectly filtered filenames suggested by Content-Disposition headers. If a user or automated system were tricked into downloading a file from a malicious site, a remote attacker could create the file with an arbitrary name, such as a dotfile, and possibly run arbitrary code.

Vulnerability Detection Method

Details: Ubuntu Update for lftp vulnerability USN-984-1 (OID: 1.3.6.1.4.1.25623.1.0.840494)

Version used: $Revision: 8187 $

References

CVE: CVE-2010-2251
CERT: DFN-CERT-2010-0988, DFN-CERT-2010-0984, DFN-CERT-2010-0973, DFN-CERT-2010-0858, DFN-CERT-2010-0839
Other: http://www.ubuntu.com/usn/usn-984-1/
USN:984-1

general/tcp
High (CVSS: 7.5)
NVT: Ubuntu Update for php5 USN-1358-1 (OID: 1.3.6.1.4.1.25623.1.0.840891)
Summary

Ubuntu Update for Linux kernel vulnerabilities USN-1358-1

Vulnerability Detection Result
Package libapache2-mod-php5 version 5.2.4-2ubuntu5 is installed which is known to be vulnerable.
Solution

Solution type: VendorFix

Please Install the Updated Packages.

Affected Software/OS

php5 on Ubuntu 11.04 , Ubuntu 10.10 , Ubuntu 10.04 LTS , Ubuntu 8.04 LTS

Vulnerability Insight

It was discovered that PHP computed hash values for form parameters without restricting the ability to trigger hash collisions predictably. This could allow a remote attacker to cause a denial of service by sending many crafted parameters. (CVE-2011-4885)

ATTENTION: this update changes previous PHP behavior by limiting the number of external input variables to 1000. This may be increased by adding a &quot max_input_vars&quot

directive to the php.ini configuration file. See http://www.php.net/manual/en/info.configuration.php#ini.max-input-vars for more information.

Stefan Esser discovered that the fix to address the predictable hash collision issue, CVE-2011-4885, did not properly handle the situation where the limit was reached. This could allow a remote attacker to cause a denial of service or execute arbitrary code via a request containing a large number of variables. (CVE-2012-0830)

It was discovered that PHP did not always check the return value of the zend_strndup function. This could allow a remote attacker to cause a denial of service. (CVE-2011-4153)

It was discovered that PHP did not properly enforce libxslt security settings. This could allow a remote attacker to create arbitrary files via a crafted XSLT stylesheet that uses the libxslt output extension. (CVE-2012-0057)

It was discovered that PHP did not properly enforce that PDORow objects could not be serialized and not be saved in a session. A remote attacker could use this to cause a denial of service via an application crash. (CVE-2012-0788)

It was discovered that PHP allowed the magic_quotes_gpc setting to be disabled remotely. This could allow a remote attacker to bypass restrictions that could prevent an SQL injection. (CVE-2012-0831)

USN 1126-1 addressed an issue where the /etc/cron.d/php5 cron job for PHP allowed local users to delete arbitrary files via a symlink attack on a directory under /var/lib/php5/. Emese Revfy discovered that the fix had not been applied to PHP for Ubuntu 10.04 LTS. This update corrects the issue. We apologize for the error. (CVE-2011-0441)

Vulnerability Detection Method

Details: Ubuntu Update for php5 USN-1358-1 (OID: 1.3.6.1.4.1.25623.1.0.840891)

Version used: $Revision: 7960 $

References

CVE: CVE-2011-4885, CVE-2012-0830, CVE-2011-4153, CVE-2012-0057, CVE-2012-0788, CVE-2012-0831, CVE-2011-0441
CERT: CB-K13/0712, DFN-CERT-2013-1713, DFN-CERT-2013-1494, DFN-CERT-2013-0357, DFN-CERT-2012-1276, DFN-CERT-2012-1268, DFN-CERT-2012-1267, DFN-CERT-2012-1266, DFN-CERT-2012-1173, DFN-CERT-2012-0914, DFN-CERT-2012-0870, DFN-CERT-2012-0869, DFN-CERT-2012-0813, DFN-CERT-2012-0714, DFN-CERT-2012-0641, DFN-CERT-2012-0586, DFN-CERT-2012-0538, DFN-CERT-2012-0268, DFN-CERT-2012-0267, DFN-CERT-2012-0266, DFN-CERT-2012-0265, DFN-CERT-2012-0214, DFN-CERT-2012-0213, DFN-CERT-2012-0211, DFN-CERT-2012-0210, DFN-CERT-2012-0197, DFN-CERT-2012-0196, DFN-CERT-2012-0195, DFN-CERT-2012-0172, DFN-CERT-2012-0167, DFN-CERT-2012-0165, DFN-CERT-2012-0149, DFN-CERT-2012-0130, DFN-CERT-2012-0111, DFN-CERT-2012-0099, DFN-CERT-2012-0070, DFN-CERT-2012-0003, DFN-CERT-2011-0530, DFN-CERT-2011-0402
Other: http://www.ubuntu.com/usn/usn-1358-1/
USN:1358-1

general/tcp
High (CVSS: 7.5)
NVT: Ubuntu USN-818-1 (curl) (OID: 1.3.6.1.4.1.25623.1.0.64773)
Summary

The remote host is missing an update to curl announced via advisory USN-818-1.

Vulnerability Detection Result
Package curl version 7.18.0-1ubuntu2 is installed which is known to be vulnerable.
Package libcurl3-gnutls version 7.18.0-1ubuntu2 is installed which is known to be vulnerable.
Package libcurl3 version 7.18.0-1ubuntu2 is installed which is known to be vulnerable.
Solution

Solution type: VendorFix

The problem can be corrected by upgrading your system to the following package versions:

Ubuntu 6.06 LTS: libcurl3 7.15.1-1ubuntu3.2

Ubuntu 8.04 LTS: libcurl3 7.18.0-1ubuntu2.2

Ubuntu 8.10: libcurl3 7.18.2-1ubuntu4.4

Ubuntu 9.04: libcurl3 7.18.2-8ubuntu4.1

In general, a standard system upgrade is sufficient to effect the necessary changes.

https://secure1.securityspace.com/smysecure/catid.html?in=USN-818-1

Vulnerability Insight

Scott Cantor discovered that Curl did not correctly handle SSL certificates with zero bytes in the Common Name. A remote attacker could exploit this to perform a man in the middle attack to view sensitive information or alter encrypted communications.

Vulnerability Detection Method

Details: Ubuntu USN-818-1 (curl) (OID: 1.3.6.1.4.1.25623.1.0.64773)

Version used: $Revision: 7969 $

References

CVE: CVE-2009-2417
CERT: DFN-CERT-2009-1644, DFN-CERT-2009-1231, DFN-CERT-2009-1163, DFN-CERT-2009-1138, DFN-CERT-2009-1131
Other: http://www.ubuntu.com/usn/usn-818-1/

general/tcp
High (CVSS: 7.5)
NVT: Ubuntu Update for php5 vulnerabilities USN-989-1 (OID: 1.3.6.1.4.1.25623.1.0.840501)
Summary

Ubuntu Update for Linux kernel vulnerabilities USN-989-1

Vulnerability Detection Result
Package libapache2-mod-php5 version 5.2.4-2ubuntu5 is installed which is known to be vulnerable.
Solution

Solution type: VendorFix

Please Install the Updated Packages.

Affected Software/OS

php5 vulnerabilities on Ubuntu 6.06 LTS , Ubuntu 8.04 LTS , Ubuntu 9.04 , Ubuntu 9.10 , Ubuntu 10.04 LTS

Vulnerability Insight

Auke van Slooten discovered that PHP incorrectly handled certain xmlrpc requests. An attacker could exploit this issue to cause the PHP server to crash, resulting in a denial of service. This issue only affected Ubuntu 6.06 LTS, 8.04 LTS, 9.04 and 9.10. (CVE-2010-0397)

It was discovered that the pseudorandom number generator in PHP did not provide the expected entropy. An attacker could exploit this issue to predict values that were intended to be random, such as session cookies. This issue only affected Ubuntu 6.06 LTS, 8.04 LTS, 9.04 and 9.10. (CVE-2010-1128) It was discovered that PHP did not properly handle directory pathnames that lacked a trailing slash character. An attacker could exploit this issue to bypass safe_mode restrictions. This issue only affected Ubuntu 6.06 LTS, 8.04 LTS, 9.04 and 9.10. (CVE-2010-1129) Grzegorz Stachowiak discovered that the PHP session extension did not properly handle semicolon characters. An attacker could exploit this issue to bypass safe_mode restrictions. This issue only affected Ubuntu 8.04 LTS, 9.04 and 9.10. (CVE-2010-1130) Stefan Esser discovered that PHP incorrectly decoded remote HTTP chunked encoding streams. An attacker could exploit this issue to cause the PHP server to crash and possibly execute arbitrary code with application privileges. This issue only affected Ubuntu 10.04 LTS. (CVE-2010-1866) Mateusz Kocielski discovered that certain PHP SQLite functions incorrectly handled empty SQL queries. An attacker could exploit this issue to possibly execute arbitrary code with application privileges. (CVE-2010-1868) Mateusz Kocielski discovered that PHP incorrectly handled certain arguments to the fnmatch function. An attacker could exploit this flaw and cause the PHP server to consume all available stack memory, resulting in a denial of service. (CVE-2010-1917) Stefan Esser discovered that PHP incorrectly handled certain strings in the phar extension. An attacker could exploit this flaw to possibly view sensitive information. This issue only affected Ubuntu 10.04 LTS. (CVE-2010-2094, CVE-2010-2950) Stefan Esser discovered that PHP incorrectly handled deserialization of SPLObjectStorage objects. A remote attacker could exploit this issue to view sensitive information and possibly execute arbitrary code with application privileges. This issue only affected Ubuntu 8.04 LTS, 9.04, 9.10 and 10.04 LTS. (CVE-2010-2225) It was discovered that PHP incorrectly filtered ...

Description truncated, for more information please check the Reference URL

Vulnerability Detection Method

Details: Ubuntu Update for php5 vulnerabilities USN-989-1 (OID: 1.3.6.1.4.1.25623.1.0.840501)

Version used: $Revision: 8495 $

References

CVE: CVE-2010-0397, CVE-2010-1128, CVE-2010-1129, CVE-2010-1130, CVE-2010-1866, CVE-2010-1868, CVE-2010-1917, CVE-2010-2094, CVE-2010-2225, CVE-2010-2531, CVE-2010-2950, CVE-2010-3065
CERT: DFN-CERT-2012-1268, DFN-CERT-2012-1266, DFN-CERT-2011-1005, DFN-CERT-2011-0642, DFN-CERT-2011-0036, DFN-CERT-2011-0013, DFN-CERT-2011-0012, DFN-CERT-2011-0011, DFN-CERT-2010-1620, DFN-CERT-2010-1321, DFN-CERT-2010-1247, DFN-CERT-2010-1079, DFN-CERT-2010-0997, DFN-CERT-2010-0953, DFN-CERT-2010-0906, DFN-CERT-2010-0775, DFN-CERT-2010-0705, DFN-CERT-2010-0419, DFN-CERT-2010-0372
Other: http://www.ubuntu.com/usn/usn-989-1/
USN:989-1

general/tcp
High (CVSS: 7.5)
NVT: Ubuntu USN-862-1 (php5) (OID: 1.3.6.1.4.1.25623.1.0.66338)
Summary

The remote host is missing an update to php5 announced via advisory USN-862-1.

Vulnerability Detection Result
Package php5 version 5.2.4-2ubuntu5 is installed which is known to be vulnerable.
Package libapache2-mod-php5 version 5.2.4-2ubuntu5 is installed which is known to be vulnerable.
Package php5-cgi version 5.2.4-2ubuntu5 is installed which is known to be vulnerable.
Package php5-cli version 5.2.4-2ubuntu5 is installed which is known to be vulnerable.
Package php5-common version 5.2.4-2ubuntu5 is installed which is known to be vulnerable.
Package php5-gd version 5.2.4-2ubuntu5 is installed which is known to be vulnerable.
Package php5-ldap version 5.2.4-2ubuntu5 is installed which is known to be vulnerable.
Package php5-mysql version 5.2.4-2ubuntu5 is installed which is known to be vulnerable.
Package php5-sqlite version 5.2.4-2ubuntu5 is installed which is known to be vulnerable.
Solution

Solution type: VendorFix

The problem can be corrected by upgrading your system to the following package versions:

Ubuntu 6.06 LTS: libapache2-mod-php5 5.1.2-1ubuntu3.17 php5-cgi 5.1.2-1ubuntu3.17 php5-cli 5.1.2-1ubuntu3.17

Ubuntu 8.04 LTS: libapache2-mod-php5 5.2.4-2ubuntu5.9 php5-cgi 5.2.4-2ubuntu5.9 php5-cli 5.2.4-2ubuntu5.9

Ubuntu 8.10: libapache2-mod-php5 5.2.6-2ubuntu4.5 php5-cgi 5.2.6-2ubuntu4.5 php5-cli 5.2.6-2ubuntu4.5

Ubuntu 9.04: libapache2-mod-php5 5.2.6.dfsg.1-3ubuntu4.4 php5-cgi 5.2.6.dfsg.1-3ubuntu4.4 php5-cli 5.2.6.dfsg.1-3ubuntu4.4

Ubuntu 9.10: libapache2-mod-php5 5.2.10.dfsg.1-2ubuntu6.3 php5-cgi 5.2.10.dfsg.1-2ubuntu6.3 php5-cli 5.2.10.dfsg.1-2ubuntu6.3

In general, a standard system upgrade is sufficient to effect the necessary changes.

https://secure1.securityspace.com/smysecure/catid.html?in=USN-862-1

Vulnerability Insight

Maksymilian Arciemowicz discovered that PHP did not properly validate arguments to the dba_replace function. If a script passed untrusted input to the dba_replace function, an attacker could truncate the database. This issue only applied to Ubuntu 6.06 LTS, 8.04 LTS, and 8.10. (CVE-2008-7068)

It was discovered that PHP's php_openssl_apply_verification_policy function did not correctly handle SSL certificates with zero bytes in the Common Name. A remote attacker could exploit this to perform a man in the middle attack. (CVE-2009-3291)

It was discovered that PHP did not properly handle certain malformed images when being parsed by the Exif module. A remote attacker could exploit this flaw and cause the PHP server to crash, resulting in a denial of service. (CVE-2009-3292)

Grzegorz Stachowiak discovered that PHP did not properly enforce restrictions in the tempnam function. An attacker could exploit this issue to bypass safe_mode restrictions. (CVE-2009-3557)

Grzegorz Stachowiak discovered that PHP did not properly enforce restrictions in the posix_mkfifo function. An attacker could exploit this issue to bypass open_basedir restrictions. (CVE-2009-3558)

Bogdan Calin discovered that PHP did not limit the number of temporary files created when handling multipart/form-data POST requests. A remote attacker could exploit this flaw and cause the PHP server to consume all available resources, resulting in a denial of service. (CVE-2009-4017)

ATTENTION: This update changes previous PHP behaviour by limiting the number of files in a POST request to 50. This may be increased by adding a max_file_uploads directive to php.ini.

It was discovered that PHP did not properly enforce restrictions in the proc_open function. An attacker could exploit this issue to bypass safe_mode_protected_env_vars restrictions and possibly execute arbitrary code with application privileges. (CVE-2009-4018)

Vulnerability Detection Method

Details: Ubuntu USN-862-1 (php5) (OID: 1.3.6.1.4.1.25623.1.0.66338)

Version used: $Revision: 7969 $

References

CVE: CVE-2008-7068, CVE-2009-3291, CVE-2009-3292, CVE-2009-3557, CVE-2009-3558, CVE-2009-4017, CVE-2009-4018
CERT: DFN-CERT-2010-1227, DFN-CERT-2010-0802, DFN-CERT-2010-0263, DFN-CERT-2010-0143, DFN-CERT-2010-0140, DFN-CERT-2010-0060, DFN-CERT-2009-1726, DFN-CERT-2009-1666, DFN-CERT-2009-1665, DFN-CERT-2009-1663, DFN-CERT-2009-1652, DFN-CERT-2009-1639, DFN-CERT-2009-1508, DFN-CERT-2009-1376, DFN-CERT-2009-1375, DFN-CERT-2009-1374
Other: http://www.ubuntu.com/usn/usn-862-1/

general/tcp
High (CVSS: 7.5)
NVT: Ubuntu Update for hplip vulnerability USN-1051-1 (OID: 1.3.6.1.4.1.25623.1.0.840573)
Summary

Ubuntu Update for Linux kernel vulnerabilities USN-1051-1

Vulnerability Detection Result
Package hpijs version 2.8.2+2.8.2-0ubuntu8 is installed which is known to be vulnerable.
Solution

Solution type: VendorFix

Please Install the Updated Packages.

Affected Software/OS

hplip vulnerability on Ubuntu 8.04 LTS , Ubuntu 9.10 , Ubuntu 10.04 LTS , Ubuntu 10.10

Vulnerability Insight

Sebastian Krahmer discovered that HPLIP incorrectly handled certain long SNMP responses. A remote attacker could send malicious SNMP replies to certain HPLIP tools and cause them to crash or possibly execute arbitrary code.

Vulnerability Detection Method

Details: Ubuntu Update for hplip vulnerability USN-1051-1 (OID: 1.3.6.1.4.1.25623.1.0.840573)

Version used: $Revision: 7964 $

References

CVE: CVE-2010-4267
CERT: DFN-CERT-2011-0492, DFN-CERT-2011-0122, DFN-CERT-2011-0114, DFN-CERT-2011-0111, DFN-CERT-2011-0080, DFN-CERT-2011-0073
Other: http://www.ubuntu.com/usn/usn-1051-1/
USN:1051-1

general/tcp
High (CVSS: 7.5)
NVT: Ubuntu Update for perl USN-1643-1 (OID: 1.3.6.1.4.1.25623.1.0.841232)
Summary

Ubuntu Update for Linux kernel vulnerabilities USN-1643-1

Vulnerability Detection Result
Package perl version 5.8.8-12 is installed which is known to be vulnerable.
Solution

Solution type: VendorFix

Please Install the Updated Packages.

Affected Software/OS

perl on Ubuntu 12.10 , Ubuntu 12.04 LTS , Ubuntu 11.10 , Ubuntu 10.04 LTS , Ubuntu 8.04 LTS

Vulnerability Insight

It was discovered that the decode_xs function in the Encode module is vulnerable to a heap-based buffer overflow via a crafted Unicode string. An attacker could use this overflow to cause a denial of service. (CVE-2011-2939)

It was discovered that the 'new' constructor in the Digest module is vulnerable to an eval injection. An attacker could use this to execute arbitrary code. (CVE-2011-3597) It was discovered that Perl's 'x' string repeat operator is vulnerable to a heap-based buffer overflow. An attacker could use this to execute arbitrary code. (CVE-2012-5195) Ryo Anazawa discovered that the CGI.pm module does not properly escape newlines in Set-Cookie or P3P (Platform for Privacy Preferences Project) headers. An attacker could use this to inject arbitrary headers into responses from applications that use CGI.pm. (CVE-2012-5526)

Vulnerability Detection Method

Details: Ubuntu Update for perl USN-1643-1 (OID: 1.3.6.1.4.1.25623.1.0.841232)

Version used: $Revision: 7960 $

References

CVE: CVE-2011-2939, CVE-2011-3597, CVE-2012-5195, CVE-2012-5526
CERT: CB-K16/1107, CB-K16/0564, CB-K15/1514, CB-K14/1466, DFN-CERT-2016-1174, DFN-CERT-2014-1550, DFN-CERT-2013-1230, DFN-CERT-2013-0989, DFN-CERT-2013-0944, DFN-CERT-2013-0648, DFN-CERT-2013-0617, DFN-CERT-2013-0611, DFN-CERT-2013-0560, DFN-CERT-2013-0559, DFN-CERT-2012-2271, DFN-CERT-2012-2244, DFN-CERT-2012-2239, DFN-CERT-2012-2238, DFN-CERT-2012-2178, DFN-CERT-2012-1697, DFN-CERT-2012-1345, DFN-CERT-2012-0094, DFN-CERT-2012-0093, DFN-CERT-2012-0016, DFN-CERT-2011-1870, DFN-CERT-2011-1691, DFN-CERT-2011-1681
Other: http://www.ubuntu.com/usn/usn-1643-1/
USN:1643-1

general/tcp
High (CVSS: 7.5)
NVT: Ubuntu Update for php5 USN-1126-2 (OID: 1.3.6.1.4.1.25623.1.0.840636)
Summary

Ubuntu Update for Linux kernel vulnerabilities USN-1126-2

Vulnerability Detection Result
Package libapache2-mod-php5 version 5.2.4-2ubuntu5 is installed which is known to be vulnerable.
Solution

Solution type: VendorFix

Please Install the Updated Packages.

Affected Software/OS

php5 on Ubuntu 11.04 , Ubuntu 10.10 , Ubuntu 10.04 LTS , Ubuntu 9.10 , Ubuntu 8.04 LTS , Ubuntu 6.06 LTS

Vulnerability Insight

USN 1126-1 fixed several vulnerabilities in PHP. The fix for CVE-2010-4697 introduced an incorrect reference counting regression in the Zend engine that caused the PHP interpreter to segfault. This regression affects Ubuntu 6.06 LTS and Ubuntu 8.04 LTS.

The fixes for CVE-2011-1072 and CVE-2011-1144 introduced a regression in the PEAR installer that prevented it from creating its cache directory and reporting errors correctly. We apologize for the inconvenience. Original advisory details: Stephane Chazelas discovered that the /etc/cron.d/php5 cron job for PHP 5.3.5 allows local users to delete arbitrary files via a symlink attack on a directory under /var/lib/php5/. (CVE-2011-0441) Raphael Geisert and Dan Rosenberg discovered that the PEAR installer allows local users to overwrite arbitrary files via a symlink attack on the package.xml file, related to the (1) download_dir, (2) cache_dir, (3) tmp_dir, and (4) pear-build-download directories. (CVE-2011-1072, CVE-2011-1144) Ben Schmidt discovered that a use-after-free vulnerability in the PHP Zend engine could allow an attacker to cause a denial of service (heap memory corruption) or possibly execute arbitrary code. (CVE-2010-4697) Martin Barbella discovered a buffer overflow in the PHP GD extension that allows an attacker to cause a denial of service (application crash) via a large number of anti- aliasing steps in an argument to the imagepstext function. (CVE-2010-4698) It was discovered that PHP accepts the \0 character in a pathname, which might allow an attacker to bypass intended access restrictions by placing a safe file extension after this character. This issue is addressed in Ubuntu 10.04 LTS, Ubuntu 10.10, and Ubuntu 11.04. (CVE-2006-7243) Maksymilian Arciemowicz discovered that the grapheme_extract function in the PHP Internationalization extension (Intl) for ICU allow an attacker to cause a denial of service (crash) via an invalid size argument, which triggers a NULL pointer dereference. This issue affected Ubuntu 10.04 LTS, Ubuntu 10.10, and Ubuntu 11.04. (CVE-2011-0420) Maksymilian Arciemowicz discovered that the _zip_name_locate function in the PHP Zip extension does not properly handle a ZIPARCHIVE::FL_UNCHANGED argument, which might allow an attacker to cause a denial of service (NULL pointer dereference) via an empty ZIP archive. This issue affected Ubuntu 8.04 LTS, Ubuntu 9.10, Ubuntu 10.04 LTS, Ubuntu 10.10, and Ubuntu 11.04. ( ...

