Issue
-----
NVT: SSH Weak MAC Algorithms Supported
OID: 1.3.6.1.4.1.25623.1.0.105610
Threat: Low (CVSS: 2.6)
Port: 22/tcp
Summary:
The remote SSH server is configured to allow weak MD5 and/or 96-bit MAC algorith!
ms.
Vulnerability Detection Result:
The following weak client-to-server MAC algorithms are supported by the remote s!
ervice:
hmac-md5
hmac-md5-96
hmac-sha1-96
The following weak server-to-client MAC algorithms are supported by the remote s!
ervice:
hmac-md5
hmac-md5-96
hmac-sha1-96
Solution:
Solution type: Mitigation
Disable the weak MAC algorithms.
Vulnerability Detection Method:
Details:
SSH Weak MAC Algorithms Supported
(OID: 1.3.6.1.4.1.25623.1.0.105610)
Version used: $Revision: 4490 $
Issue
-----
NVT: Subversion Binary Delta Processing Multiple Integer Overflow Vulnerabilities
OID: 1.3.6.1.4.1.25623.1.0.101104
Threat: High (CVSS: 8.5)
Port: general/tcp
Product detection result: cpe:/a:subversion:subversion:1
Detected by: Subversion Version Detection (OID: 1.3.6.1.4.1.25623.1.0.101103)
Summary:
The host is installed with Subversion and is prone to
multiple Integer Overflow Vulnerabilities.
Vulnerability Detection Result:
Installed version:
Fixed version: 1.5.7/1.6.4
Impact:
Attackers can exploit these issues to compromise an application using the librar!
y
or crash the application, resulting into a denial of service conditions.
Impact Level: Application
Solution:
Solution type: VendorFix
Apply the patch or Upgrade to Subversion version 1.5.7 or 1.6.4
http://subversion.tigris.org/security/CVE-2009-2411-advisory.txt
http://subversion.tigris.org/project_packages.html
*****
NOTE: Please ignore this warning if the patch is applied.
*****
Affected Software/OS:
Subversion version 1.5.6 and prior
Subversion version 1.6.0 through 1.6.3
Vulnerability Insight:
The flaws are due to input validation errors in the processing of svndiff
streams in the 'libsvn_delta' library.
Vulnerability Detection Method:
Details:
Subversion Binary Delta Processing Multiple Integer Overflow Vulnerabilities
(OID: 1.3.6.1.4.1.25623.1.0.101104)
Version used: $Revision: 5122 $
Product Detection Result:
Product:cpe:/a:subversion:subversion:1
Method:Subversion Version Detection
(OID: 1.3.6.1.4.1.25623.1.0.101103)
References:
CVE: CVE-2009-2411
BID: 35983
CERT: DFN-CERT-2009-1133
, DFN-CERT-2009-1099
, DFN-CERT-2009-1098
, DFN-CERT-2009-1092
, DFN-CERT-2009-1089
Other:
http://secunia.com/advisories/36184/
http://securitytracker.com/alerts/2009/Aug/1022697.html
http://subversion.tigris.org/security/CVE-2009-2411-advisory.txt
Issue
-----
NVT: Subversion Version Detection
OID: 1.3.6.1.4.1.25623.1.0.101103
Threat: Log (CVSS: 0.0)
Port: general/tcp
Summary:
Detection of installed version of Subversion.
The script logs in via ssh, searches for executable 'svnversion' and
queries the found executables via command line option '--version'.
Vulnerability Detection Result:
Detected Subversion version: 1
Location: /usr/local/bin/svnversion
stderr
CPE: cpe:/a:subversion:subversion:1
Concluded from version identification result:
exported
stderr is not a tty - where are you?
/bin/sh: line 1: stderr: command not found
Log Method:
Details:
Subversion Version Detection
(OID: 1.3.6.1.4.1.25623.1.0.101103)
Version used: $Revision: 2833 $
Issue
-----
NVT: Subversion Version Detection
OID: 1.3.6.1.4.1.25623.1.0.101103
Threat: Log (CVSS: 0.0)
Port: general/tcp
Summary:
Detection of installed version of Subversion.
The script logs in via ssh, searches for executable 'svnversion' and
queries the found executables via command line option '--version'.
Vulnerability Detection Result:
Detected Subversion version: 5.97
Location: tty
CPE: cpe:/a:subversion:subversion:5.97
Concluded from version identification result:
tty (GNU coreutils) 5.97
Copyright (C) 2006 Free Software Foundation, Inc.
This is free software. You may redistribute copies of it under the terms of
the GNU General Public License <http://www.gnu.org/licenses/gpl.html>.
There is NO WARRANTY, to the extent permitted by law.
Written by David MacKenzie.
stderr is not a tty - where are you?
Log Method:
Details:
Subversion Version Detection
(OID: 1.3.6.1.4.1.25623.1.0.101103)
Version used: $Revision: 2833 $
Issue
-----
NVT: Sun Java JDK/JRE Multiple Vulnerabilities - Aug09
OID: 1.3.6.1.4.1.25623.1.0.800867
Threat: High (CVSS: 10.0)
Port: general/tcp
Summary:
This host is installed with Sun Java JDK/JRE and is prone to
multiple vulnerabilities.
Vulnerability Detection Result:
Vulnerability was detected according to the Vulnerability Detection Method.
Impact:
Successful exploitation could allows remote attacker to gain privileges via
untrusted applet or Java Web Start application in the context of the affected
system.
Impact Level: System/Application
Solution:
Upgrade to JDK/JRE version 6 Update 15 or 5 Update 20
http://java.sun.com/javase/downloads/index.jsp
http://java.sun.com/javase/downloads/index_jdk5.jsp
or
Apply the patch from below link,
http://sunsolve.sun.com/search/document.do?assetkey=1-21-125136-16-1
http://sunsolve.sun.com/search/document.do?assetkey=1-21-125139-16-1
http://sunsolve.sun.com/search/document.do?assetkey=1-21-118667-22-1
*****
NOTE: Ignore this warning if above mentioned patch is already applied.
*****
Affected Software/OS:
Sun Java JDK/JRE version 6 before Update 15 or 5.0 before Update 20
Vulnerability Insight:
Refer to the reference links for more information on the vulnerabilities.
Vulnerability Detection Method:
Details:
Sun Java JDK/JRE Multiple Vulnerabilities - Aug09
(OID: 1.3.6.1.4.1.25623.1.0.800867)
Version used: $Revision: 4869 $
References:
CVE: CVE-2009-2670, CVE-2009-2671, CVE-2009-2672, CVE-2009-2673, CVE-2009-2675, CVE-2009-2475, CVE-2009-2689
BID: 35939, 35943, 35944
CERT: DFN-CERT-2010-0144
, DFN-CERT-2009-1609
, DFN-CERT-2009-1581
, DFN-CERT-2009-1552
, DFN-CERT-2009-1492
, DFN-CERT-2009-1452
, DFN-CERT-2009-1213
, DFN-CERT-2009-1167
, DFN-CERT-2009-1090
, DFN-CERT-2009-1080
, DFN-CERT-2009-1078
, DFN-CERT-2009-1077
, DFN-CERT-2009-1073
, DFN-CERT-2009-1059
, DFN-CERT-2009-1056
, DFN-CERT-2009-1055
Other:
http://secunia.com/advisories/36159
http://secunia.com/advisories/36162
http://secunia.com/advisories/36180
http://secunia.com/advisories/36199
http://java.sun.com/javase/6/webnotes/6u15.html
http://java.sun.com/j2se/1.5.0/ReleaseNotes.html
http://sunsolve.sun.com/search/document.do?assetkey=1-66-263408-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-263409-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-263488-1
Issue
-----
NVT: Sun Java JDK/JRE Multiple Vulnerabilities - Nov09 (Linux)
OID: 1.3.6.1.4.1.25623.1.0.800975
Threat: High (CVSS: 9.3)
Port: general/tcp
Summary:
This host is installed with Sun Java JDK/JRE and is prone to
multiple vulnerabilities.
