Executive Summary
Summary | |
---|---|
Title | HP Insight Control Software for Linux (IC-Linux), Remote Execution of Arbitrary Code, Denial of Service (DoS) |
Informations | |||
---|---|---|---|
Name | HPSBMU02752 SSRT100802 | First vendor Publication | 2012-03-20 |
Vendor | HP | Last vendor Modification | 2012-03-20 |
Severity (Vendor) | N/A | Revision | 1 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 7.5 | Attack Range | Network |
Cvss Impact Score | 6.4 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Potential security vulnerabilities have been identified with HP Insight Control Software for Linux (IC-Linux). The vulnerabilities could be exploited remotely to execute arbitrary code or to create a Denial of Service (DoS). |
Original Source
Url : http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03246498 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
17 % | CWE-400 | Uncontrolled Resource Consumption ('Resource Exhaustion') |
17 % | CWE-399 | Resource Management Errors |
17 % | CWE-264 | Permissions, Privileges, and Access Controls |
17 % | CWE-189 | Numeric Errors (CWE/SANS Top 25) |
17 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
17 % | CWE-20 | Improper Input Validation |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:12032 | |||
Oval ID: | oval:org.mitre.oval:def:12032 | ||
Title: | DSA-2216-1 isc-dhcp -- missing input sanitisation | ||
Description: | Sebastian Krahmer and Marius Tomaschewski discovered that dhclient of isc-dhcp, a DHCP client, is not properly filtering shell meta-characters in certain options in DHCP server responses. These options are reused in an insecure fashion by dhclient scripts. This allows an attacker to execute arbitrary commands with the privileges of such a process by sending crafted DHCP options to a client using a rogue server. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-2216-1 CVE-2011-0997 | Version: | 5 |
Platform(s): | Debian GNU/Linux 6.0 Debian GNU/kFreeBSD 6.0 | Product(s): | isc-dhcp |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:12297 | |||
Oval ID: | oval:org.mitre.oval:def:12297 | ||
Title: | DSA-2217-1 dhcp3 -- missing input sanitisation | ||
Description: | Sebastian Krahmer and Marius Tomaschewski discovered that dhclient of dhcp3, a DHCP client, is not properly filtering shell meta-characters in certain options in DHCP server responses. These options are reused in an insecure fashion by dhclient scripts. This allows an attacker to execute arbitrary commands with the privileges of such a process by sending crafted DHCP options to a client using a rogue server. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-2217-1 CVE-2011-0997 | Version: | 5 |
Platform(s): | Debian GNU/Linux 5.0 | Product(s): | dhcp3 |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:12812 | |||
Oval ID: | oval:org.mitre.oval:def:12812 | ||
Title: | VMSA-2011-0010 VMware ESX third party updates for Service Console packages glibc and dhcp | ||
Description: | dhclient in ISC DHCP 3.0.x through 4.2.x before 4.2.1-P1, 3.1-ESV before 3.1-ESV-R1, and 4.1-ESV before 4.1-ESV-R2 allows remote attackers to execute arbitrary commands via shell metacharacters in a hostname obtained from a DHCP message, as demonstrated by a hostname that is provided to dhclient-script. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2011-0997 | Version: | 4 |
Platform(s): | VMWare ESX Server 4.0 VMWare ESX Server 4.1 | Product(s): | |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:13784 | |||
Oval ID: | oval:org.mitre.oval:def:13784 | ||
Title: | USN-1098-1 -- vsftpd vulnerability | ||
Description: | It was discovered that vsftpd incorrectly handled certain glob expressions. A remote authenticated user could use a crafted glob expression to cause vftpd to consume all resources, leading to a denial of service. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-1098-1 CVE-2011-0762 | Version: | 5 |