Description truncated, for more information please check the Reference URL

Vulnerability Detection Method

Details: Ubuntu Update for php5 USN-1126-2 (OID: 1.3.6.1.4.1.25623.1.0.840636)

Version used: $Revision: 7964 $

References

CVE: CVE-2010-4697, CVE-2011-1072, CVE-2011-1144, CVE-2011-0441, CVE-2010-4698, CVE-2006-7243, CVE-2011-0420, CVE-2011-0421, CVE-2011-0708, CVE-2011-1092, CVE-2011-1148, CVE-2011-1153, CVE-2011-1464, CVE-2011-1466, CVE-2011-1467, CVE-2011-1468, CVE-2011-1469, CVE-2011-1470, CVE-2011-1471
CERT: CB-K16/0944, CB-K15/0703, CB-K14/0323, CB-K13/0712, DFN-CERT-2016-1004, DFN-CERT-2015-0732, DFN-CERT-2014-0336, DFN-CERT-2013-1713, DFN-CERT-2013-1494, DFN-CERT-2012-0914, DFN-CERT-2012-0731, DFN-CERT-2012-0714, DFN-CERT-2012-0586, DFN-CERT-2012-0268, DFN-CERT-2012-0210, DFN-CERT-2012-0165, DFN-CERT-2012-0099, DFN-CERT-2011-1924, DFN-CERT-2011-1851, DFN-CERT-2011-1698, DFN-CERT-2011-1686, DFN-CERT-2011-1443, DFN-CERT-2011-1433, DFN-CERT-2011-1402, DFN-CERT-2011-1396, DFN-CERT-2011-1387, DFN-CERT-2011-1005, DFN-CERT-2011-0807, DFN-CERT-2011-0771, DFN-CERT-2011-0530, DFN-CERT-2011-0520, DFN-CERT-2011-0518, DFN-CERT-2011-0517, DFN-CERT-2011-0515, DFN-CERT-2011-0445, DFN-CERT-2011-0444, DFN-CERT-2011-0442, DFN-CERT-2011-0441, DFN-CERT-2011-0432, DFN-CERT-2011-0402, DFN-CERT-2011-0013, DFN-CERT-2011-0012, DFN-CERT-2011-0011, DFN-CERT-2010-1729
Other: http://www.ubuntu.com/usn/usn-1126-2/
USN:1126-2

general/tcp
High (CVSS: 7.5)
NVT: Ubuntu Update for nss vulnerabilities USN-1007-1 (OID: 1.3.6.1.4.1.25623.1.0.840520)
Summary

Ubuntu Update for Linux kernel vulnerabilities USN-1007-1

Vulnerability Detection Result
Package libnspr4-0d version 4.7.1~beta2-0ubuntu1 is installed which is known to be vulnerable.
Solution

Solution type: VendorFix

Please Install the Updated Packages.

Affected Software/OS

nss vulnerabilities on Ubuntu 8.04 LTS , Ubuntu 9.04 , Ubuntu 9.10 , Ubuntu 10.04 LTS

Vulnerability Insight

Richard Moore discovered that NSS would sometimes incorrectly match an SSL certificate which had a Common Name that used a wildcard followed by a partial IP address. While it is very unlikely that a Certificate Authority would issue such a certificate, if an attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to view sensitive information. (CVE-2010-3170)

Nelson Bolyard discovered a weakness in the Diffie-Hellman Ephemeral mode (DHE) key exchange implementation which allowed servers to use a too small key length. (CVE-2010-3173)

Vulnerability Detection Method

Details: Ubuntu Update for nss vulnerabilities USN-1007-1 (OID: 1.3.6.1.4.1.25623.1.0.840520)

Version used: $Revision: 8457 $

References

CVE: CVE-2010-3170, CVE-2010-3173
CERT: DFN-CERT-2011-1665, DFN-CERT-2011-0696, DFN-CERT-2011-0386, DFN-CERT-2011-0033, DFN-CERT-2010-1541, DFN-CERT-2010-1536, DFN-CERT-2010-1513, DFN-CERT-2010-1501, DFN-CERT-2010-1500, DFN-CERT-2010-1492, DFN-CERT-2010-1485, DFN-CERT-2010-1479, DFN-CERT-2010-1477, DFN-CERT-2010-1432, DFN-CERT-2010-1429, DFN-CERT-2010-1418, DFN-CERT-2010-1417, DFN-CERT-2010-1399, DFN-CERT-2010-1397
Other: http://www.ubuntu.com/usn/usn-1007-1/
USN:1007-1

9443/tcp
High (CVSS: 7.5)
NVT: Lighttpd Multiple vulnerabilities (OID: 1.3.6.1.4.1.25623.1.0.802072)
Summary

This host is running Lighttpd and is prone to multiple vulnerabilities

Vulnerability Detection Result

Vulnerability was detected according to the Vulnerability Detection Method.

Impact

Successful exploitation will allow remote attackers to execute arbitrary SQL commands and remote attackers to read arbitrary files via hostname.

Impact Level: System/Application

Solution

Solution type: VendorFix

Upgrade to 1.4.35 or higher, For updates refer to http://www.lighttpd.net/download

Affected Software/OS

Lighttpd version before 1.4.35

Vulnerability Insight

- mod_mysql_vhost module not properly sanitizing user supplied input passed via the hostname. - mod_evhost and mod_simple_vhost modules not properly sanitizing user supplied input via the hostname.

Vulnerability Detection Method

Send a crafted HTTP GET request and check whether it responds with error message.

Details: Lighttpd Multiple vulnerabilities (OID: 1.3.6.1.4.1.25623.1.0.802072)

Version used: $Revision: 7577 $

References

CVE: CVE-2014-2323, CVE-2014-2324
BID: 66153, 66157
CERT: CB-K14/0300, DFN-CERT-2014-0311
Other: http://seclists.org/oss-sec/2014/q1/561
http://download.lighttpd.net/lighttpd/security/lighttpd_sa_2014_01.txt

9080/tcp
High (CVSS: 7.5)
NVT: Lighttpd Multiple vulnerabilities (OID: 1.3.6.1.4.1.25623.1.0.802072)
Summary

This host is running Lighttpd and is prone to multiple vulnerabilities

Vulnerability Detection Result

Vulnerability was detected according to the Vulnerability Detection Method.

Impact

Successful exploitation will allow remote attackers to execute arbitrary SQL commands and remote attackers to read arbitrary files via hostname.

Impact Level: System/Application

Solution

Solution type: VendorFix

Upgrade to 1.4.35 or higher, For updates refer to http://www.lighttpd.net/download

Affected Software/OS

Lighttpd version before 1.4.35

Vulnerability Insight

- mod_mysql_vhost module not properly sanitizing user supplied input passed via the hostname. - mod_evhost and mod_simple_vhost modules not properly sanitizing user supplied input via the hostname.

Vulnerability Detection Method

Send a crafted HTTP GET request and check whether it responds with error message.

Details: Lighttpd Multiple vulnerabilities (OID: 1.3.6.1.4.1.25623.1.0.802072)

Version used: $Revision: 7577 $

References

CVE: CVE-2014-2323, CVE-2014-2324
BID: 66153, 66157
CERT: CB-K14/0300, DFN-CERT-2014-0311
Other: http://seclists.org/oss-sec/2014/q1/561
http://download.lighttpd.net/lighttpd/security/lighttpd_sa_2014_01.txt

9443/tcp
High (CVSS: 7.5)
NVT: Drupal Core SQL Injection Vulnerability (OID: 1.3.6.1.4.1.25623.1.0.105101)
Summary

Drupal is prone to an SQL-injection vulnerability

Vulnerability Detection Result

Vulnerability was detected according to the Vulnerability Detection Method.

Impact

Exploiting this issue could allow an attacker to execute arbitrary code, to gain elevated privileges and to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Solution

Solution type: VendorFix

Updates are available

Affected Software/OS

Drupal 7.x versions prior to 7.32 are vulnerable.

Vulnerability Insight

Drupal fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Vulnerability Detection Method

Send a special crafted HTTP POST request and check the response.

Details: Drupal Core SQL Injection Vulnerability (OID: 1.3.6.1.4.1.25623.1.0.105101)

Version used: $Revision: 6735 $

References

CVE: CVE-2014-3704
BID: 70595
CERT: CB-K14/1301, CB-K14/0920, DFN-CERT-2014-1369, DFN-CERT-2014-0958
Other: http://www.securityfocus.com/bid/70595
http://drupal.org/

9080/tcp
High (CVSS: 7.5)
NVT: Drupal Core SQL Injection Vulnerability (OID: 1.3.6.1.4.1.25623.1.0.105101)
Summary

Drupal is prone to an SQL-injection vulnerability

Vulnerability Detection Result

Vulnerability was detected according to the Vulnerability Detection Method.

Impact

Exploiting this issue could allow an attacker to execute arbitrary code, to gain elevated privileges and to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Solution

Solution type: VendorFix

Updates are available

Affected Software/OS

Drupal 7.x versions prior to 7.32 are vulnerable.

Vulnerability Insight

Drupal fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Vulnerability Detection Method

Send a special crafted HTTP POST request and check the response.

Details: Drupal Core SQL Injection Vulnerability (OID: 1.3.6.1.4.1.25623.1.0.105101)

Version used: $Revision: 6735 $

References

CVE: CVE-2014-3704
BID: 70595
CERT: CB-K14/1301, CB-K14/0920, DFN-CERT-2014-1369, DFN-CERT-2014-0958
Other: http://www.securityfocus.com/bid/70595
http://drupal.org/

8443/tcp
High (CVSS: 7.5)
NVT: Drupal Core SQL Injection Vulnerability (OID: 1.3.6.1.4.1.25623.1.0.105101)
Summary

Drupal is prone to an SQL-injection vulnerability

Vulnerability Detection Result

Vulnerability was detected according to the Vulnerability Detection Method.

Impact

Exploiting this issue could allow an attacker to execute arbitrary code, to gain elevated privileges and to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Solution

Solution type: VendorFix

Updates are available

Affected Software/OS

Drupal 7.x versions prior to 7.32 are vulnerable.

Vulnerability Insight

Drupal fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Vulnerability Detection Method

Send a special crafted HTTP POST request and check the response.

Details: Drupal Core SQL Injection Vulnerability (OID: 1.3.6.1.4.1.25623.1.0.105101)

Version used: $Revision: 6735 $

References

CVE: CVE-2014-3704
BID: 70595
CERT: CB-K14/1301, CB-K14/0920, DFN-CERT-2014-1369, DFN-CERT-2014-0958
Other: http://www.securityfocus.com/bid/70595
http://drupal.org/

8080/tcp
High (CVSS: 7.5)
NVT: Drupal Core SQL Injection Vulnerability (OID: 1.3.6.1.4.1.25623.1.0.105101)
Summary

Drupal is prone to an SQL-injection vulnerability

Vulnerability Detection Result

Vulnerability was detected according to the Vulnerability Detection Method.

Impact

Exploiting this issue could allow an attacker to execute arbitrary code, to gain elevated privileges and to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Solution

Solution type: VendorFix

Updates are available

Affected Software/OS

Drupal 7.x versions prior to 7.32 are vulnerable.

Vulnerability Insight

Drupal fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Vulnerability Detection Method

Send a special crafted HTTP POST request and check the response.

Details: Drupal Core SQL Injection Vulnerability (OID: 1.3.6.1.4.1.25623.1.0.105101)

Version used: $Revision: 6735 $

References

CVE: CVE-2014-3704
BID: 70595
CERT: CB-K14/1301, CB-K14/0920, DFN-CERT-2014-1369, DFN-CERT-2014-0958
Other: http://www.securityfocus.com/bid/70595
http://drupal.org/

443/tcp
High (CVSS: 7.5)
NVT: Drupal Core SQL Injection Vulnerability (OID: 1.3.6.1.4.1.25623.1.0.105101)
Summary

Drupal is prone to an SQL-injection vulnerability

Vulnerability Detection Result

Vulnerability was detected according to the Vulnerability Detection Method.

Impact

Exploiting this issue could allow an attacker to execute arbitrary code, to gain elevated privileges and to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Solution

Solution type: VendorFix

Updates are available

Affected Software/OS

Drupal 7.x versions prior to 7.32 are vulnerable.

Vulnerability Insight

Drupal fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Vulnerability Detection Method

Send a special crafted HTTP POST request and check the response.

Details: Drupal Core SQL Injection Vulnerability (OID: 1.3.6.1.4.1.25623.1.0.105101)

Version used: $Revision: 6735 $

References

CVE: CVE-2014-3704
BID: 70595
CERT: CB-K14/1301, CB-K14/0920, DFN-CERT-2014-1369, DFN-CERT-2014-0958
Other: http://www.securityfocus.com/bid/70595
http://drupal.org/

80/tcp
High (CVSS: 7.5)
NVT: Drupal Core SQL Injection Vulnerability (OID: 1.3.6.1.4.1.25623.1.0.105101)
Summary

Drupal is prone to an SQL-injection vulnerability

Vulnerability Detection Result

Vulnerability was detected according to the Vulnerability Detection Method.

Impact

Exploiting this issue could allow an attacker to execute arbitrary code, to gain elevated privileges and to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Solution

Solution type: VendorFix

Updates are available

Affected Software/OS

Drupal 7.x versions prior to 7.32 are vulnerable.

Vulnerability Insight

Drupal fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Vulnerability Detection Method

Send a special crafted HTTP POST request and check the response.

Details: Drupal Core SQL Injection Vulnerability (OID: 1.3.6.1.4.1.25623.1.0.105101)

Version used: $Revision: 6735 $

References

CVE: CVE-2014-3704
BID: 70595
CERT: CB-K14/1301, CB-K14/0920, DFN-CERT-2014-1369, DFN-CERT-2014-0958
Other: http://www.securityfocus.com/bid/70595
http://drupal.org/

general/tcp
High (CVSS: 7.2)
NVT: Ubuntu Update for vm-builder vulnerability USN-670-1 (OID: 1.3.6.1.4.1.25623.1.0.840256)
Summary

Ubuntu Update for Linux kernel vulnerabilities USN-670-1

Vulnerability Detection Result
Package login version 4.0.18.2-1ubuntu2 is installed which is known to be vulnerable.
Solution

Solution type: VendorFix

Please Install the Updated Packages.

Affected Software/OS

vm-builder vulnerability on Ubuntu 6.06 LTS , Ubuntu 7.10 , Ubuntu 8.04 LTS , Ubuntu 8.10

Vulnerability Insight

Mathias Gug discovered that vm-builder improperly set the root password when creating virtual machines. An attacker could exploit this to gain root privileges to the virtual machine by using a predictable password.

This vulnerability only affects virtual machines created with vm-builder under Ubuntu 8.10, and does not affect native Ubuntu installations. An update was made to the shadow package to detect vulnerable systems and disable password authentication for the root account. Vulnerable virtual machines which an attacker has access to should be considered compromised, and appropriate actions taken to secure the machine.

Vulnerability Detection Method

Details: Ubuntu Update for vm-builder vulnerability USN-670-1 (OID: 1.3.6.1.4.1.25623.1.0.840256)

Version used: $Revision: 7969 $

References

CVE: CVE-2008-5103, CVE-2008-5104
Other: http://www.ubuntu.com/usn/usn-670-1/
USN:670-1

general/tcp
High (CVSS: 7.2)
NVT: Ubuntu Update for Linux kernel vulnerabilities USN-974-1 (OID: 1.3.6.1.4.1.25623.1.0.840482)
Summary

Ubuntu Update for Linux kernel vulnerabilities USN-974-1

Vulnerability Detection Result
Package linux-libc-dev version 2.6.24-16.30 is installed which is known to be vulnerable.
Solution

Solution type: VendorFix

Please Install the Updated Packages.

Affected Software/OS

Linux kernel vulnerabilities on Ubuntu 6.06 LTS , Ubuntu 8.04 LTS , Ubuntu 9.04 , Ubuntu 9.10 , Ubuntu 10.04 LTS

Vulnerability Insight

Gael Delalleu, Rafal Wojtczuk, and Brad Spengler discovered that the memory manager did not properly handle when applications grow stacks into adjacent memory regions. A local attacker could exploit this to gain control of certain applications, potentially leading to privilege escalation, as demonstrated in attacks against the X server. (CVE-2010-2240)

Kees Cook discovered that under certain situations the ioctl subsystem for DRM did not properly sanitize its arguments. A local attacker could exploit this to read previously freed kernel memory, leading to a loss of privacy. (CVE-2010-2803)

Ben Hawkes discovered an integer overflow in the Controller Area Network (CAN) subsystem when setting up frame content and filtering certain messages. An attacker could send specially crafted CAN traffic to crash the system or gain root privileges. (CVE-2010-2959)

Vulnerability Detection Method

Details: Ubuntu Update for Linux kernel vulnerabilities USN-974-1 (OID: 1.3.6.1.4.1.25623.1.0.840482)

Version used: $Revision: 8469 $

References

CVE: CVE-2010-2240, CVE-2010-2803, CVE-2010-2959
CERT: DFN-CERT-2013-1066, DFN-CERT-2011-0873, DFN-CERT-2011-0684, DFN-CERT-2011-0411, DFN-CERT-2011-0185, DFN-CERT-2011-0150, DFN-CERT-2010-1717, DFN-CERT-2010-1552, DFN-CERT-2010-1540, DFN-CERT-2010-1489, DFN-CERT-2010-1333, DFN-CERT-2010-1322, DFN-CERT-2010-1270, DFN-CERT-2010-1269, DFN-CERT-2010-1268, DFN-CERT-2010-1267, DFN-CERT-2010-1262, DFN-CERT-2010-1258, DFN-CERT-2010-1235, DFN-CERT-2010-1205, DFN-CERT-2010-1186, DFN-CERT-2010-1168, DFN-CERT-2010-1167, DFN-CERT-2010-1154, DFN-CERT-2010-1151, DFN-CERT-2010-1148, DFN-CERT-2010-1125, DFN-CERT-2010-1124, DFN-CERT-2010-1088, DFN-CERT-2010-1087, DFN-CERT-2010-1070, DFN-CERT-2010-1057
Other: http://www.ubuntu.com/usn/usn-974-1/
USN:974-1

general/tcp
High (CVSS: 7.2)
NVT: Ubuntu Update for hplip vulnerabilities USN-674-1 (OID: 1.3.6.1.4.1.25623.1.0.840209)
Summary

Ubuntu Update for Linux kernel vulnerabilities USN-674-1

Vulnerability Detection Result
Package hpijs version 2.8.2+2.8.2-0ubuntu8 is installed which is known to be vulnerable.
Solution

Solution type: VendorFix

Please Install the Updated Packages.

Affected Software/OS

hplip vulnerabilities on Ubuntu 6.06 LTS , Ubuntu 7.10 , Ubuntu 8.04 LTS

Vulnerability Insight

It was discovered that the hpssd tool of hplip did not validate privileges in the alert-mailing function. A local attacker could exploit this to gain privileges and send e-mail messages from the account of the hplip user. This update alters hplip behaviour by preventing users from setting alerts and by moving alert configuration to a root-controlled /etc/hp/alerts.conf file. (CVE-2008-2940)

It was discovered that the hpssd tool of hplip did not correctly handle certain commands. A local attacker could use a specially crafted packet to crash hpssd, leading to a denial of service. (CVE-2008-2941)

Vulnerability Detection Method

Details: Ubuntu Update for hplip vulnerabilities USN-674-1 (OID: 1.3.6.1.4.1.25623.1.0.840209)

Version used: $Revision: 7969 $

References

CVE: CVE-2008-2940, CVE-2008-2941
Other: http://www.ubuntu.com/usn/usn-674-1/
USN:674-1

general/tcp
High (CVSS: 7.2)
NVT: Ubuntu Update for sudo USN-1442-1 (OID: 1.3.6.1.4.1.25623.1.0.841006)
Summary

Ubuntu Update for Linux kernel vulnerabilities USN-1442-1

Vulnerability Detection Result
Package sudo version 1.6.9p10-1ubuntu3 is installed which is known to be vulnerable.
Solution

Solution type: VendorFix

Please Install the Updated Packages.

Affected Software/OS

sudo on Ubuntu 12.04 LTS , Ubuntu 11.10 , Ubuntu 11.04 , Ubuntu 10.04 LTS , Ubuntu 8.04 LTS

Vulnerability Insight

It was discovered that sudo incorrectly handled network masks when using Host and Host_List. A local user who is listed in sudoers may be allowed to run commands on unintended hosts when IPv4 network masks are used to grant access. A local attacker could exploit this to bypass intended access restrictions. Host and Host_List are not used in the default installation of Ubuntu.

Vulnerability Detection Method

Details: Ubuntu Update for sudo USN-1442-1 (OID: 1.3.6.1.4.1.25623.1.0.841006)

Version used: $Revision: 7960 $

References

CVE: CVE-2012-2337
CERT: CB-K13/0993, DFN-CERT-2013-2029, DFN-CERT-2013-1044, DFN-CERT-2012-1398, DFN-CERT-2012-1371, DFN-CERT-2012-1356, DFN-CERT-2012-1016, DFN-CERT-2012-1014, DFN-CERT-2012-0982, DFN-CERT-2012-0977
Other: http://www.ubuntu.com/usn/usn-1442-1/
USN:1442-1

general/tcp
High (CVSS: 7.2)
NVT: Ubuntu Update for Linux kernel vulnerabilities USN-966-1 (OID: 1.3.6.1.4.1.25623.1.0.840476)
Summary

Ubuntu Update for Linux kernel vulnerabilities USN-966-1

Vulnerability Detection Result
Package linux-libc-dev version 2.6.24-16.30 is installed which is known to be vulnerable.
Solution

Solution type: VendorFix

Please Install the Updated Packages.

Affected Software/OS

Linux kernel vulnerabilities on Ubuntu 6.06 LTS , Ubuntu 8.04 LTS , Ubuntu 9.04 , Ubuntu 9.10 , Ubuntu 10.04 LTS

Vulnerability Insight

Junjiro R. Okajima discovered that knfsd did not correctly handle strict overcommit. A local attacker could exploit this to crash knfsd, leading to a denial of service. (Only Ubuntu 6.06 LTS and 8.04 LTS were affected.) (CVE-2008-7256, CVE-2010-1643)

Chris Guo, Jukka Taimisto, and Olli Jarva discovered that SCTP did not correctly handle invalid parameters. A remote attacker could send specially crafted traffic that could crash the system, leading to a denial of service. (CVE-2010-1173) Mario Mikocevic discovered that GFS2 did not correctly handle certain quota structures. A local attacker could exploit this to crash the system, leading to a denial of service. (Ubuntu 6.06 LTS was not affected.) (CVE-2010-1436) Toshiyuki Okajima discovered that the kernel keyring did not correctly handle dead keyrings. A local attacker could exploit this to crash the system, leading to a denial of service. (CVE-2010-1437) Brad Spengler discovered that Sparc did not correctly implement non-executable stacks. This made userspace applications vulnerable to exploits that would have been otherwise blocked due to non-executable memory protections. (Ubuntu 10.04 LTS was not affected.) (CVE-2010-1451) Dan Rosenberg discovered that the btrfs clone function did not correctly validate permissions. A local attacker could exploit this to read sensitive information, leading to a loss of privacy. (Only Ubuntu 9.10 was affected.) (CVE-2010-1636) Dan Rosenberg discovered that GFS2 set_flags function did not correctly validate permissions. A local attacker could exploit this to gain access to files, leading to a loss of privacy and potential privilege escalation. (Ubuntu 6.06 LTS was not affected.) (CVE-2010-1641) Shi Weihua discovered that btrfs xattr_set_acl function did not correctly validate permissions. A local attacker could exploit this to gain access to files, leading to a loss of privacy and potential privilege escalation. (Only Ubuntu 9.10 and 10.04 LTS were affected.) (CVE-2010-2071) Andre Osterhues discovered that eCryptfs did not correctly calculate hash values. A local attacker with certain uids could exploit this to crash the system or potentially gain root privileges. (Ubuntu 6.06 LTS was not affected.) (CVE-2010-2492)

Vulnerability Detection Method

Details: Ubuntu Update for Linux kernel vulnerabilities USN-966-1 (OID: 1.3.6.1.4.1.25623.1.0.840476)

Version used: $Revision: 8495 $

References

CVE: CVE-2008-7256, CVE-2010-1173, CVE-2010-1436, CVE-2010-1437, CVE-2010-1451, CVE-2010-1636, CVE-2010-1641, CVE-2010-1643, CVE-2010-2071, CVE-2010-2492
CERT: DFN-CERT-2013-1066, DFN-CERT-2011-1594, DFN-CERT-2011-0979, DFN-CERT-2011-0598, DFN-CERT-2011-0443, DFN-CERT-2011-0324, DFN-CERT-2011-0185, DFN-CERT-2011-0042, DFN-CERT-2010-1761, DFN-CERT-2010-1657, DFN-CERT-2010-1566, DFN-CERT-2010-1333, DFN-CERT-2010-1292, DFN-CERT-2010-1262, DFN-CERT-2010-1258, DFN-CERT-2010-1234, DFN-CERT-2010-1186, DFN-CERT-2010-1181, DFN-CERT-2010-1151, DFN-CERT-2010-1088, DFN-CERT-2010-1057, DFN-CERT-2010-0981, DFN-CERT-2010-0979, DFN-CERT-2010-0978, DFN-CERT-2010-0922, DFN-CERT-2010-0889, DFN-CERT-2010-0878, DFN-CERT-2010-0852, DFN-CERT-2010-0845, DFN-CERT-2010-0784, DFN-CERT-2010-0778, DFN-CERT-2010-0727, DFN-CERT-2010-0702
Other: http://www.ubuntu.com/usn/usn-966-1/
USN:966-1

general/tcp
High (CVSS: 7.2)
NVT: Ubuntu USN-758-1 (udev) (OID: 1.3.6.1.4.1.25623.1.0.63857)
Summary

The remote host is missing an update to udev announced via advisory USN-758-1.

