2015-SEP-03 FSL version 7.5.737
MCAFEE FOUNDSTONE FSL UPDATE
To better protect your environment McAfee has created this FSL check update for the Foundstone Product Suite. The following is a detailed summary of the new and updated checks included with this release.
NEW CHECKS
91892 - Oracle Enterprise Linux ELSA-2015-1693 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Oracle Enterprise Linux Patches and Hotfixes Risk Level: High
CVE: CVE-2015-4497, CVE-2015-4498 Description
The scan detected that the host is missing the following update: ELSA-2015-1693
Observation
Updates often remediate critical security problems that should be quickly addressed. For more information see:
http://oss.oracle.com/pipermail/el-errata/2015-August/005367.html http://oss.oracle.com/pipermail/el-errata/2015-August/005365.html http://oss.oracle.com/pipermail/el-errata/2015-August/005366.html OEL6 x86_64 firefox-38.2.1-1.0.1.el6_7 i386 firefox-38.2.1-1.0.1.el6_7 OEL5 x86_64 firefox-38.2.1-1.0.1.el5_11 i386 firefox-38.2.1-1.0.1.el5_11 OEL7 x86_64 firefox-38.2.1-1.0.1.el7_1
130263 - Debian Linux 7.0, 8.0 DSA-3345-1 Update Is Not Installed Category: SSH Module -> NonIntrusive -> Debian Patches and Hotfixes Risk Level: High
CVE: CVE-2015-4497, CVE-2015-4498 Description
DSA-3345-1 Observation
Updates often remediate critical security problems that should be quickly addressed. For more information see:
http://www.debian.org/security/2015/dsa-3345 Debian 8.0 all iceweasel_38.2.1esr-1~deb8u1 Debian 7.0 all iceweasel_38.2.1esr-1~deb7u1
140930 - Red Hat Enterprise Linux RHSA-2015-1693 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Red Hat Enterprise Linux Patches and Hotfixes Risk Level: High
CVE: CVE-2015-4497, CVE-2015-4498 Description
The scan detected that the host is missing the following update: RHSA-2015-1693
Observation
Updates often remediate critical security problems that should be quickly addressed. For more information see:
https://rhn.redhat.com/errata/RHSA-2015-1693.html RHEL5S x86_64 firefox-debuginfo-38.2.1-1.el5_11 firefox-38.2.1-1.el5_11 i386 firefox-debuginfo-38.2.1-1.el5_11 firefox-38.2.1-1.el5_11 RHEL5D x86_64 firefox-debuginfo-38.2.1-1.el5_11 firefox-38.2.1-1.el5_11 i386 firefox-debuginfo-38.2.1-1.el5_11 firefox-38.2.1-1.el5_11 RHEL6S x86_64 firefox-debuginfo-38.2.1-1.el6_7 firefox-38.2.1-1.el6_7 i386 firefox-debuginfo-38.2.1-1.el6_7
firefox-38.2.1-1.el6_7 RHEL7D x86_64 firefox-38.2.1-1.el7_1 firefox-debuginfo-38.2.1-1.el7_1 RHEL6D x86_64 firefox-debuginfo-38.2.1-1.el6_7 firefox-38.2.1-1.el6_7 i386 firefox-debuginfo-38.2.1-1.el6_7 firefox-38.2.1-1.el6_7 RHEL7S x86_64 firefox-38.2.1-1.el7_1 firefox-debuginfo-38.2.1-1.el7_1 RHEL6WS x86_64 firefox-debuginfo-38.2.1-1.el6_7 firefox-38.2.1-1.el6_7 i386 firefox-debuginfo-38.2.1-1.el6_7 firefox-38.2.1-1.el6_7 RHEL7WS x86_64 firefox-38.2.1-1.el7_1 firefox-debuginfo-38.2.1-1.el7_1
143932 - SuSE Linux 13.1 openSUSE-SU-2015:1454-1 Update Is Not Installed Category: SSH Module -> NonIntrusive -> SuSE Patches and Hotfixes
Risk Level: High
CVE: 2015-4473, 2015-4475, 2015-4478, 2015-4479, 2015-4480, 2015-4481, 2015-4482, CVE-2015-4484, CVE-2015-4485, CVE-2015-4486, CVE-2015-4487, CVE-2015-4488, CVE-2015-4489, CVE-2015-4491, CVE-2015-4492, CVE-2015-4493
Description
The scan detected that the host is missing the following update: openSUSE-SU-2015:1454-1
Observation
Updates often remediate critical security problems that should be quickly addressed. For more information see:
http://lists.opensuse.org/opensuse-updates/2015-08/msg00031.html SuSE Linux 13.1 x86_64 MozillaThunderbird-debugsource-38.2.0-70.60.2 MozillaThunderbird-translations-other-38.2.0-70.60.2 MozillaThunderbird-devel-38.2.0-70.60.2
MozillaThunderbird-buildsymbols-38.2.0-70.60.2 MozillaThunderbird-38.2.0-70.60.2 MozillaThunderbird-translations-common-38.2.0-70.60.2 MozillaThunderbird-debuginfo-38.2.0-70.60.2 i586 MozillaThunderbird-debugsource-38.2.0-70.60.2 MozillaThunderbird-translations-other-38.2.0-70.60.2 MozillaThunderbird-devel-38.2.0-70.60.2 MozillaThunderbird-buildsymbols-38.2.0-70.60.2 MozillaThunderbird-38.2.0-70.60.2 MozillaThunderbird-translations-common-38.2.0-70.60.2 MozillaThunderbird-debuginfo-38.2.0-70.60.2
143934 - SuSE Linux 13.2 openSUSE-SU-2015:1453-1 Update Is Not Installed Category: SSH Module -> NonIntrusive -> SuSE Patches and Hotfixes
Risk Level: High
CVE: 2015-4473, 2015-4475, 2015-4478, 2015-4479, 2015-4480, 2015-4481, 2015-4482, CVE-2015-4484, CVE-2015-4485, CVE-2015-4486, CVE-2015-4487, CVE-2015-4488, CVE-2015-4489, CVE-2015-4491, CVE-2015-4492, CVE-2015-4493
Description
The scan detected that the host is missing the following update: openSUSE-SU-2015:1453-1
Observation
Updates often remediate critical security problems that should be quickly addressed. For more information see:
http://lists.opensuse.org/opensuse-updates/2015-08/msg00030.html SuSE Linux 13.2 x86_64 MozillaThunderbird-devel-38.2.0-25.2 MozillaThunderbird-buildsymbols-38.2.0-25.2 MozillaThunderbird-debugsource-38.2.0-25.2 MozillaThunderbird-translations-common-38.2.0-25.2 MozillaThunderbird-38.2.0-25.2 MozillaThunderbird-translations-other-38.2.0-25.2 MozillaThunderbird-debuginfo-38.2.0-25.2 i586 MozillaThunderbird-devel-38.2.0-25.2 MozillaThunderbird-buildsymbols-38.2.0-25.2 MozillaThunderbird-debugsource-38.2.0-25.2 MozillaThunderbird-translations-common-38.2.0-25.2 MozillaThunderbird-38.2.0-25.2 MozillaThunderbird-translations-other-38.2.0-25.2 MozillaThunderbird-debuginfo-38.2.0-25.2
181582 - FreeBSD mozilla Multiple Vulnerabilities (237a201c-888b-487f-84d3-7d92266381d6) Category: SSH Module -> NonIntrusive -> FreeBSD Patches and Hotfixes
Risk Level: High
Description
The scan detected that the host is missing the following update:
mozilla -- multiple vulnerabilities (237a201c-888b-487f-84d3-7d92266381d6) Observation
Updates often remediate critical security problems that should be quickly addressed. For more information see:
http://www.vuxml.org/freebsd/237a201c-888b-487f-84d3-7d92266381d6.html Affected packages:
firefox < 40.0.3,1 linux-firefox < 40.0.3,1 firefox-esr < 38.2.1,1
184958 - Ubuntu Linux 12.04, 14.04, 15.04 USN-2723-1 Update Is Not Installed Category: SSH Module -> NonIntrusive -> Ubuntu Patches and Hotfixes
Risk Level: High
CVE: CVE-2015-4497, CVE-2015-4498 Description
The scan detected that the host is missing the following update: USN-2723-1
Observation
Updates often remediate critical security problems that should be quickly addressed. For more information see:
https://lists.ubuntu.com/archives/ubuntu-security-announce/2015-August/003097.html Ubuntu 14.04 firefox_40.0.3+build1-0ubuntu0.14.04.1 Ubuntu 15.04 firefox_40.0.3+build1-0ubuntu0.15.04.1 Ubuntu 12.04 firefox_40.0.3+build1-0ubuntu0.12.04.1
189694 - Fedora Linux 21 FEDORA-2015-13469 Update Is Not Installed Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: High
CVE: CVE-2015-5600, CVE-2015-6563, CVE-2015-6564 Description
The scan detected that the host is missing the following update: FEDORA-2015-13469
Observation
For more information see:
http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165170.html Fedora Core 21
openssh-6.6.1p1-16.fc21
18888 - (HT205046) Apple QuickTime Multiple Vulnerabilities Prior To 7.7.8 Category: Windows Host Assessment -> Miscellaneous
(CATEGORY REQUIRES CREDENTIALS) Risk Level: High
CVE: 2015-3788, 2015-3789, 2015-3790, 2015-3791, 2015-3792, 2015-5751, 2015-5779, CVE-2015-5785, CVE-2015-5786
Description
Multiple vulnerabilities are present in some versions of Apple QuickTime. Observation
Apple QuickTime is a media player.