Platform(s): | Ubuntu 8.04 Ubuntu 10.10 Ubuntu 10.04 Ubuntu 9.10 Ubuntu 6.06 | Product(s): | vsftpd |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:13937 | |||
Oval ID: | oval:org.mitre.oval:def:13937 | ||
Title: | USN-1108-2 -- dhcp3 vulnerability | ||
Description: | dhcp3: DHCP Client Details: USN-1108-1 fixed vulnerabilities in DHCP. Due to an error, the patch to fix the vulnerability was not properly applied on Ubuntu 9.10 and higher. This update fixes the problem. Original advisory An attacker�s DHCP server could send crafted responses to your computer and cause it to run programs as root. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-1108-2 CVE-2011-0997 | Version: | 5 |
Platform(s): | Ubuntu 10.10 Ubuntu 9.10 Ubuntu 10.04 | Product(s): | dhcp3 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:14049 | |||
Oval ID: | oval:org.mitre.oval:def:14049 | ||
Title: | USN-1124-1 -- rsync vulnerability | ||
Description: | rsync: fast remote file copy program rsync could be made to crash or run programs as your login if it connected to a malicious server. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-1124-1 CVE-2011-1097 | Version: | 5 |
Platform(s): | Ubuntu 10.10 Ubuntu 9.10 Ubuntu 10.04 | Product(s): | rsync |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:20394 | |||
Oval ID: | oval:org.mitre.oval:def:20394 | ||
Title: | VMware ESX third party updates for Service Console packages glibc and dhcp | ||
Description: | dhclient in ISC DHCP 3.0.x through 4.2.x before 4.2.1-P1, 3.1-ESV before 3.1-ESV-R1, and 4.1-ESV before 4.1-ESV-R2 allows remote attackers to execute arbitrary commands via shell metacharacters in a hostname obtained from a DHCP message, as demonstrated by a hostname that is provided to dhclient-script. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2011-0997 | Version: | 4 |
Platform(s): | VMWare ESX Server 4.1 VMWare ESX Server 4.0 VMWare ESX Server 3.5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:21649 | |||
Oval ID: | oval:org.mitre.oval:def:21649 | ||
Title: | RHSA-2011:1409: openssl security update (Moderate) | ||
Description: | crypto/x509/x509_vfy.c in OpenSSL 1.0.x before 1.0.0e does not initialize certain structure members, which makes it easier for remote attackers to bypass CRL validation by using a nextUpdate value corresponding to a time in the past. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2011:1409-01 CVE-2011-3207 | Version: | 4 |
Platform(s): | Red Hat Enterprise Linux 6 | Product(s): | openssl |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:21712 | |||
Oval ID: | oval:org.mitre.oval:def:21712 | ||
Title: | RHSA-2011:0428: dhcp security update (Important) | ||
Description: | dhclient in ISC DHCP 3.0.x through 4.2.x before 4.2.1-P1, 3.1-ESV before 3.1-ESV-R1, and 4.1-ESV before 4.1-ESV-R2 allows remote attackers to execute arbitrary commands via shell metacharacters in a hostname obtained from a DHCP message, as demonstrated by a hostname that is provided to dhclient-script. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2011:0428-01 CVE-2011-0997 CESA-2011:0428-CentOS 5 | Version: | 6 |
Platform(s): | Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 5 CentOS Linux 5 | Product(s): | dhcp |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:21856 | |||
Oval ID: | oval:org.mitre.oval:def:21856 | ||
Title: | RHSA-2011:0337: vsftpd security update (Important) | ||
Description: | The vsf_filename_passes_filter function in ls.c in vsftpd before 2.3.3 allows remote authenticated users to cause a denial of service (CPU consumption and process slot exhaustion) via crafted glob expressions in STAT commands in multiple FTP sessions, a different vulnerability than CVE-2010-2632. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2011:0337-01 CVE-2011-0762 CESA-2011:0337-CentOS 5 | Version: | 6 |
Platform(s): | Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 5 CentOS Linux 5 | Product(s): | vsftpd |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:21910 | |||
