OpenVAS - OpenVAS - Open Vulnerability Assessment System Plugins Site

OpenVAS Plugins

Current NVT count: 30717
New NVTs this Month: 173 (Last update: 2013-05-26 06:32:36)
New NVTs last Month: 290
Plugin Set: 201305220842

Newest Plugins

Microsoft Windows Kernel-Mode Drivers Privilege Elevation Vulnerabilities (2840221)

Copyright (C) 2013 SecPod
OID: 1.3.6.1.4.1.25623.1.0.903208
Filename: secpod_ms13-046.nasl
Dependencies: smb_reg_service_pack.nasl

Family: Windows : Microsoft Bulletins

CVE: CVE-2013-1332 CVE-2013-1333 CVE-2013-1334
BID: 59782 59749 59750
CVSS: 7.2
Risk factor : High

Summary: Check for the vulnerable 'Win32k.sys', Ntoskrnl.exe and 'Dxgkrnl.sys' file version"

Overview: This host is missing an important security update according to
Microsoft Bulletin MS13-046.

Vulnerability Insight:
Multiple flaws are due to,
- A race condition error within the DirectX graphics kernel subsystem.
- An unspecified error within the Windows kernel-mode driver (win32k.sys)

Impact:
Successful exploitation will allow remote attackers to gain escalated
privileges or cause buffer overflow and execute arbitrary code.

Impact Level: System

Affected Software/OS:
Microsoft Windows 8
Microsoft Windows Server 2012
Microsoft Windows XP x32 Edition Service Pack 3 and prior
Microsoft Windows XP x64 Edition Service Pack 2 and prior
Microsoft Windows 7 x32/x64 Edition Service Pack 1 and prior
Microsoft Windows 2003 x32/x64 Edition Service Pack 2 and prior
Microsoft Windows Vista x32/x64 Edition Service Pack 2 and prior
Microsoft Windows Server 2008 R2 x64 Edition Service Pack 1 and prior
Microsoft Windows Server 2008 x32/x64 Edition Service Pack 2 and prior

Fix:
Run Windows Update and update the listed hotfixes or download and
update mentioned hotfixes in the advisory from the below link,
https://technet.microsoft.com/en-us/security/bulletin/ms13-046

Microsoft Office Word Remote Code Execution Vulnerability (2830399)

Copyright (C) 2013 SecPod
OID: 1.3.6.1.4.1.25623.1.0.902968
Filename: secpod_winword_ms13-043.nasl
Dependencies: secpod_office_products_version_900032.nasl - gb_smb_windows_detect.nasl

Family: Windows : Microsoft Bulletins

CVE: CVE-2013-1335
BID: 59759
CVSS: 9.3
Risk factor : Critical

Summary: Check for the vulnerable 'Winword.exe' file versions"

Overview: This host is missing a important security update according to
Microsoft Bulletin MS13-043.

Vulnerability Insight:
The flaw is due to an error when parsing Rich Text Format (RTF) data related
to the listoverridecount and can be exploited to corrupt memory.

Impact:
Successful exploitation could allow attackers to execute arbitrary code by
tricking a user into opening a specially crafted word and RTF files.

Impact Level: System/Application

Affected Software/OS:
Microsoft Word 2003 Service Pack 3 and prior

Fix:
Run Windows Update and update the listed hotfixes or download and
update mentioned hotfixes in the advisory from the below link,
http://technet.microsoft.com/en-us/security/bulletin/ms13-043

Microsoft Office Wordview Remote Code Execution Vulnerability (2830399)

Copyright (C) 2013 SecPod
OID: 1.3.6.1.4.1.25623.1.0.902969
Filename: secpod_winwordview_ms13-043.nasl
Dependencies: secpod_office_products_version_900032.nasl - gb_smb_windows_detect.nasl

Family: Windows : Microsoft Bulletins

CVE: CVE-2013-1335
BID: 59759
CVSS: 9.3
Risk factor : Critical

Summary: Check for the vulnerable 'Wordview.Exe' file versions"

Overview: This host is missing a important security update according to
Microsoft Bulletin MS13-043.

Vulnerability Insight:
The flaw is due to an error when parsing Rich Text Format (RTF) data related
to the listoverridecount and can be exploited to corrupt memory.

Impact:
Successful exploitation could allow attackers to execute arbitrary code by
tricking a user into opening a specially crafted word and RTF files.

Impact Level: System/Application

Affected Software/OS:
Microsoft Word Viewer 2003

Fix:
Run Windows Update and update the listed hotfixes or download and
update mentioned hotfixes in the advisory from the below link,
http://technet.microsoft.com/en-us/security/bulletin/ms13-043

Microsoft Visio Information Disclosure Vulnerability (2834692)

Copyright (C) 2013 SecPod
OID: 1.3.6.1.4.1.25623.1.0.902967
Filename: secpod_ms13-044.nasl
Dependencies: secpod_reg_enum.nasl

Family: Windows : Microsoft Bulletins

CVE: CVE-2013-1301
BID: 59765
CVSS: 4.3
Risk factor : Medium

Summary: Check for the vulnerable version of 'visio.exe' file"

Overview: This host is missing an important security update according to
Microsoft Bulletin MS13-044.

