Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Summary
Title Insight Control Suite For Linux (ICE-LX) Cross Site Request Forgery (CSRF) , Remote Execution of Arbitrary Code, Denial of Service (DoS), and Other Vulnerabilities
Informations
Name HPSBMA02447 SSRT090062 First vendor Publication 2009-08-12
Vendor HP Last vendor Modification 2009-08-12
Severity (Vendor) N/A Revision 1

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P)
Cvss Base Score 7.5 Attack Range Network
Cvss Impact Score 6.4 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Potential security vulnerabilities have been identified with Insight Control Suite For Linux (ICE-LX). The vulnerabilities could be remotely exploited to allow Cross Site Request Forgery (CSRF) , Remote Execution of Arbitrary Code, Denial of Service (DoS) and other vulnerabilities.

Original Source

Url : http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01820968

CWE : Common Weakness Enumeration

% Id Name
33 % CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
33 % CWE-20 Improper Input Validation
17 % CWE-352 Cross-Site Request Forgery (CSRF) (CWE/SANS Top 25)
17 % CWE-200 Information Exposure

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:10198
 
Oval ID: oval:org.mitre.oval:def:10198
Title: The ASN1_STRING_print_ex function in OpenSSL before 0.9.8k allows remote attackers to cause a denial of service (invalid memory access and application crash) via vectors that trigger printing of a (1) BMPString or (2) UniversalString with an invalid encoded length.
Description: The ASN1_STRING_print_ex function in OpenSSL before 0.9.8k allows remote attackers to cause a denial of service (invalid memory access and application crash) via vectors that trigger printing of a (1) BMPString or (2) UniversalString with an invalid encoded length.
Family: unix Class: vulnerability
Reference(s): CVE-2009-0590
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:11279
 
Oval ID: oval:org.mitre.oval:def:11279
Title: Error handling in the SSH protocol in (1) SSH Tectia Client and Server and Connector 4.0 through 4.4.11, 5.0 through 5.2.4, and 5.3 through 5.3.8; Client and Server and ConnectSecure 6.0 through 6.0.4; Server for Linux on IBM System z 6.0.4; Server for IBM z/OS 5.5.1 and earlier, 6.0.0, and 6.0.1; and Client 4.0-J through 4.3.3-J and 4.0-K through 4.3.10-K; and (2) OpenSSH 4.7p1 and possibly other versions, when using a block cipher algorithm in Cipher Block Chaining (CBC) mode, makes it easier for remote attackers to recover certain plaintext data from an arbitrary block of ciphertext in an SSH session via unknown vectors.
Description: Error handling in the SSH protocol in (1) SSH Tectia Client and Server and Connector 4.0 through 4.4.11, 5.0 through 5.2.4, and 5.3 through 5.3.8; Client and Server and ConnectSecure 6.0 through 6.0.4; Server for Linux on IBM System z 6.0.4; Server for IBM z/OS 5.5.1 and earlier, 6.0.0, and 6.0.1; and Client 4.0-J through 4.3.3-J and 4.0-K through 4.3.10-K; and (2) OpenSSH 4.7p1 and possibly other versions, when using a block cipher algorithm in Cipher Block Chaining (CBC) mode, makes it easier for remote attackers to recover certain plaintext data from an arbitrary block of ciphertext in an SSH session via unknown vectors.
Family: unix Class: vulnerability
Reference(s): CVE-2008-5161
Version: 5
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13751
 
Oval ID: oval:org.mitre.oval:def:13751
Title: DSA-1763-1 openssl -- programming error
Description: It was discovered that insufficient length validations in the ASN.1 handling of the OpenSSL crypto library may lead to denial of service when processing a manipulated certificate. For the old stable distribution, this problem has been fixed in version 0.9.8c-4etch5 of the openssl package and in version 0.9.7k-3.1etch3 of the openssl097 package. For the stable distribution, this problem has been fixed in version 0.9.8g-15+lenny1. For the unstable distribution, this problem has been fixed in version 0.9.8g-16. We recommend that you upgrade your openssl packages.
Family: unix Class: patch
Reference(s): DSA-1763-1
CVE-2009-0590
Version: 5
Platform(s): Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
Product(s): openssl
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13799
 
Oval ID: oval:org.mitre.oval:def:13799
Title: USN-750-1 -- openssl vulnerability
Description: It was discovered that OpenSSL did not properly validate the length of an encoded BMPString or UniversalString when printing ASN.1 strings. If a user or automated system were tricked into processing a crafted certificate, an attacker could cause a denial of service via application crash in applications linked against OpenSSL.
Family: unix Class: patch
Reference(s): USN-750-1
CVE-2009-0590
Version: 5
Platform(s): Ubuntu 7.10
Ubuntu 8.04
Ubuntu 6.06
Ubuntu 8.10
Product(s): openssl
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:17462
 