Vulnerability Detection Result:
Vulnerability was detected according to the Vulnerability Detection Method.
Impact:
Successful exploitation allows remote attacker to execute arbitrary code,
gain escalated privileges, bypass security restrictions and cause denial
of service attacks inside the context of the affected system.
Impact Level: System/Application.
Solution:
Solution type: VendorFix
Upgrade to JDK/JRE version 6 Update 17 or later,
http://java.sun.com/javase/downloads/index.jsp
OR
Upgrade to JDK/JRE version 5 Update 22
http://java.sun.com/javase/downloads/index_jdk5.jsp
OR
Upgrade to JDK/JRE version 1.4.2_24
http://java.sun.com/j2se/1.4.2/download.html
OR
Upgrade to JDK/JRE version 1.3.1_27
http://java.sun.com/j2se/1.3/download.html
Affected Software/OS:
Sun Java JDK/JRE 6 prior to 6 Update 17
Sun Java JDK/JRE 5 prior to 5 Update 22
Sun Java JDK/JRE 1.4.x prior to 1.4.2_24
Sun Java JDK/JRE 1.3.x prior to 1.3.1_27 on Linux.
Vulnerability Insight:
Multiple flaws occur due to,
- Error when decoding 'DER' encoded data and parsing HTTP headers.
- Error when verifying 'HMAC' digests.
- Integer overflow error in the 'JPEG JFIF' Decoder while processing
malicious image files.
- A buffer overflow error in the 'setDiffICM()' and 'setBytePixels()'
functions in the Abstract Window Toolkit (AWT).
- Unspecified error due to improper parsing of color profiles of images.
- A buffer overflow error due to improper implementation of the
'HsbParser.getSoundBank()' function.
- Three unspecified errors when processing audio or image files.
Vulnerability Detection Method:
Details:
Sun Java JDK/JRE Multiple Vulnerabilities - Nov09 (Linux)
(OID: 1.3.6.1.4.1.25623.1.0.800975)
Version used: $Revision: 4869 $
References:
CVE: CVE-2009-3877, CVE-2009-3876, CVE-2009-3875, CVE-2009-3873, CVE-2009-3874, CVE-2009-3872, CVE-2009-3871, CVE-2009-3869, CVE-2009-3868, CVE-2009-3867
BID: 36881
CERT: DFN-CERT-2012-1377
, DFN-CERT-2011-1420
, DFN-CERT-2010-0603
, DFN-CERT-2010-0176
, DFN-CERT-2010-0144
, DFN-CERT-2010-0047
, DFN-CERT-2010-0046
, DFN-CERT-2010-0034
, DFN-CERT-2009-1830
, DFN-CERT-2009-1745
, DFN-CERT-2009-1733
, DFN-CERT-2009-1635
, DFN-CERT-2009-1620
, DFN-CERT-2009-1616
, DFN-CERT-2009-1598
, DFN-CERT-2009-1597
, DFN-CERT-2009-1543
Other:
http://secunia.com/advisories/37231
http://java.sun.com/javase/6/webnotes/6u17.html
http://www.vupen.com/english/advisories/2009/3131
Issue
-----
NVT: Sun Java JRE Multiple Vulnerabilities (Linux)
OID: 1.3.6.1.4.1.25623.1.0.800386
Threat: High (CVSS: 10.0)
Port: general/tcp
Summary:
This host is installed with Sun Java JRE and is prone to
Multiple Vulnerabilities.
Vulnerability Detection Result:
Vulnerability was detected according to the Vulnerability Detection Method.
Impact:
Successful exploitation allows remote attacker to cause XSS, arbitrary code
execution, various buffer overflows, bypass security restrictions and can
cause denial of service attacks inside the context of the affected system.
Impact Level: System
Solution:
Solution type: VendorFix
Upgrade to JDK/JRE version 6 Update 13
http://java.sun.com/javase/downloads/index.jsp
OR
Upgrade to JDK/JRE version 5 Update 18
http://java.sun.com/javase/downloads/index_jdk5.jsp
OR
Upgrade to SDK/JRE version 1.4.2_20
http://java.sun.com/j2se/1.4.2/download.html
OR
Upgrade to SDK/JRE version 1.3.1_25
http://java.sun.com/j2se/1.3/download.html
Affected Software/OS:
Sun Java JRE 6 Update 12 and prior.
Sun Java JRE 5.0 Update 17 and prior.
Sun Java JRE 1.4.2_19 and prior.
Sun Java JRE 1.3.1_24 and prior.
Vulnerability Insight:
For more information about vulnerabilities on Sun Java go through reference.
Vulnerability Detection Method:
Details:
Sun Java JRE Multiple Vulnerabilities (Linux)
(OID: 1.3.6.1.4.1.25623.1.0.800386)
Version used: $Revision: 4869 $
References:
CVE: CVE-2009-1093, CVE-2009-1094, CVE-2009-1095, CVE-2009-1096, CVE-2009-1097, CVE-2009-1098, CVE-2009-1099, CVE-2009-1100, CVE-2009-1101, CVE-2009-1102, CVE-2009-1103, CVE-2009-1104, CVE-2009-1105, CVE-2009-1106, CVE-2009-1107
BID: 34240
CERT: DFN-CERT-2010-0144
, DFN-CERT-2009-1481
, DFN-CERT-2009-1076
, DFN-CERT-2009-1046
Other:
http://secunia.com/advisories/34489
http://rhn.redhat.com/errata/RHSA-2009-0394.html
http://sunsolve.sun.com/search/document.do?assetkey=1-66-254569-1
http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00001.html
Issue
-----
NVT: Sun Java Products Version Detection (Linux)
OID: 1.3.6.1.4.1.25623.1.0.800385
Threat: Log (CVSS: 0.0)
Port: general/tcp
Summary:
Detection of installed version of Java products
on Linux systems. It covers Sun Java, IBM Java and GCJ.
The script logs in via ssh, searches for executables 'javaaws' and
'java' and queries the found executables via command line option '-fullversion!
'.
Vulnerability Detection Result:
Detected Sun Java JRE
Version: 1.5.0_06-b05
Location: /usr/lib/java/bin/java
CPE: cpe:/a:sun:jre:1.5.0_06
Concluded from version/product identification result:
1.5.0_06-b05
Log Method:
Details:
Sun Java Products Version Detection (Linux)
(OID: 1.3.6.1.4.1.25623.1.0.800385)
Version used: $Revision: 5943 $
Issue
-----
NVT: Sun Java Products Version Detection (Linux)
OID: 1.3.6.1.4.1.25623.1.0.800385
Threat: Log (CVSS: 0.0)
Port: general/tcp
Summary:
Detection of installed version of Java products
on Linux systems. It covers Sun Java, IBM Java and GCJ.
The script logs in via ssh, searches for executables 'javaaws' and
'java' and queries the found executables via command line option '-fullversion!
'.