Vulnerability Detection Result
Package libvolume-id0 version 117-8 is installed which is known to be vulnerable.
Package udev version 117-8 is installed which is known to be vulnerable.
Solution

Solution type: VendorFix

The problem can be corrected by upgrading your system to the following package versions:

Ubuntu 6.06 LTS: udev 079-0ubuntu35.1

Ubuntu 7.10: udev 113-0ubuntu17.2

Ubuntu 8.04 LTS: udev 117-8ubuntu0.2

Ubuntu 8.10: udev 124-9ubuntu0.2

After a standard system upgrade you need to reboot your computer to effect the necessary changes.

https://secure1.securityspace.com/smysecure/catid.html?in=USN-758-1

Vulnerability Insight

Sebastian Krahmer discovered that udev did not correctly validate netlink message senders. A local attacker could send specially crafted messages to udev in order to gain root privileges. (CVE-2009-1185)

Sebastian Krahmer discovered a buffer overflow in the path encoding routines in udev. A local attacker could exploit this to crash udev, leading to a denial of service. (CVE-2009-1186)

Vulnerability Detection Method

Details: Ubuntu USN-758-1 (udev) (OID: 1.3.6.1.4.1.25623.1.0.63857)

Version used: $Revision: 7969 $

References

CVE: CVE-2009-1185, CVE-2009-1186
CERT: CB-K15/1514, DFN-CERT-2009-0598
Other: http://www.ubuntu.com/usn/usn-758-1/

general/tcp
High (CVSS: 7.2)
NVT: Ubuntu Update for Linux kernel vulnerabilities USN-988-1 (OID: 1.3.6.1.4.1.25623.1.0.840499)
Summary

Ubuntu Update for Linux kernel vulnerabilities USN-988-1

Vulnerability Detection Result
Package linux-libc-dev version 2.6.24-16.30 is installed which is known to be vulnerable.
Solution

Solution type: VendorFix

Please Install the Updated Packages.

Affected Software/OS

Linux kernel vulnerabilities on Ubuntu 6.06 LTS , Ubuntu 8.04 LTS , Ubuntu 9.04 , Ubuntu 9.10 , Ubuntu 10.04 LTS

Vulnerability Insight

Ben Hawkes discovered that the Linux kernel did not correctly validate memory ranges on 64bit kernels when allocating memory on behalf of 32bit system calls. On a 64bit system, a local attacker could perform malicious multicast getsockopt calls to gain root privileges. (CVE-2010-3081)

Ben Hawkes discovered that the Linux kernel did not correctly filter registers on 64bit kernels when performing 32bit system calls. On a 64bit system, a local attacker could manipulate 32bit system calls to gain root privileges. (CVE-2010-3301)

Vulnerability Detection Method

Details: Ubuntu Update for Linux kernel vulnerabilities USN-988-1 (OID: 1.3.6.1.4.1.25623.1.0.840499)

Version used: $Revision: 8469 $

References

CVE: CVE-2010-3081, CVE-2010-3301
CERT: DFN-CERT-2011-0979, DFN-CERT-2011-0324, DFN-CERT-2011-0185, DFN-CERT-2011-0150, DFN-CERT-2010-1761, DFN-CERT-2010-1657, DFN-CERT-2010-1645, DFN-CERT-2010-1615, DFN-CERT-2010-1552, DFN-CERT-2010-1540, DFN-CERT-2010-1465, DFN-CERT-2010-1363, DFN-CERT-2010-1333, DFN-CERT-2010-1322, DFN-CERT-2010-1289, DFN-CERT-2010-1287, DFN-CERT-2010-1270, DFN-CERT-2010-1269, DFN-CERT-2010-1268, DFN-CERT-2010-1267, DFN-CERT-2010-1262, DFN-CERT-2010-1258, DFN-CERT-2010-1251, DFN-CERT-2010-1248, DFN-CERT-2010-1247, DFN-CERT-2010-1245, DFN-CERT-2010-1243, DFN-CERT-2010-1242, DFN-CERT-2010-1234, DFN-CERT-2010-1228
Other: http://www.ubuntu.com/usn/usn-988-1/
USN:988-1

general/tcp
High (CVSS: 7.2)
NVT: Ubuntu Update for linux regression USN-974-2 (OID: 1.3.6.1.4.1.25623.1.0.840486)
Summary

Ubuntu Update for Linux kernel vulnerabilities USN-974-2

Vulnerability Detection Result
Package linux-libc-dev version 2.6.24-16.30 is installed which is known to be vulnerable.
Solution

Solution type: VendorFix

Please Install the Updated Packages.

Affected Software/OS

linux regression on Ubuntu 8.04 LTS

Vulnerability Insight

USN-974-1 fixed vulnerabilities in the Linux kernel. The fixes for CVE-2010-2240 caused failures for Xen hosts. This update fixes the problem.

We apologize for the inconvenience. Original advisory details: Gael Delalleu, Rafal Wojtczuk, and Brad Spengler discovered that the memory manager did not properly handle when applications grow stacks into adjacent memory regions. A local attacker could exploit this to gain control of certain applications, potentially leading to privilege escalation, as demonstrated in attacks against the X server. (CVE-2010-2240) Kees Cook discovered that under certain situations the ioctl subsystem for DRM did not properly sanitize its arguments. A local attacker could exploit this to read previously freed kernel memory, leading to a loss of privacy. (CVE-2010-2803) Ben Hawkes discovered an integer overflow in the Controller Area Network (CAN) subsystem when setting up frame content and filtering certain messages. An attacker could send specially crafted CAN traffic to crash the system or gain root privileges. (CVE-2010-2959)

Vulnerability Detection Method

Details: Ubuntu Update for linux regression USN-974-2 (OID: 1.3.6.1.4.1.25623.1.0.840486)

Version used: $Revision: 8266 $

References

CVE: CVE-2010-2240, CVE-2010-2803, CVE-2010-2959
CERT: DFN-CERT-2013-1066, DFN-CERT-2011-0873, DFN-CERT-2011-0684, DFN-CERT-2011-0411, DFN-CERT-2011-0185, DFN-CERT-2011-0150, DFN-CERT-2010-1717, DFN-CERT-2010-1552, DFN-CERT-2010-1540, DFN-CERT-2010-1489, DFN-CERT-2010-1333, DFN-CERT-2010-1322, DFN-CERT-2010-1270, DFN-CERT-2010-1269, DFN-CERT-2010-1268, DFN-CERT-2010-1267, DFN-CERT-2010-1262, DFN-CERT-2010-1258, DFN-CERT-2010-1235, DFN-CERT-2010-1205, DFN-CERT-2010-1186, DFN-CERT-2010-1168, DFN-CERT-2010-1167, DFN-CERT-2010-1154, DFN-CERT-2010-1151, DFN-CERT-2010-1148, DFN-CERT-2010-1125, DFN-CERT-2010-1124, DFN-CERT-2010-1088, DFN-CERT-2010-1087, DFN-CERT-2010-1070, DFN-CERT-2010-1057
Other: http://www.ubuntu.com/usn/usn-974-2/
USN:974-2

general/tcp
High (CVSS: 7.2)
NVT: Ubuntu Update for linux, linux-source-2.6.15/20/22 vulnerabilities USN-637-1 (OID: 1.3.6.1.4.1.25623.1.0.840325)
Summary

Ubuntu Update for Linux kernel vulnerabilities USN-637-1

Vulnerability Detection Result
Package linux-libc-dev version 2.6.24-16.30 is installed which is known to be vulnerable.
Solution

Solution type: VendorFix

Please Install the Updated Packages.

Affected Software/OS

linux, linux-source-2.6.15/20/22 vulnerabilities on Ubuntu 6.06 LTS , Ubuntu 7.04 , Ubuntu 7.10 , Ubuntu 8.04 LTS

Vulnerability Insight

It was discovered that there were multiple NULL-pointer function dereferences in the Linux kernel terminal handling code. A local attacker could exploit this to execute arbitrary code as root, or crash the system, leading to a denial of service. (CVE-2008-2812)

The do_change_type routine did not correctly validation administrative users. A local attacker could exploit this to block mount points or cause private mounts to be shared, leading to denial of service or a possible loss of privacy. (CVE-2008-2931) Tobias Klein discovered that the OSS interface through ALSA did not correctly validate the device number. A local attacker could exploit this to access sensitive kernel memory, leading to a denial of service or a loss of privacy. (CVE-2008-3272) Zoltan Sogor discovered that new directory entries could be added to already deleted directories. A local attacker could exploit this, filling up available memory and disk space, leading to a denial of service. (CVE-2008-3275) In certain situations, the fix for CVE-2008-0598 from USN-623-1 was causing infinite loops in the writev syscall. This update corrects the mistake. We apologize for the inconvenience.

Vulnerability Detection Method

Details: Ubuntu Update for linux, linux-source-2.6.15/20/22 vulnerabilities USN-637-1 (OID: 1.3.6.1.4.1.25623.1.0.840325)

Version used: $Revision: 7969 $

References

CVE: CVE-2008-2812, CVE-2008-2931, CVE-2008-3272, CVE-2008-3275, CVE-2008-0598
CERT: DFN-CERT-2010-1133, DFN-CERT-2009-1481
Other: http://www.ubuntu.com/usn/usn-637-1/
USN:637-1

general/tcp
High (CVSS: 7.2)
NVT: Ubuntu USN-804-1 (pulseaudio) (OID: 1.3.6.1.4.1.25623.1.0.64445)
Summary

The remote host is missing an update to pulseaudio announced via advisory USN-804-1.

Vulnerability Detection Result
Package libpulse-browse0 version 0.9.10-1ubuntu1 is installed which is known to be vulnerable.
Package libpulse0 version 0.9.10-1ubuntu1 is installed which is known to be vulnerable.
Package libpulsecore5 version 0.9.10-1ubuntu1 is installed which is known to be vulnerable.
Package pulseaudio-esound-compat version 0.9.10-1ubuntu1 is installed which is known to be vulnerable.
Package pulseaudio-module-gconf version 0.9.10-1ubuntu1 is installed which is known to be vulnerable.
Package pulseaudio-module-hal version 0.9.10-1ubuntu1 is installed which is known to be vulnerable.
Package pulseaudio-module-x11 version 0.9.10-1ubuntu1 is installed which is known to be vulnerable.
Package pulseaudio-utils version 0.9.10-1ubuntu1 is installed which is known to be vulnerable.
Package pulseaudio version 0.9.10-1ubuntu1 is installed which is known to be vulnerable.
Solution

Solution type: VendorFix

The problem can be corrected by upgrading your system to the following package versions:

Ubuntu 8.04 LTS: pulseaudio 0.9.10-1ubuntu1.1

Ubuntu 8.10: pulseaudio 0.9.10-2ubuntu9.4

Ubuntu 9.04: pulseaudio 1:0.9.14-0ubuntu20.2

In general, a standard system upgrade is sufficient to effect the necessary changes.

https://secure1.securityspace.com/smysecure/catid.html?in=USN-804-1

Vulnerability Insight

Tavis Ormandy and Yorick Koster discovered that PulseAudio did not safely re-execute itself. A local attacker could exploit this to gain root privileges.

Vulnerability Detection Method

Details: Ubuntu USN-804-1 (pulseaudio) (OID: 1.3.6.1.4.1.25623.1.0.64445)

Version used: $Revision: 7969 $

References

CVE: CVE-2009-1894
Other: http://www.ubuntu.com/usn/usn-804-1/

general/tcp
High (CVSS: 7.2)
NVT: Ubuntu Update for cups USN-1654-1 (OID: 1.3.6.1.4.1.25623.1.0.841241)
Summary

Ubuntu Update for Linux kernel vulnerabilities USN-1654-1

Vulnerability Detection Result
Package cupsys version 1.3.7-1ubuntu3 is installed which is known to be vulnerable.
Solution

Solution type: VendorFix

Please Install the Updated Packages.

Affected Software/OS

cups on Ubuntu 12.10 , Ubuntu 12.04 LTS , Ubuntu 11.10 , Ubuntu 10.04 LTS , Ubuntu 8.04 LTS

Vulnerability Insight

It was discovered that users in the lpadmin group could modify certain CUPS configuration options to escalate privileges. An attacker could use this to potentially gain root privileges.

Vulnerability Detection Method

Details: Ubuntu Update for cups USN-1654-1 (OID: 1.3.6.1.4.1.25623.1.0.841241)

Version used: $Revision: 7960 $

References

CVE: CVE-2012-5519
CERT: CB-K15/0780, CB-K14/0928, CB-K13/0932, DFN-CERT-2015-0817, DFN-CERT-2014-0970, DFN-CERT-2013-1948, DFN-CERT-2013-0429, DFN-CERT-2013-0403, DFN-CERT-2013-0022
Other: http://www.ubuntu.com/usn/usn-1654-1/
USN:1654-1

general/tcp
High (CVSS: 7.2)
NVT: Ubuntu USN-778-1 (cron) (OID: 1.3.6.1.4.1.25623.1.0.64142)
Summary

The remote host is missing an update to cron announced via advisory USN-778-1.

Vulnerability Detection Result
Package cron version 3.0pl1-100ubuntu2 is installed which is known to be vulnerable.
Solution

Solution type: VendorFix

The problem can be corrected by upgrading your system to the following package versions:

Ubuntu 6.06 LTS: cron 3.0pl1-92ubuntu1.1

Ubuntu 8.04 LTS: cron 3.0pl1-100ubuntu2.1

Ubuntu 8.10: cron 3.0pl1-104+ubuntu5.1

Ubuntu 9.04: cron 3.0pl1-105ubuntu1.1

In general, a standard system upgrade is sufficient to effect the necessary changes.

https://secure1.securityspace.com/smysecure/catid.html?in=USN-778-1

Vulnerability Insight

It was discovered that cron did not properly check the return code of the setgid() and initgroups() system calls. A local attacker could use this to escalate group privileges. Please note that cron versions 3.0pl1-64 and later were already patched to address the more serious setuid() check referred to by CVE-2006-2607.

Vulnerability Detection Method

Details: Ubuntu USN-778-1 (cron) (OID: 1.3.6.1.4.1.25623.1.0.64142)

Version used: $Revision: 7969 $

References

CVE: CVE-2006-2607
Other: http://www.ubuntu.com/usn/usn-778-1/

general/tcp
High (CVSS: 7.2)
NVT: Ubuntu Update for glibc, eglibc vulnerabilities USN-1009-1 (OID: 1.3.6.1.4.1.25623.1.0.840525)
Summary

Ubuntu Update for Linux kernel vulnerabilities USN-1009-1

Vulnerability Detection Result
Package libc6-amd64 version 2.7-10ubuntu3 is installed which is known to be vulnerable.
Solution

Solution type: VendorFix

Please Install the Updated Packages.

Affected Software/OS

glibc, eglibc vulnerabilities on Ubuntu 8.04 LTS , Ubuntu 9.04 , Ubuntu 9.10 , Ubuntu 10.04 LTS

Vulnerability Insight

Tavis Ormandy discovered multiple flaws in the GNU C Library's handling of the LD_AUDIT environment variable when running a privileged binary. A local attacker could exploit this to gain root privileges. (CVE-2010-3847, CVE-2010-3856)

Vulnerability Detection Method

Details: Ubuntu Update for glibc, eglibc vulnerabilities USN-1009-1 (OID: 1.3.6.1.4.1.25623.1.0.840525)

Version used: $Revision: 8457 $

References

CVE: CVE-2010-3847, CVE-2010-3856
CERT: DFN-CERT-2011-0507, DFN-CERT-2011-0505, DFN-CERT-2011-0010, DFN-CERT-2010-1545, DFN-CERT-2010-1464, DFN-CERT-2010-1448, DFN-CERT-2010-1442, DFN-CERT-2010-1426, DFN-CERT-2010-1421, DFN-CERT-2010-1420, DFN-CERT-2010-1415, DFN-CERT-2010-1413, DFN-CERT-2010-1402, DFN-CERT-2010-1401, DFN-CERT-2010-1396, DFN-CERT-2010-1392
Other: http://www.ubuntu.com/usn/usn-1009-1/
USN:1009-1

general/tcp
High (CVSS: 7.2)
NVT: Ubuntu Update for shadow vulnerability USN-695-1 (OID: 1.3.6.1.4.1.25623.1.0.840229)
Summary

Ubuntu Update for Linux kernel vulnerabilities USN-695-1

Vulnerability Detection Result
Package login version 4.0.18.2-1ubuntu2 is installed which is known to be vulnerable.
Solution

Solution type: VendorFix

Please Install the Updated Packages.

Affected Software/OS

shadow vulnerability on Ubuntu 6.06 LTS , Ubuntu 7.10 , Ubuntu 8.04 LTS , Ubuntu 8.10

Vulnerability Insight

Paul Szabo discovered a race condition in login. While setting up tty permissions, login did not correctly handle symlinks. If a local attacker were able to gain control of the system utmp file, they could cause login to change the ownership and permissions on arbitrary files, leading to a root privilege escalation.

Vulnerability Detection Method

Details: Ubuntu Update for shadow vulnerability USN-695-1 (OID: 1.3.6.1.4.1.25623.1.0.840229)

Version used: $Revision: 7969 $

References

CVE: CVE-2008-5394
Other: http://www.ubuntu.com/usn/usn-695-1/
USN:695-1

general/tcp
High (CVSS: 7.2)
NVT: Ubuntu Update for eglibc, glibc vulnerability USN-1009-2 (OID: 1.3.6.1.4.1.25623.1.0.840567)
Summary

Ubuntu Update for Linux kernel vulnerabilities USN-1009-2

Vulnerability Detection Result
Package libc6-amd64 version 2.7-10ubuntu3 is installed which is known to be vulnerable.
Solution

Solution type: VendorFix

Please Install the Updated Packages.

Affected Software/OS

eglibc, glibc vulnerability on Ubuntu 8.04 LTS , Ubuntu 9.10 , Ubuntu 10.04 LTS , Ubuntu 10.10

Vulnerability Insight

USN-1009-1 fixed vulnerabilities in the GNU C library. Colin Watson discovered that the fixes were incomplete and introduced flaws with setuid programs loading libraries that used dynamic string tokens in their RPATH. If the &quot man&quot program was installed setuid, a local attacker could exploit this to gain &quot man&quot user privileges, potentially leading to further privilege escalations. Default Ubuntu installations were not affected.

Original advisory details: Tavis Ormandy discovered multiple flaws in the GNU C Library's handling of the LD_AUDIT environment variable when running a privileged binary. A local attacker could exploit this to gain root privileges. (CVE-2010-3847, CVE-2010-3856)

Vulnerability Detection Method

Details: Ubuntu Update for eglibc, glibc vulnerability USN-1009-2 (OID: 1.3.6.1.4.1.25623.1.0.840567)

Version used: $Revision: 7964 $

References

CVE: CVE-2010-3847, CVE-2010-3856
CERT: DFN-CERT-2011-0507, DFN-CERT-2011-0505, DFN-CERT-2011-0010, DFN-CERT-2010-1545, DFN-CERT-2010-1464, DFN-CERT-2010-1448, DFN-CERT-2010-1442, DFN-CERT-2010-1426, DFN-CERT-2010-1421, DFN-CERT-2010-1420, DFN-CERT-2010-1415, DFN-CERT-2010-1413, DFN-CERT-2010-1402, DFN-CERT-2010-1401, DFN-CERT-2010-1396, DFN-CERT-2010-1392
Other: http://www.ubuntu.com/usn/usn-1009-2/
USN:1009-2

general/tcp
High (CVSS: 7.1)
NVT: Ubuntu USN-802-2 (apache2) (OID: 1.3.6.1.4.1.25623.1.0.64774)
Summary

The remote host is missing an update to apache2 announced via advisory USN-802-2.

Vulnerability Detection Result
Package apache2 version 2.2.8-1 is installed which is known to be vulnerable.
Solution

Solution type: VendorFix

The problem can be corrected by upgrading your system to the following package versions:

Ubuntu 6.06 LTS: apache2-common 2.0.55-4ubuntu2.8 apache2-mpm-perchild 2.0.55-4ubuntu2.8 apache2-mpm-prefork 2.0.55-4ubuntu2.8 apache2-mpm-worker 2.0.55-4ubuntu2.8 libapr0 2.0.55-4ubuntu2.8

Ubuntu 8.04 LTS: apache2-mpm-event 2.2.8-1ubuntu0.11 apache2-mpm-perchild 2.2.8-1ubuntu0.11 apache2-mpm-prefork 2.2.8-1ubuntu0.11 apache2-mpm-worker 2.2.8-1ubuntu0.11 apache2.2-common 2.2.8-1ubuntu0.11

Ubuntu 8.10: apache2-mpm-event 2.2.9-7ubuntu3.3 apache2-mpm-prefork 2.2.9-7ubuntu3.3 apache2-mpm-worker 2.2.9-7ubuntu3.3 apache2.2-common 2.2.9-7ubuntu3.3

Ubuntu 9.04: apache2-mpm-event 2.2.11-2ubuntu2.3 apache2-mpm-prefork 2.2.11-2ubuntu2.3 apache2-mpm-worker 2.2.11-2ubuntu2.3 apache2.2-common 2.2.11-2ubuntu2.3

In general, a standard system upgrade is sufficient to effect the necessary changes.

https://secure1.securityspace.com/smysecure/catid.html?in=USN-802-2

Vulnerability Insight

USN-802-1 fixed vulnerabilities in Apache. The upstream fix for CVE-2009-1891 introduced a regression that would cause Apache children to occasionally segfault when mod_deflate is used. This update fixes the problem.

We apologize for the inconvenience.

Original advisory details:

It was discovered that mod_proxy_http did not properly handle a large amount of streamed data when used as a reverse proxy. A remote attacker could exploit this and cause a denial of service via memory resource consumption. This issue affected Ubuntu 8.04 LTS, 8.10 and 9.04. (CVE-2009-1890) It was discovered that mod_deflate did not abort compressing large files when the connection was closed. A remote attacker could exploit this and cause a denial of service via CPU resource consumption. (CVE-2009-1891)

Vulnerability Detection Method

Details: Ubuntu USN-802-2 (apache2) (OID: 1.3.6.1.4.1.25623.1.0.64774)

Version used: $Revision: 7969 $

References

CVE: CVE-2009-1891, CVE-2009-1890
CERT: DFN-CERT-2011-0700, DFN-CERT-2010-1665, DFN-CERT-2010-1647, DFN-CERT-2009-1725, DFN-CERT-2009-1602, DFN-CERT-2009-1507, DFN-CERT-2009-1225, DFN-CERT-2009-1101
Other: http://www.ubuntu.com/usn/usn-802-2/

general/tcp
High (CVSS: 7.1)
NVT: Ubuntu Update for xorg-server vulnerabilities USN-939-1 (OID: 1.3.6.1.4.1.25623.1.0.840432)
Summary

Ubuntu Update for Linux kernel vulnerabilities USN-939-1

Vulnerability Detection Result
Package xserver-xorg-core version 1.4.1~git20080131-1ubuntu9 is installed which is known to be vulnerable.
Solution

Solution type: VendorFix

Please Install the Updated Packages.