Oval ID: oval:org.mitre.oval:def:17462
Title: USN-600-1 -- rsync vulnerability
Description: Sebastian Krahmer discovered that rsync could overflow when handling ACLs.
Family: unix Class: patch
Reference(s): USN-600-1
CVE-2008-1720
Version: 7
Platform(s): Ubuntu 7.04
Ubuntu 7.10
Product(s): rsync
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:17856
 
Oval ID: oval:org.mitre.oval:def:17856
Title: USN-685-1 -- net-snmp vulnerabilities
Description: Wes Hardaker discovered that the SNMP service did not correctly validate HMAC authentication requests.
Family: unix Class: patch
Reference(s): USN-685-1
CVE-2008-0960
CVE-2008-2292
CVE-2008-4309
Version: 7
Platform(s): Ubuntu 6.06
Ubuntu 7.10
Ubuntu 8.04
Ubuntu 8.10
Product(s): net-snmp
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:18444
 
Oval ID: oval:org.mitre.oval:def:18444
Title: DSA-1545-1 rsync
Description: Sebastian Krahmer discovered that an integer overflow in rsync's code for handling extended attributes may lead to arbitrary code execution.
Family: unix Class: patch
Reference(s): DSA-1545-1
CVE-2008-1720
Version: 7
Platform(s): Debian GNU/Linux 4.0
Product(s): rsync
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19948
 
Oval ID: oval:org.mitre.oval:def:19948
Title: DSA-1663-1 net-snmp - several vulnerabilities
Description: Several vulnerabilities have been discovered in NET SNMP, a suite of Simple Network Management Protocol applications.
Family: unix Class: patch
Reference(s): DSA-1663-1
CVE-2008-0960
CVE-2008-2292
CVE-2008-4309
Version: 5
Platform(s): Debian GNU/Linux 4.0
Product(s): net-snmp
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22168
 
Oval ID: oval:org.mitre.oval:def:22168
Title: ELSA-2008:0971: net-snmp security update (Important)
Description: Integer overflow in the netsnmp_create_subtree_cache function in agent/snmp_agent.c in net-snmp 5.4 before 5.4.2.1, 5.3 before 5.3.2.3, and 5.2 before 5.2.5.1 allows remote attackers to cause a denial of service (crash) via a crafted SNMP GETBULK request, which triggers a heap-based buffer overflow, related to the number of responses or repeats.
Family: unix Class: patch
Reference(s): ELSA-2008:0971-01
CVE-2008-4309
Version: 6
Platform(s): Oracle Linux 5
Product(s): net-snmp
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22194
 
Oval ID: oval:org.mitre.oval:def:22194
Title: HP-UX Running OpenSSL, Remote Denial of Service (DoS), Bypass Security Restrictions
Description: The ASN1_STRING_print_ex function in OpenSSL before 0.9.8k allows remote attackers to cause a denial of service (invalid memory access and application crash) via vectors that trigger printing of a (1) BMPString or (2) UniversalString with an invalid encoded length.
Family: unix Class: vulnerability
Reference(s): CVE-2009-0590
Version: 8
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22951
 
Oval ID: oval:org.mitre.oval:def:22951
Title: ELSA-2009:1287: openssh security, bug fix, and enhancement update (Low)
Description: Error handling in the SSH protocol in (1) SSH Tectia Client and Server and Connector 4.0 through 4.4.11, 5.0 through 5.2.4, and 5.3 through 5.3.8; Client and Server and ConnectSecure 6.0 through 6.0.4; Server for Linux on IBM System z 6.0.4; Server for IBM z/OS 5.5.1 and earlier, 6.0.0, and 6.0.1; and Client 4.0-J through 4.3.3-J and 4.0-K through 4.3.10-K; and (2) OpenSSH 4.7p1 and possibly other versions, when using a block cipher algorithm in Cipher Block Chaining (CBC) mode, makes it easier for remote attackers to recover certain plaintext data from an arbitrary block of ciphertext in an SSH session via unknown vectors.
Family: unix Class: patch
Reference(s): ELSA-2009:1287-02
CVE-2008-5161
Version: 6
Platform(s): Oracle Linux 5
Product(s): openssh
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:25196
 