Vulnerability Detection Result:
Detected Sun Java JRE
Version: 1.5.0_06-b05
Location: /usr/lib/java/jre/bin/java
CPE: cpe:/a:sun:jre:1.5.0_06
Concluded from version/product identification result:
1.5.0_06-b05
Log Method:
Details:
Sun Java Products Version Detection (Linux)
(OID: 1.3.6.1.4.1.25623.1.0.800385)
Version used: $Revision: 5943 $
Issue
-----
NVT: Sun Java SE Multiple Unspecified Vulnerabilities
OID: 1.3.6.1.4.1.25623.1.0.900819
Threat: High (CVSS: 10.0)
Port: general/tcp
Summary:
This host is installed with Sun Java SE and is prone to multiple
unspecified vulnerabilities.
Vulnerability Detection Result:
Vulnerability was detected according to the Vulnerability Detection Method.
Impact:
Impact is unknow.
Impact Level: System/Application
Solution:
Upgrade to Java SE version 5 Update 20
http://java.sun.com/javase/downloads/index_jdk5.jsp
or
Apply the patch from below link,
http://sunsolve.sun.com/search/document.do?assetkey=1-21-118667-22-1
*****
NOTE: Ignore this warning if above mentioned patch is already applied.
*****
Affected Software/OS:
Sun Java SE version 5.0 before Update 20
Vulnerability Insight:
Refer to the SunSolve bugId 6406003/6429594/6444262 for more information.
Vulnerability Detection Method:
Details:
Sun Java SE Multiple Unspecified Vulnerabilities
(OID: 1.3.6.1.4.1.25623.1.0.900819)
Version used: $Revision: 5122 $
References:
CVE: CVE-2009-2721, CVE-2009-2722, CVE-2009-2723, CVE-2009-2724
Other:
http://java.sun.com/j2se/1.5.0/ReleaseNotes.html
Issue
-----
NVT: Sun Java SE Unspecified Vulnerability In JDK/JRE/SDK - Aug09
OID: 1.3.6.1.4.1.25623.1.0.800869
Threat: Medium (CVSS: 6.8)
Port: general/tcp
Summary:
This host is installed with Sun Java JDK/JRE/SDK and is prone to
unspecified vulnerability.
Vulnerability Detection Result:
Vulnerability was detected according to the Vulnerability Detection Method.
Impact:
An attacker may leverage this issue by modifying or creating of files on
the affected application.
Impact Level: System/Application
Solution:
Upgrade to JDK/JRE version 6 Update 15 or 5 Update 20
http://java.sun.com/javase/downloads/index.jsp
http://java.sun.com/javase/downloads/index_jdk5.jsp
or
Upgrade to SDK/JRE version 1.4.2_22
http://java.sun.com/j2se/1.4.2/download.html
or
Apply the patch from below link,
http://sunsolve.sun.com/search/document.do?assetkey=1-21-125136-16-1
*****
NOTE: Ignore this warning if above mentioned patch is already applied.
*****
Affected Software/OS:
Sun Java JDK/JRE version 6 before Update 15 or 5.0 before Update 20
Sun Java SDK/JRE version prior to 1.4.2_22
Vulnerability Insight:
Unspecified vulnerability exists in 'JNLPAppletlauncher' class, which can
be exploited via vectors involving an untrusted Java applet.
Vulnerability Detection Method:
Details:
Sun Java SE Unspecified Vulnerability In JDK/JRE/SDK - Aug09
(OID: 1.3.6.1.4.1.25623.1.0.800869)
Version used: $Revision: 4869 $
References:
CVE: CVE-2009-2676
BID: 35946
CERT: DFN-CERT-2010-0144
, DFN-CERT-2009-1609
, DFN-CERT-2009-1581
, DFN-CERT-2009-1552
, DFN-CERT-2009-1492
, DFN-CERT-2009-1090
, DFN-CERT-2009-1077
, DFN-CERT-2009-1073
, DFN-CERT-2009-1060
Other:
http://secunia.com/advisories/36159
http://sunsolve.sun.com/search/document.do?assetkey=1-66-263490-1
Issue
-----
NVT: TCP Sequence Number Approximation Reset Denial of Service Vulnerability
OID: 1.3.6.1.4.1.25623.1.0.902815
Threat: Medium (CVSS: 5.0)
Port: general/tcp
Summary:
The host is running TCP services and is prone to denial of service
vulnerability.
Vulnerability Detection Result:
Vulnerability was detected according to the Vulnerability Detection Method.
Impact:
Successful exploitation will allow remote attackers to guess sequence numbers
and cause a denial of service to persistent TCP connections by repeatedly inje!
cting a TCP RST packet.
Solution:
Please see the referenced advisories for more information on obtaining
and applying fixes.
Affected Software/OS:
TCP/IP v4
Vulnerability Insight:
The flaw is triggered when spoofed TCP Reset packets are received by the
targeted TCP stack and will result in loss of availability for the attacked TC!
P services.
Vulnerability Detection Method:
A TCP Reset packet with a different sequence number is sent to
the target. A previously open connection is then checked to see if the target !
closed it or not.
Details:
TCP Sequence Number Approximation Reset Denial of Service Vulnerability
(OID: 1.3.6.1.4.1.25623.1.0.902815)
Version used: $Revision: 5912 $
References:
CVE: CVE-2004-0230
BID: 10183
CERT: CB-K15/0080
, CB-K14/1162
, CB-K14/0852
, DFN-CERT-2017-0719
, DFN-CERT-2017-0305
, DFN-CERT-2017-0249
, DFN-CERT-2017-0171
, DFN-CERT-2015-0082
, DFN-CERT-2014-1217
, DFN-CERT-2014-0890
Other:
http://xforce.iss.net/xforce/xfdb/15886
http://www.us-cert.gov/cas/techalerts/TA04-111A.html
http://www-01.ibm.com/support/docview.wss?uid=isg1IY55949
http://www-01.ibm.com/support/docview.wss?uid=isg1IY55950
http://www-01.ibm.com/support/docview.wss?uid=isg1IY62006
http://www.microsoft.com/technet/security/Bulletin/MS05-019.mspx
http://www.microsoft.com/technet/security/bulletin/ms06-064.mspx
http://www.cisco.com/en/US/products/csa/cisco-sa-20040420-tcp-nonios.html
http://www.cisco.com/en/US/products/csa/cisco-sa-20040420-tcp-nonios.html
Issue
-----
NVT: TCP timestamps
OID: 1.3.6.1.4.1.25623.1.0.80091
Threat: Low (CVSS: 2.6)
Port: general/tcp
Summary:
The remote host implements TCP timestamps and therefore allows to compute
the uptime.
Vulnerability Detection Result:
It was detected that the host implements RFC1323.
The following timestamps were retrieved with a delay of 1 seconds in-between:
Packet 1: 1892570
Packet 2: 1892836
Impact:
A side effect of this feature is that the uptime of the remote
host can sometimes be computed.
Solution:
Solution type: Mitigation
To disable TCP timestamps on linux add the line 'net.ipv4.tcp_timestamps = 0' to
/etc/sysctl.conf. Execute 'sysctl -p' to apply the settings at runtime.
To disable TCP timestamps on Windows execute 'netsh int tcp set global timesta!
mps=disabled'
Starting with Windows Server 2008 and Vista, the timestamp can not be complete!
ly disabled.
The default behavior of the TCP/IP stack on this Systems is to not use the
Timestamp options when initiating TCP connections, but use them if the TCP pee!
r
that is initiating communication includes them in their synchronize (SYN) segm!
ent.
See also: http://www.microsoft.com/en-us/download/details.aspx?id=9152
Affected Software/OS:
TCP/IPv4 implementations that implement RFC1323.