Oval ID: | oval:org.mitre.oval:def:21910 | ||
Title: | RHSA-2011:0390: rsync security update (Moderate) | ||
Description: | rsync 3.x before 3.0.8, when certain recursion, deletion, and ownership options are used, allows remote rsync servers to cause a denial of service (heap memory corruption and application crash) or possibly execute arbitrary code via malformed data. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2011:0390-01 CVE-2011-1097 | Version: | 4 |
Platform(s): | Red Hat Enterprise Linux 6 | Product(s): | rsync |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:23346 | |||
Oval ID: | oval:org.mitre.oval:def:23346 | ||
Title: | ELSA-2011:0337: vsftpd security update (Important) | ||
Description: | The vsf_filename_passes_filter function in ls.c in vsftpd before 2.3.3 allows remote authenticated users to cause a denial of service (CPU consumption and process slot exhaustion) via crafted glob expressions in STAT commands in multiple FTP sessions, a different vulnerability than CVE-2010-2632. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2011:0337-01 CVE-2011-0762 | Version: | 6 |
Platform(s): | Oracle Linux 6 | Product(s): | vsftpd |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:23356 | |||
Oval ID: | oval:org.mitre.oval:def:23356 | ||
Title: | ELSA-2011:0390: rsync security update (Moderate) | ||
Description: | rsync 3.x before 3.0.8, when certain recursion, deletion, and ownership options are used, allows remote rsync servers to cause a denial of service (heap memory corruption and application crash) or possibly execute arbitrary code via malformed data. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2011:0390-01 CVE-2011-1097 | Version: | 6 |
Platform(s): | Oracle Linux 6 | Product(s): | rsync |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:23375 | |||
Oval ID: | oval:org.mitre.oval:def:23375 | ||
Title: | ELSA-2011:1409: openssl security update (Moderate) | ||
Description: | crypto/x509/x509_vfy.c in OpenSSL 1.0.x before 1.0.0e does not initialize certain structure members, which makes it easier for remote attackers to bypass CRL validation by using a nextUpdate value corresponding to a time in the past. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2011:1409-01 CVE-2011-3207 | Version: | 6 |
Platform(s): | Oracle Linux 6 | Product(s): | openssl |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:23459 | |||
Oval ID: | oval:org.mitre.oval:def:23459 | ||
Title: | ELSA-2011:0428: dhcp security update (Important) | ||
Description: | dhclient in ISC DHCP 3.0.x through 4.2.x before 4.2.1-P1, 3.1-ESV before 3.1-ESV-R1, and 4.1-ESV before 4.1-ESV-R2 allows remote attackers to execute arbitrary commands via shell metacharacters in a hostname obtained from a DHCP message, as demonstrated by a hostname that is provided to dhclient-script. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2011:0428-01 CVE-2011-0997 | Version: | 6 |
Platform(s): | Oracle Linux 6 | Product(s): | dhcp |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:24954 | |||
Oval ID: | oval:org.mitre.oval:def:24954 | ||
Title: | Vulnerability in OpenSSL 1.0.x before 1.0.0e, does not initialize certain structure members | ||
Description: | crypto/x509/x509_vfy.c in OpenSSL 1.0.x before 1.0.0e does not initialize certain structure members, which makes it easier for remote attackers to bypass CRL validation by using a nextUpdate value corresponding to a time in the past. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2011-3207 | Version: | 3 |
Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 | Product(s): | OpenSSL |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:25015 | |||
Oval ID: | oval:org.mitre.oval:def:25015 | ||
Title: | Vulnerability in OpenSSL 0.9.8 through 0.9.8r and 1.0.x before 1.0.0e, allows remote attackers to cause a denial of service (daemon crash) | ||