Vulnerability Insight:
The flaw is due to an error in the application when parsing XML files with
external entities. This can be exploited to disclose the contents of
arbitrary files.

Impact:
Successful exploitation will allow attackers to disclose potentially
sensitive information.

Impact Level: Application

Affected Software/OS:
Microsoft Visio 2007 Service Pack 3 and prior
Microsoft Visio 2003 Service Pack 3 and prior
Microsoft Visio 2010 Service Pack 1 and prior

Fix:
Run Windows Update and update the listed hotfixes or download and
update mentioned hotfixes in the advisory from the below link,
http://technet.microsoft.com/en-us/security/bulletin/ms13-044

Windows Essentials Information Disclosure Vulnerability (2813707)

Copyright (C) 2013 SecPod
OID: 1.3.6.1.4.1.25623.1.0.903210
Filename: secpod_ms13-045.nasl
Dependencies: gb_windows_live_essentials_detect.nasl

Family: Windows : Microsoft Bulletins

CVE: CVE-2013-0096
CVSS: 5.8
Risk factor : High

Summary: Check for the vulnerable 'wlarp.exe' file version"

Overview: This host is missing an important security update according to
Microsoft Bulletin MS13-045.

Vulnerability Insight:
The flaw is due to insufficient validation of user-supplied input processed
by the Windows Writer component.

Impact:
Successful exploitation allow attackers to overwrite arbitrary files and
could led to launch further attacks.

Impact Level: System/Application

Affected Software/OS:
Windows Essentials 2012 and prior

Fix:
Run Windows Update and update the listed hotfixes or download and
update mentioned hotfixes in the advisory from the below link,
http://technet.microsoft.com/en-us/security/bulletin/ms13-045

Microsoft Internet Explorer Multiple Use After Free Vulnerabilities (2829530)

Copyright (c) 2013 SecPod
OID: 1.3.6.1.4.1.25623.1.0.903307
Filename: secpod_ms13-037.nasl
Dependencies: gb_ms_ie_detect.nasl

Family: Windows : Microsoft Bulletins

CVE: CVE-2013-1297 CVE-2013-0811 CVE-2013-1306 CVE-2013-1307 CVE-2013-1308 CVE-2013-1309 CVE-2013-1310 CVE-2013-1311 CVE-2013-1312 CVE-2013-1313 CVE-2013-2551
BID: 59734 59737 59745 59746 59747 59748 59751 59752 59753 59754 59755 58570
CVSS: 10.0
Risk factor : Critical

Summary: Check for the vulnerable 'Mshtml.dll' file version"

Overview: This host is missing a critical security update according to
Microsoft Bulletin MS13-037.

Vulnerability Insight:
Multiple unspecified use-after-free error occurs when accessing already
freed memory.

Impact:
Successful exploitation will allow attackers to corrupt memory by the
execution of arbitrary code in the context of the current user and gain
access to potentially sensitive information stored in JSON data files.

Impact Level: System/Application

Affected Software/OS:
Microsoft Internet Explorer version 6.x/7.x/8.x/9.x/10.x

Fix:
Run Windows Update and update the listed hotfixes or download and
update mentioned hotfixes in the advisory from the below link,
http://technet.microsoft.com/en-us/security/bulletin/ms13-037

Microsoft Windows HTTP.sys Denial of Service Vulnerability (2829254)

Copyright (C) 2013 SecPod
OID: 1.3.6.1.4.1.25623.1.0.903209
Filename: secpod_ms13-039.nasl
Dependencies: smb_reg_service_pack.nasl

Family: Windows : Microsoft Bulletins

CVE: CVE-2013-1305
CVSS: 5.0
Risk factor : Medium

Summary: Check for the vulnerable 'Http.sys' file version"

Overview: This host is missing an important security update according to
Microsoft Bulletin MS13-039.

Vulnerability Insight:
Flaw is due to an error within the HTTP protocol stack (HTTP.sys) when handling
HTTP headers.

Impact:
Successful exploitation will allow remote attackers to trigger an infinite
loop and cause denial of service condition.

Impact Level: System

Affected Software/OS:
Microsoft Windows 8
Microsoft Windows Server 2012

Fix:
Run Windows Update and update the listed hotfixes or download and
update mentioned hotfixes in the advisory from the below link,
https://technet.microsoft.com/en-us/security/bulletin/ms13-039

Microsoft .NET Framework Authentication Bypass and Spoofing Vulnerabilities (2836440)

Copyright (C) 2013 SecPod
OID: 1.3.6.1.4.1.25623.1.0.903308
Filename: secpod_ms13-040.nasl
Dependencies: secpod_reg_enum.nasl

Family: Windows : Microsoft Bulletins

CVE: CVE-2013-1336 CVE-2013-1337
BID: 59789 59790
CVSS: 7.5
Risk factor : High

Summary: Check for the version of 'System.Security.dll' file"

Overview: This host is missing an important security update according to
Microsoft Bulletin MS13-040.