Vulnerability Insight:
The remote host implements TCP timestamps, as defined by RFC1323.
Vulnerability Detection Method:
Special IP packets are forged and sent with a little delay in between to the
target IP. The responses are searched for a timestamps. If found, the timestam!
ps are reported.
Details:
TCP timestamps
(OID: 1.3.6.1.4.1.25623.1.0.80091)
Version used: $Revision: 5740 $
References:
Other:
http://www.ietf.org/rfc/rfc1323.txt
Issue
-----
NVT: TFTP detection
OID: 1.3.6.1.4.1.25623.1.0.80100
Threat: Log (CVSS: 0.0)
Port: 69/udp
Summary:
The remote host has a TFTP server running. TFTP stands
for Trivial File Transfer Protocol.
Vulnerability Detection Result:
Vulnerability was detected according to the Vulnerability Detection Method.
Solution:
Disable TFTP server if not used.
Log Method:
Details:
TFTP detection
(OID: 1.3.6.1.4.1.25623.1.0.80100)
Version used: $Revision: 5515 $
Issue
-----
NVT: Tor 'Relay Early' Traffic Confirmation Attack Vunerability oct14 (Linux)
OID: 1.3.6.1.4.1.25623.1.0.804934
Threat: Medium (CVSS: 5.8)
Port: general/tcp
Product detection result: cpe:/a:tor:tor:0.1.1.26.
Detected by: Tor Version Detection (Linux) (OID: 1.3.6.1.4.1.25623.1.0.900418)
Summary:
This host is installed with Tor browser
and is prone to information disclosure vulnerability.
Vulnerability Detection Result:
Vulnerability was detected according to the Vulnerability Detection Method.
Impact:
Successful exploitation will allow attackers
to manipulate protocol headers and perform traffic confirmation attack.
Impact Level: Application
Solution:
Solution type: VendorFix
Upgrade to version 0.2.4.23 or
0.2.5.6-alpha or later, For updates refer to https://www.torproject.org
Affected Software/OS:
Tor browser before 0.2.4.23 and 0.2.5
before 0.2.5.6-alpha on Linux
Vulnerability Insight:
Flaw exists due to an error
in the handling of sequences of Relay and Relay Early commands.
Vulnerability Detection Method:
Get the installed version with the help of
detect NVT and check the version is vulnerable or not.
Details:
Tor 'Relay Early' Traffic Confirmation Attack Vunerability oct14 (Linux)
(OID: 1.3.6.1.4.1.25623.1.0.804934)
Version used: $Revision: 3555 $
Product Detection Result:
Product:cpe:/a:tor:tor:0.1.1.26.
Method:Tor Version Detection (Linux)
(OID: 1.3.6.1.4.1.25623.1.0.900418)
References:
CVE: CVE-2014-5117
BID: 68968
CERT: CB-K14/1087
, CB-K14/0940
, DFN-CERT-2014-1138
, DFN-CERT-2014-0984
Other:
http://xforce.iss.net/xforce/xfdb/95053
https://blog.torproject.org/blog/tor-security-advisory-relay-early-traffic-confirmation-attack
Issue
-----
NVT: TOR Privilege Escalation Vulnerability (Linux)
OID: 1.3.6.1.4.1.25623.1.0.900424
Threat: High (CVSS: 9.3)
Port: general/tcp
Summary:
This host is installed with TOR and is prone to Privilege
Escalation vulnerability.
Vulnerability Detection Result:
Vulnerability was detected according to the Vulnerability Detection Method.
Impact:
Successful exploitation will let the attacker gain privileges and escalate
the privileges in malicious ways.
Solution:
Solution type: VendorFix
Upgrade to the latest version 0.2.0.32
http://www.torproject.org/download.html.en
Affected Software/OS:
Tor version 0.2.0.31 or prior.
Vulnerability Insight:
The flaws are due to,
- an application does not properly drop privileges to the primary groups
of the user specified by the User Parameter.
- a ClientDNSRejectInternalAddresses configuration option is not always
enforced which weaknesses the application security.
Vulnerability Detection Method:
Details:
TOR Privilege Escalation Vulnerability (Linux)
(OID: 1.3.6.1.4.1.25623.1.0.900424)
Version used: $Revision: 4557 $
References:
CVE: CVE-2008-5397, CVE-2008-5398
BID: 32648
Other:
http://www.torproject.org
http://secunia.com/advisories/33025
Issue
-----
NVT: Tor Unspecified Heap Based Buffer Overflow Vulnerability (Linux)
OID: 1.3.6.1.4.1.25623.1.0.902332
Threat: High (CVSS: 10.0)
Port: general/tcp
Summary:
This host is installed with Tor and is prone to heap based buffer overflow
vulnerability.
Vulnerability Detection Result:
Vulnerability was detected according to the Vulnerability Detection Method.
Impact:
Successful exploitation will allow remote attackers to execute arbitrary
code in the context of the user running the application. Failed exploit
attempts will likely result in denial-of-service conditions.
Impact level: Application
Solution:
Solution type: VendorFix
Upgrade to version 0.2.1.28 or 0.2.2.20-alpha or later
http://www.torproject.org/download/download.html.en
Affected Software/OS:
Tor version prior to 0.2.1.28 and 0.2.2.x before 0.2.2.20-alpha on Linux.
Vulnerability Insight:
The issue is caused by an unknown heap overflow error when processing
user-supplied data, which can be exploited to cause a heap-based buffer
overflow.
Vulnerability Detection Method:
Details:
Tor Unspecified Heap Based Buffer Overflow Vulnerability (Linux)
(OID: 1.3.6.1.4.1.25623.1.0.902332)
Version used: $Revision: 3114 $
References:
CVE: CVE-2010-1676
BID: 45500
CERT: DFN-CERT-2010-1765
, DFN-CERT-2010-1749
Other:
http://secunia.com/advisories/42536
http://www.vupen.com/english/advisories/2010/3290
Issue
-----
NVT: Tor Unspecified Remote Memory Corruption Vulnerability (Linux)
OID: 1.3.6.1.4.1.25623.1.0.800350
Threat: High (CVSS: 10.0)
Port: general/tcp
Summary:
This host is installed with Tor and is prone to unspecified remote
Memory Corruption vulnerability.
Vulnerability Detection Result:
Vulnerability was detected according to the Vulnerability Detection Method.
Impact:
A remote attcker can execute arbitrary code on the target system and
can cause denial-of-service.
Impact level: Application
Solution:
Solution type: VendorFix
Upgrade to version 0.2.0.33 or later
https://www.torproject.org/download-unix.html.en
Affected Software/OS:
Tor version prior to 0.2.0.33 on Linux.
Vulnerability Insight:
Due to unknown impact, remote attachers can trigger heap corruption on
the application.
Vulnerability Detection Method:
Details:
Tor Unspecified Remote Memory Corruption Vulnerability (Linux)
(OID: 1.3.6.1.4.1.25623.1.0.800350)
Version used: $Revision: 4892 $
References:
CVE: CVE-2009-0414
BID: 33399
Other:
http://secunia.com/advisories/33635
http://secunia.com/advisories/33677
http://securitytracker.com/alerts/2009/Jan/1021633.html
http://blog.torproject.org/blog/tor-0.2.0.33-stable-released
Issue
-----
NVT: Tor Version Detection (Linux)
OID: 1.3.6.1.4.1.25623.1.0.900418
Threat: Log (CVSS: 0.0)
Port: general/tcp
Summary:
Detection of installed version of Tor.
The script logs in via ssh, searches for executable 'tor' and
queries the found executables via command line option '--version'.