Multiple vulnerabilities are present in some versions of Apple QuickTime. The flaws occur due to multiple memory corruption issues. Successful exploitation could allow an attacker to cause application crash or execute arbitrary code.
18889 - (SA-CORE-2015-003) Drupal Core Multiple Vulnerabilities Category: General Vulnerability Assessment -> NonIntrusive -> Web Server Risk Level: High
CVE: CVE-2015-6658, CVE-2015-6659, CVE-2015-6660, CVE-2015-6661, CVE-2015-6665 Description
Multiple vulnerabilities are present in some versions of Drupal. Observation
Drupal is a popular open source content management system.
Multiple vulnerabilities are present in some versions of Drupal. The flaws lie in multiple components. Successful exploitation by a remote attacker may bypass security measure or execute remote code.
18903 - VideoLAN VLC Media Player 3GP File Arbitrary Pointer Dereference Vulnerability Category: Windows Host Assessment -> Miscellaneous
(CATEGORY REQUIRES CREDENTIALS) Risk Level: High
CVE: CVE-2015-5949 Description
An arbitrary pointer dereference vulnerability is present in some versions of VideoLAN VLC Media Player. Observation
An arbitrary pointer dereference vulnerability is present in some versions of VideoLAN VLC Media Player. The flaw lies in libmp4.c. Successful exploitation could allow an attacker to cause denial of service or execute arbitrary code.
91893 - Oracle Enterprise Linux ELSA-2015-1695 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Oracle Enterprise Linux Patches and Hotfixes Risk Level: High
CVE: CVE-2015-0254 Description
The scan detected that the host is missing the following update: ELSA-2015-1695
Observation
Updates often remediate critical security problems that should be quickly addressed. For more information see:
http://oss.oracle.com/pipermail/el-errata/2015-August/005377.html http://oss.oracle.com/pipermail/el-errata/2015-August/005375.html OEL6 x86_64 jakarta-taglibs-standard-1.1.1-11.7.el6_7 jakarta-taglibs-standard-javadoc-1.1.1-11.7.el6_7 i386 jakarta-taglibs-standard-1.1.1-11.7.el6_7 jakarta-taglibs-standard-javadoc-1.1.1-11.7.el6_7 OEL7 x86_64 jakarta-taglibs-standard-javadoc-1.1.2-14.el7_1 jakarta-taglibs-standard-1.1.2-14.el7_1
130262 - Debian Linux 7.0, 8.0 DSA-3346-1 Update Is Not Installed Category: SSH Module -> NonIntrusive -> Debian Patches and Hotfixes Risk Level: High
CVE: CVE-2015-6658, CVE-2015-6659, CVE-2015-6660, CVE-2015-6661, CVE-2015-6665 Description
The scan detected that the host is missing the following update: DSA-3346-1
Observation
Updates often remediate critical security problems that should be quickly addressed. For more information see:
http://www.debian.org/security/2015/dsa-3346 Debian 8.0 all drupal7_7.32-1+deb8u5 Debian 7.0 all
drupal7_7.14-2+deb7u11
140929 - Red Hat Enterprise Linux RHSA-2015-1695 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Red Hat Enterprise Linux Patches and Hotfixes Risk Level: High
CVE: CVE-2015-0254 Description
The scan detected that the host is missing the following update: RHSA-2015-1695
Observation
Updates often remediate critical security problems that should be quickly addressed. For more information see:
https://rhn.redhat.com/errata/RHSA-2015-1695.html RHEL7WS noarch jakarta-taglibs-standard-javadoc-1.1.2-14.el7_1 jakarta-taglibs-standard-1.1.2-14.el7_1 RHEL7D noarch jakarta-taglibs-standard-javadoc-1.1.2-14.el7_1 jakarta-taglibs-standard-1.1.2-14.el7_1 RHEL6D noarch jakarta-taglibs-standard-1.1.1-11.7.el6_7 jakarta-taglibs-standard-javadoc-1.1.1-11.7.el6_7 RHEL6S noarch jakarta-taglibs-standard-1.1.1-11.7.el6_7 jakarta-taglibs-standard-javadoc-1.1.1-11.7.el6_7 RHEL7S noarch jakarta-taglibs-standard-javadoc-1.1.2-14.el7_1 jakarta-taglibs-standard-1.1.2-14.el7_1
143935 - SuSE SLES 12, SLED 12 SUSE-SU-2015:1445-1 Update Is Not Installed Category: SSH Module -> NonIntrusive -> SuSE Patches and Hotfixes
Risk Level: High CVE: CVE-2014-9645 Description
The scan detected that the host is missing the following update: SUSE-SU-2015:1445-1
Observation
Updates often remediate critical security problems that should be quickly addressed. For more information see:
http://lists.suse.com/pipermail/sle-security-updates/2015-August/001555.html SuSE SLED 12 x86_64 busybox-1.21.1-3.3 SuSE SLES 12 x86_64 busybox-1.21.1-3.3
184962 - Ubuntu Linux 15.04 USN-2725-1 Update Is Not Installed Category: SSH Module -> NonIntrusive -> Ubuntu Patches and Hotfixes Risk Level: High
CVE: CVE-2015-6520 Description
The scan detected that the host is missing the following update: USN-2725-1
Observation
Updates often remediate critical security problems that should be quickly addressed. For more information see:
https://lists.ubuntu.com/archives/ubuntu-security-announce/2015-August/003096.html Ubuntu 15.04
cups-filters-ippusbxd_1.0.67-0ubuntu2.4
184963 - Ubuntu Linux 12.04, 14.04, 15.04 USN-2724-1 Update Is Not Installed Category: SSH Module -> NonIntrusive -> Ubuntu Patches and Hotfixes
Risk Level: High
CVE: CVE-2014-9718, CVE-2015-5165, CVE-2015-5166, CVE-2015-5225, CVE-2015-5745 Description
The scan detected that the host is missing the following update: USN-2724-1
Observation
Updates often remediate critical security problems that should be quickly addressed. For more information see:
https://lists.ubuntu.com/archives/ubuntu-security-announce/2015-August/003095.html Ubuntu 14.04 qemu-system-misc_2.0.0+dfsg-2ubuntu1.17 qemu-system-aarch64_2.0.0+dfsg-2ubuntu1.17 qemu-system-sparc_2.0.0+dfsg-2ubuntu1.17 qemu-system-arm_2.0.0+dfsg-2ubuntu1.17 qemu-system_2.0.0+dfsg-2ubuntu1.17 qemu-system-mips_2.0.0+dfsg-2ubuntu1.17 qemu-system-x86_2.0.0+dfsg-2ubuntu1.17
qemu-system-ppc_2.0.0+dfsg-2ubuntu1.17 Ubuntu 15.04 qemu-system-mips_2.2+dfsg-5expubuntu9.4 qemu-system-arm_2.2+dfsg-5expubuntu9.4 qemu-system-x86_2.2+dfsg-5expubuntu9.4 qemu-system-misc_2.2+dfsg-5expubuntu9.4 qemu-system_2.2+dfsg-5expubuntu9.4 qemu-system-aarch64_2.2+dfsg-5expubuntu9.4 qemu-system-ppc_2.2+dfsg-5expubuntu9.4 qemu-system-sparc_2.2+dfsg-5expubuntu9.4 Ubuntu 12.04 qemu-kvm_1.0+noroms-0ubuntu14.24
189677 - Fedora Linux 23 FEDORA-2015-13920 Update Is Not Installed Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: High
CVE: 2013-7444, 2015-6727, 2015-6728, 2015-6729, 2015-6730, 2015-6731, 2015-6732, CVE-2015-6733, CVE-2015-6734, CVE-2015-6735, CVE-2015-6736, CVE-2015-6737
Description
The scan detected that the host is missing the following update: FEDORA-2015-13920
Observation
Updates often remediate critical security problems that should be quickly addressed. For more information see:
http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165193.html Fedora Core 23
mediawiki-1.25.2-2.fc23
189678 - Fedora Linux 23 FEDORA-2015-14361 Update Is Not Installed Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: High
CVE: CVE-2015-5165, CVE-2015-5166 Description
The scan detected that the host is missing the following update: FEDORA-2015-14361
Observation