Vulnerability Insight:
The flaws are due to
- Improper validation of XML signatures by the CLR
- Error within the WCF endpoint authentication mechanism when handling
queries

Impact:
Successful exploitation could allow an attacker to bypass security mechanism
and gain access to restricted endpoint functions.

Impact Level: System/Application

Affected Software/OS:
Microsoft .NET Framework 4
Microsoft .NET Framework 4.5
Microsoft .NET Framework 3.5
Microsoft .NET Framework 3.5.1
Microsoft .NET Framework 2.0 Service Pack 2

Fix:
Run Windows Update and update the listed hotfixes or download and
update mentioned hotfixes in the advisory from the below link,
http://technet.microsoft.com/en-us/security/bulletin/ms13-040

Microsoft Lync Server Remote Code Execution Vulnerability (2834695)

Copyright (C) 2013 SecPod
OID: 1.3.6.1.4.1.25623.1.0.901219
Filename: secpod_ms13-041_lync_server.nasl
Dependencies: smb_reg_service_pack.nasl - secpod_ms_lync_server_detect_win.nasl

Family: Windows : Microsoft Bulletins

CVE: CVE-2013-1302
BID: 59791
CVSS: 9.3
Risk factor : Critical

Summary: Check for the vulnerable 'microsoft.rtc.internal.autodiscover.dll' file versions"

Overview: This host is missing an important security update according to
Microsoft Bulletin MS13-041.

Vulnerability Insight:
A use-after-free error within the Lync control can be exploited to
dereference already freed memory.

Impact:
Successful exploitation could allow an attacker could execute arbitrary
code in the context of the current user by sharing specially crafted
content, such as a file or a program, as a presentation in a Lync or
Communicator session and then convince a user to view or share the
specially crafted content.

Impact Level: System/Application

Affected Software/OS:
Microsoft Lync Server 2013 (Web Components Server)

Fix:
Run Windows Update and update the listed hotfixes or download and
update mentioned hotfixes in the advisory from the below link,
http://technet.microsoft.com/en-us/security/bulletin/ms13-041

Microsoft Office Publisher Remote Code Execution Vulnerability (2830397)

Copyright (C) 2013 SecPod
OID: 1.3.6.1.4.1.25623.1.0.902970
Filename: secpod_ms13-042.nasl
Dependencies: secpod_office_products_version_900032.nasl - gb_smb_windows_detect.nasl

Family: Windows : Microsoft Bulletins

CVE: CVE-2013-1316 CVE-2013-1317 CVE-2013-1318 CVE-2013-1319 CVE-2013-1320 CVE-2013-1321 CVE-2013-1322 CVE-2013-1323 CVE-2013-1327 CVE-2013-1328 CVE-2013-1329
BID: 59761 59762 59764 59766 59763 59767 59768 59769 59770 59771 59772
CVSS: 10.0
Risk factor : Critical

Summary: Check for the vulnerable 'Mspub.exe' file versions"

Overview: This host is missing an important security update according to
Microsoft Bulletin MS13-042.

Vulnerability Insight:
Multiple flaws are due to,
- An unspecified errors when handling array size, return values,
table range data, NULL values.
- An integer overflow vulnerability exists.
- A signedness error exists when parsing certain data, which can be
exploited to corrupt memory.

Impact:
Successful exploitation could allow attackers to execute arbitrary code by
tricking a user into opening a specially crafted publisher files.

Impact Level: System/Application

Affected Software/OS:
Microsoft Publisher 2003 Service Pack 3 and prior
Microsoft Publisher 2007 Service Pack 3 and prior
Microsoft Publisher 2010 Service Pack 1 and prior

Fix:
Run Windows Update and update the listed hotfixes or download and
update mentioned hotfixes in the advisory from the below link,
http://technet.microsoft.com/en-us/security/bulletin/ms13-042

Microsoft Lync Attendee Remote Code Execution Vulnerability (2834695)

Copyright (C) 2013 SecPod
OID: 1.3.6.1.4.1.25623.1.0.902972
Filename: secpod_lync_attendee_ms13-041.nasl
Dependencies: smb_reg_service_pack.nasl - secpod_ms_lync_detect_win.nasl

Family: Windows : Microsoft Bulletins

CVE: CVE-2013-1302
BID: 59791
CVSS: 9.3
Risk factor : Critical

Summary: Check for the vulnerable 'Appshapi.dll' file versions"

Overview: This host is missing an important security update according to
Microsoft Bulletin MS13-041.

Vulnerability Insight:
A use-after-free error within the Lync control can be exploited to
dereference already freed memory.

Impact:
Successful exploitation could allow an attacker could execute arbitrary
code in the context of the current user by sharing specially crafted
content, such as a file or a program, as a presentation in a Lync or
Communicator session and then convince a user to view or share the
specially crafted content.