Oval ID: oval:org.mitre.oval:def:25196
Title: Vulnerability in OpenSSL before 0.9.8k, allows remote attackers to cause a denial of service (invalid memory access and application crash)
Description: The ASN1_STRING_print_ex function in OpenSSL before 0.9.8k allows remote attackers to cause a denial of service (invalid memory access and application crash) via vectors that trigger printing of a (1) BMPString or (2) UniversalString with an invalid encoded length.
Family: windows Class: vulnerability
Reference(s): CVE-2009-0590
Version: 3
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows 8
Microsoft Windows 8.1
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Product(s): OpenSSL
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:29197
 
Oval ID: oval:org.mitre.oval:def:29197
Title: RHSA-2008:0971 -- net-snmp security update (Important)
Description: Updated net-snmp packages that fix a security issue are now available for Red Hat Enterprise Linux 3, 4, and 5. This update has been rated as having important security impact by the Red Hat Security Response Team. The Simple Network Management Protocol (SNMP) is a protocol used for network management. A denial-of-service flaw was found in the way Net-SNMP processes SNMP GETBULK requests. A remote attacker who issued a specially-crafted request could cause the snmpd server to crash. (CVE-2008-4309)
Family: unix Class: patch
Reference(s): RHSA-2008:0971
CESA-2008:0971-CentOS 5
CESA-2008:0971-CentOS 3
CVE-2008-4309
Version: 3
Platform(s): Red Hat Enterprise Linux 5
Red Hat Enterprise Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 5
CentOS Linux 3
Product(s): net-snmp
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:29350
 
Oval ID: oval:org.mitre.oval:def:29350
Title: RHSA-2009:1287 -- openssh security, bug fix, and enhancement update (Low)
Description: Updated openssh packages that fix a security issue, a bug, and add enhancements are now available for Red Hat Enterprise Linux 5. This update has been rated as having low security impact by the Red Hat Security Response Team.
Family: unix Class: patch
Reference(s): RHSA-2009:1287
CESA-2009:1287-CentOS 5
CVE-2008-5161
Version: 3
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Product(s): openssh
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6171
 
Oval ID: oval:org.mitre.oval:def:6171
Title: Net-snmp GETBULK Request Processing Bug Lets Remote Users Deny Service
Description: Integer overflow in the netsnmp_create_subtree_cache function in agent/snmp_agent.c in net-snmp 5.4 before 5.4.2.1, 5.3 before 5.3.2.3, and 5.2 before 5.2.5.1 allows remote attackers to cause a denial of service (crash) via a crafted SNMP GETBULK request, which triggers a heap-based buffer overflow, related to the number of responses or repeats.
Family: unix Class: vulnerability
Reference(s): CVE-2008-4309
Version: 3
Platform(s): VMWare ESX Server 3
VMWare ESX Server 3.5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6353
 
Oval ID: oval:org.mitre.oval:def:6353
Title: Security Vulnerability in the SNMP daemon (snmpd(1M)) May Lead to a Denial of Service (DoS) Condition
Description: Integer overflow in the netsnmp_create_subtree_cache function in agent/snmp_agent.c in net-snmp 5.4 before 5.4.2.1, 5.3 before 5.3.2.3, and 5.2 before 5.2.5.1 allows remote attackers to cause a denial of service (crash) via a crafted SNMP GETBULK request, which triggers a heap-based buffer overflow, related to the number of responses or repeats.
Family: unix Class: vulnerability
Reference(s): CVE-2008-4309
Version: 1
Platform(s): Sun Solaris 10
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6996
 
Oval ID: oval:org.mitre.oval:def:6996
Title: OpenSSL Multiple Vulnerabilities
Description: The ASN1_STRING_print_ex function in OpenSSL before 0.9.8k allows remote attackers to cause a denial of service (invalid memory access and application crash) via vectors that trigger printing of a (1) BMPString or (2) UniversalString with an invalid encoded length.
Family: unix Class: vulnerability
Reference(s): CVE-2009-0590
Version: 5
Platform(s): VMWare ESX Server 4.0
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:7025
 
Oval ID: oval:org.mitre.oval:def:7025
Title: DSA-1663 net-snmp -- several vulnerabilities
Description: Several vulnerabilities have been discovered in NET SNMP, a suite of Simple Network Management Protocol applications. The Common Vulnerabilities and Exposures project identifies the following problems: Wes Hardaker reported that the SNMPv3 HMAC verification relies on the client to specify the HMAC length, which allows spoofing of authenticated SNMPv3 packets. John Kortink reported a buffer overflow in the __snprint_value function in snmp_get causing a denial of service and potentially allowing the execution of arbitrary code via a large OCTETSTRING in an attribute value pair (AVP). It was reported that an integer overflow in the netsnmp_create_subtree_cache function in agent/snmp_agent.c allows remote attackers to cause a denial of service attack via a crafted SNMP GETBULK request.
Family: unix Class: patch
Reference(s): DSA-1663
CVE-2008-0960
CVE-2008-2292
CVE-2008-4309
Version: 3
Platform(s): Debian GNU/Linux 4.0
Product(s): net-snmp
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:8038
 