Description: | The ephemeral ECDH ciphersuite functionality in OpenSSL 0.9.8 through 0.9.8r and 1.0.x before 1.0.0e does not ensure thread safety during processing of handshake messages from clients, which allows remote attackers to cause a denial of service (daemon crash) via out-of-order messages that violate the TLS protocol. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2011-3210 | Version: | 3 |
Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 | Product(s): | OpenSSL |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:27919 | |||
Oval ID: | oval:org.mitre.oval:def:27919 | ||
Title: | DEPRECATED: ELSA-2011-0390 -- rsync security update (moderate) | ||
Description: | [3.0.6-5.1] - Add upstream patch to fix CVE-2011-1097 - Incremental file-list corruption due to temporary file_extra_cnt increments Resolves: #684932 | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2011-0390 CVE-2011-1097 | Version: | 4 |
Platform(s): | Oracle Linux 6 | Product(s): | rsync |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:28075 | |||
Oval ID: | oval:org.mitre.oval:def:28075 | ||
Title: | DEPRECATED: ELSA-2011-1409 -- openssl security update (moderate) | ||
Description: | [1.0.0-10.5] - initialize the X509_STORE_CTX properly for CRL lookups - CVE-2011-3207 (#736087) | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2011-1409 CVE-2011-3207 | Version: | 4 |
Platform(s): | Oracle Linux 6 | Product(s): | openssl |
Definition Synopsis: | |||
CPE : Common Platform Enumeration
ExploitDB Exploits
id | Description |
---|---|
2011-03-02 | vsftpd 2.3.2 Denial of Service Vulnerability |
OpenVAS Exploits
Date | Description |
---|---|
2012-07-30 | Name : CentOS Update for dhclient CESA-2011:0428 centos5 x86_64 File : nvt/gb_CESA-2011_0428_dhclient_centos5_x86_64.nasl |
2012-07-30 | Name : CentOS Update for dhclient CESA-2011:0428 centos4 x86_64 File : nvt/gb_CESA-2011_0428_dhclient_centos4_x86_64.nasl |
2012-07-30 | Name : CentOS Update for php53 CESA-2011:0196 centos5 x86_64 File : nvt/gb_CESA-2011_0196_php53_centos5_x86_64.nasl |
2012-07-30 | Name : CentOS Update for vsftpd CESA-2011:0337 centos5 x86_64 File : nvt/gb_CESA-2011_0337_vsftpd_centos5_x86_64.nasl |
2012-07-09 | Name : RedHat Update for openssl RHSA-2011:1409-01 File : nvt/gb_RHSA-2011_1409-01_openssl.nasl |
2012-06-06 | Name : RedHat Update for rsync RHSA-2011:0390-01 File : nvt/gb_RHSA-2011_0390-01_rsync.nasl |
2012-06-05 | Name : RedHat Update for php RHSA-2011:0195-01 File : nvt/gb_RHSA-2011_0195-01_php.nasl |
2012-06-04 | Name : Fedora Update for openssl FEDORA-2012-8024 File : nvt/gb_fedora_2012_8024_openssl_fc15.nasl |
2012-05-11 | Name : Fedora Update for openssl FEDORA-2012-6395 File : nvt/gb_fedora_2012_6395_openssl_fc15.nasl |
2012-04-13 | Name : Fedora Update for openssl FEDORA-2012-4659 File : nvt/gb_fedora_2012_4659_openssl_fc15.nasl |
2012-03-19 | Name : Fedora Update for openssl FEDORA-2011-12233 File : nvt/gb_fedora_2011_12233_openssl_fc16.nasl |
2012-02-13 | Name : Ubuntu Update for openssl USN-1357-1 File : nvt/gb_ubuntu_USN_1357_1.nasl |
2012-02-12 | Name : Gentoo Security Advisory GLSA 201110-07 (vsftpd) File : nvt/glsa_201110_07.nasl |
2012-02-12 | Name : Gentoo Security Advisory GLSA 201110-01 (openssl) File : nvt/glsa_201110_01.nasl |
2012-02-12 | Name : Gentoo Security Advisory GLSA 201110-06 (php) File : nvt/glsa_201110_06.nasl |
2012-01-25 | Name : Fedora Update for openssl FEDORA-2012-0702 File : nvt/gb_fedora_2012_0702_openssl_fc15.nasl |
2012-01-16 | Name : Fedora Update for openssl FEDORA-2012-0250 File : nvt/gb_fedora_2012_0250_openssl_fc15.nasl |
2011-10-20 | Name : Mac OS X v10.6.8 Multiple Vulnerabilities (2011-006) File : nvt/gb_macosx_su11-006.nasl |
2011-10-16 | Name : Debian Security Advisory DSA 2305-1 (vsftpd) File : nvt/deb_2305_1.nasl |
2011-09-30 | Name : Mandriva Update for openssl MDVSA-2011:137 (openssl) File : nvt/gb_mandriva_MDVSA_2011_137.nasl |
2011-09-21 | Name : FreeBSD Ports: openssl File : nvt/freebsd_openssl4.nasl |