Impact Level: System/Application

Affected Software/OS:
Microsoft Lync Attendee 2010

Fix:
Run Windows Update and update the listed hotfixes or download and
update mentioned hotfixes in the advisory from the below link,
http://technet.microsoft.com/en-us/security/bulletin/ms13-041

Microsoft Lync Remote Code Execution Vulnerability (2834695)

Copyright (C) 2013 SecPod
OID: 1.3.6.1.4.1.25623.1.0.902971
Filename: secpod_lync_ms13-041.nasl
Dependencies: smb_reg_service_pack.nasl - secpod_ms_lync_detect_win.nasl

Family: Windows : Microsoft Bulletins

CVE: CVE-2013-1302
BID: 59791
CVSS: 9.3
Risk factor : Critical

Summary: Check for the vulnerable 'communicator.exe' file versions"

Overview: This host is missing an important security update according to
Microsoft Bulletin MS13-041.

Vulnerability Insight:
A use-after-free error within the Lync control can be exploited to
dereference already freed memory.

Impact:
Successful exploitation could allow an attacker could execute arbitrary
code in the context of the current user by sharing specially crafted
content, such as a file or a program, as a presentation in a Lync or
Communicator session and then convince a user to view or share the
specially crafted content.

Impact Level: System/Application

Affected Software/OS:
Microsoft Lync 2010
Microsoft Communicator 2007 R2

Fix:
Run Windows Update and update the listed hotfixes or download and
update mentioned hotfixes in the advisory from the below link,
http://technet.microsoft.com/en-us/security/bulletin/ms13-041

WordPress NewsLetter Plugin Cross Site Scripting Vulnerability

This script is Copyright (C) 2013 Greenbone Networks GmbH
OID: 1.3.6.1.4.1.25623.1.0.803493
Filename: gb_wordpress_newsletter_xss_vuln.nasl
Dependencies: secpod_wordpress_detect_900182.nasl

Family: Web application abuses

CVSS: 4.3
Risk factor : Medium

Summary: Check if WordPress Newsletter Plugin is vulnerable to XSS"

Overview: This host is running WordPress with NewsLetter plugin and is
prone to cross site scripting vulnerability.

Vulnerability Insight:
The input passed via 'alert' parameters to
'/wp-content/plugins/newsletter/subscription/page.php' script is
not properly sanitised before being returned to the user.

Impact:
Successful exploitation will allow remote attackers to insert arbitrary HTML
and script code, which will be executed in a user's browser session in the
context of an affected site.

Impact Level: Application

Affected Software/OS:
Wordpress Newsletter Plugin 3.2.6 and prior

Fix: Upgrade to Wordpress Newsletter Plugin version 3.2.7 or later,
For updates refer to http://wordpress.org/extend/plugins/newsletter

WordPress wp-FileManager Plugin File Download Vulnerability

This script is Copyright (C) 2013 Greenbone Networks GmbH
OID: 1.3.6.1.4.1.25623.1.0.803492
Filename: gb_wordpress_wp_filemanager_file_dwnld_vuln.nasl
Dependencies: secpod_wordpress_detect_900182.nasl

Family: Web application abuses

CVSS: 4.3
Risk factor : Medium

Summary: Check for file download vulnerability in WordPress wp-FileManager Plugin"

Overview: This host is running WordPress with wp-FileManager plugin and is
prone to file download vulnerability.

Vulnerability Insight:
The input passed via 'path' parameter to
'wordpress/wp-content/plugins/wp-filemanager/incl/libfile.php' script is
not properly validating '../'(dot dot) sequences before being returned
to the user.

Impact:
Successful exploitation will allow remote attackers to download and
read arbitrary files on the affected application.

Impact Level: Application

Affected Software/OS:
Wordpress wp-FileManager Plugin before 1.4.0

Fix: Upgrade to version 1.4.0 or later,
For updates refer to http://wordpress.org/extend/plugins/wp-filemanager

ZyXEL ZyWALL Web Configurator Authentication Bypass Vulnerability

Copyright (c) 2013 Greenbone Networks GmbH
OID: 1.3.6.1.4.1.25623.1.0.803199
Filename: gb_zyxel_zywall_web_config_auth_bypass_vuln.nasl

Family: Privilege escalation

CVSS: 10.0
Risk factor : Critical

Summary: Try to login with the default user credentials"

Overview: This host is running ZyXEL ZyWALL Web Configurator and prone to
authentication bypass vulnerability.

Vulnerability Insight:
By default, ZyXEL ZyWALL installs with default user credentials
(username/password combination). The web configurator account has a
password of '1234', which is publicly known and documented. This allows
remote attackers to trivially access the program or system and gain
privileged access.

Impact:
Successful exploitation will allow attackers to gain administrative access,
circumventing existing authentication mechanisms.