Affected Software/OS

xorg-server vulnerabilities on Ubuntu 8.04 LTS , Ubuntu 9.04 , Ubuntu 9.10

Vulnerability Insight

Lo&#239 c Minier discovered that xvfb-run did not correctly keep the X.org session cookie private. A local attacker could gain access to any local sessions started by xvfb-run. Ubuntu 9.10 was not affected. (CVE-2009-1573)

It was discovered that the X.org server did not correctly handle certain calculations. A remote attacker could exploit this to crash the X.org session or possibly run arbitrary code with root privileges. (CVE-2010-1166)

Vulnerability Detection Method

Details: Ubuntu Update for xorg-server vulnerabilities USN-939-1 (OID: 1.3.6.1.4.1.25623.1.0.840432)

Version used: $Revision: 8338 $

References

CVE: CVE-2009-1573, CVE-2010-1166
CERT: DFN-CERT-2010-1647, DFN-CERT-2010-1274, DFN-CERT-2010-1098, DFN-CERT-2010-0984, DFN-CERT-2010-0602
Other: http://www.ubuntu.com/usn/usn-939-1/
USN:939-1

general/tcp
Medium (CVSS: 6.9)
NVT: Ubuntu USN-722-1 (sudo) (OID: 1.3.6.1.4.1.25623.1.0.63414)
Summary

The remote host is missing an update to sudo announced via advisory USN-722-1.

Vulnerability Detection Result
Package sudo version 1.6.9p10-1ubuntu3 is installed which is known to be vulnerable.
Solution

Solution type: VendorFix

The problem can be corrected by upgrading your system to the following package versions:

Ubuntu 8.04 LTS: sudo 1.6.9p10-1ubuntu3.4

Ubuntu 8.10: sudo 1.6.9p17-1ubuntu2.1

In general, a standard system upgrade is sufficient to effect the necessary changes.

https://secure1.securityspace.com/smysecure/catid.html?in=USN-722-1

Vulnerability Insight

Harald Koenig discovered that sudo did not correctly handle certain privilege changes when handling groups. If a local attacker belonged to a group included in a RunAs list in the /etc/sudoers file, that user could gain root privileges. This was not an issue for the default sudoers file shipped with Ubuntu.

Vulnerability Detection Method

Details: Ubuntu USN-722-1 (sudo) (OID: 1.3.6.1.4.1.25623.1.0.63414)

Version used: $Revision: 7969 $

References

CVE: CVE-2009-0034
CERT: DFN-CERT-2011-0103, DFN-CERT-2011-0102, DFN-CERT-2011-0075
Other: http://www.ubuntu.com/usn/usn-722-1/

general/tcp
Medium (CVSS: 6.9)
NVT: Ubuntu Update for cups, cupsys vulnerabilities USN-906-1 (OID: 1.3.6.1.4.1.25623.1.0.840396)
Summary

Ubuntu Update for Linux kernel vulnerabilities USN-906-1

Vulnerability Detection Result
Package cupsys-bsd version 1.3.7-1ubuntu3 is installed which is known to be vulnerable.
Solution

Solution type: VendorFix

Please Install the Updated Packages.

Affected Software/OS

cups, cupsys vulnerabilities on Ubuntu 6.06 LTS , Ubuntu 8.04 LTS , Ubuntu 8.10 , Ubuntu 9.04 , Ubuntu 9.10

Vulnerability Insight

It was discovered that the CUPS scheduler did not properly handle certain network operations. A remote attacker could exploit this flaw and cause the CUPS server to crash, resulting in a denial of service. This issue only affected Ubuntu 8.04 LTS, 8.10, 9.04 and 9.10. (CVE-2009-3553, CVE-2010-0302)

Ronald Volgers discovered that the CUPS lppasswd tool could be made to load localized message strings from arbitrary files by setting an environment variable. A local attacker could exploit this with a format-string vulnerability leading to a root privilege escalation. The default compiler options for Ubuntu 8.10, 9.04 and 9.10 should reduce this vulnerability to a denial of service. (CVE-2010-0393)

Vulnerability Detection Method

Details: Ubuntu Update for cups, cupsys vulnerabilities USN-906-1 (OID: 1.3.6.1.4.1.25623.1.0.840396)

Version used: $Revision: 8187 $

References

CVE: CVE-2009-3553, CVE-2010-0302, CVE-2010-0393
CERT: DFN-CERT-2011-0279, DFN-CERT-2010-0546, DFN-CERT-2010-0545, DFN-CERT-2010-0462, DFN-CERT-2010-0342, DFN-CERT-2010-0335, DFN-CERT-2010-0297, DFN-CERT-2010-0296, DFN-CERT-2010-0036, DFN-CERT-2010-0031, DFN-CERT-2009-1716, DFN-CERT-2009-1677, DFN-CERT-2009-1631
Other: http://www.ubuntu.com/usn/usn-906-1/
USN:906-1

general/tcp
Medium (CVSS: 6.9)
NVT: Ubuntu Update for imagemagick vulnerability USN-1028-1 (OID: 1.3.6.1.4.1.25623.1.0.840549)
Summary

Ubuntu Update for Linux kernel vulnerabilities USN-1028-1

Vulnerability Detection Result
Package libmagick++10 version 6.3.7.9.dfsg1-2ubuntu1 is installed which is known to be vulnerable.
Solution

Solution type: VendorFix

Please Install the Updated Packages.

Affected Software/OS

imagemagick vulnerability on Ubuntu 8.04 LTS , Ubuntu 9.10 , Ubuntu 10.04 LTS , Ubuntu 10.10

Vulnerability Insight

It was discovered that ImageMagick would search for configuration files in the current directory. If a user were tricked into opening or processing an image in an arbitrary directory, a local attacker could execute arbitrary code with the user's privileges.

Vulnerability Detection Method

Details: Ubuntu Update for imagemagick vulnerability USN-1028-1 (OID: 1.3.6.1.4.1.25623.1.0.840549)

Version used: $Revision: 8447 $

References

CVE: CVE-2010-4167
CERT: DFN-CERT-2012-1193, DFN-CERT-2012-0960, DFN-CERT-2012-0881, DFN-CERT-2012-0331, DFN-CERT-2010-1758
Other: http://www.ubuntu.com/usn/usn-1028-1/
USN:1028-1

general/tcp
Medium (CVSS: 6.9)
NVT: Ubuntu Update for pam USN-1237-1 (OID: 1.3.6.1.4.1.25623.1.0.840794)
Summary

Ubuntu Update for Linux kernel vulnerabilities USN-1237-1

Vulnerability Detection Result
Package libpam-modules version 0.99.7.1-5ubuntu6 is installed which is known to be vulnerable.
Solution

Solution type: VendorFix

Please Install the Updated Packages.

Affected Software/OS

pam on Ubuntu 11.04 , Ubuntu 10.10 , Ubuntu 10.04 LTS , Ubuntu 8.04 LTS

Vulnerability Insight

Kees Cook discovered that the PAM pam_env module incorrectly handled certain malformed environment files. A local attacker could use this flaw to cause a denial of service, or possibly gain privileges. The default compiler options for affected releases should reduce the vulnerability to a denial of service. (CVE-2011-3148)

Kees Cook discovered that the PAM pam_env module incorrectly handled variable expansion. A local attacker could use this flaw to cause a denial of service. (CVE-2011-3149) Stephane Chazelas discovered that the PAM pam_motd module incorrectly cleaned the environment during execution of the motd scripts. In certain environments, a local attacker could use this to execute arbitrary code as root, and gain privileges.

Vulnerability Detection Method

Details: Ubuntu Update for pam USN-1237-1 (OID: 1.3.6.1.4.1.25623.1.0.840794)

Version used: $Revision: 7964 $

References

CVE: CVE-2011-3148, CVE-2011-3149, CVE-2011-3628
CERT: DFN-CERT-2013-0341, DFN-CERT-2011-1879, DFN-CERT-2011-1833, DFN-CERT-2011-1699, DFN-CERT-2011-1687, DFN-CERT-2011-1684, DFN-CERT-2011-1649
Other: http://www.ubuntu.com/usn/usn-1237-1/
USN:1237-1

general/tcp
Medium (CVSS: 6.9)
NVT: Ubuntu Update for sudo USN-1754-1 (OID: 1.3.6.1.4.1.25623.1.0.841349)
Summary

Check for the Version of sudo

Vulnerability Detection Result
Package sudo version 1.6.9p10-1ubuntu3 is installed which is known to be vulnerable.
Solution

Solution type: VendorFix

Please Install the Updated Packages.

Affected Software/OS

sudo on Ubuntu 12.10 , Ubuntu 12.04 LTS , Ubuntu 11.10 , Ubuntu 10.04 LTS , Ubuntu 8.04 LTS

Vulnerability Insight

Marco Schoepl discovered that Sudo incorrectly handled time stamp files when the system clock is set to epoch. A local attacker could use this issue to run Sudo commands without a password prompt.

Vulnerability Detection Method

Details: Ubuntu Update for sudo USN-1754-1 (OID: 1.3.6.1.4.1.25623.1.0.841349)

Version used: $Revision: 8526 $

References

CVE: CVE-2013-1775
CERT: CB-K16/1107, CB-K15/1188, CB-K13/0849, CB-K13/0735, DFN-CERT-2016-1174, DFN-CERT-2015-1252, DFN-CERT-2013-1856, DFN-CERT-2013-1725, DFN-CERT-2013-1109, DFN-CERT-2013-0944, DFN-CERT-2013-0615, DFN-CERT-2013-0610, DFN-CERT-2013-0600, DFN-CERT-2013-0580, DFN-CERT-2013-0519
Other: http://www.ubuntu.com/usn/usn-1754-1/
USN:1754-1

general/tcp
Medium (CVSS: 6.9)
NVT: Ubuntu Update for logrotate USN-1172-1 (OID: 1.3.6.1.4.1.25623.1.0.840705)
Summary

Ubuntu Update for Linux kernel vulnerabilities USN-1172-1

Vulnerability Detection Result
Package logrotate version 3.7.1-3 is installed which is known to be vulnerable.
Solution

Solution type: VendorFix

Please Install the Updated Packages.

Affected Software/OS

logrotate on Ubuntu 11.04 , Ubuntu 10.10 , Ubuntu 10.04 LTS , Ubuntu 8.04 LTS

Vulnerability Insight

It was discovered that logrotate incorrectly handled the creation of new log files. Local users could possibly read log files if they were opened before permissions were in place. This issue only affected Ubuntu 8.04 LTS. (CVE-2011-1098)

It was discovered that logrotate incorrectly handled certain log file names when used with the shred option. Local attackers able to create log files with specially crafted filenames could use this issue to execute arbitrary code. This issue only affected Ubuntu 10.04 LTS, 10.10, and 11.04. (CVE-2011-1154) It was discovered that logrotate incorrectly handled certain malformed log filenames. Local attackers able to create log files with specially crafted filenames could use this issue to cause logrotate to stop processing log files, resulting in a denial of service. (CVE-2011-1155) It was discovered that logrotate incorrectly handled symlinks and hard links when processing log files. A local attacker having write access to a log file directory could use this issue to overwrite or read arbitrary files. This issue only affected Ubuntu 8.04 LTS. (CVE-2011-1548)

Vulnerability Detection Method

Details: Ubuntu Update for logrotate USN-1172-1 (OID: 1.3.6.1.4.1.25623.1.0.840705)

Version used: $Revision: 7964 $

References

CVE: CVE-2011-1098, CVE-2011-1154, CVE-2011-1155, CVE-2011-1548
CERT: CB-K15/0957, DFN-CERT-2015-1003, DFN-CERT-2011-0844, DFN-CERT-2011-0543, DFN-CERT-2011-0512, DFN-CERT-2011-0480, DFN-CERT-2011-0462
Other: http://www.ubuntu.com/usn/usn-1172-1/
USN:1172-1

general/tcp
Medium (CVSS: 6.9)
NVT: Ubuntu Update for dbus USN-1576-1 (OID: 1.3.6.1.4.1.25623.1.0.841153)
Summary

Ubuntu Update for Linux kernel vulnerabilities USN-1576-1

Vulnerability Detection Result
Package dbus version 1.1.20-1ubuntu1 is installed which is known to be vulnerable.
Solution

Solution type: VendorFix

Please Install the Updated Packages.

Affected Software/OS

dbus on Ubuntu 12.04 LTS , Ubuntu 11.10 , Ubuntu 11.04 , Ubuntu 10.04 LTS , Ubuntu 8.04 LTS

Vulnerability Insight

Sebastian Krahmer discovered that DBus incorrectly handled environment variables when running with elevated privileges. A local attacker could possibly exploit this flaw with a setuid binary and gain root privileges.

Vulnerability Detection Method

Details: Ubuntu Update for dbus USN-1576-1 (OID: 1.3.6.1.4.1.25623.1.0.841153)

Version used: $Revision: 7960 $

References

CVE: CVE-2012-3524
CERT: CB-K15/0090, CB-K14/1203, DFN-CERT-2015-0096, DFN-CERT-2014-1268, DFN-CERT-2012-2070, DFN-CERT-2012-2063, DFN-CERT-2012-1990, DFN-CERT-2012-1916, DFN-CERT-2012-1877, DFN-CERT-2012-1874, DFN-CERT-2012-1788, DFN-CERT-2012-1771
Other: http://www.ubuntu.com/usn/usn-1576-1/
USN:1576-1

general/tcp
Medium (CVSS: 6.9)
NVT: Ubuntu Update for python2.5 USN-1613-1 (OID: 1.3.6.1.4.1.25623.1.0.841195)
Summary

Ubuntu Update for Linux kernel vulnerabilities USN-1613-1

Vulnerability Detection Result
Package python2.5 version 2.5.2-2ubuntu4 is installed which is known to be vulnerable.
Solution

Solution type: VendorFix

Please Install the Updated Packages.

Affected Software/OS

python2.5 on Ubuntu 8.04 LTS

Vulnerability Insight

It was discovered that Python would prepend an empty string to sys.path under certain circumstances. A local attacker with write access to the current working directory could exploit this to execute arbitrary code. (CVE-2008-5983)

It was discovered that the audioop module did not correctly perform input validation. If a user or automatated system were tricked into opening a crafted audio file, an attacker could cause a denial of service via application crash. (CVE-2010-1634, CVE-2010-2089) Giampaolo Rodola discovered several race conditions in the smtpd module. A remote attacker could exploit this to cause a denial of service via daemon outage. (CVE-2010-3493) It was discovered that the CGIHTTPServer module did not properly perform input validation on certain HTTP GET requests. A remote attacker could potentially obtain access to CGI script source files. (CVE-2011-1015) Niels Heinen discovered that the urllib and urllib2 modules would process Location headers that specify a redirection to file: URLs. A remote attacker could exploit this to obtain sensitive information or cause a denial of service. (CVE-2011-1521) It was discovered that SimpleHTTPServer did not use a charset parameter in the Content-Type HTTP header. An attacker could potentially exploit this to conduct cross-site scripting (XSS) attacks against Internet Explorer 7 users. (CVE-2011-4940) It was discovered that Python distutils contained a race condition when creating the ~/.pypirc file. A local attacker could exploit this to obtain sensitive information. (CVE-2011-4944) It was discovered that SimpleXMLRPCServer did not properly validate its input when handling HTTP POST requests. A remote attacker could exploit this to cause a denial of service via excessive CPU utilization. (CVE-2012-0845) It was discovered that the Expat module in Python 2.5 computed hash values without restricting the ability to trigger hash collisions predictably. If a user or application using pyexpat were tricked into opening a crafted XML file, an attacker could cause a denial of service by consuming excessive CPU resources. (CVE-2012-0876) Tim Boddy discovered that the Expat module in Python 2.5 did not properly handle memory reallocation when processing XML files. If a user or application using pyexpat were tricked into opening a crafted XML file, an attacker could cause a denial of service by consuming excessive memory resources. (CVE-2012-1148)

Vulnerability Detection Method

Details: Ubuntu Update for python2.5 USN-1613-1 (OID: 1.3.6.1.4.1.25623.1.0.841195)

Version used: $Revision: 7960 $

References

CVE: CVE-2008-5983, CVE-2010-1634, CVE-2010-2089, CVE-2010-3493, CVE-2011-1015, CVE-2011-1521, CVE-2011-4940, CVE-2011-4944, CVE-2012-0845, CVE-2012-0876, CVE-2012-1148
CERT: CB-K17/0536, CB-K17/0492, CB-K16/1972, CB-K16/1816, CB-K16/0112, CB-K15/1792, CB-K15/0987, CB-K13/0845, DFN-CERT-2017-0551, DFN-CERT-2017-0508, DFN-CERT-2016-2081, DFN-CERT-2016-1923, DFN-CERT-2016-0125, DFN-CERT-2015-1898, DFN-CERT-2015-1035, DFN-CERT-2013-1847, DFN-CERT-2012-2129, DFN-CERT-2012-1530, DFN-CERT-2012-1522, DFN-CERT-2012-1513, DFN-CERT-2012-1292, DFN-CERT-2012-1214, DFN-CERT-2012-1213, DFN-CERT-2012-1180, DFN-CERT-2012-1169, DFN-CERT-2012-1168, DFN-CERT-2012-1133, DFN-CERT-2012-1039, DFN-CERT-2012-0948, DFN-CERT-2012-0868, DFN-CERT-2012-0867, DFN-CERT-2012-0848, DFN-CERT-2012-0838, DFN-CERT-2012-0835, DFN-CERT-2012-0693, DFN-CERT-2012-0627, DFN-CERT-2012-0567, DFN-CERT-2012-0559, DFN-CERT-2012-0171, DFN-CERT-2011-1533, DFN-CERT-2011-1500, DFN-CERT-2011-1436, DFN-CERT-2011-0844, DFN-CERT-2011-0801, DFN-CERT-2011-0789, DFN-CERT-2011-0771, DFN-CERT-2011-0723, DFN-CERT-2011-0718, DFN-CERT-2011-0111, DFN-CERT-2011-0051, DFN-CERT-2010-1762, DFN-CERT-2010-1482, DFN-CERT-2010-1469, DFN-CERT-2010-1156, DFN-CERT-2010-0901, DFN-CERT-2010-0857, DFN-CERT-2010-0782
Other: http://www.ubuntu.com/usn/usn-1613-1/
USN:1613-1

general/tcp
Medium (CVSS: 6.9)
NVT: Ubuntu USN-700-1 (perl) (OID: 1.3.6.1.4.1.25623.1.0.63075)
Summary

The remote host is missing an update to perl announced via advisory USN-700-1.

Vulnerability Detection Result
Package perl-modules version 5.8.8-12 is installed which is known to be vulnerable.
Package libperl5.8 version 5.8.8-12 is installed which is known to be vulnerable.
Package perl-base version 5.8.8-12 is installed which is known to be vulnerable.
Package perl version 5.8.8-12 is installed which is known to be vulnerable.
Solution

Solution type: VendorFix

The problem can be corrected by upgrading your system to the following package versions:

Ubuntu 6.06 LTS: libarchive-tar-perl 1.26-2ubuntu0.1 libperl5.8 5.8.7-10ubuntu1.2

Ubuntu 7.10: libarchive-tar-perl 1.31-1ubuntu0.1 libperl5.8 5.8.8-7ubuntu3.4 perl-modules 5.8.8-7ubuntu3.4

Ubuntu 8.04 LTS: libarchive-tar-perl 1.36-1ubuntu0.1 libperl5.8 5.8.8-12ubuntu0.3 perl-modules 5.8.8-12ubuntu0.3

Ubuntu 8.10: perl-modules 5.10.0-11.1ubuntu2.2

In general, a standard system upgrade is sufficient to effect the necessary changes.

https://secure1.securityspace.com/smysecure/catid.html?in=USN-700-1

Vulnerability Insight

Jonathan Smith discovered that the Archive::Tar Perl module did not correctly handle symlinks when extracting archives. If a user or automated system were tricked into opening a specially crafted tar file, a remote attacker could over-write arbitrary files. (CVE-2007-4829)

Tavis Ormandy and Will Drewry discovered that Perl did not correctly handle certain utf8 characters in regular expressions. If a user or automated system were tricked into using a specially crafted expression, a remote attacker could crash the application, leading to a denial of service. Ubuntu 8.10 was not affected by this issue. (CVE-2008-1927)

A race condition was discovered in the File::Path Perl module's rmtree function. If a local attacker successfully raced another user's call of rmtree, they could create arbitrary setuid binaries. Ubuntu 6.06 and 8.10 were not affected by this issue. (CVE-2008-5302)

A race condition was discovered in the File::Path Perl module's rmtree function. If a local attacker successfully raced another user's call of rmtree, they could delete arbitrary files. Ubuntu 6.06 was not affected by this issue. (CVE-2008-5303)

Vulnerability Detection Method

Details: Ubuntu USN-700-1 (perl) (OID: 1.3.6.1.4.1.25623.1.0.63075)

Version used: $Revision: 7969 $

References

CVE: CVE-2007-4829, CVE-2008-1927, CVE-2008-5302, CVE-2008-5303
CERT: CB-K16/0564, CB-K15/1514, DFN-CERT-2010-1135, DFN-CERT-2010-0847, DFN-CERT-2010-0773, DFN-CERT-2010-0740
Other: http://www.ubuntu.com/usn/usn-700-1/

general/tcp
Medium (CVSS: 6.9)
NVT: Ubuntu Update for pam USN-1140-1 (OID: 1.3.6.1.4.1.25623.1.0.840672)
Summary

Ubuntu Update for Linux kernel vulnerabilities USN-1140-1

Vulnerability Detection Result
Package libpam-modules version 0.99.7.1-5ubuntu6 is installed which is known to be vulnerable.
Solution

Solution type: VendorFix

Please Install the Updated Packages.

Affected Software/OS

pam on Ubuntu 11.04 , Ubuntu 10.10 , Ubuntu 10.04 LTS , Ubuntu 8.04 LTS

Vulnerability Insight

Marcus Granado discovered that PAM incorrectly handled configuration files with non-ASCII usernames. A remote attacker could use this flaw to cause a denial of service, or possibly obtain login access with a different users username. This issue only affected Ubuntu 8.04 LTS. (CVE-2009-0887)

It was discovered that the PAM pam_xauth, pam_env and pam_mail modules incorrectly handled dropping privileges when performing operations. A local attacker could use this flaw to read certain arbitrary files, and access other sensitive information. (CVE-2010-3316, CVE-2010-3430, CVE-2010-3431, CVE-2010-3435) It was discovered that the PAM pam_namespace module incorrectly cleaned the environment during execution of the namespace.init script. A local attacker could use this flaw to possibly gain privileges. (CVE-2010-3853) It was discovered that the PAM pam_xauth module incorrectly handled certain failures. A local attacker could use this flaw to delete certain unintended files. (CVE-2010-4706) It was discovered that the PAM pam_xauth module incorrectly verified certain file properties. A local attacker could use this flaw to cause a denial of service. (CVE-2010-4707)

Vulnerability Detection Method

Details: Ubuntu Update for pam USN-1140-1 (OID: 1.3.6.1.4.1.25623.1.0.840672)

Version used: $Revision: 7964 $

References

CVE: CVE-2009-0887, CVE-2010-3316, CVE-2010-3430, CVE-2010-3431, CVE-2010-3435, CVE-2010-3853, CVE-2010-4706, CVE-2010-4707
CERT: DFN-CERT-2011-1699, DFN-CERT-2011-1684, DFN-CERT-2011-0325, DFN-CERT-2010-1583, DFN-CERT-2010-1574, DFN-CERT-2010-1506, DFN-CERT-2010-1495, DFN-CERT-2010-1494, DFN-CERT-2010-1476
Other: http://www.ubuntu.com/usn/usn-1140-1/
USN:1140-1

general/tcp
Medium (CVSS: 6.9)
NVT: Ubuntu Update for sudo vulnerabilities USN-905-1 (OID: 1.3.6.1.4.1.25623.1.0.840395)
Summary

Ubuntu Update for Linux kernel vulnerabilities USN-905-1

Vulnerability Detection Result
Package sudo version 1.6.9p10-1ubuntu3 is installed which is known to be vulnerable.
Solution

Solution type: VendorFix

Please Install the Updated Packages.