2011-09-12 | Name : Fedora Update for openssl FEDORA-2011-12281 File : nvt/gb_fedora_2011_12281_openssl_fc14.nasl |
2011-09-12 | Name : Fedora Update for dhcp FEDORA-2011-10705 File : nvt/gb_fedora_2011_10705_dhcp_fc14.nasl |
2011-08-09 | Name : CentOS Update for vsftpd CESA-2011:0337 centos5 i386 File : nvt/gb_CESA-2011_0337_vsftpd_centos5_i386.nasl |
2011-08-09 | Name : CentOS Update for php53 CESA-2011:0196 centos5 i386 File : nvt/gb_CESA-2011_0196_php53_centos5_i386.nasl |
2011-08-09 | Name : CentOS Update for dhclient CESA-2011:0428 centos5 i386 File : nvt/gb_CESA-2011_0428_dhclient_centos5_i386.nasl |
2011-08-03 | Name : FreeBSD Ports: rsync File : nvt/freebsd_rsync4.nasl |
2011-05-12 | Name : Debian Security Advisory DSA 2217-1 (dhcp3) File : nvt/deb_2217_1.nasl |
2011-05-12 | Name : Debian Security Advisory DSA 2216-1 (isc-dhcp) File : nvt/deb_2216_1.nasl |
2011-05-12 | Name : FreeBSD Ports: isc-dhcp31-client File : nvt/freebsd_isc-dhcp31-client0.nasl |
2011-05-10 | Name : Ubuntu Update for rsync USN-1124-1 File : nvt/gb_ubuntu_USN_1124_1.nasl |
2011-05-10 | Name : Ubuntu Update for dhcp3 USN-1108-2 File : nvt/gb_ubuntu_USN_1108_2.nasl |
2011-04-22 | Name : Rsync Multiple Denial of Service Vulnerabilities (Windows) File : nvt/gb_rsync_mult_dos_vuln.nasl |
2011-04-21 | Name : Fedora Update for dhcp FEDORA-2011-0848 File : nvt/gb_fedora_2011_0848_dhcp_fc13.nasl |
2011-04-19 | Name : Ubuntu Update for dhcp3 vulnerability USN-1108-1 File : nvt/gb_ubuntu_USN_1108_1.nasl |
2011-04-19 | Name : Mandriva Update for dhcp MDVSA-2011:073 (dhcp) File : nvt/gb_mandriva_MDVSA_2011_073.nasl |
2011-04-19 | Name : Fedora Update for dhcp FEDORA-2011-4897 File : nvt/gb_fedora_2011_4897_dhcp_fc14.nasl |
2011-04-11 | Name : CentOS Update for dhclient CESA-2011:0428 centos4 i386 File : nvt/gb_CESA-2011_0428_dhclient_centos4_i386.nasl |
2011-04-11 | Name : Mandriva Update for rsync MDVSA-2011:066 (rsync) File : nvt/gb_mandriva_MDVSA_2011_066.nasl |
2011-04-11 | Name : RedHat Update for dhcp RHSA-2011:0428-01 File : nvt/gb_RHSA-2011_0428-01_dhcp.nasl |
2011-04-11 | Name : Fedora Update for rsync FEDORA-2011-4427 File : nvt/gb_fedora_2011_4427_rsync_fc13.nasl |
2011-04-11 | Name : Fedora Update for rsync FEDORA-2011-4413 File : nvt/gb_fedora_2011_4413_rsync_fc14.nasl |
2011-04-01 | Name : Ubuntu Update for vsftpd vulnerability USN-1098-1 File : nvt/gb_ubuntu_USN_1098_1.nasl |
2011-03-24 | Name : Mandriva Update for vsftpd MDVSA-2011:049 (vsftpd) File : nvt/gb_mandriva_MDVSA_2011_049.nasl |
2011-03-24 | Name : Fedora Update for vsftpd FEDORA-2011-2615 File : nvt/gb_fedora_2011_2615_vsftpd_fc13.nasl |
2011-03-24 | Name : Fedora Update for vsftpd FEDORA-2011-2590 File : nvt/gb_fedora_2011_2590_vsftpd_fc14.nasl |
2011-03-15 | Name : RedHat Update for vsftpd RHSA-2011:0337-01 File : nvt/gb_RHSA-2011_0337-01_vsftpd.nasl |
2011-03-15 | Name : CentOS Update for vsftpd CESA-2011:0337 centos4 i386 File : nvt/gb_CESA-2011_0337_vsftpd_centos4_i386.nasl |
2011-03-03 | Name : vsftpd FTP Server 'ls.c' Remote Denial of Service Vulnerability File : nvt/gb_vsftpd_46617.nasl |
2011-02-04 | Name : RedHat Update for php53 RHSA-2011:0196-01 File : nvt/gb_RHSA-2011_0196-01_php53.nasl |
2011-01-24 | Name : Fedora Update for maniadrive-data FEDORA-2011-0321 File : nvt/gb_fedora_2011_0321_maniadrive-data_fc13.nasl |
2011-01-24 | Name : Fedora Update for maniadrive FEDORA-2011-0329 File : nvt/gb_fedora_2011_0329_maniadrive_fc14.nasl |
2011-01-24 | Name : Fedora Update for php-eaccelerator FEDORA-2011-0329 File : nvt/gb_fedora_2011_0329_php-eaccelerator_fc14.nasl |
2011-01-24 | Name : Fedora Update for php FEDORA-2011-0329 File : nvt/gb_fedora_2011_0329_php_fc14.nasl |
2011-01-24 | Name : Fedora Update for php FEDORA-2011-0321 File : nvt/gb_fedora_2011_0321_php_fc13.nasl |
2011-01-24 | Name : Fedora Update for php-eaccelerator FEDORA-2011-0321 File : nvt/gb_fedora_2011_0321_php-eaccelerator_fc13.nasl |