Impact Level: Application

Affected Software:
ZyXEL ZyWALL

Fix: No solution or patch is available as of 14th May, 2013. Information
regarding this issue will updated once the solution details are available.
For updates refer to http://www.zyxel.com/

VMAX Web Viewer Default Credentials Authentication Bypass Vulnerability

Copyright (c) 2013 Greenbone Networks GmbH
OID: 1.3.6.1.4.1.25623.1.0.803198
Filename: gb_vmax_web_viewer_auth_bypass_vuln.nasl

Family: Privilege escalation

CVSS: 10.0
Risk factor : Critical

Summary: Try to login with the default user credentials"

Overview: This host is running VMAX Web Viewer and prone to authentication
bypass vulnerability.

Vulnerability Insight:
By default, Digital Watchdog VMAX Viewer installs with default user credentials
(username/password combination). The 'admin' account has no password, which is
publicly known and documented. This allows remote attackers to trivially access
the program or system and gain privileged access.

Impact:
Successful exploitation will allow attackers to gain administrative access,
circumventing existing authentication mechanisms.

Impact Level: Application

Affected Software:
Digital Watchdog VMAX Viewer

Fix: No solution or patch is available as of 14th May, 2013. Information
regarding this issue will updated once the solution details are available.
For updates refer to http://dwcc.tv/00_main/main.asp

WHMCS SQL Injection Vulnerability

Family: Web application abuses

CVSS: 7.5
Risk factor : High

Summary: Check if WHMCS is vulnerable to sql injection"

Overview: This host is installed with WHMCS and is prone to sql injection
vulnerability.

Vulnerability Insight:
Flaw is due to improper sanitation of user supplied input via the 'id'
parameter to '/whmcs/dl.php' script.

Impact:
Successful exploitation will allow remote attackers to disclose credentials
or manipulate SQL queries by injecting arbitrary SQL code.

Impact Level: Application

Affected Software:
WHMCS version 4.5.2 and prior

Fix: Upgrade to WHMCS 5.2 or later,
For updates refer to http://www.whmcs.com

Ubuntu Update for telepathy-idle USN-1821-1

Copyright (c) 2013 Greenbone Networks GmbH
OID: 1.3.6.1.4.1.25623.1.0.841422
Filename: gb_ubuntu_USN_1821_1.nasl
Dependencies: gather-package-list.nasl

Family: Ubuntu Local Security Checks

CVE: CVE-2007-6746
CVSS: 4.3
Risk factor : Medium

Summary: Check for the Version of telepathy-idle"

Vulnerability Insight:

It was discovered that telepathy-idle did not perform any server
certificate validation when using SSL connections. If a remote attacker
were able to perform a man-in-the-middle attack, this flaw could be
exploited to alter or compromise confidential information.

Affected Software/OS:
telepathy-idle on Ubuntu 13.04 ,
Ubuntu 12.10 ,
Ubuntu 12.04 LTS

Fix: Please Install the Updated Packages.

RedHat Update for hypervkvpd RHSA-2013:0807-01

Copyright (c) 2013 Greenbone Networks GmbH
OID: 1.3.6.1.4.1.25623.1.0.870992
Filename: gb_RHSA-2013_0807-01_hypervkvpd.nasl
Dependencies: gather-package-list.nasl

Family: Red Hat Local Security Checks

CVE: CVE-2012-5532
CVSS: 4.9
Risk factor : Medium

Summary: Check for the Version of hypervkvpd"

Vulnerability Insight:
The hypervkvpd package contains hypervkvpd, the guest Microsoft Hyper-V
Key-Value Pair (KVP) daemon. The daemon passes basic information to the
host through VMBus, such as the guest IP address, fully qualified domain
name, operating system name, and operating system release number.

A denial of service flaw was found in the way hypervkvpd processed certain
Netlink messages. A local, unprivileged user in a guest (running on
Microsoft Hyper-V) could send a Netlink message that, when processed, would
cause the guest's hypervkvpd daemon to exit. (CVE-2012-5532)

The CVE-2012-5532 issue was discovered by Florian Weimer of the Red Hat
Product Security Team.

This update also fixes the following bug:

* The hypervkvpd daemon did not close the file descriptors for pool files
when they were updated. This could eventually lead to hypervkvpd crashing
with a KVP: Failed to open file, pool: 1 error after consuming all
available file descriptors. With this update, the file descriptors are
closed, correcting this issue. (BZ#953502)

Users of hypervkvpd are advised to upgrade to this updated package, which
contains backported patches to correct these issues. After installing the
update, it is recommended to reboot all guest machines.

Affected Software/OS:
hypervkvpd on Red Hat Enterprise Linux (v. 5 server)

Fix: Please Install the Updated Packages.

RedHat Update for httpd RHSA-2013:0815-01

Copyright (c) 2013 Greenbone Networks GmbH
OID: 1.3.6.1.4.1.25623.1.0.870998
Filename: gb_RHSA-2013_0815-01_httpd.nasl
Dependencies: gather-package-list.nasl

Family: Red Hat Local Security Checks

CVE: CVE-2012-3499 CVE-2012-4558 CVE-2013-1862
CVSS: 4.3
Risk factor : Medium

Summary: Check for the Version of httpd"

Vulnerability Insight:
The Apache HTTP Server is a popular web server.