Affected Software/OS

sudo vulnerabilities on Ubuntu 6.06 LTS , Ubuntu 8.04 LTS , Ubuntu 8.10 , Ubuntu 9.04 , Ubuntu 9.10

Vulnerability Insight

It was discovered that sudo did not properly validate the path for the 'sudoedit' pseudo-command. A local attacker could exploit this to execute arbitrary code as root if sudo was configured to allow the attacker to use sudoedit. The sudoedit pseudo-command is not used in the default installation of Ubuntu. (CVE-2010-0426)

It was discovered that sudo did not reset group permissions when the 'runas_default' configuration option was used. A local attacker could exploit this to escalate group privileges if sudo was configured to allow the attacker to run commands under the runas_default account. The runas_default configuration option is not used in the default installation of Ubuntu. This issue affected Ubuntu 8.04 LTS, 8.10 and 9.04. (CVE-2010-0427)

Vulnerability Detection Method

Details: Ubuntu Update for sudo vulnerabilities USN-905-1 (OID: 1.3.6.1.4.1.25623.1.0.840395)

Version used: $Revision: 8510 $

References

CVE: CVE-2010-0426, CVE-2010-0427
CERT: DFN-CERT-2010-0720, DFN-CERT-2010-0620, DFN-CERT-2010-0578, DFN-CERT-2010-0348, DFN-CERT-2010-0327, DFN-CERT-2010-0316, DFN-CERT-2010-0312, DFN-CERT-2010-0289, DFN-CERT-2010-0285, DFN-CERT-2010-0272, DFN-CERT-2010-0271
Other: http://www.ubuntu.com/usn/usn-905-1/
USN:905-1

general/tcp
Medium (CVSS: 6.9)
NVT: Ubuntu Update for dbus USN-1576-2 (OID: 1.3.6.1.4.1.25623.1.0.841177)
Summary

Ubuntu Update for Linux kernel vulnerabilities USN-1576-2

Vulnerability Detection Result
Package dbus version 1.1.20-1ubuntu1 is installed which is known to be vulnerable.
Solution

Solution type: VendorFix

Please Install the Updated Packages.

Affected Software/OS

dbus on Ubuntu 12.04 LTS , Ubuntu 11.10 , Ubuntu 11.04 , Ubuntu 10.04 LTS , Ubuntu 8.04 LTS

Vulnerability Insight

USN-1576-1 fixed vulnerabilities in DBus. The update caused a regression for certain services launched from the activation helper, and caused an unclean shutdown on upgrade. This update fixes the problem.

We apologize for the inconvenience. Original advisory details: Sebastian Krahmer discovered that DBus incorrectly handled environment variables when running with elevated privileges. A local attacker could possibly exploit this flaw with a setuid binary and gain root privileges.

Vulnerability Detection Method

Details: Ubuntu Update for dbus USN-1576-2 (OID: 1.3.6.1.4.1.25623.1.0.841177)

Version used: $Revision: 7960 $

References

CVE: CVE-2012-3524
CERT: CB-K15/0090, CB-K14/1203, DFN-CERT-2015-0096, DFN-CERT-2014-1268, DFN-CERT-2012-2070, DFN-CERT-2012-2063, DFN-CERT-2012-1990, DFN-CERT-2012-1916, DFN-CERT-2012-1877, DFN-CERT-2012-1874, DFN-CERT-2012-1788, DFN-CERT-2012-1771
Other: http://www.ubuntu.com/usn/usn-1576-2/
USN:1576-2

general/tcp
Medium (CVSS: 6.9)
NVT: Ubuntu USN-700-2 (perl) (OID: 1.3.6.1.4.1.25623.1.0.63235)
Summary

The remote host is missing an update to perl announced via advisory USN-700-2.

Vulnerability Detection Result
Package perl-modules version 5.8.8-12 is installed which is known to be vulnerable.
Package libperl5.8 version 5.8.8-12 is installed which is known to be vulnerable.
Package perl-base version 5.8.8-12 is installed which is known to be vulnerable.
Package perl version 5.8.8-12 is installed which is known to be vulnerable.
Solution

Solution type: VendorFix

The problem can be corrected by upgrading your system to the following package versions:

Ubuntu 8.04 LTS: perl 5.8.8-12ubuntu0.4

In general, a standard system upgrade is sufficient to effect the necessary changes.

https://secure1.securityspace.com/smysecure/catid.html?in=USN-700-2

Vulnerability Insight

USN-700-1 fixed vulnerabilities in Perl. Due to problems with the Ubuntu 8.04 build, some Perl .ph files were missing from the resulting update. This update fixes the problem. We apologize for the inconvenience.

Vulnerability Detection Method

Details: Ubuntu USN-700-2 (perl) (OID: 1.3.6.1.4.1.25623.1.0.63235)

Version used: $Revision: 7969 $

References

CVE: CVE-2007-4829, CVE-2008-1927, CVE-2008-5302, CVE-2008-5303
CERT: CB-K16/0564, CB-K15/1514, DFN-CERT-2010-1135, DFN-CERT-2010-0847, DFN-CERT-2010-0773, DFN-CERT-2010-0740
Other: http://www.ubuntu.com/usn/usn-700-2/

general/tcp
Medium (CVSS: 6.9)
NVT: Ubuntu Update for sudo vulnerability USN-928-1 (OID: 1.3.6.1.4.1.25623.1.0.840420)
Summary

Ubuntu Update for Linux kernel vulnerabilities USN-928-1

Vulnerability Detection Result
Package sudo version 1.6.9p10-1ubuntu3 is installed which is known to be vulnerable.
Solution

Solution type: VendorFix

Please Install the Updated Packages.

Affected Software/OS

sudo vulnerability on Ubuntu 6.06 LTS , Ubuntu 8.04 LTS , Ubuntu 8.10 , Ubuntu 9.04 , Ubuntu 9.10

Vulnerability Insight

Valerio Costamagna discovered that sudo did not properly validate the path for the 'sudoedit' pseudo-command when the PATH contained only a dot ('.'). If secure_path and ignore_dot were disabled, a local attacker could exploit this to execute arbitrary code as root if sudo was configured to allow the attacker to use sudoedit. By default, secure_path is used and the sudoedit pseudo-command is not used in Ubuntu. This is a different but related issue to CVE-2010-0426.

Vulnerability Detection Method

Details: Ubuntu Update for sudo vulnerability USN-928-1 (OID: 1.3.6.1.4.1.25623.1.0.840420)

Version used: $Revision: 8187 $

References

CVE: CVE-2010-0426
CERT: DFN-CERT-2010-0720, DFN-CERT-2010-0620, DFN-CERT-2010-0578, DFN-CERT-2010-0348, DFN-CERT-2010-0327, DFN-CERT-2010-0316, DFN-CERT-2010-0312, DFN-CERT-2010-0289, DFN-CERT-2010-0272, DFN-CERT-2010-0271
Other: http://www.ubuntu.com/usn/usn-928-1/
USN:928-1

general/tcp
Medium (CVSS: 6.9)
NVT: Ubuntu Update for pam USN-1140-2 (OID: 1.3.6.1.4.1.25623.1.0.840673)
Summary

Ubuntu Update for Linux kernel vulnerabilities USN-1140-2

Vulnerability Detection Result
Package libpam-modules version 0.99.7.1-5ubuntu6 is installed which is known to be vulnerable.
Solution

Solution type: VendorFix

Please Install the Updated Packages.

Affected Software/OS

pam on Ubuntu 11.04 , Ubuntu 10.10 , Ubuntu 10.04 LTS , Ubuntu 8.04 LTS

Vulnerability Insight

USN-1140-1 fixed vulnerabilities in PAM. A regression was found that caused cron to stop working with a &quot Module is unknown&quot error. As a result, systems configured with automatic updates will not receive updates until cron is restarted, these updates are installed or the system is rebooted. This update fixes the problem.

We apologize for the inconvenience. Original advisory details: Marcus Granado discovered that PAM incorrectly handled configuration files with non-ASCII usernames. A remote attacker could use this flaw to cause a denial of service, or possibly obtain login access with a different users username. This issue only affected Ubuntu 8.04 LTS. (CVE-2009-0887) It was discovered that the PAM pam_xauth, pam_env and pam_mail modules incorrectly handled dropping privileges when performing operations. A local attacker could use this flaw to read certain arbitrary files, and access other sensitive information. (CVE-2010-3316, CVE-2010-3430, CVE-2010-3431, CVE-2010-3435) It was discovered that the PAM pam_namespace module incorrectly cleaned the environment during execution of the namespace.init script. A local attacker could use this flaw to possibly gain privileges. (CVE-2010-3853) It was discovered that the PAM pam_xauth module incorrectly handled certain failures. A local attacker could use this flaw to delete certain unintended files. (CVE-2010-4706) It was discovered that the PAM pam_xauth module incorrectly verified certain file properties. A local attacker could use this flaw to cause a denial of service. (CVE-2010-4707)

Vulnerability Detection Method

Details: Ubuntu Update for pam USN-1140-2 (OID: 1.3.6.1.4.1.25623.1.0.840673)

Version used: $Revision: 7964 $

References

CVE: CVE-2009-0887, CVE-2010-3316, CVE-2010-3430, CVE-2010-3431, CVE-2010-3435, CVE-2010-3853, CVE-2010-4706, CVE-2010-4707
CERT: DFN-CERT-2011-1699, DFN-CERT-2011-1684, DFN-CERT-2011-0325, DFN-CERT-2010-1583, DFN-CERT-2010-1574, DFN-CERT-2010-1506, DFN-CERT-2010-1495, DFN-CERT-2010-1494, DFN-CERT-2010-1476
Other: http://www.ubuntu.com/usn/usn-1140-2/
USN:1140-2

general/tcp
Medium (CVSS: 6.9)
NVT: Ubuntu Update for postfix USN-1113-1 (OID: 1.3.6.1.4.1.25623.1.0.840648)
Summary

Ubuntu Update for Linux kernel vulnerabilities USN-1113-1

Vulnerability Detection Result
Package postfix version 2.5.1-2ubuntu1 is installed which is known to be vulnerable.
Solution

Solution type: VendorFix

Please Install the Updated Packages.

Affected Software/OS

postfix on Ubuntu 10.10 , Ubuntu 10.04 LTS , Ubuntu 9.10 , Ubuntu 8.04 LTS , Ubuntu 6.06 LTS

Vulnerability Insight

It was discovered that the Postfix package incorrectly granted write access on the PID directory to the postfix user. A local attacker could use this flaw to possibly conduct a symlink attack and overwrite arbitrary files. This issue only affected Ubuntu 6.06 LTS and 8.04 LTS. (CVE-2009-2939)

Wietse Venema discovered that Postfix incorrectly handled cleartext commands after TLS is in place. A remote attacker could exploit this to inject cleartext commands into TLS sessions, and possibly obtain confidential information such as passwords. (CVE-2011-0411)

Vulnerability Detection Method

Details: Ubuntu Update for postfix USN-1113-1 (OID: 1.3.6.1.4.1.25623.1.0.840648)

Version used: $Revision: 7964 $

References

CVE: CVE-2009-2939, CVE-2011-0411
CERT: CB-K15/1514, DFN-CERT-2011-0844, DFN-CERT-2011-0771, DFN-CERT-2011-0741, DFN-CERT-2011-0712, DFN-CERT-2011-0673, DFN-CERT-2011-0597, DFN-CERT-2011-0596, DFN-CERT-2011-0519, DFN-CERT-2011-0516, DFN-CERT-2011-0483, DFN-CERT-2011-0434, DFN-CERT-2011-0393, DFN-CERT-2011-0381
Other: http://www.ubuntu.com/usn/usn-1113-1/
USN:1113-1

general/tcp
Medium (CVSS: 6.9)
NVT: Ubuntu Update for Linux kernel vulnerabilities USN-1023-1 (OID: 1.3.6.1.4.1.25623.1.0.840544)
Summary

Ubuntu Update for Linux kernel vulnerabilities USN-1023-1

Vulnerability Detection Result
Package linux-libc-dev version 2.6.24-16.30 is installed which is known to be vulnerable.
Solution

Solution type: VendorFix

Please Install the Updated Packages.

Affected Software/OS

Linux kernel vulnerabilities on Ubuntu 6.06 LTS , Ubuntu 8.04 LTS , Ubuntu 9.10 , Ubuntu 10.04 LTS , Ubuntu 10.10

Vulnerability Insight

Nelson Elhage discovered several problems with the Acorn Econet protocol driver. A local user could cause a denial of service via a NULL pointer dereference, escalate privileges by overflowing the kernel stack, and assign Econet addresses to arbitrary interfaces.

Vulnerability Detection Method

Details: Ubuntu Update for Linux kernel vulnerabilities USN-1023-1 (OID: 1.3.6.1.4.1.25623.1.0.840544)

Version used: $Revision: 8447 $

References

CVE: CVE-2010-3848, CVE-2010-3849, CVE-2010-3850
CERT: DFN-CERT-2011-0676, DFN-CERT-2011-0598, DFN-CERT-2011-0411, DFN-CERT-2011-0187, DFN-CERT-2011-0150, DFN-CERT-2011-0110, DFN-CERT-2010-1717, DFN-CERT-2010-1623
Other: http://www.ubuntu.com/usn/usn-1023-1/
USN:1023-1

general/tcp
Medium (CVSS: 6.8)
NVT: Ubuntu Update for Linux kernel vulnerabilities USN-914-1 (OID: 1.3.6.1.4.1.25623.1.0.840403)
Summary

Ubuntu Update for Linux kernel vulnerabilities USN-914-1

Vulnerability Detection Result
Package linux-libc-dev version 2.6.24-16.30 is installed which is known to be vulnerable.
Solution

Solution type: VendorFix

Please Install the Updated Packages.

Affected Software/OS

Linux kernel vulnerabilities on Ubuntu 6.06 LTS , Ubuntu 8.04 LTS , Ubuntu 8.10 , Ubuntu 9.04 , Ubuntu 9.10

Vulnerability Insight

Mathias Krause discovered that the Linux kernel did not correctly handle missing ELF interpreters. A local attacker could exploit this to cause the system to crash, leading to a denial of service. (CVE-2010-0307)

Marcelo Tosatti discovered that the Linux kernel's hardware virtualization did not correctly handle reading the /dev/port special device. A local attacker in a guest operating system could issue a specific read that would cause the host system to crash, leading to a denial of service. (CVE-2010-0309) Sebastian Krahmer discovered that the Linux kernel did not correctly handle netlink connector messages. A local attacker could exploit this to consume kernel memory, leading to a denial of service. (CVE-2010-0410) Ramon de Carvalho Valle discovered that the Linux kernel did not correctly validate certain memory migration calls. A local attacker could exploit this to read arbitrary kernel memory or cause a system crash, leading to a denial of service. (CVE-2010-0415) Jermome Marchand and Mikael Pettersson discovered that the Linux kernel did not correctly handle certain futex operations. A local attacker could exploit this to cause a system crash, leading to a denial of service. (CVE-2010-0622, CVE-2010-0623)

Vulnerability Detection Method

Details: Ubuntu Update for Linux kernel vulnerabilities USN-914-1 (OID: 1.3.6.1.4.1.25623.1.0.840403)

Version used: $Revision: 8254 $

References

CVE: CVE-2010-0307, CVE-2010-0309, CVE-2010-0410, CVE-2010-0415, CVE-2010-0622, CVE-2010-0623
CERT: CB-K15/0576, DFN-CERT-2015-0600, DFN-CERT-2013-1066, DFN-CERT-2011-0185, DFN-CERT-2010-1566, DFN-CERT-2010-1372, DFN-CERT-2010-1333, DFN-CERT-2010-1258, DFN-CERT-2010-1151, DFN-CERT-2010-0979, DFN-CERT-2010-0845, DFN-CERT-2010-0778, DFN-CERT-2010-0670, DFN-CERT-2010-0631, DFN-CERT-2010-0630, DFN-CERT-2010-0613, DFN-CERT-2010-0445, DFN-CERT-2010-0396, DFN-CERT-2010-0391, DFN-CERT-2010-0385, DFN-CERT-2010-0366, DFN-CERT-2010-0364, DFN-CERT-2010-0336, DFN-CERT-2010-0334, DFN-CERT-2010-0315, DFN-CERT-2010-0291, DFN-CERT-2010-0274, DFN-CERT-2010-0264, DFN-CERT-2010-0226, DFN-CERT-2010-0206, DFN-CERT-2010-0199, DFN-CERT-2010-0165
Other: http://www.ubuntu.com/usn/usn-914-1/
USN:914-1

general/tcp
Medium (CVSS: 6.8)
NVT: Ubuntu Update for openssl USN-1451-1 (OID: 1.3.6.1.4.1.25623.1.0.841013)
Summary

Ubuntu Update for Linux kernel vulnerabilities USN-1451-1

Vulnerability Detection Result
Package openssl version 0.9.8g-4ubuntu3 is installed which is known to be vulnerable.
Solution

Solution type: VendorFix

Please Install the Updated Packages.

Affected Software/OS

openssl on Ubuntu 12.04 LTS , Ubuntu 11.10 , Ubuntu 11.04 , Ubuntu 10.04 LTS , Ubuntu 8.04 LTS

Vulnerability Insight

Ivan Nestlerode discovered that the Cryptographic Message Syntax (CMS) and PKCS #7 implementations in OpenSSL returned early if RSA decryption failed. This could allow an attacker to expose sensitive information via a Million Message Attack (MMA). (CVE-2012-0884)

It was discovered that an integer underflow was possible when using TLS 1.1, TLS 1.2, or DTLS with CBC encryption. This could allow a remote attacker to cause a denial of service. (CVE-2012-2333)

Vulnerability Detection Method

Details: Ubuntu Update for openssl USN-1451-1 (OID: 1.3.6.1.4.1.25623.1.0.841013)

Version used: $Revision: 7960 $

References

CVE: CVE-2012-0884, CVE-2012-2333
CERT: CB-K14/0854, DFN-CERT-2014-0891, DFN-CERT-2013-0512, DFN-CERT-2013-0391, DFN-CERT-2012-1581, DFN-CERT-2012-1489, DFN-CERT-2012-1382, DFN-CERT-2012-1112, DFN-CERT-2012-1075, DFN-CERT-2012-1044, DFN-CERT-2012-1038, DFN-CERT-2012-1037, DFN-CERT-2012-1036, DFN-CERT-2012-1025, DFN-CERT-2012-1013, DFN-CERT-2012-0959, DFN-CERT-2012-0957, DFN-CERT-2012-0922, DFN-CERT-2012-0888, DFN-CERT-2012-0859, DFN-CERT-2012-0761, DFN-CERT-2012-0759, DFN-CERT-2012-0669, DFN-CERT-2012-0652, DFN-CERT-2012-0558, DFN-CERT-2012-0554
Other: http://www.ubuntu.com/usn/usn-1451-1/
USN:1451-1

general/tcp
Medium (CVSS: 6.8)
NVT: Ubuntu USN-760-1 (cupsys) (OID: 1.3.6.1.4.1.25623.1.0.63859)
Summary

The remote host is missing an update to cupsys announced via advisory USN-760-1.

Vulnerability Detection Result
Package cupsys-common version 1.3.7-1ubuntu3 is installed which is known to be vulnerable.
Package cupsys-bsd version 1.3.7-1ubuntu3 is installed which is known to be vulnerable.
Package cupsys-client version 1.3.7-1ubuntu3 is installed which is known to be vulnerable.
Package cupsys version 1.3.7-1ubuntu3 is installed which is known to be vulnerable.
Package libcupsimage2 version 1.3.7-1ubuntu3 is installed which is known to be vulnerable.
Package libcupsys2 version 1.3.7-1ubuntu3 is installed which is known to be vulnerable.
Solution

Solution type: VendorFix

The problem can be corrected by upgrading your system to the following package versions:

Ubuntu 6.06 LTS: libcupsimage2 1.2.2-0ubuntu0.6.06.13

Ubuntu 7.10: libcupsimage2 1.3.2-1ubuntu7.10

Ubuntu 8.04 LTS: libcupsimage2 1.3.7-1ubuntu3.4

Ubuntu 8.10: libcupsimage2 1.3.9-2ubuntu9.1

In general, a standard system upgrade is sufficient to effect the necessary changes.

https://secure1.securityspace.com/smysecure/catid.html?in=USN-760-1

Vulnerability Insight

It was discovered that CUPS did not properly check the height of TIFF images. If a user or automated system were tricked into opening a crafted TIFF image file, a remote attacker could cause a denial of service or possibly execute arbitrary code with user privileges. In Ubuntu 7.10, 8.04 LTS, and 8.10, attackers would be isolated by the AppArmor CUPS profile.

Vulnerability Detection Method

Details: Ubuntu USN-760-1 (cupsys) (OID: 1.3.6.1.4.1.25623.1.0.63859)

Version used: $Revision: 7969 $

References

CVE: CVE-2009-0163
CERT: DFN-CERT-2009-1485, DFN-CERT-2009-1484, DFN-CERT-2009-1483
Other: http://www.ubuntu.com/usn/usn-760-1/

general/tcp
Medium (CVSS: 6.8)
NVT: Ubuntu Update for vinagre vulnerability USN-689-1 (OID: 1.3.6.1.4.1.25623.1.0.840200)
Summary

Ubuntu Update for Linux kernel vulnerabilities USN-689-1

Vulnerability Detection Result
Package vinagre version 0.5.1-0ubuntu1 is installed which is known to be vulnerable.
Solution

Solution type: VendorFix

Please Install the Updated Packages.

Affected Software/OS

vinagre vulnerability on Ubuntu 8.04 LTS , Ubuntu 8.10

Vulnerability Insight

Alfredo Ortega discovered a flaw in Vinagre's use of format strings. A remote attacker could exploit this vulnerability if they tricked a user into connecting to a malicious VNC server, or opening a specially crafted URI with Vinagre. In Ubuntu 8.04, it was possible to execute arbitrary code with user privileges. In Ubuntu 8.10, Vinagre would simply abort, leading to a denial of service.

Vulnerability Detection Method

Details: Ubuntu Update for vinagre vulnerability USN-689-1 (OID: 1.3.6.1.4.1.25623.1.0.840200)

Version used: $Revision: 7969 $

References

CVE: CVE-2008-5660
Other: http://www.ubuntu.com/usn/usn-689-1/
USN:689-1

general/tcp
Medium (CVSS: 6.8)
NVT: Ubuntu Update for foomatic-filters USN-1194-1 (OID: 1.3.6.1.4.1.25623.1.0.840728)
Summary

Ubuntu Update for Linux kernel vulnerabilities USN-1194-1

Vulnerability Detection Result
Package foomatic-filters version 3.0.2-20071204-0ubuntu2 is installed which is known to be vulnerable.
Solution

Solution type: VendorFix

Please Install the Updated Packages.

Affected Software/OS

foomatic-filters on Ubuntu 11.04 , Ubuntu 10.10 , Ubuntu 10.04 LTS , Ubuntu 8.04 LTS

Vulnerability Insight

It was discovered that the foomatic-rip Foomatic filter incorrectly handled command-line options. An attacker could use this flaw to cause Foomatic to execute arbitrary code as the &quot lp&quot user.

In the default installation, attackers would be isolated by the CUPS AppArmor profile.

Vulnerability Detection Method

Details: Ubuntu Update for foomatic-filters USN-1194-1 (OID: 1.3.6.1.4.1.25623.1.0.840728)

Version used: $Revision: 7964 $

References

CVE: CVE-2011-2697, CVE-2011-2964
CERT: DFN-CERT-2012-1257, DFN-CERT-2012-0030, DFN-CERT-2011-1231, DFN-CERT-2011-1218, DFN-CERT-2011-1160, DFN-CERT-2011-1159
Other: http://www.ubuntu.com/usn/usn-1194-1/
USN:1194-1

general/tcp
Medium (CVSS: 6.8)
NVT: Ubuntu Update for poppler USN-1785-1 (OID: 1.3.6.1.4.1.25623.1.0.841382)
Vulnerability Detection Result
Package libpoppler-glib2 version 0.6.4-1ubuntu1 is installed which is known to be vulnerable.
Solution

Solution type: VendorFix

Please Install the Updated Packages.

Affected Software/OS

poppler on Ubuntu 12.10 , Ubuntu 12.04 LTS , Ubuntu 11.10 , Ubuntu 10.04 LTS , Ubuntu 8.04 LTS

Vulnerability Insight

It was discovered that poppler contained multiple security issues when parsing malformed PDF documents. If a user or automated system were tricked into opening a crafted PDF file, an attacker could cause a denial of service or possibly execute arbitrary code with privileges of the user invoking the program.