Vulnerability Detection Result:
Detected Tor
Version: 0.1.1.26.
Location: /usr/local/bin/tor
CPE: cpe:/a:tor:tor:0.1.1.26.
Concluded from version/product identification result:
0.1.1.26.
Log Method:
Details:
Tor Version Detection (Linux)
(OID: 1.3.6.1.4.1.25623.1.0.900418)
Version used: $Revision: 2725 $
Issue
-----
NVT: Traceroute
OID: 1.3.6.1.4.1.25623.1.0.51662
Threat: Log (CVSS: 0.0)
Port: general/tcp
Summary:
A traceroute from the scanning server to the target system was
conducted. This traceroute is provided primarily for informational
value only. In the vast majority of cases, it does not represent a
vulnerability. However, if the displayed traceroute contains any
private addresses that should not have been publicly visible, then you
have an issue you need to correct.
Vulnerability Detection Result:
Here is the route from 192.168.27.32 to 192.168.27.45:
192.168.27.32
192.168.27.45
Solution:
Block unwanted packets from escaping your network.
Log Method:
Details:
Traceroute
(OID: 1.3.6.1.4.1.25623.1.0.51662)
Version used: $Revision: 5390 $
Issue
-----
NVT: Turnkey eBook Store 'keywords' Parameter Cross Site Scripting Vulnerability
OID: 1.3.6.1.4.1.25623.1.0.100098
Threat: Medium (CVSS: 5.0)
Port: 80/tcp
Summary:
Turnkey eBook Store is prone to a cross-site scripting vulnerability.
An attacker may leverage this issue to execute arbitrary script code
in the browser of an unsuspecting user in the context of the affected
site and to steal cookie-based authentication credentials.
Turnkey eBook Store 1.1 is vulnerable
other versions may also be
affected.
Vulnerability Detection Result:
Vulnerable url: http://192.168.27.45/beef/hook/index.php?cmd=search&keywords="><!
script>alert(document.cookie);</script>
Solution:
Solution type: VendorFix
Vulnerability Detection Method:
Details:
Turnkey eBook Store 'keywords' Parameter Cross Site Scripting Vulnerability
(OID: 1.3.6.1.4.1.25623.1.0.100098)
Version used: $Revision: 5768 $
References:
BID: 34324
Issue
-----
NVT: VLC Media Player '.AVI' File BOF Vulnerability (Linux)
OID: 1.3.6.1.4.1.25623.1.0.902707
Threat: Medium (CVSS: 6.8)
Port: general/tcp
Summary:
The host is installed with VLC Media Player and is prone to buffer
overflow vulnerability.
Vulnerability Detection Result:
Vulnerability was detected according to the Vulnerability Detection Method.
Impact:
Successful exploitation could allow attackers to execute arbitrary code in
the context of the application. Failed attacks will cause denial-of-service
conditions.
Impact Level: Application
Solution:
Solution type: VendorFix
Upgrade to the VLC media player version 1.1.11 or later,
For updates refer to http://www.videolan.org/
Affected Software/OS:
VLC media player version prior to 1.1.11 on Linux.
Vulnerability Insight:
The flaw is due to an integer underflow error when parsing the 'strf'
chunk within AVI files can be exploited to cause a heap-based buffer
overflow.
Vulnerability Detection Method:
Details:
VLC Media Player '.AVI' File BOF Vulnerability (Linux)
(OID: 1.3.6.1.4.1.25623.1.0.902707)
Version used: $Revision: 5351 $
References:
CVE: CVE-2011-2588
BID: 48664
Other:
http://secunia.com/advisories/45066
http://xforce.iss.net/xforce/xfdb/68532
http://www.videolan.org/security/sa1106.html
Issue
-----
NVT: VLC Media Player '.mkv' Code Execution Vulnerability (Linux)
OID: 1.3.6.1.4.1.25623.1.0.902339
Threat: High (CVSS: 9.3)
Port: general/tcp
Summary:
The host is installed with VLC Media Player and is prone to
arbitrary code execution vulnerability.
Vulnerability Detection Result:
Vulnerability was detected according to the Vulnerability Detection Method.
Impact:
Successful exploitation could allow attackers to execute arbitrary code by
tricking a user into opening a specially crafted MKV file.
Impact Level: Application
Solution:
Solution type: VendorFix
Upgrade to the VLC media player version 1.1.7 or later,
For updates refer to http://download.videolan.org/pub/videolan/vlc/
Affected Software/OS:
VLC media player version 1.1.6.1 and prior on Linux
Vulnerability Insight:
The flaw is due to an input validation error within the 'MKV_IS_ID'
macro in 'modules/demux/mkv/mkv.hpp' of the MKV demuxer, when parsing the
MKV file.
Vulnerability Detection Method:
Details:
VLC Media Player '.mkv' Code Execution Vulnerability (Linux)
(OID: 1.3.6.1.4.1.25623.1.0.902339)
Version used: $Revision: 3570 $
References:
CVE: CVE-2011-0531
BID: 46060
CERT: DFN-CERT-2011-0184
Other:
http://xforce.iss.net/xforce/xfdb/65045
http://www.securitytracker.com/id?1025018
Issue
-----
NVT: VLC Media Player 'AMV' Denial of Service Vulnerability (Linux)
OID: 1.3.6.1.4.1.25623.1.0.802118
Threat: Medium (CVSS: 6.8)
Port: general/tcp
Summary:
The host is installed with VLC Media Player and is prone to denial
of service vulnerability.
Vulnerability Detection Result:
Vulnerability was detected according to the Vulnerability Detection Method.
Impact:
Successful exploitation could allow attackers to cause a denial
of service or possibly execute arbitrary code via a malformed AMV file.
Impact Level: System/Application
Solution:
Solution type: VendorFix
Upgrade to VLC media player version 1.1.10 or later,
For updates refer to http://www.videolan.org/vlc/
Affected Software/OS:
VLC media player version 1.1.9 and prior on Linux.
Vulnerability Insight:
The flaw is due to error while handling 'sp5xdec.c' in the
Sunplus SP5X JPEG decoder in libavcodec, performs a write operation outside the
bounds of an unspecified array.
Vulnerability Detection Method:
Details:
VLC Media Player 'AMV' Denial of Service Vulnerability (Linux)
(OID: 1.3.6.1.4.1.25623.1.0.802118)
Version used: $Revision: 3117 $
References:
CVE: CVE-2011-1931
BID: 47602
Other:
http://www.securityfocus.com/archive/1/517706
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=624339
Issue
-----
NVT: VLC Media Player 'CDG decoder' multiple buffer overflow vulnerabilities (Linux)
OID: 1.3.6.1.4.1.25623.1.0.801727
Threat: High (CVSS: 9.3)
Port: general/tcp
Summary:
The host is installed with VLC Media Player and is prone multiple
buffer overflow vulnerabilities.
Vulnerability Detection Result:
Vulnerability was detected according to the Vulnerability Detection Method.
Impact:
Successful exploitation could allow attackers to crash the affected
application, or execute arbitrary code by convincing a user to open a
malicious CD+G (CD+Graphics) media file or visit a specially crafted web
page.
Impact Level: Application
Solution:
Solution type: VendorFix
Upgrade to the VLC media player version 1.1.6 or later,
For updates refer to http://download.videolan.org/pub/videolan/vlc/
Affected Software/OS:
VLC media player version prior to 1.1.6 on Linux
Vulnerability Insight:
The flaws are due to an array indexing errors in the 'DecodeTileBlock()'
and 'DecodeScroll()' [modules/codec/cdg.c] functions within the CDG decoder
module when processing malformed data.