Cross-site scripting (XSS) flaws were found in the mod_proxy_balancer
module's manager web interface. If a remote attacker could trick a user,
who was logged into the manager web interface, into visiting a
specially-crafted URL, it would lead to arbitrary web script execution in
the context of the user's manager interface session. (CVE-2012-4558)

It was found that mod_rewrite did not filter terminal escape sequences from
its log file. If mod_rewrite was configured with the RewriteLog directive,
a remote attacker could use specially-crafted HTTP requests to inject
terminal escape sequences into the mod_rewrite log file. If a victim viewed
the log file with a terminal emulator, it could result in arbitrary command
execution with the privileges of that user. (CVE-2013-1862)

Cross-site scripting (XSS) flaws were found in the mod_info, mod_status,
mod_imagemap, mod_ldap, and mod_proxy_ftp modules. An attacker could
possibly use these flaws to perform XSS attacks if they were able to make
the victim's browser generate an HTTP request with a specially-crafted Host
header. (CVE-2012-3499)

All httpd users should upgrade to these updated packages, which contain
backported patches to correct these issues. After installing the updated
packages, the httpd daemon will be restarted automatically.

Affected Software/OS:
httpd on Red Hat Enterprise Linux (v. 5 server),
Red Hat Enterprise Linux Desktop (v. 6),
Red Hat Enterprise Linux Server (v. 6),
Red Hat Enterprise Linux Workstation (v. 6)

Fix: Please Install the Updated Packages.

RedHat Update for firefox RHSA-2013:0820-01

Copyright (c) 2013 Greenbone Networks GmbH
OID: 1.3.6.1.4.1.25623.1.0.870995
Filename: gb_RHSA-2013_0820-01_firefox.nasl
Dependencies: gather-package-list.nasl

Family: Red Hat Local Security Checks

CVE: CVE-2013-0801 CVE-2013-1670 CVE-2013-1674 CVE-2013-1675 CVE-2013-1676 CVE-2013-1677 CVE-2013-1678 CVE-2013-1679 CVE-2013-1680 CVE-2013-1681
CVSS: 10.0
Risk factor : Critical

Summary: Check for the Version of firefox"

Vulnerability Insight:
Mozilla Firefox is an open source web browser. XULRunner provides the XUL
Runtime environment for Mozilla Firefox.

Several flaws were found in the processing of malformed web content. A web
page containing malicious content could cause Firefox to crash or,
potentially, execute arbitrary code with the privileges of the user running
Firefox. (CVE-2013-0801, CVE-2013-1674, CVE-2013-1675, CVE-2013-1676,
CVE-2013-1677, CVE-2013-1678, CVE-2013-1679, CVE-2013-1680, CVE-2013-1681)

A flaw was found in the way Firefox handled Content Level Constructors. A
malicious site could use this flaw to perform cross-site scripting (XSS)
attacks. (CVE-2013-1670)

Red Hat would like to thank the Mozilla project for reporting these issues.
Upstream acknowledges Christoph Diehl, Christian Holler, Jesse Ruderman,
Timothy Nikkel, Jeff Walden, Nils, Ms2ger, Abhishek Arya, and Cody Crews
as the original reporters of these issues.

For technical details regarding these flaws, refer to the Mozilla security
advisories for Firefox 17.0.6 ESR. You can find a link to the Mozilla
advisories in the References section of this erratum.

All Firefox users should upgrade to these updated packages, which contain
Firefox version 17.0.6 ESR, which corrects these issues. After installing
the update, Firefox must be restarted for the changes to take effect.

Affected Software/OS:
firefox on Red Hat Enterprise Linux (v. 5 server),
Red Hat Enterprise Linux Desktop (v. 6),
Red Hat Enterprise Linux Server (v. 6),
Red Hat Enterprise Linux Workstation (v. 6)

Fix: Please Install the Updated Packages.

RedHat Update for thunderbird RHSA-2013:0821-01

Copyright (c) 2013 Greenbone Networks GmbH
OID: 1.3.6.1.4.1.25623.1.0.870996
Filename: gb_RHSA-2013_0821-01_thunderbird.nasl
Dependencies: gather-package-list.nasl

Family: Red Hat Local Security Checks

CVE: CVE-2013-0801 CVE-2013-1670 CVE-2013-1674 CVE-2013-1675 CVE-2013-1676 CVE-2013-1677 CVE-2013-1678 CVE-2013-1679 CVE-2013-1680 CVE-2013-1681
CVSS: 10.0
Risk factor : Critical

Summary: Check for the Version of thunderbird"

Vulnerability Insight:
Mozilla Thunderbird is a standalone mail and newsgroup client.