Vulnerability Detection Method

Details: Ubuntu Update for poppler USN-1785-1 (OID: 1.3.6.1.4.1.25623.1.0.841382)

Version used: $Revision: 7958 $

References

CVE: CVE-2013-1788, CVE-2013-1789, CVE-2013-1790
CERT: CB-K14/0204, DFN-CERT-2014-0210, DFN-CERT-2013-1279, DFN-CERT-2013-0547
Other: USN:1785-1
http://www.ubuntu.com/usn/usn-1785-1/

general/tcp
Medium (CVSS: 6.8)
NVT: Ubuntu Update for libpng USN-1417-1 (OID: 1.3.6.1.4.1.25623.1.0.840979)
Summary

Ubuntu Update for Linux kernel vulnerabilities USN-1417-1

Vulnerability Detection Result
Package libpng12-0 version 1.2.15~beta5-3 is installed which is known to be vulnerable.
Solution

Solution type: VendorFix

Please Install the Updated Packages.

Affected Software/OS

libpng on Ubuntu 11.10 , Ubuntu 11.04 , Ubuntu 10.10 , Ubuntu 10.04 LTS , Ubuntu 8.04 LTS

Vulnerability Insight

It was discovered that libpng incorrectly handled certain memory operations. If a user or automated system using libpng were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service or execute code with the privileges of the user invoking the program.

Vulnerability Detection Method

Details: Ubuntu Update for libpng USN-1417-1 (OID: 1.3.6.1.4.1.25623.1.0.840979)

Version used: $Revision: 7960 $

References

CVE: CVE-2011-3048
CERT: CB-K14/1476, DFN-CERT-2014-1559, DFN-CERT-2012-1531, DFN-CERT-2012-0800, DFN-CERT-2012-0787, DFN-CERT-2012-0702, DFN-CERT-2012-0668, DFN-CERT-2012-0634, DFN-CERT-2012-0629, DFN-CERT-2012-0610
Other: http://www.ubuntu.com/usn/usn-1417-1/
USN:1417-1

general/tcp
Medium (CVSS: 6.8)
NVT: Ubuntu Update for pidgin vulnerabilities USN-675-1 (OID: 1.3.6.1.4.1.25623.1.0.840284)
Summary

Ubuntu Update for Linux kernel vulnerabilities USN-675-1

Vulnerability Detection Result
Package libpurple0 version 2.4.1-1ubuntu2 is installed which is known to be vulnerable.
Solution

Solution type: VendorFix

Please Install the Updated Packages.

Affected Software/OS

pidgin vulnerabilities on Ubuntu 7.10 , Ubuntu 8.04 LTS

Vulnerability Insight

It was discovered that Pidgin did not properly handle certain malformed messages in the MSN protocol handler. A remote attacker could send a specially crafted message and possibly execute arbitrary code with user privileges. (CVE-2008-2927)

It was discovered that Pidgin did not properly handle file transfers containing a long filename and special characters in the MSN protocol handler. A remote attacker could send a specially crafted filename in a file transfer request and cause Pidgin to crash, leading to a denial of service. (CVE-2008-2955) It was discovered that Pidgin did not impose resource limitations in the UPnP service. A remote attacker could cause Pidgin to download arbitrary files and cause a denial of service from memory or disk space exhaustion. (CVE-2008-2957) It was discovered that Pidgin did not validate SSL certificates when using a secure connection. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to view sensitive information. This update alters Pidgin behaviour by asking users to confirm the validity of a certificate upon initial login. (CVE-2008-3532)

Vulnerability Detection Method

Details: Ubuntu Update for pidgin vulnerabilities USN-675-1 (OID: 1.3.6.1.4.1.25623.1.0.840284)

Version used: $Revision: 7969 $

References

CVE: CVE-2008-2927, CVE-2008-2955, CVE-2008-2957, CVE-2008-3532
CERT: DFN-CERT-2009-1707, DFN-CERT-2009-1154
Other: http://www.ubuntu.com/usn/usn-675-1/
USN:675-1

general/tcp
Medium (CVSS: 6.8)
NVT: Ubuntu Update for freetype vulnerabilities USN-963-1 (OID: 1.3.6.1.4.1.25623.1.0.840461)
Summary

Ubuntu Update for Linux kernel vulnerabilities USN-963-1

Vulnerability Detection Result
Package libfreetype6 version 2.3.5-1ubuntu4 is installed which is known to be vulnerable.
Solution

Solution type: VendorFix

Please Install the Updated Packages.

Affected Software/OS

freetype vulnerabilities on Ubuntu 6.06 LTS , Ubuntu 8.04 LTS , Ubuntu 9.04 , Ubuntu 9.10 , Ubuntu 10.04 LTS

Vulnerability Insight

Robert &#346 wi&#281 cki discovered that FreeType did not correctly handle certain malformed font files. If a user were tricked into using a specially crafted font file, a remote attacker could execute arbitrary code with user privileges.

Vulnerability Detection Method

Details: Ubuntu Update for freetype vulnerabilities USN-963-1 (OID: 1.3.6.1.4.1.25623.1.0.840461)

Version used: $Revision: 8495 $

References

CVE: CVE-2010-2498, CVE-2010-2499, CVE-2010-2500, CVE-2010-2519, CVE-2010-2520, CVE-2010-2527
CERT: DFN-CERT-2012-0777, DFN-CERT-2010-1647, DFN-CERT-2010-1474, DFN-CERT-2010-1390, DFN-CERT-2010-1162, DFN-CERT-2010-1117, DFN-CERT-2010-0968, DFN-CERT-2010-0912, DFN-CERT-2010-0905
Other: http://www.ubuntu.com/usn/usn-963-1/
USN:963-1

general/tcp
Medium (CVSS: 6.8)
NVT: Pidgin NSS plugin SSL Certificate Validation Security Bypass Vulnerability (Lin... (OID: 1.3.6.1.4.1.25623.1.0.900022)
Summary

The host is running Pidgin, which is prone to Security Bypass Vulnerability

Vulnerability Detection Result

Vulnerability was detected according to the Vulnerability Detection Method.

Impact

Man-in-the-middle attacks or identity impersonation attacks are possible. Impact Level : Network.

Solution

Apply the patch, http://developer.pidgin.im/attachment/ticket/6500/nss-cert-verify.patc h

Affected Software/OS

Pidgin Version 2.4.3 and prior on Linux.

Vulnerability Insight

The application fails to properly validate SSL (Secure Sockets Layer) certificate from a server.

Vulnerability Detection Method

Details: Pidgin NSS plugin SSL Certificate Validation Security Bypass Vulnerability (Lin... (OID: 1.3.6.1.4.1.25623.1.0.900022)

Version used: $Revision: 7823 $

References

CVE: CVE-2008-3532
BID: 30553
CERT: DFN-CERT-2009-1707
Other: http://developer.pidgin.im/ticket/6500

general/tcp
Medium (CVSS: 6.8)
NVT: Ubuntu Update for wget vulnerability USN-982-1 (OID: 1.3.6.1.4.1.25623.1.0.840489)
Summary

Ubuntu Update for Linux kernel vulnerabilities USN-982-1

Vulnerability Detection Result
Package wget version 1.10.2-3ubuntu1 is installed which is known to be vulnerable.
Solution

Solution type: VendorFix

Please Install the Updated Packages.

Affected Software/OS

wget vulnerability on Ubuntu 6.06 LTS , Ubuntu 8.04 LTS , Ubuntu 9.04 , Ubuntu 9.10 , Ubuntu 10.04 LTS

Vulnerability Insight

It was discovered that Wget would use filenames provided by the server when following 3xx redirects. If a user or automated system were tricked into downloading a file from a malicious site, a remote attacker could create the file with an arbitrary name (e.g. .wgetrc), and possibly run arbitrary code.

Vulnerability Detection Method

Details: Ubuntu Update for wget vulnerability USN-982-1 (OID: 1.3.6.1.4.1.25623.1.0.840489)

Version used: $Revision: 8457 $

References

CVE: CVE-2010-2252
CERT: CB-K14/0161, DFN-CERT-2014-0164, DFN-CERT-2010-1146, DFN-CERT-2010-0995
Other: http://www.ubuntu.com/usn/usn-982-1/
USN:982-1

general/tcp
Medium (CVSS: 6.8)
NVT: Ubuntu Update for tiff vulnerability USN-1102-1 (OID: 1.3.6.1.4.1.25623.1.0.840626)
Summary

Ubuntu Update for Linux kernel vulnerabilities USN-1102-1

Vulnerability Detection Result
Package libtiff4 version 3.8.2-7ubuntu3 is installed which is known to be vulnerable.
Solution

Solution type: VendorFix

Please Install the Updated Packages.

Affected Software/OS

tiff vulnerability on Ubuntu 6.06 LTS , Ubuntu 8.04 LTS , Ubuntu 9.10 , Ubuntu 10.04 LTS , Ubuntu 10.10

Vulnerability Insight

Martin Barbella discovered that the thunder (aka ThunderScan) decoder in the TIFF library incorrectly handled an unexpected BitsPerSample value. If a user or automated system were tricked into opening a specially crafted TIFF image, a remote attacker could execute arbitrary code with user privileges, or crash the application, leading to a denial of service.

Vulnerability Detection Method

Details: Ubuntu Update for tiff vulnerability USN-1102-1 (OID: 1.3.6.1.4.1.25623.1.0.840626)

Version used: $Revision: 7964 $

References

CVE: CVE-2011-1167
CERT: DFN-CERT-2012-0627, DFN-CERT-2011-0771, DFN-CERT-2011-0713, DFN-CERT-2011-0712, DFN-CERT-2011-0694, DFN-CERT-2011-0667, DFN-CERT-2011-0541, DFN-CERT-2011-0537, DFN-CERT-2011-0503, DFN-CERT-2011-0493, DFN-CERT-2011-0455
Other: http://www.ubuntu.com/usn/usn-1102-1/
USN:1102-1

general/tcp
Medium (CVSS: 6.8)
NVT: Ubuntu Update for tiff vulnerabilities USN-954-1 (OID: 1.3.6.1.4.1.25623.1.0.840446)
Summary

Ubuntu Update for Linux kernel vulnerabilities USN-954-1

Vulnerability Detection Result
Package libtiff4 version 3.8.2-7ubuntu3 is installed which is known to be vulnerable.
Solution

Solution type: VendorFix

Please Install the Updated Packages.

Affected Software/OS

tiff vulnerabilities on Ubuntu 6.06 LTS , Ubuntu 8.04 LTS , Ubuntu 9.04 , Ubuntu 9.10 , Ubuntu 10.04 LTS

Vulnerability Insight

Kevin Finisterre discovered that the TIFF library did not correctly handle certain image structures. If a user or automated system were tricked into opening a specially crafted TIFF image, a remote attacker could execute arbitrary code with user privileges, or crash the application, leading to a denial of service. (CVE-2010-1411)

Dan Rosenberg and Sauli Pahlman discovered multiple flaws in the TIFF library. If a user or automated system were into opening a specially crafted TIFF image, a remote attacker could execute arbitrary code with user privileges, or crash the application, leading to a denial of service. (Only Ubuntu 10.04 LTS was affected.) (CVE-2010-2065, CVE-2010-2067)

Vulnerability Detection Method

Details: Ubuntu Update for tiff vulnerabilities USN-954-1 (OID: 1.3.6.1.4.1.25623.1.0.840446)

Version used: $Revision: 8250 $

References

CVE: CVE-2010-1411, CVE-2010-2065, CVE-2010-2067
CERT: DFN-CERT-2011-0329, DFN-CERT-2011-0109, DFN-CERT-2010-1647, DFN-CERT-2010-1005, DFN-CERT-2010-1004, DFN-CERT-2010-0984, DFN-CERT-2010-0974, DFN-CERT-2010-0876, DFN-CERT-2010-0873, DFN-CERT-2010-0860, DFN-CERT-2010-0854, DFN-CERT-2010-0849, DFN-CERT-2010-0829
Other: http://www.ubuntu.com/usn/usn-954-1/
USN:954-1

general/tcp
Medium (CVSS: 6.8)
NVT: Ubuntu Update for ghostscript USN-1581-1 (OID: 1.3.6.1.4.1.25623.1.0.841160)
Summary

Ubuntu Update for Linux kernel vulnerabilities USN-1581-1

Vulnerability Detection Result
Package libgs8 version 8.61.dfsg.1-1ubuntu3 is installed which is known to be vulnerable.
Solution

Solution type: VendorFix

Please Install the Updated Packages.

Affected Software/OS

ghostscript on Ubuntu 10.04 LTS , Ubuntu 8.04 LTS

Vulnerability Insight

Marc Sch&#195 &#182 nefeld discovered that Ghostscript did not correctly handle certain image files. If a user or automated system were tricked into opening a specially crafted file, an attacker could cause a denial of service and possibly execute arbitrary code with user privileges.

Vulnerability Detection Method

Details: Ubuntu Update for ghostscript USN-1581-1 (OID: 1.3.6.1.4.1.25623.1.0.841160)

Version used: $Revision: 7960 $

References

CVE: CVE-2012-4405
CERT: DFN-CERT-2013-0005, DFN-CERT-2012-1918, DFN-CERT-2012-1915, DFN-CERT-2012-1901, DFN-CERT-2012-1847, DFN-CERT-2012-1758
Other: http://www.ubuntu.com/usn/usn-1581-1/
USN:1581-1

general/tcp
Medium (CVSS: 6.8)
NVT: Ubuntu Update for glibc USN-1589-2 (OID: 1.3.6.1.4.1.25623.1.0.841254)
Summary

Ubuntu Update for Linux kernel vulnerabilities USN-1589-2

Vulnerability Detection Result
Package libc6 version 2.7-10ubuntu3 is installed which is known to be vulnerable.
Solution

Solution type: VendorFix

Please Install the Updated Packages.

Affected Software/OS

glibc on Ubuntu 8.04 LTS

Vulnerability Insight

USN-1589-1 fixed vulnerabilities in the GNU C Library. One of the updates exposed a regression in the floating point parser. This update fixes the problem.

We apologize for the inconvenience. Original advisory details: It was discovered that positional arguments to the printf() family of functions were not handled properly in the GNU C Library. An attacker could possibly use this to cause a stack-based buffer overflow, creating a denial of service or possibly execute arbitrary code. (CVE-2012-3404, CVE-2012-3405, CVE-2012-3406) It was discovered that multiple integer overflows existed in the strtod(), strtof() and strtold() functions in the GNU C Library. An attacker could possibly use this to trigger a stack-based buffer overflow, creating a denial of service or possibly execute arbitrary code. (CVE-2012-3480)

Vulnerability Detection Method

Details: Ubuntu Update for glibc USN-1589-2 (OID: 1.3.6.1.4.1.25623.1.0.841254)

Version used: $Revision: 7960 $

References

CVE: CVE-2012-3404, CVE-2012-3405, CVE-2012-3406, CVE-2012-3480
CERT: CB-K15/0473, CB-K15/0235, DFN-CERT-2015-0484, DFN-CERT-2015-0243, DFN-CERT-2012-2288, DFN-CERT-2012-1801, DFN-CERT-2012-1669, DFN-CERT-2012-1668, DFN-CERT-2012-1614, DFN-CERT-2012-1590, DFN-CERT-2012-1403, DFN-CERT-2012-1402
Other: http://www.ubuntu.com/usn/usn-1589-2/
USN:1589-2

general/tcp
Medium (CVSS: 6.8)
NVT: Ubuntu Update for texlive-bin vulnerabilities USN-937-1 (OID: 1.3.6.1.4.1.25623.1.0.840430)
Summary

Ubuntu Update for Linux kernel vulnerabilities USN-937-1

Vulnerability Detection Result
Package libkpathsea4 version 2007.dfsg.1-2 is installed which is known to be vulnerable.
Solution

Solution type: VendorFix

Please Install the Updated Packages.

Affected Software/OS

texlive-bin vulnerabilities on Ubuntu 8.04 LTS , Ubuntu 9.04 , Ubuntu 9.10

Vulnerability Insight

It was discovered that TeX Live incorrectly handled certain long .bib bibliography files. If a user or automated system were tricked into processing a specially crafted bib file, an attacker could cause a denial of service via application crash. This issue only affected Ubuntu 8.04 LTS, 9.04 and 9.10. (CVE-2009-1284)

Marc Schoenefeld, Karel &#352 rot and Ludwig Nussel discovered that TeX Live incorrectly handled certain malformed dvi files. If a user or automated system were tricked into processing a specially crafted dvi file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2010-0739, CVE-2010-1440) Dan Rosenberg discovered that TeX Live incorrectly handled certain malformed dvi files. If a user or automated system were tricked into processing a specially crafted dvi file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2010-0827)

Vulnerability Detection Method

Details: Ubuntu Update for texlive-bin vulnerabilities USN-937-1 (OID: 1.3.6.1.4.1.25623.1.0.840430)

Version used: $Revision: 8187 $

References

CVE: CVE-2009-1284, CVE-2010-0739, CVE-2010-0827, CVE-2010-1440
CERT: DFN-CERT-2010-0775, DFN-CERT-2010-0705, DFN-CERT-2010-0677, DFN-CERT-2010-0665, DFN-CERT-2010-0659, DFN-CERT-2010-0636, DFN-CERT-2010-0635, DFN-CERT-2010-0634, DFN-CERT-2009-1608
Other: http://www.ubuntu.com/usn/usn-937-1/
USN:937-1

general/tcp
Medium (CVSS: 6.8)
NVT: Ubuntu Update for tiff USN-1416-1 (OID: 1.3.6.1.4.1.25623.1.0.840976)
Summary

Ubuntu Update for Linux kernel vulnerabilities USN-1416-1

Vulnerability Detection Result
Package libtiff4 version 3.8.2-7ubuntu3 is installed which is known to be vulnerable.
Solution

Solution type: VendorFix

Please Install the Updated Packages.

Affected Software/OS

tiff on Ubuntu 11.10 , Ubuntu 11.04 , Ubuntu 10.10 , Ubuntu 10.04 LTS , Ubuntu 8.04 LTS

Vulnerability Insight

Alexander Gavrun discovered that the TIFF library incorrectly allocated space for a tile. If a user or automated system were tricked into opening a specially crafted TIFF image, a remote attacker could execute arbitrary code with user privileges, or crash the application, leading to a denial of service. (CVE-2012-1173)

It was discovered that the tiffdump utility incorrectly handled directory data structures with many directory entries. If a user or automated system were tricked into opening a specially crafted TIFF image, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges. This issue only applied to Ubuntu 8.04 LTS, Ubuntu 10.04 LTS, Ubuntu 10.10 and Ubuntu 11.04. (CVE-2010-4665)

Vulnerability Detection Method

Details: Ubuntu Update for tiff USN-1416-1 (OID: 1.3.6.1.4.1.25623.1.0.840976)

Version used: $Revision: 7960 $

References

CVE: CVE-2012-1173, CVE-2010-4665
CERT: CB-K13/0930, DFN-CERT-2013-1950, DFN-CERT-2012-1879, DFN-CERT-2012-1255, DFN-CERT-2012-0763, DFN-CERT-2012-0760, DFN-CERT-2012-0755, DFN-CERT-2012-0674, DFN-CERT-2012-0663, DFN-CERT-2012-0631, DFN-CERT-2012-0627, DFN-CERT-2012-0624, DFN-CERT-2011-0771, DFN-CERT-2011-0712
Other: http://www.ubuntu.com/usn/usn-1416-1/
USN:1416-1

general/tcp
Medium (CVSS: 6.8)
NVT: Ubuntu USN-842-1 (wget) (OID: 1.3.6.1.4.1.25623.1.0.65749)
Summary

The remote host is missing an update to wget announced via advisory USN-842-1.

Vulnerability Detection Result
Package wget version 1.10.2-3ubuntu1 is installed which is known to be vulnerable.
Solution

Solution type: VendorFix

The problem can be corrected by upgrading your system to the following package versions:

Ubuntu 8.04 LTS: libglib2.0-0 2.16.6-0ubuntu1.2

Ubuntu 8.10: libglib2.0-0 2.18.2-0ubuntu2.2

Ubuntu 9.04: libglib2.0-0 2.20.1-0ubuntu2.1

After a standard system upgrade you need to restart your session to effect the necessary changes.

https://secure1.securityspace.com/smysecure/catid.html?in=USN-842-1

Vulnerability Insight

It was discovered that Wget did not correctly handle SSL certificates with zero bytes in the Common Name. A remote attacker could exploit this to perform a man in the middle attack to view sensitive information or alter encrypted communications.

Vulnerability Detection Method

Details: Ubuntu USN-842-1 (wget) (OID: 1.3.6.1.4.1.25623.1.0.65749)

Version used: $Revision: 7969 $

References

CVE: CVE-2009-3490
CERT: CB-K15/1514, DFN-CERT-2009-1702, DFN-CERT-2009-1685, DFN-CERT-2009-1549, DFN-CERT-2009-1422, DFN-CERT-2009-1153
Other: http://www.ubuntu.com/usn/usn-842-1/

general/tcp
Medium (CVSS: 6.8)
NVT: Ubuntu Update for audiofile vulnerability USN-912-1 (OID: 1.3.6.1.4.1.25623.1.0.840404)
Summary

Ubuntu Update for Linux kernel vulnerabilities USN-912-1

Vulnerability Detection Result
Package libaudiofile0 version 0.2.6-7ubuntu1 is installed which is known to be vulnerable.
Solution

Solution type: VendorFix

Please Install the Updated Packages.

Affected Software/OS

audiofile vulnerability on Ubuntu 6.06 LTS , Ubuntu 8.04 LTS , Ubuntu 8.10 , Ubuntu 9.04 , Ubuntu 9.10

Vulnerability Insight

It was discovered that Audio File Library contained a heap-based buffer overflow. If a user or automated system processed a crafted WAV file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program. The default compiler options for Ubuntu should reduce this vulnerability to a denial of service.

Vulnerability Detection Method

Details: Ubuntu Update for audiofile vulnerability USN-912-1 (OID: 1.3.6.1.4.1.25623.1.0.840404)

Version used: $Revision: 8244 $

References

CVE: CVE-2008-5824
CERT: DFN-CERT-2010-0106
Other: http://www.ubuntu.com/usn/usn-912-1/
USN:912-1

general/tcp
Medium (CVSS: 6.8)
NVT: Ubuntu Update for cups, cupsys vulnerabilities USN-952-1 (OID: 1.3.6.1.4.1.25623.1.0.840447)
Summary

Ubuntu Update for Linux kernel vulnerabilities USN-952-1

Vulnerability Detection Result
Package cupsys-bsd version 1.3.7-1ubuntu3 is installed which is known to be vulnerable.
Solution

Solution type: VendorFix

Please Install the Updated Packages.

Affected Software/OS

cups, cupsys vulnerabilities on Ubuntu 6.06 LTS , Ubuntu 8.04 LTS , Ubuntu 9.04 , Ubuntu 9.10 , Ubuntu 10.04 LTS

Vulnerability Insight

Adrian Pastor and Tim Starling discovered that the CUPS web interface incorrectly protected against cross-site request forgery (CSRF) attacks. If an authenticated user were tricked into visiting a malicious website while logged into CUPS, a remote attacker could modify the CUPS configuration and possibly steal confidential data. (CVE-2010-0540)

It was discovered that CUPS did not properly handle memory allocations in the texttops filter. If a user or automated system were tricked into printing a crafted text file, a remote attacker could cause a denial of service or possibly execute arbitrary code with privileges of the CUPS user (lp). (CVE-2010-0542) Luca Carettoni discovered that the CUPS web interface incorrectly handled form variables. A remote attacker who had access to the CUPS web interface could use this flaw to read a limited amount of memory from the cupsd process and possibly obtain confidential data. (CVE-2010-1748)

Vulnerability Detection Method

Details: Ubuntu Update for cups, cupsys vulnerabilities USN-952-1 (OID: 1.3.6.1.4.1.25623.1.0.840447)

Version used: $Revision: 8274 $

References

CVE: CVE-2010-0540, CVE-2010-0542, CVE-2010-1748
CERT: DFN-CERT-2011-0389, DFN-CERT-2011-0387, DFN-CERT-2011-0279, DFN-CERT-2010-1664, DFN-CERT-2010-1565, DFN-CERT-2010-1564, DFN-CERT-2010-0941, DFN-CERT-2010-0844, DFN-CERT-2010-0832, DFN-CERT-2010-0797
Other: http://www.ubuntu.com/usn/usn-952-1/
USN:952-1

general/tcp
Medium (CVSS: 6.8)
NVT: Ubuntu Update for transmission vulnerabilities USN-885-1 (OID: 1.3.6.1.4.1.25623.1.0.840369)
Summary

Ubuntu Update for Linux kernel vulnerabilities USN-885-1

Vulnerability Detection Result
Package transmission-gtk version 1.06-0ubuntu4 is installed which is known to be vulnerable.
Solution

Solution type: VendorFix

Please Install the Updated Packages.