Oval ID: oval:org.mitre.oval:def:8038
Title: DSA-1763 openssl -- programming error
Description: It was discovered that insufficient length validations in the ASN.1 handling of the OpenSSL crypto library may lead to denial of service when processing a manipulated certificate.
Family: unix Class: patch
Reference(s): DSA-1763
CVE-2009-0590
Version: 3
Platform(s): Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
Product(s): openssl
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:9860
 
Oval ID: oval:org.mitre.oval:def:9860
Title: Integer overflow in the netsnmp_create_subtree_cache function in agent/snmp_agent.c in net-snmp 5.4 before 5.4.2.1, 5.3 before 5.3.2.3, and 5.2 before 5.2.5.1 allows remote attackers to cause a denial of service (crash) via a crafted SNMP GETBULK request, which triggers a heap-based buffer overflow, related to the number of responses or repeats.
Description: Integer overflow in the netsnmp_create_subtree_cache function in agent/snmp_agent.c in net-snmp 5.4 before 5.4.2.1, 5.3 before 5.3.2.3, and 5.2 before 5.2.5.1 allows remote attackers to cause a denial of service (crash) via a crafted SNMP GETBULK request, which triggers a heap-based buffer overflow, related to the number of responses or repeats.
Family: unix Class: vulnerability
Reference(s): CVE-2008-4309
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 3
Application 3
Application 1
Application 210
Application 10
Application 33
Application 60
Application 30
Application 5
Application 71
Os 2