Updates often remediate critical security problems that should be quickly addressed. For more information see:
http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165373.html Fedora Core 23
xen-4.5.1-6.fc23
189685 - Fedora Linux 21 FEDORA-2015-13404 Update Is Not Installed Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: High
CVE: CVE-2015-3209, CVE-2015-3214, CVE-2015-5154, CVE-2015-5165, CVE-2015-5745 Description
The scan detected that the host is missing the following update: FEDORA-2015-13404
Observation
Updates often remediate critical security problems that should be quickly addressed. For more information see:
http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165305.html Fedora Core 21
qemu-2.1.3-9.fc21
189691 - Fedora Linux 23 FEDORA-2015-13915 Update Is Not Installed Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: High
CVE: CVE-2015-6658, CVE-2015-6659, CVE-2015-6660, CVE-2015-6661, CVE-2015-6665 Description
The scan detected that the host is missing the following update: FEDORA-2015-13915
Observation
Updates often remediate critical security problems that should be quickly addressed. For more information see:
http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165061.html Fedora Core 23
drupal7-7.39-1.fc23
88707 - Slackware Linux 13.37, 14.0, 14.1 SSA:2015-244-01 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Slackware Patches and Hotfixes Risk Level: Medium
CVE: CVE-2015-4491 Description
The scan detected that the host is missing the following update: SSA:2015-244-01
Updates often remediate critical security problems that should be quickly addressed. For more information see:
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.435174 Slackware 14.1 x86_64 gdk-pixbuf2-2.28.2-x86_64-2 Slackware 13.37 x86_64 gdk-pixbuf2-2.23.3-x86_64-2 Slackware 14.0 x86_64 gdk-pixbuf2-2.26.1-x86_64-3
91891 - Oracle Enterprise Linux ELSA-2015-1694 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Oracle Enterprise Linux Patches and Hotfixes Risk Level: Medium
CVE: CVE-2015-4491 Description
The scan detected that the host is missing the following update: ELSA-2015-1694
Observation
Updates often remediate critical security problems that should be quickly addressed. For more information see:
http://oss.oracle.com/pipermail/el-errata/2015-August/005376.html http://oss.oracle.com/pipermail/el-errata/2015-August/005374.html OEL6 x86_64 gdk-pixbuf2-2.24.1-6.el6_7 gdk-pixbuf2-devel-2.24.1-6.el6_7 i386 gdk-pixbuf2-2.24.1-6.el6_7 gdk-pixbuf2-devel-2.24.1-6.el6_7 OEL7 x86_64 gdk-pixbuf2-2.28.2-5.el7_1 gdk-pixbuf2-devel-2.28.2-5.el7_1
140932 - Red Hat Enterprise Linux RHSA-2015-1694 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Red Hat Enterprise Linux Patches and Hotfixes Risk Level: Medium
CVE: CVE-2015-4491 Description
RHSA-2015-1694 Observation
Updates often remediate critical security problems that should be quickly addressed. For more information see:
https://rhn.redhat.com/errata/RHSA-2015-1694.html RHEL7WS x86_64 gdk-pixbuf2-debuginfo-2.28.2-5.el7_1 gdk-pixbuf2-2.28.2-5.el7_1 gdk-pixbuf2-devel-2.28.2-5.el7_1 RHEL7D x86_64 gdk-pixbuf2-debuginfo-2.28.2-5.el7_1 gdk-pixbuf2-2.28.2-5.el7_1 gdk-pixbuf2-devel-2.28.2-5.el7_1 RHEL6D x86_64 gdk-pixbuf2-debuginfo-2.24.1-6.el6_7 gdk-pixbuf2-2.24.1-6.el6_7 gdk-pixbuf2-devel-2.24.1-6.el6_7 i386 gdk-pixbuf2-debuginfo-2.24.1-6.el6_7 gdk-pixbuf2-2.24.1-6.el6_7 gdk-pixbuf2-devel-2.24.1-6.el6_7 RHEL6S x86_64 gdk-pixbuf2-debuginfo-2.24.1-6.el6_7 gdk-pixbuf2-2.24.1-6.el6_7 gdk-pixbuf2-devel-2.24.1-6.el6_7 i386 gdk-pixbuf2-debuginfo-2.24.1-6.el6_7 gdk-pixbuf2-2.24.1-6.el6_7 gdk-pixbuf2-devel-2.24.1-6.el6_7 RHEL7S x86_64 gdk-pixbuf2-debuginfo-2.28.2-5.el7_1 gdk-pixbuf2-2.28.2-5.el7_1 gdk-pixbuf2-devel-2.28.2-5.el7_1 RHEL6WS x86_64 gdk-pixbuf2-debuginfo-2.24.1-6.el6_7 gdk-pixbuf2-2.24.1-6.el6_7 gdk-pixbuf2-devel-2.24.1-6.el6_7 i386 gdk-pixbuf2-debuginfo-2.24.1-6.el6_7 gdk-pixbuf2-2.24.1-6.el6_7 gdk-pixbuf2-devel-2.24.1-6.el6_7
181579 - FreeBSD ffmpeg Use After Free (da434a78-e342-4d9a-87e2-7497e5f117ba)
Category: SSH Module -> NonIntrusive -> FreeBSD Patches and Hotfixes Risk Level: Medium
CVE: CVE-2015-3417 Description
The scan detected that the host is missing the following update: ffmpeg -- use after free (da434a78-e342-4d9a-87e2-7497e5f117ba) Observation
Updates often remediate critical security problems that should be quickly addressed. For more information see:
http://www.vuxml.org/freebsd/da434a78-e342-4d9a-87e2-7497e5f117ba.html Affected packages: 11.0 <= libav < 11.4 libav < 10.7 gstreamer1-libav < 1.5.0 2.2.0,1 <= ffmpeg < 2.2.12,1 2.1.0,1 <= ffmpeg < 2.1.7,1 ffmpeg < 2.0.7,1 ffmpeg25 < 2.5.2 ffmpeg24 < 2.4.5 ffmpeg23 < 2.3.6 ffmpeg1 < 1.2.11
181581 - FreeBSD ffmpeg Out-of-bounds Array Access (80c66af0-d1c5-449e-bd31-63b12525ff88)
Category: SSH Module -> NonIntrusive -> FreeBSD Patches and Hotfixes Risk Level: Medium
CVE: CVE-2015-3395 Description
The scan detected that the host is missing the following update:
ffmpeg -- out-of-bounds array access (80c66af0-d1c5-449e-bd31-63b12525ff88) Observation
Updates often remediate critical security problems that should be quickly addressed. For more information see:
http://www.vuxml.org/freebsd/80c66af0-d1c5-449e-bd31-63b12525ff88.html Affected packages: 11.0 <= libav < 11.4 libav < 10.7 gstreamer1-libav < 1.5.1 2.2.0,1 <= ffmpeg < 2.2.15,1 ffmpeg < 2.0.7,1 ffmpeg26 < 2.6.2 ffmpeg25 < 2.5.6 ffmpeg24 < 2.4.8 kodi < 15.1 mplayer < 1.1.r20150403 mencoder < 1.1.r20150403
181583 - FreeBSD ghostscript Denial Of Service (crash) via crafted Postscript files (fc1f6658-4f53-11e5-934b-002590263bf5)
Category: SSH Module -> NonIntrusive -> FreeBSD Patches and Hotfixes Risk Level: Medium
CVE: CVE-2015-3228 Description
The scan detected that the host is missing the following update:
ghostscript -- denial of service (crash) via crafted Postscript files (fc1f6658-4f53-11e5-934b-002590263bf5) Observation
Updates often remediate critical security problems that should be quickly addressed. For more information see:
http://www.vuxml.org/freebsd/fc1f6658-4f53-11e5-934b-002590263bf5.html Affected packages: ghostscript7 < 7.07_32 ghostscript7-nox11 < 7.07_32 ghostscript7-base < 7.07_32 ghostscript7-x11 < 7.07_32 ghostscript8 < 8.71_19 ghostscript8-nox11 < 8.71_19 ghostscript8-base < 8.71_19 ghostscript8-x11 < 8.71_19 ghostscript9 < 9.06_11 ghostscript9-nox11 < 9.06_11 ghostscript9-base < 9.06_11 ghostscript9-x11 < 9.06_11 ghostscript9-agpl < 9.15_2 ghostscript9-agpl-nox11 < 9.15_2 ghostscript9-agpl-base < 9.16_2 ghostscript9-agpl-x11 < 9.16_2
184960 - Ubuntu Linux 12.04, 14.04, 15.04 USN-2726-1 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Ubuntu Patches and Hotfixes Risk Level: Medium
CVE: CVE-2015-1283 Description
The scan detected that the host is missing the following update: USN-2726-1
Observation
Updates often remediate critical security problems that should be quickly addressed. For more information see:
https://lists.ubuntu.com/archives/ubuntu-security-announce/2015-August/003098.html Ubuntu 14.04
libexpat1_2.1.0-4ubuntu1.1 lib64expat1_2.1.0-4ubuntu1.1
Ubuntu 15.04 lib64expat1_2.1.0-6ubuntu1.1 libexpat1_2.1.0-6ubuntu1.1 Ubuntu 12.04 libexpat1_2.0.1-7.2ubuntu1.2 lib64expat1_2.0.1-7.2ubuntu1.2
184961 - Ubuntu Linux 12.04, 14.04, 15.04 USN-2722-1 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Ubuntu Patches and Hotfixes Risk Level: Medium
CVE: CVE-2015-4491 Description
The scan detected that the host is missing the following update: USN-2722-1
Observation
Updates often remediate critical security problems that should be quickly addressed. For more information see:
https://lists.ubuntu.com/archives/ubuntu-security-announce/2015-August/003094.html Ubuntu 14.04 libgdk-pixbuf2.0-0_2.30.7-0ubuntu1.1 Ubuntu 15.04 libgdk-pixbuf2.0-0_2.31.3-1ubuntu0.1 Ubuntu 12.04 libgdk-pixbuf2.0-0_2.26.1-1ubuntu1.2
189684 - Fedora Linux 21 FEDORA-2015-13488 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: Medium
CVE: CVE-2015-5161 Description
The scan detected that the host is missing the following update: FEDORA-2015-13488
Observation
Updates often remediate critical security problems that should be quickly addressed. For more information see:
http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165174.html http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165173.html Fedora Core 21
php-guzzle-Guzzle-3.9.3-5.fc21 php-ZendFramework2-2.4.7-1.fc21
189695 - Fedora Linux 22 FEDORA-2015-13529 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: Medium
CVE: CVE-2015-5161 Description
The scan detected that the host is missing the following update: FEDORA-2015-13529
Observation
Updates often remediate critical security problems that should be quickly addressed. For more information see:
http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165147.html http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165146.html Fedora Core 22
php-ZendFramework2-2.4.7-1.fc22 php-guzzle-Guzzle-3.9.3-5.fc22
18902 - (APSB15-21) Vulnerability In ColdFusion
Category: Windows Host Assessment -> Adobe Patches Only (CATEGORY REQUIRES CREDENTIALS)
Risk Level: Medium CVE: CVE-2015-3269 Description
A vulnerability is present in some versions of Adobe ColdFusion. Observation
Adobe ColdFusion is a web application development platform.
A vulnerability is present in some versions of Adobe ColdFusion. The flaw lies in BlazeDS. Successful exploitation could allow an attacker to access sensitive information.
The update provided by Adobe bulletin APSB15-21 resolves this issue. The target system appears to be missing this update.
18905 - IBM WebSphere Application Server Java Portlet Specification JSR 286 Information Disclosure Vulnerability
Category: Windows Host Assessment -> Miscellaneous (CATEGORY REQUIRES CREDENTIALS)
Risk Level: Medium CVE: CVE-2015-1926 Description
Observation
IBM WebSphere Application Server is a Java application server.
An information disclosure vulnerability is present in some versions of IBM WebSphere Application Server. The flaw lies in Java Portlet Specification JSR 286 API. Successful exploitation could allow an attacker to obtain obtain configuration data and other sensitive information.
33310 - Oracle Solaris 151597-05 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Solaris Patches and Hotfixes Risk Level: Medium
CVE: CVE-2013-4286, CVE-2013-4322, CVE-2013-4590, CVE-2014-0033, CVE-2014-0050 Description
The scan detected that the host is missing the following update: 151597-05
Observation
Updates often remediate critical security problems that should be quickly addressed. For more information see:
https://getupdates.oracle.com/readme/151597-05
SunOS 5.10: Oracle Snap Management Utility for Oracle Databases patch SOLARIS_10
ORCLsmu:1.2.0,REV=2014.06.14.00.07.13
33311 - Oracle Solaris 151598-05 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Solaris Patches and Hotfixes Risk Level: Medium
CVE: CVE-2013-4286, CVE-2013-4322, CVE-2013-4590, CVE-2014-0033, CVE-2014-0050 Description
The scan detected that the host is missing the following update: 151598-05
Observation
Updates often remediate critical security problems that should be quickly addressed. For more information see:
https://getupdates.oracle.com/readme/151598-05
SunOS 5.10(x86): Oracle Snap Management Utility for Oracle Databases patch SOLARIS_10_x86
ORCLsmu:1.2.0,REV=2014.06.14.00.07.13
143933 - SuSE SLES 12, SLED 12 SUSE-SU-2015:1439-1 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> SuSE Patches and Hotfixes Risk Level: Medium
CVE: CVE-2015-3451 Description
The scan detected that the host is missing the following update: SUSE-SU-2015:1439-1
Observation
Updates often remediate critical security problems that should be quickly addressed. For more information see:
http://lists.suse.com/pipermail/sle-security-updates/2015-August/001553.html SuSE SLED 12 x86_64 perl-XML-LibXML-debuginfo-2.0019-5.3 perl-XML-LibXML-2.0019-5.3 perl-XML-LibXML-debugsource-2.0019-5.3 SuSE SLES 12 x86_64 perl-XML-LibXML-debuginfo-2.0019-5.3 perl-XML-LibXML-2.0019-5.3 perl-XML-LibXML-debugsource-2.0019-5.3
184959 - Ubuntu Linux 15.04 USN-2727-1 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Ubuntu Patches and Hotfixes Risk Level: Medium
CVE: CVE-2015-3308, CVE-2015-6251 Description
The scan detected that the host is missing the following update: USN-2727-1
Observation
Updates often remediate critical security problems that should be quickly addressed. For more information see:
https://lists.ubuntu.com/archives/ubuntu-security-announce/2015-September/003099.html Ubuntu 15.04
libgnutls-deb0-28_3.3.8-3ubuntu3.1
189680 - Fedora Linux 23 FEDORA-2015-13287 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: Medium
CVE: CVE-2015-6251 Description
The scan detected that the host is missing the following update: FEDORA-2015-13287
Updates often remediate critical security problems that should be quickly addressed. For more information see:
http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165286.html Fedora Core 23
gnutls-3.4.4-1.fc23
189681 - Fedora Linux 21 FEDORA-2015-12979 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: Medium
CVE: CVE-2015-3225 Description
The scan detected that the host is missing the following update: FEDORA-2015-12979
Observation
Updates often remediate critical security problems that should be quickly addressed. For more information see:
http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165180.html Fedora Core 21
rubygem-rack-1.5.2-5.fc21
18890 - SolarWinds N-Able N-Central Administrator Account Password Disclosure Vulnerability
Category: General Vulnerability Assessment -> NonIntrusive -> Web Server Risk Level: Medium
CVE: CVE-2015-5610 Description
An information disclosure vulnerability is present in some versions of SolarWinds N-Able N-Central. Observation
SolarWinds N-Able N-Central is a popular enterprise and management support solution.