Affected Software/OS

transmission vulnerabilities on Ubuntu 8.04 LTS , Ubuntu 8.10 , Ubuntu 9.04 , Ubuntu 9.10

Vulnerability Insight

It was discovered that the Transmission web interface was vulnerable to cross-site request forgery (CSRF) attacks. If a user were tricked into opening a specially crafted web page in a browser while Transmission was running, an attacker could trigger commands in Transmission. This issue affected Ubuntu 9.04. (CVE-2009-1757)

Dan Rosenberg discovered that Transmission did not properly perform input validation when processing torrent files. If a user were tricked into opening a crafted torrent file, an attacker could overwrite files via directory traversal. (CVE-2010-0012)

Vulnerability Detection Method

Details: Ubuntu Update for transmission vulnerabilities USN-885-1 (OID: 1.3.6.1.4.1.25623.1.0.840369)

Version used: $Revision: 8246 $

References

CVE: CVE-2009-1757, CVE-2010-0012
CERT: DFN-CERT-2010-0081, DFN-CERT-2010-0080, DFN-CERT-2010-0071, DFN-CERT-2010-0040, DFN-CERT-2010-0022
Other: http://www.ubuntu.com/usn/usn-885-1/
USN:885-1

general/tcp
Medium (CVSS: 6.8)
NVT: Ubuntu USN-777-1 (ntp) (OID: 1.3.6.1.4.1.25623.1.0.64146)
Summary

The remote host is missing an update to ntp announced via advisory USN-777-1.

Vulnerability Detection Result
Package ntp version 4.2.4p4+dfsg-3ubuntu2 is installed which is known to be vulnerable.
Package ntpdate version 4.2.4p4+dfsg-3ubuntu2 is installed which is known to be vulnerable.
Solution

Solution type: VendorFix

The problem can be corrected by upgrading your system to the following package versions:

Ubuntu 6.06 LTS: ntp 1:4.2.0a+stable-8.1ubuntu6.2 ntp-server 1:4.2.0a+stable-8.1ubuntu6.2

Ubuntu 8.04 LTS: ntp 1:4.2.4p4+dfsg-3ubuntu2.2

Ubuntu 8.10: ntp 1:4.2.4p4+dfsg-6ubuntu2.3

Ubuntu 9.04: ntp 1:4.2.4p4+dfsg-7ubuntu5.1

In general, a standard system upgrade is sufficient to effect the necessary changes.

https://secure1.securityspace.com/smysecure/catid.html?in=USN-777-1

Vulnerability Insight

A stack-based buffer overflow was discovered in ntpq. If a user were tricked into connecting to a malicious ntp server, a remote attacker could cause a denial of service in ntpq, or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2009-0159)

Chris Ries discovered a stack-based overflow in ntp. If ntp was configured to use autokey, a remote attacker could send a crafted packet to cause a denial of service, or possible execute arbitrary code. (CVE-2009-1252)

Vulnerability Detection Method

Details: Ubuntu USN-777-1 (ntp) (OID: 1.3.6.1.4.1.25623.1.0.64146)

Version used: $Revision: 7969 $

References

CVE: CVE-2009-0159, CVE-2009-1252
CERT: DFN-CERT-2012-0513, DFN-CERT-2010-0425, DFN-CERT-2009-1742, DFN-CERT-2009-1700
Other: http://www.ubuntu.com/usn/usn-777-1/

general/tcp
Medium (CVSS: 6.8)
NVT: Ubuntu Update for libxslt USN-1595-1 (OID: 1.3.6.1.4.1.25623.1.0.841174)
Summary

Ubuntu Update for Linux kernel vulnerabilities USN-1595-1

Vulnerability Detection Result
Package libxslt1.1 version 1.1.22-1ubuntu1 is installed which is known to be vulnerable.
Solution

Solution type: VendorFix

Please Install the Updated Packages.

Affected Software/OS

libxslt on Ubuntu 12.04 LTS , Ubuntu 11.10 , Ubuntu 11.04 , Ubuntu 10.04 LTS , Ubuntu 8.04 LTS

Vulnerability Insight

Chris Evans discovered that libxslt incorrectly handled generate-id XPath functions. If a user or automated system were tricked into processing a specially crafted XSLT document, a remote attacker could obtain potentially sensitive information. This issue only affected Ubuntu 8.04 LTS, Ubuntu 10.04 LTS and Ubuntu 11.04. (CVE-2011-1202)

It was discovered that libxslt incorrectly parsed certain patterns. If a user or automated system were tricked into processing a specially crafted XSLT document, a remote attacker could cause libxslt to crash, causing a denial of service. (CVE-2011-3970) Nicholas Gregoire discovered that libxslt incorrectly handled unexpected DTD nodes. If a user or automated system were tricked into processing a specially crafted XSLT document, a remote attacker could cause libxslt to crash, causing a denial of service. (CVE-2012-2825) Nicholas Gregoire discovered that libxslt incorrectly managed memory. If a user or automated system were tricked into processing a specially crafted XSLT document, a remote attacker could cause libxslt to crash, causing a denial of service. (CVE-2012-2870) Nicholas Gregoire discovered that libxslt incorrectly handled certain transforms. If a user or automated system were tricked into processing a specially crafted XSLT document, a remote attacker could cause libxslt to crash, causing a denial of service, or possibly execute arbitrary code. (CVE-2012-2871) Cris Neckar discovered that libxslt incorrectly managed memory. If a user or automated system were tricked into processing a specially crafted XSLT document, a remote attacker could cause libxslt to crash, causing a denial of service, or possibly execute arbitrary code. (CVE-2012-2893)

Vulnerability Detection Method

Details: Ubuntu Update for libxslt USN-1595-1 (OID: 1.3.6.1.4.1.25623.1.0.841174)

Version used: $Revision: 7960 $

References

CVE: CVE-2011-1202, CVE-2011-3970, CVE-2012-2825, CVE-2012-2870, CVE-2012-2871, CVE-2012-2893
CERT: CB-K14/0091, CB-K13/0931, CB-K13/0834, DFN-CERT-2014-0093, DFN-CERT-2013-1949, DFN-CERT-2013-0406, DFN-CERT-2013-0199, DFN-CERT-2012-2019, DFN-CERT-2012-1924, DFN-CERT-2012-1883, DFN-CERT-2012-1872, DFN-CERT-2012-1845, DFN-CERT-2012-1781, DFN-CERT-2012-1417, DFN-CERT-2012-1376, DFN-CERT-2012-1299, DFN-CERT-2012-0453, DFN-CERT-2012-0396, DFN-CERT-2011-0745, DFN-CERT-2011-0725, DFN-CERT-2011-0720, DFN-CERT-2011-0714, DFN-CERT-2011-0691, DFN-CERT-2011-0690, DFN-CERT-2011-0687, DFN-CERT-2011-0685
Other: http://www.ubuntu.com/usn/usn-1595-1/
USN:1595-1

general/tcp
Medium (CVSS: 6.8)
NVT: Ubuntu Update for libxml2 USN-1656-1 (OID: 1.3.6.1.4.1.25623.1.0.841242)
Summary

Ubuntu Update for Linux kernel vulnerabilities USN-1656-1

Vulnerability Detection Result
Package libxml2 version 2.6.31.dfsg-2ubuntu1 is installed which is known to be vulnerable.
Solution

Solution type: VendorFix

Please Install the Updated Packages.

Affected Software/OS

libxml2 on Ubuntu 12.10 , Ubuntu 12.04 LTS , Ubuntu 11.10 , Ubuntu 10.04 LTS , Ubuntu 8.04 LTS

Vulnerability Insight

It was discovered that libxml2 had a heap-based buffer underflow when parsing entities. If a user or automated system were tricked into processing a specially crafted XML document, applications linked against libxml2 could be made to crash or possibly execute arbitrary code.

Vulnerability Detection Method

Details: Ubuntu Update for libxml2 USN-1656-1 (OID: 1.3.6.1.4.1.25623.1.0.841242)

Version used: $Revision: 7960 $

References

CVE: CVE-2012-5134
CERT: CB-K15/0050, CB-K14/0091, CB-K13/0874, CB-K13/0834, DFN-CERT-2015-0049, DFN-CERT-2014-0093, DFN-CERT-2013-1230, DFN-CERT-2013-1046, DFN-CERT-2013-0944, DFN-CERT-2013-0688, DFN-CERT-2013-0196, DFN-CERT-2013-0138, DFN-CERT-2012-2265, DFN-CERT-2012-2251, DFN-CERT-2012-2246, DFN-CERT-2012-2195, DFN-CERT-2012-2190
Other: http://www.ubuntu.com/usn/usn-1656-1/
USN:1656-1

general/tcp
Medium (CVSS: 6.8)
NVT: Ubuntu Update for tiff vulnerability USN-639-1 (OID: 1.3.6.1.4.1.25623.1.0.840355)
Summary

Ubuntu Update for Linux kernel vulnerabilities USN-639-1

Vulnerability Detection Result
Package libtiff4 version 3.8.2-7ubuntu3 is installed which is known to be vulnerable.
Solution

Solution type: VendorFix

Please Install the Updated Packages.

Affected Software/OS

tiff vulnerability on Ubuntu 6.06 LTS , Ubuntu 7.04 , Ubuntu 7.10 , Ubuntu 8.04 LTS

Vulnerability Insight

Drew Yao discovered that the TIFF library did not correctly validate LZW compressed TIFF images. If a user or automated system were tricked into processing a malicious image, a remote attacker could execute arbitrary code or cause an application linked against libtiff to crash, leading to a denial of service.

Vulnerability Detection Method

Details: Ubuntu Update for tiff vulnerability USN-639-1 (OID: 1.3.6.1.4.1.25623.1.0.840355)

Version used: $Revision: 7969 $

References

CVE: CVE-2008-2327
CERT: DFN-CERT-2009-1050, DFN-CERT-2009-0986
Other: http://www.ubuntu.com/usn/usn-639-1/
USN:639-1

general/tcp
Medium (CVSS: 6.8)
NVT: Ubuntu Update for postfix USN-1131-1 (OID: 1.3.6.1.4.1.25623.1.0.840658)
Summary

Ubuntu Update for Linux kernel vulnerabilities USN-1131-1

Vulnerability Detection Result
Package postfix version 2.5.1-2ubuntu1 is installed which is known to be vulnerable.
Solution

Solution type: VendorFix

Please Install the Updated Packages.

Affected Software/OS

postfix on Ubuntu 11.04 , Ubuntu 10.10 , Ubuntu 10.04 LTS , Ubuntu 8.04 LTS , Ubuntu 6.06 LTS

Vulnerability Insight

Thomas Jarosch discovered that Postfix incorrectly handled authentication mechanisms other than PLAIN and LOGIN when the Cyrus SASL library is used. A remote attacker could use this to cause Postfix to crash, leading to a denial of service, or possibly execute arbitrary code as the postfix user.

Vulnerability Detection Method

Details: Ubuntu Update for postfix USN-1131-1 (OID: 1.3.6.1.4.1.25623.1.0.840658)

Version used: $Revision: 7964 $

References

CVE: CVE-2011-1720
CERT: CB-K15/1514, DFN-CERT-2011-0849, DFN-CERT-2011-0844, DFN-CERT-2011-0780, DFN-CERT-2011-0772, DFN-CERT-2011-0770, DFN-CERT-2011-0744, DFN-CERT-2011-0741
Other: http://www.ubuntu.com/usn/usn-1131-1/
USN:1131-1

general/tcp
Medium (CVSS: 6.8)
NVT: Wireshark Denial of Service Vulnerability (Linux) (OID: 1.3.6.1.4.1.25623.1.0.801743)
Summary

The host is installed Wireshark and is prone to Denial of Service Vulnerability.

Vulnerability Detection Result
Installed version: 1.0.0
Fixed version:     1.2.15/1.4.4/1.5.1
Impact

Successful exploitation could allow attackers to cause a denial of service, execution of arbitrary code.

Impact Level: Application

Solution

Solution type: VendorFix

Upgrade to Wireshark version 1.2.15, 1.4.4 or later. For updates refer to http://www.wireshark.org/download.html

Affected Software/OS

Wireshark version 1.4.3 and prior Wireshark version 1.5.0

Vulnerability Insight

The flaw is due to uninitialized pointer during processing of a '.pcap' file in the pcap-ng format.

Vulnerability Detection Method

Details: Wireshark Denial of Service Vulnerability (Linux) (OID: 1.3.6.1.4.1.25623.1.0.801743)

Version used: $Revision: 7019 $

References

CVE: CVE-2011-0538
BID: 46167
CERT: DFN-CERT-2011-0608, DFN-CERT-2011-0437, DFN-CERT-2011-0420, DFN-CERT-2011-0419, DFN-CERT-2011-0357, DFN-CERT-2011-0334, DFN-CERT-2011-0333
Other: http://openwall.com/lists/oss-security/2011/02/04/1
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5652

general/tcp
Medium (CVSS: 6.8)
NVT: Ubuntu Update for poppler vulnerabilities USN-1005-1 (OID: 1.3.6.1.4.1.25623.1.0.840521)
Summary

Ubuntu Update for Linux kernel vulnerabilities USN-1005-1

Vulnerability Detection Result
Package libpoppler-glib2 version 0.6.4-1ubuntu1 is installed which is known to be vulnerable.
Solution

Solution type: VendorFix

Please Install the Updated Packages.

Affected Software/OS

poppler vulnerabilities on Ubuntu 6.06 LTS , Ubuntu 8.04 LTS , Ubuntu 9.04 , Ubuntu 9.10 , Ubuntu 10.04 LTS

Vulnerability Insight

It was discovered that poppler contained multiple security issues when parsing malformed PDF documents. If a user or automated system were tricked into opening a crafted PDF file, an attacker could cause a denial of service or execute arbitrary code with privileges of the user invoking the program.

Vulnerability Detection Method

Details: Ubuntu Update for poppler vulnerabilities USN-1005-1 (OID: 1.3.6.1.4.1.25623.1.0.840521)

Version used: $Revision: 8528 $

References

CVE: CVE-2010-3702, CVE-2010-3703, CVE-2010-3704
CERT: DFN-CERT-2012-1653, DFN-CERT-2011-0622, DFN-CERT-2011-0608, DFN-CERT-2010-1762, DFN-CERT-2010-1750, DFN-CERT-2010-1664, DFN-CERT-2010-1624, DFN-CERT-2010-1559, DFN-CERT-2010-1558, DFN-CERT-2010-1554, DFN-CERT-2010-1553, DFN-CERT-2010-1542, DFN-CERT-2010-1497, DFN-CERT-2010-1386, DFN-CERT-2010-1382, DFN-CERT-2010-1348, DFN-CERT-2010-1329, DFN-CERT-2010-1328, DFN-CERT-2010-1327, DFN-CERT-2010-1326, DFN-CERT-2010-1325, DFN-CERT-2010-1324, DFN-CERT-2010-1323
Other: http://www.ubuntu.com/usn/usn-1005-1/
USN:1005-1

general/tcp
Medium (CVSS: 6.8)
NVT: Ubuntu Update for gzip vulnerabilities USN-889-1 (OID: 1.3.6.1.4.1.25623.1.0.840374)
Summary

Ubuntu Update for Linux kernel vulnerabilities USN-889-1

Vulnerability Detection Result
Package gzip version 1.3.12-3.2 is installed which is known to be vulnerable.
Solution

Solution type: VendorFix

Please Install the Updated Packages.

Affected Software/OS

gzip vulnerabilities on Ubuntu 6.06 LTS , Ubuntu 8.04 LTS , Ubuntu 8.10 , Ubuntu 9.04 , Ubuntu 9.10

Vulnerability Insight

It was discovered that gzip incorrectly handled certain malformed compressed files. If a user or automated system were tricked into opening a specially crafted gzip file, an attacker could cause gzip to crash or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2009-2624)

Aki Helin discovered that gzip incorrectly handled certain malformed files compressed with the Lempel&#8211 Ziv&#8211 Welch (LZW) algorithm. If a user or automated system were tricked into opening a specially crafted gzip file, an attacker could cause gzip to crash or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2010-0001)

Vulnerability Detection Method

Details: Ubuntu Update for gzip vulnerabilities USN-889-1 (OID: 1.3.6.1.4.1.25623.1.0.840374)

Version used: $Revision: 8528 $

References

CVE: CVE-2009-2624, CVE-2010-0001
CERT: CB-K15/1514, DFN-CERT-2012-0855, DFN-CERT-2011-1601, DFN-CERT-2010-0930, DFN-CERT-2010-0906, DFN-CERT-2010-0720, DFN-CERT-2010-0135, DFN-CERT-2010-0094, DFN-CERT-2010-0093, DFN-CERT-2010-0092, DFN-CERT-2010-0091
Other: http://www.ubuntu.com/usn/usn-889-1/
USN:889-1

general/tcp
Medium (CVSS: 6.8)
NVT: Ubuntu Update for libpng USN-1402-1 (OID: 1.3.6.1.4.1.25623.1.0.840960)
Summary

Ubuntu Update for Linux kernel vulnerabilities USN-1402-1

Vulnerability Detection Result
Package libpng12-0 version 1.2.15~beta5-3 is installed which is known to be vulnerable.
Solution

Solution type: VendorFix

Please Install the Updated Packages.

Affected Software/OS

libpng on Ubuntu 11.10 , Ubuntu 11.04 , Ubuntu 10.10 , Ubuntu 10.04 LTS , Ubuntu 8.04 LTS

Vulnerability Insight

It was discovered that libpng did not properly process compressed chunks. If a user or automated system using libpng were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service or execute code with the privileges of the user invoking the program.

Vulnerability Detection Method

Details: Ubuntu Update for libpng USN-1402-1 (OID: 1.3.6.1.4.1.25623.1.0.840960)

Version used: $Revision: 7960 $

References

CVE: CVE-2011-3045
CERT: DFN-CERT-2012-0625, DFN-CERT-2012-0598, DFN-CERT-2012-0597, DFN-CERT-2012-0539, DFN-CERT-2012-0526, DFN-CERT-2012-0518, DFN-CERT-2012-0515, DFN-CERT-2012-0499, DFN-CERT-2012-0479
Other: http://www.ubuntu.com/usn/usn-1402-1/
USN:1402-1

general/tcp
Medium (CVSS: 6.8)
NVT: Ubuntu Update for libwww-perl vulnerability USN-981-1 (OID: 1.3.6.1.4.1.25623.1.0.840488)
Summary

Ubuntu Update for Linux kernel vulnerabilities USN-981-1

Vulnerability Detection Result
Package libwww-perl version 5.808-1 is installed which is known to be vulnerable.
Solution

Solution type: VendorFix

Please Install the Updated Packages.

Affected Software/OS

libwww-perl vulnerability on Ubuntu 6.06 LTS , Ubuntu 8.04 LTS , Ubuntu 9.04 , Ubuntu 9.10 , Ubuntu 10.04 LTS

Vulnerability Insight

It was discovered that libwww-perl incorrectly filtered filenames suggested by Content-Disposition headers. If a user were tricked into downloading a file from a malicious site, a remote attacker could overwrite hidden files in the user's directory.

Vulnerability Detection Method

Details: Ubuntu Update for libwww-perl vulnerability USN-981-1 (OID: 1.3.6.1.4.1.25623.1.0.840488)

Version used: $Revision: 8485 $

References

CVE: CVE-2010-2253
CERT: DFN-CERT-2010-1484, DFN-CERT-2010-1132
Other: http://www.ubuntu.com/usn/usn-981-1/
USN:981-1

general/tcp
Medium (CVSS: 6.8)
NVT: Ubuntu USN-850-2 (poppler) (OID: 1.3.6.1.4.1.25623.1.0.66113)
Summary

The remote host is missing an update to poppler announced via advisory USN-850-2.

Vulnerability Detection Result
Package libpoppler-glib2 version 0.6.4-1ubuntu1 is installed which is known to be vulnerable.
Package libpoppler2 version 0.6.4-1ubuntu1 is installed which is known to be vulnerable.
Package poppler-utils version 0.6.4-1ubuntu1 is installed which is known to be vulnerable.
Solution

Solution type: VendorFix

The problem can be corrected by upgrading your system to the following package versions:

Ubuntu 6.06 LTS: libpoppler1 0.5.1-0ubuntu7.7 libpoppler1-glib 0.5.1-0ubuntu7.7

Ubuntu 8.04 LTS: libpoppler-glib2 0.6.4-1ubuntu3.4 libpoppler2 0.6.4-1ubuntu3.4

Ubuntu 8.10: libpoppler-glib3 0.8.7-1ubuntu0.5 libpoppler3 0.8.7-1ubuntu0.5

Ubuntu 9.04: libpoppler-glib4 0.10.5-1ubuntu2.5 libpoppler4 0.10.5-1ubuntu2.5

In general, a standard system upgrade is sufficient to effect the necessary changes.

https://secure1.securityspace.com/smysecure/catid.html?in=USN-850-2

Vulnerability Insight

USN-850-1 fixed vulnerabilities in poppler. The security fix for CVE-2009-3605 introduced a regression that would cause certain applications, such as Okular, to segfault when opening certain PDF files.

This update fixes the problem. We apologize for the inconvenience.

Original advisory details:

It was discovered that poppler contained multiple security issues when parsing malformed PDF documents. If a user or automated system were tricked into opening a crafted PDF file, an attacker could cause a denial of service or execute arbitrary code with privileges of the user invoking the program.

Vulnerability Detection Method

Details: Ubuntu USN-850-2 (poppler) (OID: 1.3.6.1.4.1.25623.1.0.66113)

Version used: $Revision: 7969 $

References

CVE: CVE-2009-3605
CERT: DFN-CERT-2011-1762, DFN-CERT-2010-0313, DFN-CERT-2010-0288, DFN-CERT-2009-1841, DFN-CERT-2009-1785, DFN-CERT-2009-1658, DFN-CERT-2009-1583
Other: http://www.ubuntu.com/usn/usn-850-2/

general/tcp
Medium (CVSS: 6.8)
NVT: Ubuntu Update for w3m vulnerability USN-967-1 (OID: 1.3.6.1.4.1.25623.1.0.840477)
Summary

Ubuntu Update for Linux kernel vulnerabilities USN-967-1

Vulnerability Detection Result
Package w3m version 0.5.1-5.1ubuntu1 is installed which is known to be vulnerable.
Solution

Solution type: VendorFix

Please Install the Updated Packages.

Affected Software/OS

w3m vulnerability on Ubuntu 6.06 LTS , Ubuntu 8.04 LTS , Ubuntu 9.04 , Ubuntu 9.10 , Ubuntu 10.04 LTS

Vulnerability Insight

Ludwig Nussel discovered w3m does not properly handle SSL/TLS certificates with NULL characters in the certificate name. An attacker could exploit this to perform a man in the middle attack to view sensitive information or alter encrypted communications. (CVE-2010-2074)

Vulnerability Detection Method

Details: Ubuntu Update for w3m vulnerability USN-967-1 (OID: 1.3.6.1.4.1.25623.1.0.840477)

Version used: $Revision: 8187 $

References

CVE: CVE-2010-2074
CERT: CB-K16/1908, DFN-CERT-2016-2009, DFN-CERT-2010-0984, DFN-CERT-2010-0950, DFN-CERT-2010-0919, DFN-CERT-2010-0875
Other: http://www.ubuntu.com/usn/usn-967-1/
USN:967-1

general/tcp
Medium (CVSS: 6.8)
NVT: Ubuntu USN-764-1 (xulrunner-1.9) (OID: 1.3.6.1.4.1.25623.1.0.64144)
Summary

The remote host is missing an update to xulrunner-1.9 announced via advisory USN-764-1.