OpenVAS Exploits

Date Description
2012-06-21 Name : PHP version smaller than 5.2.9
File : nvt/nopsec_php_5_2_9.nasl
2012-04-16 Name : VMSA-2010-0009: ESXi utilities and ESX Service Console third party updates
File : nvt/gb_VMSA-2010-0009.nasl
2011-08-09 Name : CentOS Update for openssl CESA-2009:1335 centos5 i386
File : nvt/gb_CESA-2009_1335_openssl_centos5_i386.nasl
2011-08-09 Name : CentOS Update for openssh CESA-2009:1287 centos5 i386
File : nvt/gb_CESA-2009_1287_openssh_centos5_i386.nasl
2010-05-12 Name : Mac OS X Security Update 2009-005
File : nvt/macosx_secupd_2009-005.nasl
2010-05-12 Name : Mac OS X 10.5.7 Update / Mac OS X Security Update 2009-002
File : nvt/macosx_upd_10_5_7_secupd_2009-002.nasl
2010-05-12 Name : Mac OS X 10.6.2 Update / Mac OS X Security Update 2009-006
File : nvt/macosx_upd_10_6_2_secupd_2009-006.nasl
2010-03-31 Name : CentOS Update for openssl CESA-2010:0163 centos3 i386
File : nvt/gb_CESA-2010_0163_openssl_centos3_i386.nasl
2010-03-31 Name : CentOS Update for openssl CESA-2010:0163 centos4 i386
File : nvt/gb_CESA-2010_0163_openssl_centos4_i386.nasl
2010-03-31 Name : RedHat Update for openssl RHSA-2010:0163-01
File : nvt/gb_RHSA-2010_0163-01_openssl.nasl
2010-01-07 Name : Gentoo Security Advisory GLSA 201001-03 (php)
File : nvt/glsa_201001_03.nasl
2009-11-17 Name : Mac OS X Version
File : nvt/macosx_version.nasl
2009-10-13 Name : SLES10: Security update for compat-openssl097g
File : nvt/sles10_compat-openssl0.nasl
2009-10-13 Name : SLES10: Security update for PHP5
File : nvt/sles10_apache2-mod_php3.nasl
2009-10-13 Name : SLES10: Security update for net-snmp
File : nvt/sles10_net-snmp.nasl
2009-10-13 Name : SLES10: Security update for OpenSSL
File : nvt/sles10_openssl1.nasl
2009-10-13 Name : Solaris Update for sshd 141742-04
File : nvt/gb_solaris_141742_04.nasl
2009-10-13 Name : Solaris Update for sshd 140119-11
File : nvt/gb_solaris_140119_11.nasl
2009-10-11 Name : SLES11: Security update for PHP5
File : nvt/sles11_apache2-mod_php0.nasl
2009-10-11 Name : SLES11: Security update for OpenSSL
File : nvt/sles11_libopenssl0_9_8.nasl
2009-10-10 Name : SLES9: Security update for OpenSSL
File : nvt/sles9p5048397.nasl
2009-10-10 Name : SLES9: Security update for net-snmp
File : nvt/sles9p5041460.nasl
2009-09-23 Name : Solaris Update for sshd 141742-02
File : nvt/gb_solaris_141742_02.nasl
2009-09-23 Name : Solaris Update for sshd 140119-09
File : nvt/gb_solaris_140119_09.nasl
2009-09-23 Name : Solaris Update for sshd 140119-07
File : nvt/gb_solaris_140119_07.nasl
2009-09-21 Name : CentOS Security Advisory CESA-2009:1287 (openssh)
File : nvt/ovcesa2009_1287.nasl
2009-09-21 Name : CentOS Security Advisory CESA-2009:1335 (openssl)
File : nvt/ovcesa2009_1335.nasl
2009-09-09 Name : RedHat Security Advisory RHSA-2009:1335
File : nvt/RHSA_2009_1335.nasl
2009-09-09 Name : RedHat Security Advisory RHSA-2009:1287
File : nvt/RHSA_2009_1287.nasl
2009-07-29 Name : Mandrake Security Advisory MDVSA-2009:156 (net-snmp)
File : nvt/mdksa_2009_156.nasl
2009-07-17 Name : HP-UX Update for OpenSSL HPSBUX02435
File : nvt/gb_hp_ux_HPSBUX02435.nasl
2009-07-06 Name : SuSE Security Summary SUSE-SR:2009:012
File : nvt/suse_sr_2009_012.nasl
2009-05-20 Name : SuSE Security Summary SUSE-SR:2009:010
File : nvt/suse_sr_2009_010.nasl
2009-05-11 Name : FreeBSD Ports: FreeBSD
File : nvt/freebsd_FreeBSD.nasl
2009-04-28 Name : FreeBSD Security Advisory (FreeBSD-SA-09:08.openssl.asc)