An information disclosure vulnerability is present in some versions of SolarWinds N-Able N-Central. The flaw is due to the encrypted password is accessible by any authenticated local or remote user from within from the RSM web page source. Successful exploitation could allow an attacker to decrypt and obtain the domain administrator password used by the software.
91890 - Oracle Enterprise Linux ELSA-2015-1699 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Oracle Enterprise Linux Patches and Hotfixes Risk Level: Medium
CVE: CVE-2015-2730 Description
ELSA-2015-1699 Observation
Updates often remediate critical security problems that should be quickly addressed. For more information see:
http://oss.oracle.com/pipermail/el-errata/2015-September/005379.html http://oss.oracle.com/pipermail/el-errata/2015-September/005378.html OEL6 x86_64 nss-softokn-freebl-devel-3.14.3-23.el6_7 nss-softokn-freebl-3.14.3-23.el6_7 nss-softokn-devel-3.14.3-23.el6_7 nss-softokn-3.14.3-23.el6_7 i386 nss-softokn-freebl-devel-3.14.3-23.el6_7 nss-softokn-freebl-3.14.3-23.el6_7 nss-softokn-devel-3.14.3-23.el6_7 nss-softokn-3.14.3-23.el6_7 OEL7 x86_64 nss-softokn-freebl-3.16.2.3-13.el7_1 nss-softokn-freebl-devel-3.16.2.3-13.el7_1 nss-softokn-3.16.2.3-13.el7_1 nss-softokn-devel-3.16.2.3-13.el7_1
132188 - Oracle VM OVMSA-2015-0118 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Oracle VM Patches and Hotfixes Risk Level: Medium
CVE: CVE-2015-2730 Description
The scan detected that the host is missing the following update: OVMSA-2015-0118
Observation
Updates often remediate critical security problems that should be quickly addressed. For more information see:
http://oss.oracle.com/pipermail/oraclevm-errata/2015-September/000366.html OVM3.3
x86_64
nss-softokn-freebl-3.14.3-23.el6_7 nss-softokn-3.14.3-23.el6_7
140931 - Red Hat Enterprise Linux RHSA-2015-1699 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Red Hat Enterprise Linux Patches and Hotfixes Risk Level: Medium
Description
The scan detected that the host is missing the following update: RHSA-2015-1699
Observation
Updates often remediate critical security problems that should be quickly addressed. For more information see:
https://rhn.redhat.com/errata/RHSA-2015-1699.html RHEL7WS x86_64 nss-softokn-freebl-devel-3.16.2.3-13.el7_1 nss-softokn-freebl-3.16.2.3-13.el7_1 nss-softokn-debuginfo-3.16.2.3-13.el7_1 nss-softokn-3.16.2.3-13.el7_1 nss-softokn-devel-3.16.2.3-13.el7_1 RHEL7D x86_64 nss-softokn-freebl-devel-3.16.2.3-13.el7_1 nss-softokn-freebl-3.16.2.3-13.el7_1 nss-softokn-debuginfo-3.16.2.3-13.el7_1 nss-softokn-3.16.2.3-13.el7_1 nss-softokn-devel-3.16.2.3-13.el7_1 RHEL6D x86_64 nss-softokn-devel-3.14.3-23.el6_7 nss-softokn-freebl-devel-3.14.3-23.el6_7 nss-softokn-freebl-3.14.3-23.el6_7 nss-softokn-debuginfo-3.14.3-23.el6_7 nss-softokn-3.14.3-23.el6_7 i386 nss-softokn-devel-3.14.3-23.el6_7 nss-softokn-freebl-devel-3.14.3-23.el6_7 nss-softokn-freebl-3.14.3-23.el6_7 nss-softokn-debuginfo-3.14.3-23.el6_7 nss-softokn-3.14.3-23.el6_7 RHEL6S x86_64 nss-softokn-devel-3.14.3-23.el6_7 nss-softokn-freebl-devel-3.14.3-23.el6_7 nss-softokn-freebl-3.14.3-23.el6_7 nss-softokn-debuginfo-3.14.3-23.el6_7 nss-softokn-3.14.3-23.el6_7 i386 nss-softokn-devel-3.14.3-23.el6_7 nss-softokn-freebl-devel-3.14.3-23.el6_7 nss-softokn-freebl-3.14.3-23.el6_7 nss-softokn-debuginfo-3.14.3-23.el6_7 nss-softokn-3.14.3-23.el6_7 RHEL7S x86_64 nss-softokn-freebl-devel-3.16.2.3-13.el7_1
nss-softokn-freebl-3.16.2.3-13.el7_1 nss-softokn-debuginfo-3.16.2.3-13.el7_1 nss-softokn-3.16.2.3-13.el7_1 nss-softokn-devel-3.16.2.3-13.el7_1 RHEL6WS x86_64 nss-softokn-devel-3.14.3-23.el6_7 nss-softokn-freebl-devel-3.14.3-23.el6_7 nss-softokn-freebl-3.14.3-23.el6_7 nss-softokn-debuginfo-3.14.3-23.el6_7 nss-softokn-3.14.3-23.el6_7 i386 nss-softokn-devel-3.14.3-23.el6_7 nss-softokn-freebl-devel-3.14.3-23.el6_7 nss-softokn-freebl-3.14.3-23.el6_7 nss-softokn-debuginfo-3.14.3-23.el6_7 nss-softokn-3.14.3-23.el6_7
143931 - SuSE Linux 13.2 openSUSE-SU-2015:1452-1 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> SuSE Patches and Hotfixes Risk Level: Medium
CVE: CVE-2015-3908 Description
The scan detected that the host is missing the following update: openSUSE-SU-2015:1452-1
Observation
Updates often remediate critical security problems that should be quickly addressed. For more information see:
http://lists.opensuse.org/opensuse-updates/2015-08/msg00029.html SuSE Linux 13.2
noarch
ansible-1.7.1-2.8.1
189689 - Fedora Linux 22 FEDORA-2015-13718 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: Medium
CVE: CVE-2015-5475, CVE-2015-6506 Description
The scan detected that the host is missing the following update: FEDORA-2015-13718
Observation
Updates often remediate critical security problems that should be quickly addressed. For more information see:
Fedora Core 22 rt-4.2.12-1.fc22
189690 - Fedora Linux 21 FEDORA-2015-13664 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: Medium
CVE: CVE-2015-5475, CVE-2015-6506 Description
The scan detected that the host is missing the following update: FEDORA-2015-13664
Observation
Updates often remediate critical security problems that should be quickly addressed. For more information see:
http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165163.html Fedora Core 21
rt-4.2.12-1.fc21
88708 - Slackware Linux 14.1 SSA:2015-241-01 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Slackware Patches and Hotfixes Risk Level: Low
CVE: CVE-MAP-NOMATCH Description
The scan detected that the host is missing the following update: SSA:2015-241-01
Observation
Updates often remediate critical security problems that should be quickly addressed. For more information see:
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.356225 Slackware 14.1
x86_64
mozilla-firefox-38.2.1esr-x86_64-1
130264 - Debian Linux 8.0 DSA-3343-1 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Debian Patches and Hotfixes Risk Level: Low
CVE: CVE-MAP-NOMATCH Description
The scan detected that the host is missing the following update: DSA-3343-1
Observation
Updates often remediate critical security problems that should be quickly addressed. For more information see:
http://www.debian.org/security/2015/dsa-3343 Debian 8.0 all php-twig-doc_1.16.2-1+deb8u1 php-twig_1.16.2-1+deb8u1 php5-twig_1.16.2-1+deb8u1
130265 - Debian Linux 7.0, 8.0 DSA-3344-1 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Debian Patches and Hotfixes Risk Level: Low
CVE: CVE-2015-4598, CVE-2015-4643, CVE-2015-4644, CVE-2015-5589, CVE-2015-5590 Description
The scan detected that the host is missing the following update: DSA-3344-1
Observation
Updates often remediate critical security problems that should be quickly addressed. For more information see:
http://www.debian.org/security/2015/dsa-3344 Debian 8.0 all php5_5.6.12+dfsg-0+deb8u1 Debian 7.0 all php5_5.4.44-0+deb7u1
181580 - FreeBSD graphviz Format String Vulnerability (5300711b-4e61-11e5-9ad8-14dae9d210b8)
Category: SSH Module -> NonIntrusive -> FreeBSD Patches and Hotfixes Risk Level: Low
CVE: CVE-MAP-NOMATCH Description
The scan detected that the host is missing the following update:
graphviz -- format string vulnerability (5300711b-4e61-11e5-9ad8-14dae9d210b8) Observation
Updates often remediate critical security problems that should be quickly addressed. For more information see:
http://www.vuxml.org/freebsd/5300711b-4e61-11e5-9ad8-14dae9d210b8.html Affected packages:
189679 - Fedora Linux 23 FEDORA-2015-14229 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: Low
CVE: CVE-MAP-NOMATCH Description
The scan detected that the host is missing the following update: FEDORA-2015-14229
Observation
Updates often remediate critical security problems that should be quickly addressed. For more information see:
http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165023.html Fedora Core 23
pcre-8.37-4.fc23
189682 - Fedora Linux 22 FEDORA-2015-13433 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: Low
CVE: CVE-MAP-NOMATCH Description
The scan detected that the host is missing the following update: FEDORA-2015-13433
Observation
Updates often remediate critical security problems that should be quickly addressed. For more information see:
http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165151.html Fedora Core 22
php-twig-1.20.0-1.fc22
189683 - Fedora Linux 21 FEDORA-2015-13482 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: Low
CVE: CVE-MAP-NOMATCH Description
The scan detected that the host is missing the following update: FEDORA-2015-13482
Observation
Updates often remediate critical security problems that should be quickly addressed. For more information see:
http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165002.html Fedora Core 21
mariadb-10.0.21-1.fc21
189686 - Fedora Linux 21 FEDORA-2015-14033 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: Low
CVE: CVE-MAP-NOMATCH Description
The scan detected that the host is missing the following update: FEDORA-2015-14033
Observation
Updates often remediate critical security problems that should be quickly addressed. For more information see:
http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165161.html Fedora Core 21
maradns-2.0.12-1.fc21
189687 - Fedora Linux 22 FEDORA-2015-14032 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: Low
CVE: CVE-MAP-NOMATCH Description
The scan detected that the host is missing the following update: FEDORA-2015-14032
Observation
Updates often remediate critical security problems that should be quickly addressed. For more information see:
http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165109.html Fedora Core 22
maradns-2.0.12-1.fc22
189688 - Fedora Linux 23 FEDORA-2015-14034 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: Low
CVE: CVE-MAP-NOMATCH Description
FEDORA-2015-14034 Observation
Updates often remediate critical security problems that should be quickly addressed. For more information see:
http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165036.html Fedora Core 23
maradns-2.0.12-1.fc23
189692 - Fedora Linux 23 FEDORA-2015-13463 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: Low
CVE: CVE-MAP-NOMATCH Description
The scan detected that the host is missing the following update: FEDORA-2015-13463
Observation
Updates often remediate critical security problems that should be quickly addressed. For more information see:
http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165134.html Fedora Core 23
php-twig-1.20.0-1.fc23
189693 - Fedora Linux 23 FEDORA-2015-13721 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: Low
CVE: CVE-MAP-NOMATCH Description
The scan detected that the host is missing the following update: FEDORA-2015-13721
Observation
Updates often remediate critical security problems that should be quickly addressed. For more information see:
http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165108.html Fedora Core 23
drupal6-views_bulk_operations-1.17-1.fc23
18904 - Endress+Hauser HART Device DTM Vulnerability
(CATEGORY REQUIRES CREDENTIALS) Risk Level: Low
CVE: CVE-2014-9191 Description
A denial of service vulnerability is present in some versions of Endress+Hauser HART DTM Library. Observation
Endress+Hauser HART DTM Library is used in Endress+Hauser HART Device DTM.
A denial of service vulnerability is present in some versions of Endress+Hauser HART DTM Library. The flaw occurs due to a buffer overflow issue. Successful exploitation could allow an attacker to crash the Field Device Tool (FDT) Frame Application.
18908 - (SOL17189) F5 BIG-IP Apache HTTP Server Vulnerability
Category: SSH Module -> NonIntrusive -> F5 Risk Level: Low
CVE: CVE-2008-0456 Description
A vulnerability is present in some versions of F5 BIG-IP products. Observation
F5's BIG-IP product is a network appliance that runs F5's Traffic Management Operating System.
A vulnerability is present in some versions of F5 BIG-IP products. The flaw lies in the mod_negotiation module in the Apache HTTP Server. Successful exploitation could allow an attacker to affect integrity of other users.
ENHANCED CHECKS
The following checks have been updated. Enhancements may include optimizations, changes that reflect new information on a vulnerability and anything else that improves upon an existing FSL check.