Vulnerability Detection Result
Package firefox-gnome-support version 3.0~b5+nobinonly-0ubuntu3 is installed which is known to be vulnerable.
Package xulrunner-1.9-gnome-support version 1.9~b5+nobinonly-0ubuntu3 is installed which is known to be vulnerable.
Package xulrunner-1.9 version 1.9~b5+nobinonly-0ubuntu3 is installed which is known to be vulnerable.
Solution

Solution type: VendorFix

The problem can be corrected by upgrading your system to the following package versions:

Ubuntu 8.04 LTS: firefox-3.0 3.0.9+nobinonly-0ubuntu0.8.04.1 xulrunner-1.9 1.9.0.9+nobinonly-0ubuntu0.8.04.1

Ubuntu 8.10: abrowser 3.0.9+nobinonly-0ubuntu0.8.10.1 firefox-3.0 3.0.9+nobinonly-0ubuntu0.8.10.1 xulrunner-1.9 1.9.0.9+nobinonly-0ubuntu0.8.10.1

Ubuntu 9.04: abrowser 3.0.9+nobinonly-0ubuntu0.9.04.1 firefox-3.0 3.0.9+nobinonly-0ubuntu0.9.04.1 xulrunner-1.9 1.9.0.9+nobinonly-0ubuntu0.9.04.1

After a standard system upgrade you need to restart Firefox and any applications that use xulrunner, such as Epiphany, to effect the necessary changes.

https://secure1.securityspace.com/smysecure/catid.html?in=USN-764-1

Vulnerability Insight

Several flaws were discovered in the browser engine. If a user were tricked into viewing a malicious website, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2009-1302, CVE-2009-1303, CVE-2009-1304, CVE-2009-1305)

It was discovered that Firefox displayed certain Unicode characters which could be visually confused with punctuation in valid web addresses in the location bar. An attacker could exploit this to spoof the location bar, such as in a phishing attack. (CVE-2009-0652)

Several flaws were discovered in the way Firefox processed malformed URI schemes. If a user were tricked into viewing a malicious website, a remote attacker could execute arbitrary JavaScript or steal private data. (CVE-2009-1306, CVE-2009-1307, CVE-2009-1309, CVE-2009-1310, CVE-2009-1312)

Cefn Hoile discovered Firefox did not adequately protect against embedded third-party stylesheets. An attacker could exploit this to perform script injection attacks using XBL bindings. (CVE-2009-1308)

Paolo Amadini discovered that Firefox would submit POST data when reloading an inner frame of a web page. If a user were tricked into viewing a malicious website, a remote attacker could steal private data. (CVE-2009-1311)

Vulnerability Detection Method

Details: Ubuntu USN-764-1 (xulrunner-1.9) (OID: 1.3.6.1.4.1.25623.1.0.64144)

Version used: $Revision: 7969 $

References

CVE: CVE-2009-0652, CVE-2009-1302, CVE-2009-1303, CVE-2009-1304, CVE-2009-1305, CVE-2009-1306, CVE-2009-1307, CVE-2009-1308, CVE-2009-1309, CVE-2009-1310, CVE-2009-1311, CVE-2009-1312
CERT: DFN-CERT-2009-1300, DFN-CERT-2009-1148
Other: http://www.ubuntu.com/usn/usn-764-1/

9443/tcp
Medium (CVSS: 6.8)
NVT: Drupal Session Hijacking Vulnerability (OID: 1.3.6.1.4.1.25623.1.0.105935)
Summary

Drupal is vulnerable to session hijacking.

Vulnerability Detection Result

Vulnerability was detected according to the Vulnerability Detection Method.

Impact

An attacker may gain unauthorized access to the application.

Impact Level: Application

Solution

Upgrade to Drupal 6.34, 7.34 or later

Affected Software/OS

Drupal 6.x versions prior to 6.34. Drupal 7.x versions prior to 7.34.

Vulnerability Insight

A special crafted request can give a user access to another user's session, allowing an attacker to hijack a random session.

Vulnerability Detection Method

Check the version of Drupal.

Details: Drupal Session Hijacking Vulnerability (OID: 1.3.6.1.4.1.25623.1.0.105935)

Version used: $Revision: 6692 $

References

CVE: CVE-2014-9015
BID: 71195
CERT: CB-K14/1450, CB-K14/1449, CB-K14/1445, DFN-CERT-2014-1535, DFN-CERT-2014-1534, DFN-CERT-2014-1526
Other: https://www.drupal.org/SA-CORE-2014-006

9080/tcp
Medium (CVSS: 6.8)
NVT: Drupal Session Hijacking Vulnerability (OID: 1.3.6.1.4.1.25623.1.0.105935)
Summary

Drupal is vulnerable to session hijacking.

Vulnerability Detection Result

Vulnerability was detected according to the Vulnerability Detection Method.

Impact

An attacker may gain unauthorized access to the application.

Impact Level: Application

Solution

Upgrade to Drupal 6.34, 7.34 or later

Affected Software/OS

Drupal 6.x versions prior to 6.34. Drupal 7.x versions prior to 7.34.

Vulnerability Insight

A special crafted request can give a user access to another user's session, allowing an attacker to hijack a random session.

Vulnerability Detection Method

Check the version of Drupal.

Details: Drupal Session Hijacking Vulnerability (OID: 1.3.6.1.4.1.25623.1.0.105935)

Version used: $Revision: 6692 $

References

CVE: CVE-2014-9015
BID: 71195
CERT: CB-K14/1450, CB-K14/1449, CB-K14/1445, DFN-CERT-2014-1535, DFN-CERT-2014-1534, DFN-CERT-2014-1526
Other: https://www.drupal.org/SA-CORE-2014-006

8443/tcp
Medium (CVSS: 6.8)
NVT: Drupal Session Hijacking Vulnerability (OID: 1.3.6.1.4.1.25623.1.0.105935)
Summary

Drupal is vulnerable to session hijacking.

Vulnerability Detection Result

Vulnerability was detected according to the Vulnerability Detection Method.

Impact

An attacker may gain unauthorized access to the application.

Impact Level: Application

Solution

Upgrade to Drupal 6.34, 7.34 or later

Affected Software/OS

Drupal 6.x versions prior to 6.34. Drupal 7.x versions prior to 7.34.

Vulnerability Insight

A special crafted request can give a user access to another user's session, allowing an attacker to hijack a random session.

Vulnerability Detection Method

Check the version of Drupal.

Details: Drupal Session Hijacking Vulnerability (OID: 1.3.6.1.4.1.25623.1.0.105935)

Version used: $Revision: 6692 $

References

CVE: CVE-2014-9015
BID: 71195
CERT: CB-K14/1450, CB-K14/1449, CB-K14/1445, DFN-CERT-2014-1535, DFN-CERT-2014-1534, DFN-CERT-2014-1526
Other: https://www.drupal.org/SA-CORE-2014-006

8080/tcp
Medium (CVSS: 6.8)
NVT: Drupal Session Hijacking Vulnerability (OID: 1.3.6.1.4.1.25623.1.0.105935)
Summary

Drupal is vulnerable to session hijacking.

Vulnerability Detection Result

Vulnerability was detected according to the Vulnerability Detection Method.

Impact

An attacker may gain unauthorized access to the application.

Impact Level: Application

Solution

Upgrade to Drupal 6.34, 7.34 or later

Affected Software/OS

Drupal 6.x versions prior to 6.34. Drupal 7.x versions prior to 7.34.

Vulnerability Insight

A special crafted request can give a user access to another user's session, allowing an attacker to hijack a random session.

Vulnerability Detection Method

Check the version of Drupal.

Details: Drupal Session Hijacking Vulnerability (OID: 1.3.6.1.4.1.25623.1.0.105935)

Version used: $Revision: 6692 $

References

CVE: CVE-2014-9015
BID: 71195
CERT: CB-K14/1450, CB-K14/1449, CB-K14/1445, DFN-CERT-2014-1535, DFN-CERT-2014-1534, DFN-CERT-2014-1526
Other: https://www.drupal.org/SA-CORE-2014-006

443/tcp
Medium (CVSS: 6.8)
NVT: Drupal Session Hijacking Vulnerability (OID: 1.3.6.1.4.1.25623.1.0.105935)
Summary

Drupal is vulnerable to session hijacking.

Vulnerability Detection Result

Vulnerability was detected according to the Vulnerability Detection Method.

Impact

An attacker may gain unauthorized access to the application.

Impact Level: Application

Solution

Upgrade to Drupal 6.34, 7.34 or later

Affected Software/OS

Drupal 6.x versions prior to 6.34. Drupal 7.x versions prior to 7.34.

Vulnerability Insight

A special crafted request can give a user access to another user's session, allowing an attacker to hijack a random session.

Vulnerability Detection Method

Check the version of Drupal.

Details: Drupal Session Hijacking Vulnerability (OID: 1.3.6.1.4.1.25623.1.0.105935)

Version used: $Revision: 6692 $

References

CVE: CVE-2014-9015
BID: 71195
CERT: CB-K14/1450, CB-K14/1449, CB-K14/1445, DFN-CERT-2014-1535, DFN-CERT-2014-1534, DFN-CERT-2014-1526
Other: https://www.drupal.org/SA-CORE-2014-006

80/tcp
Medium (CVSS: 6.8)
NVT: Drupal Session Hijacking Vulnerability (OID: 1.3.6.1.4.1.25623.1.0.105935)
Summary

Drupal is vulnerable to session hijacking.

Vulnerability Detection Result

Vulnerability was detected according to the Vulnerability Detection Method.

Impact

An attacker may gain unauthorized access to the application.

Impact Level: Application

Solution

Upgrade to Drupal 6.34, 7.34 or later

Affected Software/OS

Drupal 6.x versions prior to 6.34. Drupal 7.x versions prior to 7.34.

Vulnerability Insight

A special crafted request can give a user access to another user's session, allowing an attacker to hijack a random session.

Vulnerability Detection Method

Check the version of Drupal.

Details: Drupal Session Hijacking Vulnerability (OID: 1.3.6.1.4.1.25623.1.0.105935)

Version used: $Revision: 6692 $

References

CVE: CVE-2014-9015
BID: 71195
CERT: CB-K14/1450, CB-K14/1449, CB-K14/1445, DFN-CERT-2014-1535, DFN-CERT-2014-1534, DFN-CERT-2014-1526
Other: https://www.drupal.org/SA-CORE-2014-006

general/tcp
Medium (CVSS: 6.8)
NVT: Ubuntu Update for libxml2 USN-1587-1 (OID: 1.3.6.1.4.1.25623.1.0.841166)
Summary

Ubuntu Update for Linux kernel vulnerabilities USN-1587-1

Vulnerability Detection Result
Package libxml2 version 2.6.31.dfsg-2ubuntu1 is installed which is known to be vulnerable.
Solution

Solution type: VendorFix

Please Install the Updated Packages.

Affected Software/OS

libxml2 on Ubuntu 12.04 LTS , Ubuntu 11.10 , Ubuntu 11.04 , Ubuntu 10.04 LTS , Ubuntu 8.04 LTS

Vulnerability Insight

Juri Aedla discovered that libxml2 incorrectly handled certain memory operations. If a user or application linked against libxml2 were tricked into opening a specially crafted XML file, an attacker could cause the application to crash or possibly execute arbitrary code with the privileges of the user invoking the program.

Vulnerability Detection Method

Details: Ubuntu Update for libxml2 USN-1587-1 (OID: 1.3.6.1.4.1.25623.1.0.841166)

Version used: $Revision: 7960 $

References

CVE: CVE-2012-2807
CERT: CB-K14/0091, CB-K13/0874, CB-K13/0834, DFN-CERT-2014-0093, DFN-CERT-2013-1307, DFN-CERT-2013-0199, DFN-CERT-2012-1873, DFN-CERT-2012-1841, DFN-CERT-2012-1539, DFN-CERT-2012-1524, DFN-CERT-2012-1498, DFN-CERT-2012-1299
Other: http://www.ubuntu.com/usn/usn-1587-1/
USN:1587-1

general/tcp
Medium (CVSS: 6.8)
NVT: Ubuntu USN-706-1 (bind9) (OID: 1.3.6.1.4.1.25623.1.0.63164)
Summary

The remote host is missing an update to bind9 announced via advisory USN-706-1.

It was discovered that Bind did not properly perform certificate verification. When DNSSEC with DSA certificates are in use, a remote attacker could exploit this to bypass certificate validation to spoof DNS entries and poison DNS caches. Among other things, this could lead to misdirected email and web traffic.

Vulnerability Detection Result
Package bind9-host version 9.4.2-10 is installed which is known to be vulnerable.
Package dnsutils version 9.4.2-10 is installed which is known to be vulnerable.
Package libbind9-30 version 9.4.2-10 is installed which is known to be vulnerable.
Package libisccc30 version 9.4.2-10 is installed which is known to be vulnerable.
Package libisccfg30 version 9.4.2-10 is installed which is known to be vulnerable.
Package liblwres30 version 9.4.2-10 is installed which is known to be vulnerable.
Solution

Solution type: VendorFix

The problem can be corrected by upgrading your system to the following package versions:

Ubuntu 6.06 LTS: libdns21 1:9.3.2-2ubuntu1.6

Ubuntu 7.10: libdns32 1:9.4.1-P1-3ubuntu2.1

Ubuntu 8.04 LTS: libdns35 1:9.4.2.dfsg.P2-2ubuntu0.1

Ubuntu 8.10: libdns43 1:9.5.0.dfsg.P2-1ubuntu3.1

In general, a standard system upgrade is sufficient to effect the necessary changes.

https://secure1.securityspace.com/smysecure/catid.html?in=USN-706-1

Vulnerability Detection Method

Details: Ubuntu USN-706-1 (bind9) (OID: 1.3.6.1.4.1.25623.1.0.63164)

Version used: $Revision: 8616 $

References

CVE: CVE-2009-0025
CERT: DFN-CERT-2012-0015, DFN-CERT-2009-0446
Other: http://www.ubuntu.com/usn/usn-706-1/

general/tcp
Medium (CVSS: 6.8)
NVT: Terminal Server Client RDP File Processing BOF Vulnerabilities (OID: 1.3.6.1.4.1.25623.1.0.902297)
Summary

This host is installed with Terminal Server Client and is prone to multiple buffer overflow vulnerabilities.

Vulnerability Detection Result

Vulnerability was detected according to the Vulnerability Detection Method.

Impact

Successful exploitation allows attackers to execute arbitrary code, crash the application or deny service to legitimate users.

Impact Level: Application.

Solution

Solution type: WillNotFix

No solution or patch was made available for at least one year since disclosure of this vulnerability. Likely none will be provided anymore. General solution options are to upgrade to a newer release, disable respective features, remove the product or replace the product by another one.

Affected Software/OS

Terminal Server Client version 0.150

Vulnerability Insight

Multiple flaws are due to a boundary error in the 'tsc_launch_remote()' function, when processing a 'hostname', 'username', 'password' and 'domain' parameters.

Vulnerability Detection Method

Details: Terminal Server Client RDP File Processing BOF Vulnerabilities (OID: 1.3.6.1.4.1.25623.1.0.902297)

Version used: $Revision: 7823 $

References

CVE: CVE-2011-0900, CVE-2011-0901
BID: 46099
Other: http://secunia.com/advisories/43120
http://xforce.iss.net/xforce/xfdb/65100
http://www.exploit-db.com/exploits/16095/

general/tcp
Medium (CVSS: 6.8)
NVT: Ubuntu Update for openldap, openldap2.3 vulnerabilities USN-1100-1 (OID: 1.3.6.1.4.1.25623.1.0.840624)
Summary

Ubuntu Update for Linux kernel vulnerabilities USN-1100-1

Vulnerability Detection Result
Package libldap-2.4-2 version 2.4.7-6ubuntu3 is installed which is known to be vulnerable.
Solution

Solution type: VendorFix

Please Install the Updated Packages.

Affected Software/OS

openldap, openldap2.3 vulnerabilities on Ubuntu 8.04 LTS , Ubuntu 9.10 , Ubuntu 10.04 LTS , Ubuntu 10.10

Vulnerability Insight

It was discovered that OpenLDAP did not properly check forwarded authentication failures when using a slave server and chain overlay. If OpenLDAP were configured in this manner, an attacker could bypass authentication checks by sending an invalid password to a slave server. (CVE-2011-1024)

It was discovered that OpenLDAP did not properly perform authentication checks to the rootdn when using the back-ndb backend. An attacker could exploit this to access the directory by sending an arbitrary password. Ubuntu does not ship OpenLDAP with back-ndb support by default. This issue did not affect Ubuntu 8.04 LTS. (CVE-2011-1025) It was discovered that OpenLDAP did not properly validate modrdn requests. An unauthenticated remote user could use this to cause a denial of service via application crash. (CVE-2011-1081)

Vulnerability Detection Method

Details: Ubuntu Update for openldap, openldap2.3 vulnerabilities USN-1100-1 (OID: 1.3.6.1.4.1.25623.1.0.840624)

Version used: $Revision: 7964 $

References

CVE: CVE-2011-1024, CVE-2011-1025, CVE-2011-1081
CERT: CB-K16/0564, CB-K15/1514, DFN-CERT-2011-1466, DFN-CERT-2011-0634, DFN-CERT-2011-0608, DFN-CERT-2011-0471, DFN-CERT-2011-0470, DFN-CERT-2011-0355, DFN-CERT-2011-0354
Other: http://www.ubuntu.com/usn/usn-1100-1/
USN:1100-1

general/tcp
Medium (CVSS: 6.8)
NVT: Ubuntu Update for tiff USN-1655-1 (OID: 1.3.6.1.4.1.25623.1.0.841244)
Summary

Ubuntu Update for Linux kernel vulnerabilities USN-1655-1

Vulnerability Detection Result
Package libtiff4 version 3.8.2-7ubuntu3 is installed which is known to be vulnerable.
Solution

Solution type: VendorFix

Please Install the Updated Packages.

Affected Software/OS

tiff on Ubuntu 12.04 LTS , Ubuntu 11.10 , Ubuntu 10.04 LTS , Ubuntu 8.04 LTS

Vulnerability Insight

It was discovered that LibTIFF incorrectly handled certain malformed images using the DOTRANGE tag. If a user or automated system were tricked into opening a specially crafted TIFF image, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges.

Vulnerability Detection Method

Details: Ubuntu Update for tiff USN-1655-1 (OID: 1.3.6.1.4.1.25623.1.0.841244)

Version used: $Revision: 7960 $

References

CVE: CVE-2012-5581
CERT: CB-K13/0930, DFN-CERT-2013-1950, DFN-CERT-2013-0154, DFN-CERT-2013-0006, DFN-CERT-2012-2274, DFN-CERT-2012-2267
Other: http://www.ubuntu.com/usn/usn-1655-1/
USN:1655-1

general/tcp
Medium (CVSS: 6.8)
NVT: Ubuntu Update for libxml2 USN-1447-1 (OID: 1.3.6.1.4.1.25623.1.0.841007)
Summary

Ubuntu Update for Linux kernel vulnerabilities USN-1447-1

Vulnerability Detection Result
Package libxml2 version 2.6.31.dfsg-2ubuntu1 is installed which is known to be vulnerable.
Solution

Solution type: VendorFix

Please Install the Updated Packages.

Affected Software/OS

libxml2 on Ubuntu 12.04 LTS , Ubuntu 11.10 , Ubuntu 11.04 , Ubuntu 10.04 LTS , Ubuntu 8.04 LTS

Vulnerability Insight

Juri Aedla discovered that libxml2 contained an off by one error in its XPointer functionality. If a user or application linked against libxml2 were tricked into opening a specially crafted XML file, an attacker could cause the application to crash or possibly execute arbitrary code with the privileges of the user invoking the program.

Vulnerability Detection Method

Details: Ubuntu Update for libxml2 USN-1447-1 (OID: 1.3.6.1.4.1.25623.1.0.841007)

Version used: $Revision: 7960 $

References

CVE: CVE-2011-3102
CERT: CB-K14/0091, CB-K13/0874, CB-K13/0834, DFN-CERT-2014-0093, DFN-CERT-2013-0199, DFN-CERT-2013-0196, DFN-CERT-2012-1873, DFN-CERT-2012-1841, DFN-CERT-2012-1633, DFN-CERT-2012-1218, DFN-CERT-2012-1129, DFN-CERT-2012-1027, DFN-CERT-2012-0983
Other: http://www.ubuntu.com/usn/usn-1447-1/
USN:1447-1

general/tcp
Medium (CVSS: 6.8)
NVT: Ubuntu Update for tiff USN-1631-1 (OID: 1.3.6.1.4.1.25623.1.0.841216)
Summary

Ubuntu Update for Linux kernel vulnerabilities USN-1631-1

Vulnerability Detection Result
Package libtiff4 version 3.8.2-7ubuntu3 is installed which is known to be vulnerable.
Solution

Solution type: VendorFix

Please Install the Updated Packages.

Affected Software/OS

tiff on Ubuntu 12.10 , Ubuntu 12.04 LTS , Ubuntu 11.10 , Ubuntu 10.04 LTS , Ubuntu 8.04 LTS

Vulnerability Insight

It was discovered that LibTIFF incorrectly handled certain malformed images using the PixarLog compression format. If a user or automated system were tricked into opening a specially crafted TIFF image, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges. (CVE-2012-4447)

Huzaifa S. Sidhpurwala discovered that the ppm2tiff tool incorrectly handled certain malformed PPM images. If a user or automated system were tricked into opening a specially crafted PPM image, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges. (CVE-2012-4564)

Vulnerability Detection Method

Details: Ubuntu Update for tiff USN-1631-1 (OID: 1.3.6.1.4.1.25623.1.0.841216)

Version used: $Revision: 8671 $

References

CVE: CVE-2012-4447, CVE-2012-4564
CERT: CB-K13/0930, DFN-CERT-2013-1950, DFN-CERT-2013-0944, DFN-CERT-2013-0154, DFN-CERT-2013-0006, DFN-CERT-2012-2274, DFN-CERT-2012-2136, DFN-CERT-2012-2010
Other: http://www.ubuntu.com/usn/usn-1631-1/
USN:1631-1

general/tcp
Medium (CVSS: 6.8)
NVT: Ubuntu Update for php5 vulnerabilities USN-1042-1 (OID: 1.3.6.1.4.1.25623.1.0.840564)
Summary

Ubuntu Update for Linux kernel vulnerabilities USN-1042-1

Vulnerability Detection Result
Package libapache2-mod-php5 version 5.2.4-2ubuntu5 is installed which is known to be vulnerable.
Solution

Solution type: VendorFix

Please Install the Updated Packages.

Affected Software/OS

php5 vulnerabilities on Ubuntu 6.06 LTS , Ubuntu 8.04 LTS , Ubuntu 9.10 , Ubuntu 10.04 LTS , Ubuntu 10.10

Vulnerability Insight

It was discovered that an integer overflow in the XML UTF-8 decoding code could allow an attacker to bypass cross-site scripting (XSS) protections. This issue only affected Ubuntu 6.06 LTS, Ubuntu 8.04 LTS, and Ubuntu 9.10. (CVE-2009-5016)

It was discovered that the XML UTF-8 decoding code did not properly handle non-shortest form UTF-8 encoding and ill-formed subsequences in UTF-8 data, which could allow an attacker to bypass cross-site scripting (XSS) protections. (CVE-2010-3870) It was discovered that attackers might be able to bypass open_basedir() restrictions by passing a specially crafted filename. (CVE-2010-3436) Maksymilian Arciemowicz discovered that a NULL pointer derefence in the ZIP archive handling code could allow an attacker to cause a denial of service through a specially crafted ZIP archive. This issue only affected Ubuntu 8.04 LTS, Ubuntu 9.10, Ubuntu 10.04 LTS, and Ubuntu 10.10. (CVE-2010-3709) It was discovered that a stack consumption vulnerability in the filter_var() PHP function when in FILTER_VALIDATE_EMAIL mode, could allow a remote attacker to cause a denial of service. This issue only affected Ubuntu 8.04 LTS, Ubuntu 9.10, Ubuntu 10.04 LTS, and Ubuntu 10.10. (CVE-2010-3710) It was discovered that the mb_strcut function in the Libmbfl library within PHP could allow an attacker to read arbitrary memory within the application process. This issue only affected Ubuntu 10.10. (CVE-2010-4156) Maksymilian Arciemowicz discovered that an integer overflow in the NumberFormatter::getSymbol function could allow an attacker to cause a denial of service. This issue only affected Ubuntu 10.04 LTS and Ubuntu 10.10. (CVE-2010-4409) Rick Regan discovered that when handing PHP textual representations of the largest subnormal double-precision floating-point number, the zend_strtod function could go into an infinite loop on 32bit x86 processors, allowing an attacker to cause a denial of service. (CVE-2010-4645)

Vulnerability Detection Method

Details: Ubuntu Update for php5 vulnerabilities USN-1042-1 (OID: 1.3.6.1.4.1.25623.1.0.840564)

Version used: $Revision: 7964 $

References

<