Vulnerability Detection Method:
Details:
VLC Media Player 'CDG decoder' multiple buffer overflow vulnerabilities (Lin...
(OID: 1.3.6.1.4.1.25623.1.0.801727)
Version used: $Revision: 3117 $
References:
CVE: CVE-2011-0021
Other:
http://www.vupen.com/english/advisories/2011/0185
http://openwall.com/lists/oss-security/2011/01/20/3
Issue
-----
NVT: VLC Media Player 'MP4_ReadBox_skcr()' Buffer Overflow Vulnerability (Linux)
OID: 1.3.6.1.4.1.25623.1.0.801783
Threat: Medium (CVSS: 6.8)
Port: general/tcp
Summary:
The host is installed with VLC Media Player and is prone buffer
overflow vulnerability.
Vulnerability Detection Result:
Vulnerability was detected according to the Vulnerability Detection Method.
Impact:
Successful exploitation could allow attackers to execute arbitrary code by
tricking a user into opening a malicious file or visiting a specially crafted
web page.
Impact Level: Application
Solution:
Solution type: VendorFix
Upgrade to the VLC media player version 1.1.9 or later,
For updates refer to http://download.videolan.org/pub/videolan/vlc/
Affected Software/OS:
VLC media player version prior to 1.1.9 on Linux
Vulnerability Insight:
The flaw is caused by a heap corruption error in the 'MP4_ReadBox_skcr()'
[modules/demux/mp4/libmp4.c] function when processing malformed MP4
(MPEG-4 Part 14) data.
Vulnerability Detection Method:
Details:
VLC Media Player 'MP4_ReadBox_skcr()' Buffer Overflow Vulnerability (Linux)
(OID: 1.3.6.1.4.1.25623.1.0.801783)
Version used: $Revision: 5351 $
References:
CVE: CVE-2011-1684
BID: 47293
Other:
http://secunia.com/advisories/44022
http://xforce.iss.net/xforce/xfdb/66664
http://www.vupen.com/english/advisories/2011/0916
Issue
-----
NVT: VLC Media Player 'real_get_rdt_chunk' BOF Vulnerability-02 Jan15 (Linux)
OID: 1.3.6.1.4.1.25623.1.0.805312
Threat: High (CVSS: 7.5)
Port: general/tcp
Product detection result: cpe:/a:videolan:vlc_media_player:0.8.4a:a
Detected by: VLC Media Player Version Detection (Linux) (OID: 1.3.6.1.4.1.25623.1.0.900529)
Summary:
The host is installed with VLC media player
and is prone to buffer overflow vulnerability.
Vulnerability Detection Result:
Vulnerability was detected according to the Vulnerability Detection Method.
Impact:
Successful exploitation will allow
attacker to execute an arbitrary code within the context of the VLC
media player and potentially compromise a user's system.
Impact Level: System/Application
Solution:
Solution type: VendorFix
Upgrade to VideoLAN VLC media player
version 1.0.1 or later. For updates refer http://www.videolan.org/
Affected Software/OS:
VideoLAN VLC media player before 1.0.1
on Linux.
Vulnerability Insight:
The error exists due to an integer
underflow in the 'real_get_rdt_chunk' function within
modules/access/rtsp/real.c script.
Vulnerability Detection Method:
Get the installed version with the help
of detect NVT and check the version is vulnerable or not.
Details:
VLC Media Player 'real_get_rdt_chunk' BOF Vulnerability-02 Jan15 (Linux)
(OID: 1.3.6.1.4.1.25623.1.0.805312)
Version used: $Revision: 3006 $
Product Detection Result:
Product:cpe:/a:videolan:vlc_media_player:0.8.4a:a
Method:VLC Media Player Version Detection (Linux)
(OID: 1.3.6.1.4.1.25623.1.0.900529)
References:
CVE: CVE-2010-2062
Other:
http://secunia.com/advisories/36037/
http://seclists.org/fulldisclosure/2009/Jul/418
http://packetstormsecurity.com/files/cve/CVE-2010-2062
Issue
-----
NVT: VLC Media Player 3GP File Denial of Service Vulnerability Oct15 (Linux)
OID: 1.3.6.1.4.1.25623.1.0.806087
Threat: Medium (CVSS: 6.8)
Port: general/tcp
Product detection result: cpe:/a:videolan:vlc_media_player:0.8.4a:a
Detected by: VLC Media Player Version Detection (Linux) (OID: 1.3.6.1.4.1.25623.1.0.900529)
Summary:
The host is installed with VLC media player
and is prone to denial of service vulnerability.
Vulnerability Detection Result:
Installed version: 0.8.4aa
Fixed version: NoneAvailable
Impact:
Successful exploitation will allow remote
attackers to cause a denial of service (crash) and possibly execute arbitrary
code via a crafted 3GP file.
Impact Level: System/Application
Solution:
Solution type: NoneAvailable
No updates are available at the moment,
For updates refer to http://www.videolan.org
Affected Software/OS:
VideoLAN VLC media player 2.2.1 and
earlier on Linux.
Vulnerability Insight:
The flaw is due to insufficient
restrictions on a writable buffer which affects the 3GP file format parser.
Vulnerability Detection Method:
Get the installed version with the help
of detect NVT and check the version is vulnerable or not.
Details:
VLC Media Player 3GP File Denial of Service Vulnerability Oct15 (Linux)
(OID: 1.3.6.1.4.1.25623.1.0.806087)
Version used: $Revision: 2513 $
Product Detection Result:
Product:cpe:/a:videolan:vlc_media_player:0.8.4a:a
Method:VLC Media Player Version Detection (Linux)
(OID: 1.3.6.1.4.1.25623.1.0.900529)
References:
CVE: CVE-2015-5949
BID: 76448
CERT: CB-K15/1242
, DFN-CERT-2015-1307
Other:
https://packetstormsecurity.com/files/133266
http://www.securityfocus.com/archive/1/archive/1/536287/100/0/threaded
Issue
-----
NVT: VLC Media Player ASF Demuxer Denial of Service Vulnerability (Linux)
OID: 1.3.6.1.4.1.25623.1.0.804325
Threat: Medium (CVSS: 4.3)
Port: general/tcp
Product detection result: cpe:/a:videolan:vlc_media_player:0.8.4a:a
Detected by: VLC Media Player Version Detection (Linux) (OID: 1.3.6.1.4.1.25623.1.0.900529)
Summary:
This host is installed with VLC Media Player and is prone to denial of
service vulnerability.
Vulnerability Detection Result:
Vulnerability was detected according to the Vulnerability Detection Method.
Impact:
Successful exploitation will allow attackers to cause a denial of service
condition.
Impact Level: Application
Solution:
Solution type: VendorFix
Upgrade to VLC media player version 2.1.3 or later,
For updates refer to http://www.videolan.org/vlc
Affected Software/OS:
VLC media player version 2.1.2 and prior on Linux.
Vulnerability Insight:
The flaw exist due to a divide-by-zero error when processing malicious
'.asf' files.
Vulnerability Detection Method:
Get the installed version with the help of detect NVT and check the version
is vulnerable or not.