10672 - GIGABYTE Dldrv2 ActiveX Control Multiple Vulnerabilities Category: Windows Host Assessment -> Miscellaneous
(CATEGORY REQUIRES CREDENTIALS) Risk Level: High
CVE: CVE-2010-1517, CVE-2010-1518 Update Details
Recommendation is updated
181396 - FreeBSD mozilla Multiple Vulnerabilities (d9b43004-f5fd-4807-b1d7-dbf66455b244) Category: SSH Module -> NonIntrusive -> FreeBSD Patches and Hotfixes
Risk Level: High
CVE: 2011-3079, 2015-0797, 2015-0833, 2015-2708, 2015-2709, 2015-2710, 2015-2711, CVE-2015-2712, CVE-2015-2713, CVE-2015-2714, CVE-2015-2715, CVE-2015-2716, CVE-2015-2717, CVE-2015-2718, CVE-2015-2720, CVE-2015-4496
Update Details CVE is updated
662 - Finger Backdoor
Category: General Vulnerability Assessment -> NonIntrusive -> UNIX Risk Level: High
CVE: CVE-2000-0128 Update Details
Documentation is updated
663 - Finger Command Execution
Category: General Vulnerability Assessment -> NonIntrusive -> UNIX Risk Level: High
CVE: CVE-2000-0128 Update Details
Documentation is updated
5899 - Creative Software AutoUpdate Engine ActiveX Control Stack Overflow Category: Windows Host Assessment -> Miscellaneous
(CATEGORY REQUIRES CREDENTIALS) Risk Level: High
CVE: CVE-2008-0955 Update Details
Recommendation is updated
9743 - FutureSoft TFTP Server 2000 Remote Denial Of Service Vulnerability Category: General Vulnerability Assessment -> Instrusive -> Miscellaneous Risk Level: High
CVE: CVE-MAP-NOMATCH Update Details
Recommendation is updated
15780 - EATON VURemote Denial of Service Category: Windows Host Assessment -> SCADA (CATEGORY REQUIRES CREDENTIALS) Risk Level: High
CVE: CVE-MAP-NOMATCH Update Details
Recommendation is updated
15905 - FirebirdSQL Firebird Null Pointer Denial of Service I Category: Windows Host Assessment -> Miscellaneous
Risk Level: High
CVE: CVE-MAP-NOMATCH Update Details
Recommendation is updated
16258 - Eaton Network Shutdown Module Pi3Web WebServer Denial of Service Category: General Vulnerability Assessment -> NonIntrusive -> SCADA
Risk Level: High
CVE: CVE-MAP-NOMATCH Update Details
Recommendation is updated
16445 - Delta Electronics WPLSoft DVPSimulator.exe Buffer Overflow Remote Code Execution Category: General Vulnerability Assessment -> Instrusive -> SCADA
Risk Level: High
CVE: CVE-MAP-NOMATCH Update Details
Recommendation is updated
16628 - FrameFlow Server Monitor Unspecified Defect Denial Of Service Category: Windows Host Assessment -> SCADA
(CATEGORY REQUIRES CREDENTIALS) Risk Level: High
CVE: CVE-MAP-NOMATCH Update Details
Recommendation is updated
17353 - Emerson ROCLINK 800 arpro2.dll ActiveX Control Remote Code Execution Category: Windows Host Assessment -> SCADA
(CATEGORY REQUIRES CREDENTIALS) Risk Level: High
CVE: CVE-MAP-NOMATCH Update Details
Recommendation is updated
18063 - Cogent DataHub Web Server Gamma Injection Remote Code Execution Category: General Vulnerability Assessment -> Instrusive -> SCADA
Risk Level: High
CVE: CVE-MAP-NOMATCH Update Details
Recommendation is updated
18064 - Cogent DataHub Web Server Gamma Injection Remote Code Execution Category: Windows Host Assessment -> SCADA
(CATEGORY REQUIRES CREDENTIALS) Risk Level: High
CVE: CVE-MAP-NOMATCH Update Details
Recommendation is updated
18210 - Oracle Database Server Critical Patch Update April 2015 Category: SSH Module -> NonIntrusive -> SSH Miscellaneous Risk Level: High
CVE: CVE-2015-0455, CVE-2015-0457, CVE-2015-0479, CVE-2015-0483 Update Details
FASLScript is updated
18689 - Oracle Database Server Critical Patch Update July 2015 Category: SSH Module -> NonIntrusive -> SSH Miscellaneous Risk Level: High
CVE: CVE-2015-0468, CVE-2015-2595, CVE-2015-2599, CVE-2015-2629, CVE-2015-4740, CVE-2015-4753, CVE-2015-4755 Update Details
FASLScript is updated
18846 - (MS15-093) Microsoft Internet Explorer Memory Corruption Remote Code Execution (3088903) Category: Windows Host Assessment -> Patches and Hotfixes
(CATEGORY REQUIRES CREDENTIALS) Risk Level: High
CVE: CVE-2015-2502 Update Details
Name is updated
934 - csMailto.cgi Command Execution
Category: General Vulnerability Assessment -> NonIntrusive -> Web Server Risk Level: High
CVE: CVE-2002-0749 Update Details
Recommendation is updated
2548 - RSYNC heap overflow and remote code execution
Risk Level: High CVE: CVE-2003-0962 Update Details
Observation is updated FASLScript is updated
4319 - GAMSoft TelSrv Long Username Denial of Service Category: General Vulnerability Assessment -> Instrusive -> UNIX Risk Level: High
CVE: CVE-1999-0230, CVE-2000-0166, CVE-2000-0480, CVE-2000-0665, CVE-2001-0348 Update Details
Recommendation is updated
9916 - Sendmail SSLV2 Disable Option Not Allowed
Category: General Vulnerability Assessment -> NonIntrusive -> UNIX Risk Level: High
CVE: CVE-2006-7175 Update Details
FASLScript is updated
14154 - EMC AutoStart Remote Code Execution Category: Windows Host Assessment -> Miscellaneous (CATEGORY REQUIRES CREDENTIALS)
Risk Level: High
CVE: CVE-MAP-NOMATCH Update Details
Recommendation is updated
14158 - EMC AlphaStor Remote Code Execution
Category: General Vulnerability Assessment -> NonIntrusive -> Miscellaneous Risk Level: High
CVE: CVE-MAP-NOMATCH Update Details
Recommendation is updated
14260 - CYME Power Engineering ChartFX Client Server ActiveX Control Array Indexing Remote Code Execution Category: Windows Host Assessment -> Miscellaneous
(CATEGORY REQUIRES CREDENTIALS) Risk Level: High
CVE: CVE-MAP-NOMATCH Update Details
Recommendation is updated
17670 - Oracle Database Server Critical Patch Update January 2015 Category: SSH Module -> NonIntrusive -> SSH Miscellaneous
Risk Level: High
CVE: 2014-3566, 2014-6514, 2014-6541, 2014-6567, 2014-6577, 2014-6578, 2015-0370, CVE-2015-0371, CVE-2015-0373
Update Details FASLScript is updated
956 - Compaq Web-Based Management default page
Category: General Vulnerability Assessment -> NonIntrusive -> Web Server Risk Level: High
CVE: CVE-2001-0374 Update Details
Recommendation is updated
4984 - FactoSystem Weblog Multiple SQL Injection Vulnerabilities Category: General Vulnerability Assessment -> NonIntrusive -> Web Server Risk Level: High
CVE: CVE-2002-1499 Update Details
Recommendation is updated
9945 - glFTPd Default Credentials Unauthorized Access Vulnerability Category: General Vulnerability Assessment -> Instrusive -> UNIX
Risk Level: High CVE: CVE-1999-0502 Update Details
Recommendation is updated
13182 - CoCSoft Stream Down Response Buffer Overflow Remote Code Execution Category: Windows Host Assessment -> Miscellaneous
(CATEGORY REQUIRES CREDENTIALS) Risk Level: High
CVE: CVE-2011-5052 Update Details
Recommendation is updated
15423 - DotNetNuke DNNArticle Module "categoryid" SQL Injection Vulnerability Category: General Vulnerability Assessment -> Instrusive -> Web Server
Risk Level: High CVE: CVE-2013-5117 Update Details
Recommendation is updated
91824 - Oracle Enterprise Linux ELSA-2015-1210 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Oracle Enterprise Linux Patches and Hotfixes Risk Level: High
CVE: CVE-2015-1869, CVE-2015-1870, CVE-2015-3142, CVE-2015-3147, CVE-2015-3159, CVE-2015-3315, CVE-2015-5364 Update Details
Risk is updated
181457 - FreeBSD chicken Buffer Overrun In Substring-index[-ci] (e7b7f2b5-177a-11e5-ad33-f8d111029e6a) Category: SSH Module -> NonIntrusive -> FreeBSD Patches and Hotfixes
Risk Level: High CVE: CVE-2014-9651 Update Details
Risk is updated
184910 - Ubuntu Linux 14.04 USN-2690-1 Update Is Not Installed Category: SSH Module -> NonIntrusive -> Ubuntu Patches and Hotfixes Risk Level: High
CVE: CVE-2015-1333, CVE-2015-3290, CVE-2015-3291, CVE-2015-5157 Update Details
Risk is updated
184914 - Ubuntu Linux 14.04 USN-2689-1 Update Is Not Installed Category: SSH Module -> NonIntrusive -> Ubuntu Patches and Hotfixes Risk Level: High
CVE: CVE-2015-1333, CVE-2015-3290, CVE-2015-3291, CVE-2015-5157 Update Details
Risk is updated