Several flaws were found in the processing of malformed content. Malicious
content could cause Thunderbird to crash or, potentially, execute arbitrary
code with the privileges of the user running Thunderbird. (CVE-2013-0801,
CVE-2013-1674, CVE-2013-1675, CVE-2013-1676, CVE-2013-1677, CVE-2013-1678,
CVE-2013-1679, CVE-2013-1680, CVE-2013-1681)

A flaw was found in the way Thunderbird handled Content Level Constructors.
Malicious content could use this flaw to perform cross-site scripting (XSS)
attacks. (CVE-2013-1670)

Red Hat would like to thank the Mozilla project for reporting these issues.
Upstream acknowledges Christoph Diehl, Christian Holler, Jesse Ruderman,
Timothy Nikkel, Jeff Walden, Nils, Ms2ger, Abhishek Arya, and Cody Crews as
the original reporters of these issues.

Note: All of the above issues cannot be exploited by a specially-crafted
HTML mail message as JavaScript is disabled by default for mail messages.
They could be exploited another way in Thunderbird, for example, when
viewing the full remote content of an RSS feed.

All Thunderbird users should upgrade to this updated package, which
contains Thunderbird version 17.0.6 ESR, which corrects these issues. After
installing the update, Thunderbird must be restarted for the changes to
take effect.

Affected Software/OS:
thunderbird on Red Hat Enterprise Linux Desktop (v. 6),
Red Hat Enterprise Linux Workstation (v. 6)

Fix: Please Install the Updated Packages.

RedHat Update for openswan RHSA-2013:0827-01

Copyright (c) 2013 Greenbone Networks GmbH
OID: 1.3.6.1.4.1.25623.1.0.870997
Filename: gb_RHSA-2013_0827-01_openswan.nasl
Dependencies: gather-package-list.nasl

Family: Red Hat Local Security Checks

CVE: CVE-2013-2053
CVSS: 7.5
Risk factor : High

Summary: Check for the Version of openswan"

Vulnerability Insight:
Openswan is a free implementation of Internet Protocol Security (IPsec)
and Internet Key Exchange (IKE). IPsec uses strong cryptography to provide
both authentication and encryption services. These services allow you to
build secure tunnels through untrusted networks. When using Opportunistic
Encryption, Openswan's pluto IKE daemon requests DNS TXT records to obtain
public RSA keys of itself and its peers.

A buffer overflow flaw was found in Openswan. If Opportunistic Encryption
were enabled (oe=yes in /etc/ipsec.conf) and an RSA key configured, an
attacker able to cause a system to perform a DNS lookup for an
attacker-controlled domain containing malicious records (such as by sending
an email that triggers a DKIM or SPF DNS record lookup) could cause
Openswan's pluto IKE daemon to crash or, potentially, execute arbitrary
code with root privileges. With oe=yes but no RSA key configured, the
issue can only be triggered by attackers on the local network who can
control the reverse DNS entry of the target system. Opportunistic
Encryption is disabled by default. (CVE-2013-2053)

This issue was discovered by Florian Weimer of the Red Hat Product Security
Team.

All users of openswan are advised to upgrade to these updated packages,
which contain backported patches to correct this issue. After installing
this update, the ipsec service will be restarted automatically.

Affected Software/OS:
openswan on Red Hat Enterprise Linux (v. 5 server),
Red Hat Enterprise Linux Desktop (v. 6),
Red Hat Enterprise Linux Server (v. 6),
Red Hat Enterprise Linux Workstation (v. 6)

Fix: Please Install the Updated Packages.

RedHat Update for kernel RHSA-2013:0830-01

Copyright (c) 2013 Greenbone Networks GmbH
OID: 1.3.6.1.4.1.25623.1.0.870993
Filename: gb_RHSA-2013_0830-01_kernel.nasl
Dependencies: gather-package-list.nasl

Family: Red Hat Local Security Checks

CVE: CVE-2013-2094
CVSS: 7.2
Risk factor : High

Summary: Check for the Version of kernel"

Vulnerability Insight:
The kernel packages contain the Linux kernel, the core of any Linux
operating system.

This update fixes the following security issue:

* It was found that the Red Hat Enterprise Linux 6.1 kernel update
(RHSA-2011:0542) introduced an integer conversion issue in the Linux
kernel's Performance Events implementation. This led to a user-supplied
index into the perf_swevent_enabled array not being validated properly,
resulting in out-of-bounds kernel memory access. A local, unprivileged user
could use this flaw to escalate their privileges. (CVE-2013-2094,
Important)

A public exploit that affects Red Hat Enterprise Linux 6 is available.

Refer to Red Hat Knowledge Solution 373743, linked to in the References,
for further information and mitigation instructions for users who are
unable to immediately apply this update.

Users should upgrade to these updated packages, which contain a backported
patch to correct this issue. The system must be rebooted for this update to
take effect.

4. Solution:

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/knowledge/articles/11258

To install kernel packages manually, use rpm -ivh [package]. Do not
use rpm -Uvh as that will remove the running kernel binaries from
your system. You may use rpm -e to remove old kernels after
determining that the new kernel functions properly on your system.