File : nvt/freebsdsa_openssl7.nasl
2009-04-23 Name : Denial Of Service Vulnerability in PHP April-09
File : nvt/gb_php_dos_vuln_apr09.nasl
2009-04-23 Name : OpenSSH CBC Mode Information Disclosure Vulnerability
File : nvt/openssh_32319_remote.nasl
2009-04-15 Name : Debian Security Advisory DSA 1763-1 (openssl)
File : nvt/deb_1763_1.nasl
2009-04-15 Name : Gentoo Security Advisory GLSA 200904-08 (openssl)
File : nvt/glsa_200904_08.nasl
2009-04-09 Name : Mandriva Update for net-snmp MDVSA-2008:225 (net-snmp)
File : nvt/gb_mandriva_MDVSA_2008_225.nasl
2009-04-09 Name : Mandriva Update for rsync MDVSA-2008:084 (rsync)
File : nvt/gb_mandriva_MDVSA_2008_084.nasl
2009-04-06 Name : Ubuntu USN-750-1 (openssl)
File : nvt/ubuntu_750_1.nasl
2009-04-06 Name : Ubuntu USN-749-1 (libsndfile)
File : nvt/ubuntu_749_1.nasl
2009-04-06 Name : Mandrake Security Advisory MDVSA-2009:087 (openssl)
File : nvt/mdksa_2009_087.nasl
2009-04-02 Name : OpenSSL Multiple Vulnerabilities (Linux)
File : nvt/gb_openssl_mult_vuln_lin.nasl
2009-04-02 Name : OpenSSL Multiple Vulnerabilities (Win)
File : nvt/gb_openssl_mult_vuln_win.nasl
2009-03-23 Name : Ubuntu Update for rsync vulnerability USN-600-1
File : nvt/gb_ubuntu_USN_600_1.nasl
2009-03-23 Name : Ubuntu Update for net-snmp vulnerabilities USN-685-1
File : nvt/gb_ubuntu_USN_685_1.nasl
2009-03-06 Name : RedHat Update for net-snmp RHSA-2008:0971-01
File : nvt/gb_RHSA-2008_0971-01_net-snmp.nasl
2009-02-27 Name : CentOS Update for net-snmp CESA-2008:0971 centos3 x86_64
File : nvt/gb_CESA-2008_0971_net-snmp_centos3_x86_64.nasl
2009-02-27 Name : CentOS Update for net-snmp CESA-2008:0971 centos3 i386
File : nvt/gb_CESA-2008_0971_net-snmp_centos3_i386.nasl
2009-02-18 Name : Fedora Core 10 FEDORA-2009-1769 (net-snmp)
File : nvt/fcore_2009_1769.nasl
2009-02-17 Name : Fedora Update for rsync FEDORA-2008-3060
File : nvt/gb_fedora_2008_3060_rsync_fc7.nasl
2009-02-17 Name : Fedora Update for net-snmp FEDORA-2008-9362
File : nvt/gb_fedora_2008_9362_net-snmp_fc8.nasl
2009-02-17 Name : Fedora Update for net-snmp FEDORA-2008-9367
File : nvt/gb_fedora_2008_9367_net-snmp_fc9.nasl
2009-02-17 Name : Fedora Update for rsync FEDORA-2008-3047
File : nvt/gb_fedora_2008_3047_rsync_fc8.nasl
2009-02-16 Name : Fedora Update for net-snmp FEDORA-2008-10451
File : nvt/gb_fedora_2008_10451_net-snmp_fc10.nasl
2009-02-02 Name : SuSE Security Summary SUSE-SR:2009:003
File : nvt/suse_sr_2009_003.nasl
2009-01-26 Name : Gentoo Security Advisory GLSA 200901-15 (net-snmp)
File : nvt/glsa_200901_15.nasl
2008-12-02 Name : OpenSSH CBC Mode Information Disclosure Vulnerability
File : nvt/secpod_openssh_information_disclosure_vuln_900179.nasl
2008-11-19 Name : FreeBSD Ports: net-snmp
File : nvt/freebsd_net-snmp2.nasl
2008-11-19 Name : Debian Security Advisory DSA 1663-1 (net-snmp)
File : nvt/deb_1663_1.nasl
2008-09-24 Name : Gentoo Security Advisory GLSA 200804-16 (rsync)
File : nvt/glsa_200804_16.nasl
2008-04-21 Name : Debian Security Advisory DSA 1545-1 (rsync)
File : nvt/deb_1545_1.nasl
0000-00-00 Name : Slackware Advisory SSA:2009-098-01 openssl
File : nvt/esoft_slk_ssa_2009_098_01.nasl
0000-00-00 Name : Slackware Advisory SSA:2008-320-02 net-snmp
File : nvt/esoft_slk_ssa_2008_320_02.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
62881 SSH Tectia Audit Player ASN1_STRING_print_ex() Function BMPString / Universal...