184919 - Ubuntu Linux 12.04 USN-2687-1 Update Is Not Installed Category: SSH Module -> NonIntrusive -> Ubuntu Patches and Hotfixes Risk Level: High
CVE: CVE-2015-1333, CVE-2015-3290, CVE-2015-3291, CVE-2015-5157 Update Details
184921 - Ubuntu Linux 14.04 USN-2688-1 Update Is Not Installed Category: SSH Module -> NonIntrusive -> Ubuntu Patches and Hotfixes Risk Level: High
CVE: CVE-2015-1333, CVE-2015-3290, CVE-2015-3291, CVE-2015-5157 Update Details
Risk is updated
184924 - Ubuntu Linux 15.04 USN-2691-1 Update Is Not Installed Category: SSH Module -> NonIntrusive -> Ubuntu Patches and Hotfixes Risk Level: High
CVE: CVE-2015-1333, CVE-2015-3290, CVE-2015-3291, CVE-2015-5157 Update Details
Risk is updated
184931 - Ubuntu Linux 14.04 USN-2700-1 Update Is Not Installed Category: SSH Module -> NonIntrusive -> Ubuntu Patches and Hotfixes Risk Level: High
CVE: CVE-2015-3290, CVE-2015-3291, CVE-2015-5157 Update Details
Risk is updated
184934 - Ubuntu Linux 12.04 USN-2701-1 Update Is Not Installed Category: SSH Module -> NonIntrusive -> Ubuntu Patches and Hotfixes Risk Level: High
CVE: CVE-2015-3290, CVE-2015-3291, CVE-2015-5157 Update Details
Risk is updated
184944 - Ubuntu Linux 12.04 USN-2713-1 Update Is Not Installed Category: SSH Module -> NonIntrusive -> Ubuntu Patches and Hotfixes Risk Level: High
CVE: CVE-2015-3212, CVE-2015-5364, CVE-2015-5366 Update Details
Risk is updated
184954 - Ubuntu Linux 12.04 USN-2714-1 Update Is Not Installed Category: SSH Module -> NonIntrusive -> Ubuntu Patches and Hotfixes Risk Level: High
Update Details Risk is updated
189159 - Fedora Linux 22 FEDORA-2015-5131 Update Is Not Installed Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: High
CVE: CVE-2015-3308 Update Details
Risk is updated
859 - Compaq Survey Utility Anonymous Login
Category: General Vulnerability Assessment -> NonIntrusive -> Web Server Risk Level: Medium
CVE: CVE-1999-0771 Update Details
Recommendation is updated
935 - FormMail.pl Detected
Category: General Vulnerability Assessment -> NonIntrusive -> Web Server Risk Level: Medium
CVE: CVE-2001-0357 Update Details
Recommendation is updated
710 - FTP Brute Force
Category: General Vulnerability Assessment -> Instrusive -> BruteForce Risk Level: Medium
CVE: CVE-1999-0501 Update Details
Documentation is updated
1958 - Efficient Networks 5861 Router NMap Denial-of-Service
Category: General Vulnerability Assessment -> NonIntrusive -> Network Risk Level: Medium
CVE: CVE-2003-1250 Update Details
Recommendation is updated
8317 - Cisco TFTP Server Denial of Service Vulnerability
(CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium
CVE: CVE-MAP-NOMATCH Update Details
Recommendation is updated
9948 - glFTPd ZIP Plugins Multiple Directory Traversal Vulnerabilities
Category: General Vulnerability Assessment -> NonIntrusive -> UNIX Risk Level: Medium
CVE: CVE-2005-0483 Update Details
Recommendation is updated
11722 - Citrix MetaFrame Client Specified Published Applications Enumeration Information Disclosure Vulnerability
Category: General Vulnerability Assessment -> NonIntrusive -> Miscellaneous Risk Level: Medium
CVE: CVE-MAP-NOMATCH Update Details
Recommendation is updated
15134 - D-Link DIR-635 "data" Cross-Site Scripting and Cross-Site Request Forgery Vulnerabilities
Category: Wireless Assessment -> NonIntrusive -> Wireless Risk Level: Medium
CVE: CVE-MAP-NOMATCH Update Details
Recommendation is updated
15230 - Cisco Video Surveillance Operations Manager Help Page Redirection Vulnerability
Category: General Vulnerability Assessment -> NonIntrusive -> Web Server Risk Level: Medium
CVE: CVE-2013-3376 Update Details
Recommendation is updated
16933 - DotNetNuke Multiple Modules Arbitrary File Disclosure Vulnerability
Category: General Vulnerability Assessment -> NonIntrusive -> Web Server Risk Level: Medium
CVE: CVE-MAP-NOMATCH Update Details
17415 - FESTO Robotino View Unspecified Defect Remote Denial of Service
Category: Windows Host Assessment -> SCADA (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium
CVE: CVE-MAP-NOMATCH Update Details
Recommendation is updated
18489 - Google Android Bluetooth Forced Pairing Vulnerability
Category: Wireless Assessment -> NonIntrusive -> Android Risk Level: Medium
CVE: CVE-2014-7914 Update Details
Recommendation is updated Documentation is updated
184945 - Ubuntu Linux 14.04 USN-2718-1 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Ubuntu Patches and Hotfixes Risk Level: Medium
CVE: CVE-2015-3212 Update Details
Risk is updated
184946 - Ubuntu Linux 14.04 USN-2717-1 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Ubuntu Patches and Hotfixes Risk Level: Medium
CVE: CVE-2015-3212 Update Details
Risk is updated
184947 - Ubuntu Linux 14.04 USN-2716-1 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Ubuntu Patches and Hotfixes Risk Level: Medium
CVE: CVE-2015-3212 Update Details
Risk is updated
184950 - Ubuntu Linux 15.04 USN-2719-1 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Ubuntu Patches and Hotfixes Risk Level: Medium
CVE: CVE-2015-3212 Update Details
Risk is updated
184953 - Ubuntu Linux 12.04 USN-2715-1 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Ubuntu Patches and Hotfixes Risk Level: Medium
CVE: CVE-2015-3212 Update Details
Risk is updated
571 - FTP Anonymous User Account ftp Accessible
Category: General Vulnerability Assessment -> NonIntrusive -> Miscellaneous Risk Level: Low
CVE: CVE-1999-0497 Update Details
Documentation is updated
181572 - FreeBSD libpgf Use After Free (9a71953a-474a-11e5-adde-14dae9d210b8)
Category: SSH Module -> NonIntrusive -> FreeBSD Patches and Hotfixes Risk Level: Low
CVE: CVE-2015-6673 Update Details
CVE is updated
91871 - Oracle Enterprise Linux ELSA-2015-3066 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Oracle Enterprise Linux Patches and Hotfixes Risk Level: Low
CVE: CVE-2015-5697 Update Details
Risk is updated
132183 - Oracle VM OVMSA-2015-0113 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Oracle VM Patches and Hotfixes Risk Level: Low
CVE: CVE-2015-5697 Update Details
Risk is updated
Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: Low
CVE: CVE-2015-4037 Update Details
Risk is updated
189460 - Fedora Linux 21 FEDORA-2015-9599 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: Low
CVE: CVE-2015-4037 Update Details
Risk is updated
HOW TO UPDATE
FS1000 APPLIANCE customers should follow the instructions for Enterprise/Professional customers, below. In addition, we strongly urge all appliance customers to authorize and install any Windows Update critical patches. The appliance will auto-download any critical updates but will wait for your explicit authorization before installing.
FOUNDSTONE ENTERPRISE and PROFESSIONAL customers may obtain these new scripts using the FSUpdate Utility by selecting "FoundScan Update" on the help menu. Make sure that you have a valid FSUpdate username and password. The new vulnerability scripts will be automatically included in your scans if you have selected that option by right-clicking the selected vulnerability category and checking the "Run New Checks" checkbox.
MANAGED SERVICE CUSTOMERS already have the newest update applied to their environment. The new vulnerability scripts will be automatically included when your scans are next scheduled, provided the Run New Scripts option has been turned on.
MCAFEE TECHNICAL SUPPORT
ServicePortal: https://mysupport.mcafee.com Multi-National Phone Support available here: http://www.mcafee.com/us/about/contact/index.htmlNon-US customers - Select your country from the list of Worldwide Offices.
This email may contain confidential and privileged material for the sole use of the intended recipient. Any review or distribution by others is strictly prohibited. If you are not the intended recipient please contact the sender and delete all copies.
Copyright 2015 McAfee, Inc.