Details:
VLC Media Player ASF Demuxer Denial of Service Vulnerability (Linux)
(OID: 1.3.6.1.4.1.25623.1.0.804325)
Version used: $Revision: 3555 $
Product Detection Result:
Product:cpe:/a:videolan:vlc_media_player:0.8.4a:a
Method:VLC Media Player Version Detection (Linux)
(OID: 1.3.6.1.4.1.25623.1.0.900529)
References:
CVE: CVE-2014-1684
BID: 65399
Other:
http://xforce.iss.net/xforce/xfdb/90955
http://www.exploit-db.com/exploits/31429
http://www.videolan.org/developers/vlc-branch/NEWS
http://packetstormsecurity.com/files/125080/VLC-Media-Player-2.1.2-Denial-Of-Service.html
Issue
-----
NVT: VLC Media Player Denial of Service Vulnerability Mar14 (Linux)
OID: 1.3.6.1.4.1.25623.1.0.804348
Threat: Medium (CVSS: 4.3)
Port: general/tcp
Product detection result: cpe:/a:videolan:vlc_media_player:0.8.4a:a
Detected by: VLC Media Player Version Detection (Linux) (OID: 1.3.6.1.4.1.25623.1.0.900529)
Summary:
This host is installed with VLC Media Player and is prone to denial of
service vulnerability.
Vulnerability Detection Result:
Vulnerability was detected according to the Vulnerability Detection Method.
Impact:
Successful exploitation will allow attackers to cause a denial of service
conditions.
Impact Level: Application
Solution:
Solution type: VendorFix
Upgrade to VLC media player version 2.0.7 or later,
For updates refer to http://www.videolan.org/vlc
Affected Software/OS:
VLC media player version 2.0.6 and prior on Linux.
Vulnerability Insight:
The flaw exist due to some unspecified error.
Vulnerability Detection Method:
Get the installed version with the help of detect NVT and check the version
is vulnerable or not.
Details:
VLC Media Player Denial of Service Vulnerability Mar14 (Linux)
(OID: 1.3.6.1.4.1.25623.1.0.804348)
Version used: $Revision: 3555 $
Product Detection Result:
Product:cpe:/a:videolan:vlc_media_player:0.8.4a:a
Method:VLC Media Player Version Detection (Linux)
(OID: 1.3.6.1.4.1.25623.1.0.900529)
References:
CVE: CVE-2013-7340
CERT: CB-K14/0349
, DFN-CERT-2014-0361
Other:
http://www.videolan.org/developers/vlc-branch/NEWS
Issue
-----
NVT: VLC Media Player M3U Denial of Service Vulnerability (Linux)
OID: 1.3.6.1.4.1.25623.1.0.804127
Threat: High (CVSS: 7.5)
Port: general/tcp
Product detection result: cpe:/a:videolan:vlc_media_player:0.8.4a:a
Detected by: VLC Media Player Version Detection (Linux) (OID: 1.3.6.1.4.1.25623.1.0.900529)
Summary:
This host is installed with VLC Media Player and is prone to denial of
service and remote code execution vulnerability.
Vulnerability Detection Result:
Vulnerability was detected according to the Vulnerability Detection Method.
Impact:
Successful exploitation will allow attackers to cause denial of service
and possibly execute arbitrary remote code.
Impact Level: System/Application
Solution:
Solution type: VendorFix
Upgrade to VLC media player version 2.1.0 or later,
For updates refer to http://www.videolan.org/vlc
Affected Software/OS:
VLC media player version 2.0.8 and prior on Linux
Vulnerability Insight:
The flaw exist due to improper handling of a specially crafted M3U file.
Vulnerability Detection Method:
Get the installed version with the help of detect NVT and check the version
is vulnerable or not.
Details:
VLC Media Player M3U Denial of Service Vulnerability (Linux)
(OID: 1.3.6.1.4.1.25623.1.0.804127)
Version used: $Revision: 3561 $
Product Detection Result:
Product:cpe:/a:videolan:vlc_media_player:0.8.4a:a
Method:VLC Media Player Version Detection (Linux)
(OID: 1.3.6.1.4.1.25623.1.0.900529)
References:
CVE: CVE-2013-6283
BID: 61844
Other:
http://en.securitylab.ru/nvd/447008.php
http://www.exploit-db.com/exploits/27700
Issue
-----
NVT: VLC Media Player Meta-Information Denial of Service Vulnerability (Linux)
OID: 1.3.6.1.4.1.25623.1.0.801430
Threat: Medium (CVSS: 5.0)
Port: general/tcp
Summary:
The host is installed with VLC Media Player and is prone to Denial
of Service vulnerability.
Vulnerability Detection Result:
Vulnerability was detected according to the Vulnerability Detection Method.
Impact:
Successful exploitation could allow attackers to crash the affected
application, denying service to legitimate users.
Impact Level: Application
Solution:
Solution type: VendorFix
Upgrade to the VLC media player version 1.1.3 or later,
For updates refer to http://www.videolan.org/vlc/
Affected Software/OS:
VLC media player version prior to 1.1.3 on Linux.
Vulnerability Insight:
The flaw is due to an input validation error when trying to extract
meta-informations about input media through 'ID3v2' tags.
Vulnerability Detection Method:
Details:
VLC Media Player Meta-Information Denial of Service Vulnerability (Linux)
(OID: 1.3.6.1.4.1.25623.1.0.801430)
Version used: $Revision: 5388 $
References:
CVE: CVE-2010-2937
BID: 42386
Other:
http://seclists.org/oss-sec/
http://www.videolan.org/security/sa1004.html
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=592669
Issue
-----
NVT: VLC Media Player Multiple Buffer Overflow Vulnerabilities-01 Jan15 (Linux)
OID: 1.3.6.1.4.1.25623.1.0.805309
Threat: High (CVSS: 7.5)
Port: general/tcp
Product detection result: cpe:/a:videolan:vlc_media_player:0.8.4a:a
Detected by: VLC Media Player Version Detection (Linux) (OID: 1.3.6.1.4.1.25623.1.0.900529)
Summary:
The host is installed with VLC media player
and is prone to multiple buffer overflow vulnerabilities.
Vulnerability Detection Result:
Vulnerability was detected according to the Vulnerability Detection Method.
Impact:
Successful exploitation will allow
attackers to conduct a denial of service attack or potentially the execution
of arbitrary code.
Impact Level: System/Application
Solution:
Solution type: VendorFix
Upgrade to VideoLAN VLC media player
version 1.0.2 or later. For updates refer http://www.videolan.org/
Affected Software/OS:
VideoLAN VLC media player before 1.0.2
on Linux.
Vulnerability Insight:
Multiple flaws are due to overflow conditions
in the,
- ASF_ObjectDumpDebug function within modules/demux/asf/libasf.c script,
- AVI_ChunkDumpDebug_level function within modules/demux/avi/libavi.c script,
- AVI_ChunkDumpDebug_level function within modules/demux/avi/libavi.c script
- MP4_BoxDumpStructure function within modules/demux/mp4/libmp4.c script.
Vulnerability Detection Method:
Get the installed version with the help
of detect NVT and check the version is vulnerable or not.
Details:
VLC Media Player Multiple Buffer Overflow Vulnerabilities-01 Jan15 (Linux)
(OID: 1.3.6.1.4.1.25623.1.0.805309)
Version used: $Revision: 3499 $
Product Detection Result:
Product:cpe:/a:videolan:vlc_media_player:0.8.4a:a
Method:VLC Media Player Version Detection (Linux)
(OID: 1.3.6.1.4.1.25623.1.0.900529)
References:
CVE: CVE-2011-3623
Other:
http://www.videolan.org/security/sa0901.html
http://packetstormsecurity.com/files/cve/CVE-2011-3623
Issue
-----
NVT: VLC Media Player Multiple Stack-Based BOF Vulnerabilities - Nov08 (Linux)
OID: 1.3.6.1.4.1.25623.1.0.800133
Threat: High (CVSS: 9.3)
Port: general/tcp
Summary:
This host is installed with VLC Media Player and is prone to
Multiple Stack-Based Buffer Overflow Vulnerabilities.