57134 HP Insight Control Suite For Linux Unspecified CSRF

53440 PHP php_zip.c php_zip_make_relative_path Function ZIP File Handling DoS

52864 OpenSSL ASN1_STRING_print_ex() Function BMPString / UniversalString Handling DoS

50036 OpenSSH CBC Mode Chosen Ciphertext 32-bit Chunk Plaintext Context Disclosure

50035 SSH Tectia Multiple Products CBC Mode Chosen Ciphertext 32-bit Chunk Plaintex...

49524 Net-SNMP getbulk Code Response / Repeat Saturation Remote DoS

44368 rsync Extended Attribute (xattr) Support Unspecified Overflow

Information Assurance Vulnerability Management (IAVM)

Date Description
2009-02-05 IAVM : 2009-B-0006 - Multiple Vulnerabilities in VMware
Severity : Category I - VMSKEY : V0018295

Nessus® Vulnerability Scanner

Date Description
2016-03-08 Name : The remote VMware ESX host is missing a security-related patch.
File : vmware_VMSA-2010-0019_remote.nasl - Type : ACT_GATHER_INFO
2016-03-08 Name : The remote VMware ESX / ESXi host is missing a security-related patch.
File : vmware_VMSA-2010-0009_remote.nasl - Type : ACT_GATHER_INFO
2016-03-08 Name : The remote VMware ESX host is missing a security-related patch.
File : vmware_VMSA-2010-0004_remote.nasl - Type : ACT_GATHER_INFO
2014-10-10 Name : The remote device is missing a vendor-supplied security patch.
File : f5_bigip_SOL14609.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : suse_11_3_compat-openssl097g-110721.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : suse_11_4_compat-openssl097g-110721.nasl - Type : ACT_GATHER_INFO
2014-05-12 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201405-06.nasl - Type : ACT_GATHER_INFO
2014-04-16 Name : The remote AIX host is running a vulnerable version of OpenSSH.
File : aix_openssh_advisory.nasl - Type : ACT_GATHER_INFO
2013-10-28 Name : The SSH server is configured to use Cipher Block Chaining.
File : ssh_cbc_supported_ciphers.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2008-0971.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2010-0163.nasl - Type : ACT_GATHER_INFO
2013-01-24 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2009-1335.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20100325_openssl_on_SL3_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20090902_openssl_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20090902_openssh_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20081103_net_snmp_on_SL3_x.nasl - Type : ACT_GATHER_INFO
2012-01-04 Name : The remote server is affected by multiple vulnerabilities.
File : openssl_0_9_8k.nasl - Type : ACT_GATHER_INFO
2011-12-13 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_compat-openssl097g-7645.nasl - Type : ACT_GATHER_INFO
2011-09-27 Name : The SSH service running on the remote host has an information disclosure vuln...
File : openssh_plaintext_recovery.nasl - Type : ACT_GATHER_INFO
2011-08-29 Name : The SSH service running on the remote host has an information disclosure vuln...
File : sunssh_plaintext_recovery.nasl - Type : ACT_GATHER_INFO
2011-07-28 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_compat-openssl097g-7644.nasl - Type : ACT_GATHER_INFO
2011-07-28 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_compat-openssl097g-110721.nasl - Type : ACT_GATHER_INFO
2010-12-17 Name : The remote network device is affected by multiple remote vulnerabilities.
File : airport_firmware_7_5_2.nasl - Type : ACT_GATHER_INFO
2010-12-08 Name : The remote VMware ESX host is missing one or more security-related patches.
File : vmware_VMSA-2010-0019.nasl - Type : ACT_GATHER_INFO
2010-06-01 Name : The remote VMware ESXi / ESX host is missing one or more security-related pat...
File : vmware_VMSA-2010-0009.nasl - Type : ACT_GATHER_INFO
2010-05-11 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2010-0163.nasl - Type : ACT_GATHER_INFO
2010-03-26 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2010-0163.nasl - Type : ACT_GATHER_INFO
2010-03-05 Name : The remote VMware ESX host is missing one or more security-related patches.
File : vmware_VMSA-2010-0004.nasl - Type : ACT_GATHER_INFO
2010-02-25 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201001-03.nasl - Type : ACT_GATHER_INFO
2010-02-17 Name : The remote VMware ESX host is missing a security-related patch.
File : vmware_VMSA-2010-0003.nasl - Type : ACT_GATHER_INFO
2010-01-06 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2009-1287.nasl - Type : ACT_GATHER_INFO
2010-01-06 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2009-1335.nasl - Type : ACT_GATHER_INFO
2009-11-09 Name : The remote host is missing a Mac OS X update that fixes various security issues.
File : macosx_SecUpd2009-006.nasl - Type : ACT_GATHER_INFO
2009-09-24 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_compat-openssl097g-6170.nasl - Type : ACT_GATHER_INFO
2009-09-24 Name : The remote SuSE 9 host is missing a security-related patch.
File : suse9_12397.nasl - Type : ACT_GATHER_INFO
2009-09-24 Name : The remote SuSE 9 host is missing a security-related patch.
File : suse9_12298.nasl - Type : ACT_GATHER_INFO
2009-09-24 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_apache2-mod_php5-090618.nasl - Type : ACT_GATHER_INFO
2009-09-24 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_openssl-6179.nasl - Type : ACT_GATHER_INFO
2009-09-24 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_compat-openssl097g-090416.nasl - Type : ACT_GATHER_INFO
2009-09-24 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_libopenssl-devel-090415.nasl - Type : ACT_GATHER_INFO
2009-09-24 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_apache2-mod_php5-6311.nasl - Type : ACT_GATHER_INFO