2011-01-24 | Name : Fedora Update for maniadrive FEDORA-2011-0321 File : nvt/gb_fedora_2011_0321_maniadrive_fc13.nasl |
2011-01-24 | Name : FreeBSD Ports: php5 File : nvt/freebsd_php58.nasl |
2011-01-24 | Name : Fedora Update for maniadrive-data FEDORA-2011-0329 File : nvt/gb_fedora_2011_0329_maniadrive-data_fc14.nasl |
2011-01-14 | Name : Ubuntu Update for php5 vulnerabilities USN-1042-1 File : nvt/gb_ubuntu_USN_1042_1.nasl |
2011-01-10 | Name : PHP 'zend_strtod()' Function Floating-Point Value Denial of Service Vulnerabi... File : nvt/gb_php_45668.nasl |
0000-00-00 | Name : Slackware Advisory SSA:2011-097-01 dhcp File : nvt/esoft_slk_ssa_2011_097_01.nasl |
0000-00-00 | Name : Slackware Advisory SSA:2011-010-01 php File : nvt/esoft_slk_ssa_2011_010_01.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
75230 | OpenSSL Ephemeral ECDH Ciphersuites Handshake Message Parsing Remote DoS |
75229 | OpenSSL Certificate Revocation Lists (CRL) nextUpdate Field Remote DoS |
74996 | rsync Incremental Recursion Remote Memory Corruption DoS |
73340 | vsftpd ls.c vsf_filename_passes_filter STAT Command glob Expression Remote DoS |
71493 | ISC DHCP dhclient Response Handling Metacharacter Shell Command Execution ISC DHCP contains a flaw related to the dhclient-script script failing to properly strip shell meta-characters when processing responses from DHCP servers. This may allow a remote attacker to use a crafted hostname response to execute arbitrary shell commands. |
70370 | PHP strtod.c zend_strtod Function x87 FPU Register DoS PHP contains a flaw in strtod.c, as used in the function 'zend_strtod' that may allow a context-dependent denial of service. This may allow an attacker to cause an infinite loop denial of service via a certain floating-point value in scientific notation, which x87 FPU registers fail to handle properly. |
Information Assurance Vulnerability Management (IAVM)
Date | Description |
---|---|
2011-08-04 | IAVM : 2011-A-0108 - Multiple Vulnerabilities in VMware ESX Service Console Severity : Category I - VMSKEY : V0029562 |
Snort® IPS/IDS
Date | Description |
---|---|
2019-12-03 | OpenSSL ECDH malformed Client Hello denial of service attempt RuleID : 52042 - Revision : 1 - Type : SERVER-OTHER |
2019-08-31 | ISC DHCP command injection attempt RuleID : 50831 - Revision : 1 - Type : SERVER-OTHER |
2019-08-31 | ISC DHCP command injection attempt RuleID : 50830 - Revision : 1 - Type : SERVER-OTHER |
2014-01-10 | STAT overflow attempt RuleID : 1379-community - Revision : 23 - Type : PROTOCOL-FTP |
2014-01-10 | STAT overflow attempt RuleID : 1379 - Revision : 23 - Type : PROTOCOL-FTP |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2016-06-22 | Name : The remote OracleVM host is missing a security update. File : oraclevm_OVMSA-2016-0058.nasl - Type : ACT_GATHER_INFO |
2016-03-04 | Name : The remote VMware ESX host is missing a security-related patch. File : vmware_VMSA-2011-0010_remote.nasl - Type : ACT_GATHER_INFO |
2014-12-15 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201412-09.nasl - Type : ACT_GATHER_INFO |
2014-10-12 | Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2011-4.nasl - Type : ACT_GATHER_INFO |
2014-10-10 | Name : The remote device is missing a vendor-supplied security patch. File : f5_bigip_SOL12650.nasl - Type : ACT_GATHER_INFO |
2014-10-10 | Name : The remote device is missing a vendor-supplied security patch. File : f5_bigip_SOL13219.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_apache2-mod_php5-110309.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_dhcp-110406.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_dhcpcd-110411.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_libopenssl-devel-110920.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_rsync-110404.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_vsftpd-110308.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_4_dhcp-110406.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_4_libopenssl-devel-110920.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_4_rsync-110404.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_4_vsftpd-110308.nasl - Type : ACT_GATHER_INFO |