Vulnerability Detection Result:
Vulnerability was detected according to the Vulnerability Detection Method.
Impact:
Successful exploitation allows attackers to execute arbitrary code
within the context of the VLC media player by tricking a user into opening
a specially crafted file or can even crash an affected application.
Impact Level: Application
Solution:
Solution type: VendorFix
Upgrade to 0.9.6, or
Apply the available patch from below link,
http://git.videolan.org/?p=vlc.git
a=commitdiff
h=e3cef651125701a2e33a8d75b815b3e39681a447
http://git.videolan.org/?p=vlc.git
a=commitdiff
h=5f63f1562d43f32331006c2c1a61742de031b84d
*****
NOTE: Ignore this warning if above mentioned patch is already applied.
*****
Affected Software/OS:
VLC media player 0.5.0 through 0.9.5 on Windows (Any).
Vulnerability Insight:
The flaws are caused while parsing,
- header of an invalid CUE image file related to modules/access/vcd/cdrom.c.
- an invalid RealText(rt) subtitle file related to the ParseRealText function
in modules/demux/subtitle.c.
Vulnerability Detection Method:
Details:
VLC Media Player Multiple Stack-Based BOF Vulnerabilities - Nov08 (Linux)
(OID: 1.3.6.1.4.1.25623.1.0.800133)
Version used: $Revision: 5158 $
References:
CVE: CVE-2008-5032, CVE-2008-5036
BID: 32125
Other:
http://www.videolan.org/security/sa0810.html
http://www.trapkit.de/advisories/TKADV2008-011.txt
http://www.trapkit.de/advisories/TKADV2008-012.txt
Issue
-----
NVT: VLC Media Player Multiple Vulnerabilities - Mar 12 (Linux)
OID: 1.3.6.1.4.1.25623.1.0.802723
Threat: High (CVSS: 9.3)
Port: general/tcp
Summary:
This host is installed with VLC Media Player and is prone to
multiple vulnerabilities.
Vulnerability Detection Result:
Vulnerability was detected according to the Vulnerability Detection Method.
Impact:
Successful exploitation could allow attackers to cause a denial of service or
possibly execute arbitrary code via crafted streams.
Impact Level: System/Application
Solution:
Solution type: VendorFix
Upgrade to VLC media player version 2.0.1 or later
For updates refer to http://www.videolan.org/vlc/
Affected Software/OS:
VLC media player version prior to 2.0.1 on Linux
Vulnerability Insight:
The flaws are due to multiple buffer overflow errors in the
application, which allows remote attackers to execute arbitrary code via
crafted MMS:// stream and Real RTSP streams.
Vulnerability Detection Method:
Details:
VLC Media Player Multiple Vulnerabilities - Mar 12 (Linux)
(OID: 1.3.6.1.4.1.25623.1.0.802723)
Version used: $Revision: 5956 $
References:
CVE: CVE-2012-1775, CVE-2012-1776
Other:
http://www.videolan.org/security/sa1201.html
http://www.videolan.org/security/sa1202.html
Issue
-----
NVT: VLC Media Player Multiple Vulnerabilities-03 Jan15 (Linux)
OID: 1.3.6.1.4.1.25623.1.0.805314
Threat: High (CVSS: 7.5)
Port: general/tcp
Product detection result: cpe:/a:videolan:vlc_media_player:0.8.4a:a
Detected by: VLC Media Player Version Detection (Linux) (OID: 1.3.6.1.4.1.25623.1.0.900529)
Summary:
The host is installed with VLC media player
and is prone to multiple vulnerabilities.
Vulnerability Detection Result:
Vulnerability was detected according to the Vulnerability Detection Method.
Impact:
Successful exploitation will allow
attackers to conduct a denial of service or potentially compromise a
user's system.
Impact Level: System/Application
Solution:
Solution type: VendorFix
Upgrade to VideoLAN VLC media player
version 1.0.6 or later. For updates refer http://www.videolan.org/
Affected Software/OS:
VideoLAN VLC media player before 1.0.6
on Linux.
Vulnerability Insight:
Multiple flaws are due to,
- Multiple errors in the A/52 audio decoder, DTS audio decoder, MPEG audio
decoder, AVI demuxer, ASF demuxer and Matroska demuxer.
- An error when processing XSPF playlists.
- A use-after-free error when attempting to create a playlist of the contents
of a malformed zip archive.
- An error in the RTMP implementation.
Vulnerability Detection Method:
Get the installed version with the help
of detect NVT and check the version is vulnerable or not.
Details:
VLC Media Player Multiple Vulnerabilities-03 Jan15 (Linux)
(OID: 1.3.6.1.4.1.25623.1.0.805314)
Version used: $Revision: 3499 $
Product Detection Result:
Product:cpe:/a:videolan:vlc_media_player:0.8.4a:a
Method:VLC Media Player Version Detection (Linux)
(OID: 1.3.6.1.4.1.25623.1.0.900529)
References:
CVE: CVE-2010-1445, CVE-2010-1444, CVE-2010-1443, CVE-2010-1442, CVE-2010-1441
Other:
http://secunia.com/advisories/39558
http://www.videolan.org/security/sa1003.html
Issue
-----
NVT: VLC Media Player Stack Overflow Vulnerability (Lin-Mar09)
OID: 1.3.6.1.4.1.25623.1.0.900531
Threat: Medium (CVSS: 5.0)
Port: general/tcp
Summary:
This host is installed with VLC Media Player and is prone to
Stack Overflow Vulnerability.
Vulnerability Detection Result:
Vulnerability was detected according to the Vulnerability Detection Method.
Impact:
Successful exploitation allows the attacker to execute arbitrary codes
with escalated privileges and cause overflow in stack.
Impact Level: Application
Solution:
Upgrade to VLC media player version 1.0 or later,
For updates refer to http://www.videolan.org/vlc
Affected Software/OS:
VLC media player 0.9.8a and prior on Linux.
Vulnerability Insight:
This flaw is due to improper boundary checking in status.xml in the web
interface by an overly long request.
Vulnerability Detection Method:
Details:
VLC Media Player Stack Overflow Vulnerability (Lin-Mar09)
(OID: 1.3.6.1.4.1.25623.1.0.900531)
Version used: $Revision: 5148 $
References:
CVE: CVE-2009-1045
BID: 34126
Other:
http://www.milw0rm.com/exploits/8213
http://xforce.iss.net/xforce/xfdb/49249
http://bugs.gentoo.org/show_bug.cgi?id=262708
http://www.openwall.com/lists/oss-security/2009/03/17/4
Issue
-----
NVT: VLC Media Player Version Detection (Linux)
OID: 1.3.6.1.4.1.25623.1.0.900529
Threat: Log (CVSS: 0.0)
Port: general/tcp
Summary:
Detection of installed version of
VLC Media Player version on Linux.
This script logs in via shh, extracts the version from the binary file
and set it in KB.
Vulnerability Detection Result:
Detected VLC Media Player
Version: 0.8.4a
Location: /usr/bin/vlc
CPE: cpe:/a:videolan:vlc_media_player:0.8.4a:a
Concluded from version/product identification result:
0.8.4a
Log Method:
Details:
VLC Media Player Version Detection (Linux)
(OID: 1.3.6.1.4.1.25623.1.0.900529)
Version used: $Revision: 2636 $