2009-09-11 Name : The remote host is missing a Mac OS X update that fixes various security issues.
File : macosx_SecUpd2009-005.nasl - Type : ACT_GATHER_INFO
2009-09-02 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2009-1287.nasl - Type : ACT_GATHER_INFO
2009-07-27 Name : The remote VMware ESXi / ESX host is missing one or more security-related pat...
File : vmware_VMSA-2009-0001.nasl - Type : ACT_GATHER_INFO
2009-07-21 Name : The remote openSUSE host is missing a security update.
File : suse_11_1_libopenssl-devel-090415.nasl - Type : ACT_GATHER_INFO
2009-07-21 Name : The remote openSUSE host is missing a security update.
File : suse_11_0_compat-openssl097g-090416.nasl - Type : ACT_GATHER_INFO
2009-07-21 Name : The remote openSUSE host is missing a security update.
File : suse_11_0_libopenssl-devel-090415.nasl - Type : ACT_GATHER_INFO
2009-07-21 Name : The remote openSUSE host is missing a security update.
File : suse_11_0_libsnmp15-081121.nasl - Type : ACT_GATHER_INFO
2009-07-21 Name : The remote openSUSE host is missing a security update.
File : suse_11_1_compat-openssl097g-090416.nasl - Type : ACT_GATHER_INFO
2009-05-13 Name : The remote host is missing a Mac OS X update that fixes various security issues.
File : macosx_10_5_7.nasl - Type : ACT_GATHER_INFO
2009-05-13 Name : The remote host is missing a Mac OS X update that fixes various security issues.
File : macosx_SecUpd2009-002.nasl - Type : ACT_GATHER_INFO
2009-05-08 Name : The remote host is missing a security update
File : freebsd_pkg_fbc8413f2f7a11de9a3f001b77d09812.nasl - Type : ACT_GATHER_INFO
2009-04-30 Name : The remote openSUSE host is missing a security update.
File : suse_libopenssl-devel-6173.nasl - Type : ACT_GATHER_INFO
2009-04-30 Name : The remote openSUSE host is missing a security update.
File : suse_compat-openssl097g-6175.nasl - Type : ACT_GATHER_INFO
2009-04-23 Name : The remote Fedora host is missing a security update.
File : fedora_2009-1769.nasl - Type : ACT_GATHER_INFO
2009-04-23 Name : The remote Mandriva Linux host is missing a security update.
File : mandriva_MDVSA-2008-084.nasl - Type : ACT_GATHER_INFO
2009-04-23 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-685-1.nasl - Type : ACT_GATHER_INFO
2009-04-23 Name : The remote Fedora host is missing a security update.
File : fedora_2008-10451.nasl - Type : ACT_GATHER_INFO
2009-04-23 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-750-1.nasl - Type : ACT_GATHER_INFO
2009-04-23 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2008-0971.nasl - Type : ACT_GATHER_INFO
2009-04-23 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2009-087.nasl - Type : ACT_GATHER_INFO
2009-04-23 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2008-225.nasl - Type : ACT_GATHER_INFO
2009-04-08 Name : The remote Slackware host is missing a security update.
File : Slackware_SSA_2009-098-01.nasl - Type : ACT_GATHER_INFO
2009-04-07 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1763.nasl - Type : ACT_GATHER_INFO
2009-04-07 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-200904-08.nasl - Type : ACT_GATHER_INFO
2009-02-27 Name : The remote web server uses a version of PHP that is affected by multiple flaws.
File : php_5_2_9.nasl - Type : ACT_GATHER_INFO
2009-01-26 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_net-snmp-5807.nasl - Type : ACT_GATHER_INFO
2009-01-22 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-200901-15.nasl - Type : ACT_GATHER_INFO
2008-12-03 Name : The remote openSUSE host is missing a security update.
File : suse_libsnmp15-5808.nasl - Type : ACT_GATHER_INFO
2008-11-17 Name : The remote Slackware host is missing a security update.
File : Slackware_SSA_2008-320-02.nasl - Type : ACT_GATHER_INFO
2008-11-14 Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_daf045d7b21111dda987000c29ca8953.nasl - Type : ACT_GATHER_INFO
2008-11-09 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1663.nasl - Type : ACT_GATHER_INFO
2008-11-06 Name : The remote Fedora host is missing a security update.
File : fedora_2008-9367.nasl - Type : ACT_GATHER_INFO
2008-11-06 Name : The remote Fedora host is missing a security update.
File : fedora_2008-9362.nasl - Type : ACT_GATHER_INFO
2008-11-04 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2008-0971.nasl - Type : ACT_GATHER_INFO
2008-05-01 Name : The remote openSUSE host is missing a security update.
File : suse_rsync-5207.nasl - Type : ACT_GATHER_INFO
2008-04-22 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-200804-16.nasl - Type : ACT_GATHER_INFO
2008-04-18 Name : The remote Fedora host is missing a security update.
File : fedora_2008-3060.nasl - Type : ACT_GATHER_INFO
2008-04-18 Name : The remote Fedora host is missing a security update.
File : fedora_2008-3047.nasl - Type : ACT_GATHER_INFO
2008-04-17 Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-600-1.nasl - Type : ACT_GATHER_INFO
2008-04-17 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1545.nasl - Type : ACT_GATHER_INFO
2007-06-04 Name : The remote host is missing Sun Security Patch number 120273-42
File : solaris10_x86_120273.nasl - Type : ACT_GATHER_INFO
2007-05-20 Name : The remote host is missing Sun Security Patch number 120272-40
File : solaris10_120272.nasl - Type : ACT_GATHER_INFO
2007-03-18 Name : The remote host is missing Sun Security Patch number 122300-61
File : solaris9_122300.nasl - Type : ACT_GATHER_INFO
2007-03-18 Name : The remote host is missing Sun Security Patch number 122301-61
File : solaris9_x86_122301.nasl - Type : ACT_GATHER_INFO