5. Bugs fixed (http://bugzilla.redhat.com):

962792 - CVE-2013-2094 kernel: perf_swevent_enabled array out-of-bound access

6. Package List:

Red Hat Enterprise Linux Desktop (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/kernel-2.6.32-358.6.2.el6.src.rpm

i386:
kernel-2.6.32-358.6.2.el6.i686.rpm
kernel-debug-2.6.32-358.6.2.el6.i686.rpm
kernel-debug-debuginfo-2.6.32-358.6.2.el6.i686.rpm
kernel-debug-devel-2.6.32-358.6.2.el6.i686.rpm
kernel-debuginfo-2. ...

Description truncated, for more information please check the Reference URL

Affected Software/OS:
kernel on Red Hat Enterprise Linux Desktop (v. 6),
Red Hat Enterprise Linux Server (v. 6),
Red Hat Enterprise Linux Workstation (v. 6)

Fix: Please Install the Updated Packages.

RedHat Update for libvirt RHSA-2013:0831-01

Copyright (c) 2013 Greenbone Networks GmbH
OID: 1.3.6.1.4.1.25623.1.0.870994
Filename: gb_RHSA-2013_0831-01_libvirt.nasl
Dependencies: gather-package-list.nasl

Family: Red Hat Local Security Checks

CVE: CVE-2013-1962
CVSS: 7.5
Risk factor : High

Summary: Check for the Version of libvirt"

Vulnerability Insight:
The libvirt library is a C API for managing and interacting with the
virtualization capabilities of Linux and other operating systems. In
addition, libvirt provides tools for remote management of virtualized
systems.

It was found that libvirtd leaked file descriptors when listing all volumes
for a particular pool. A remote attacker able to establish a read-only
connection to libvirtd could use this flaw to cause libvirtd to consume all
available file descriptors, preventing other users from using libvirtd
services (such as starting a new guest) until libvirtd is restarted.
(CVE-2013-1962)

Red Hat would like to thank Edoardo Comar of IBM for reporting this issue.

This update also fixes the following bugs:

* Previously, libvirt made control group (cgroup) requests on files that
it should not have. With older kernels, such nonsensical cgroup requests
were ignored; however, newer kernels are stricter, resulting in libvirt
logging spurious warnings and failures to the libvirtd and audit logs. The
audit log failures displayed by the ausearch tool were similar to the
following:

root [date] - failed cgroup allow path rw /dev/kqemu

With this update, libvirt no longer attempts the nonsensical cgroup
actions, leaving only valid attempts in the libvirtd and audit logs (making
it easier to search for real cases of failure). (BZ#958837)

* Previously, libvirt used the wrong variable when constructing audit
messages. This led to invalid audit messages, causing ausearch to format
certain entries as having path=(null) instead of the correct path. This
could prevent ausearch from locating events related to cgroup device ACL
modifications for guests managed by libvirt. With this update, the audit
messages are generated correctly, preventing loss of audit coverage.
(BZ#958839)

All users of libvirt are advised to upgrade to these updated packages,
which contain backported patches to correct these issues. After installing
the updated packages, libvirtd will be restarted automatically.

Affected Software/OS:
libvirt on Red Hat Enterprise Linux Desktop (v. 6),
Red Hat Enterprise Linux Server (v. 6),
Red Hat Enterprise Linux Workstation (v. 6)

Fix: Please Install the Updated Packages.

op5 Monitor Multiple Information Disclosure and Security Bypass Vulnerabilities

This script is Copyright (C) 2013 Greenbone Networks GmbH
OID: 1.3.6.1.4.1.25623.1.0.103712
Filename: gb_op5_monitor_59880.nasl
Dependencies: gb_op5_detect.nasl

Family: Web application abuses

BID: 59880
CVSS: 9.0
Risk factor : Critical

Summary: Determine if op5 monitor version is < 6.1.0"

Overview:
op5 Monitor is prone to multiple information-disclosure and security-
bypass vulnerabilities.

An attacker may exploit these issues to obtain sensitive information
and bypass certain security restrictions.

op5 Monitor versions prior to 6.1.0 are vulnerable.

Solution:
Updates are available. Please see the references or vendor advisory
for more information.

Joomla S5 Clan Roster com_s5clanroster id Parameter SQL Injection Vulnerability

This script is Copyright (C) 2013 Greenbone Networks GmbH
OID: 1.3.6.1.4.1.25623.1.0.103713
Filename: gb_joomla_54932.nasl
Dependencies: joomla_detect.nasl

Family: Web application abuses

CVSS: 8.5
Risk factor : Critical

Summary: Determine if it is possible to inject SQL code"

Overview:
The S5 Clan Roster component for Joomla is prone to an SQL-injection
vulnerability because it fails to sufficiently sanitize user-supplied
data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the
application, access or modify data, or exploit latent vulnerabilities
in the underlying database.

Fedora Update for clamav FEDORA-2013-8047

Copyright (c) 2013 Greenbone Networks GmbH
OID: 1.3.6.1.4.1.25623.1.0.865619
Filename: gb_fedora_2013_8047_clamav_fc18.nasl
Dependencies: gather-package-list.nasl