2013-09-04 | Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2011-04.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2011-0195.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2011-0196.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing a security update. File : oraclelinux_ELSA-2011-0337.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing a security update. File : oraclelinux_ELSA-2011-0390.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2011-0428.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2011-1409.nasl - Type : ACT_GATHER_INFO |
2013-06-05 | Name : The remote host is missing a Mac OS X update that fixes several security issues. File : macosx_10_8_4.nasl - Type : ACT_GATHER_INFO |
2013-06-05 | Name : The remote host is missing a Mac OS X update that fixes several security issues. File : macosx_SecUpd2013-002.nasl - Type : ACT_GATHER_INFO |
2013-01-09 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201301-06.nasl - Type : ACT_GATHER_INFO |
2012-11-26 | Name : The remote Fedora host is missing a security update. File : fedora_2012-18035.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20110203_php53_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20110203_php_on_SL6_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing a security update. File : sl_20110309_vsftpd_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing a security update. File : sl_20110329_rsync_on_SL6_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20110408_dhcp_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20111026_openssl_on_SL6_x.nasl - Type : ACT_GATHER_INFO |
2012-04-20 | Name : The remote web server is affected by multiple vulnerabilities. File : hpsmh_7_0_0_24.nasl - Type : ACT_GATHER_INFO |
2012-02-10 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1357-1.nasl - Type : ACT_GATHER_INFO |
2011-12-13 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_libopenssl-devel-110920.nasl - Type : ACT_GATHER_INFO |
2011-12-13 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_apache2-mod_php5-7393.nasl - Type : ACT_GATHER_INFO |
2011-12-13 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_dhcp-7430.nasl - Type : ACT_GATHER_INFO |
2011-12-13 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_dhcp-7451.nasl - Type : ACT_GATHER_INFO |
2011-12-13 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_dhcp6-7465.nasl - Type : ACT_GATHER_INFO |
2011-12-13 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_openssl-7760.nasl - Type : ACT_GATHER_INFO |
2011-12-13 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_vsftpd-7408.nasl - Type : ACT_GATHER_INFO |
2011-11-16 | Name : The remote network device is affected by an arbitrary code execution vulnerab... File : airport_firmware_7_6.nasl - Type : ACT_GATHER_INFO |
2011-10-27 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2011-1409.nasl - Type : ACT_GATHER_INFO |
2011-10-24 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_openssl-7766.nasl - Type : ACT_GATHER_INFO |
2011-10-13 | Name : The remote host is missing a Mac OS X update that fixes several security issues. File : macosx_SecUpd2011-006.nasl - Type : ACT_GATHER_INFO |
2011-10-12 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201110-06.nasl - Type : ACT_GATHER_INFO |
2011-10-12 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201110-07.nasl - Type : ACT_GATHER_INFO |
2011-10-10 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201110-01.nasl - Type : ACT_GATHER_INFO |
2011-09-29 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2011-137.nasl - Type : ACT_GATHER_INFO |
2011-09-20 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2305.nasl - Type : ACT_GATHER_INFO |
2011-09-12 | Name : The remote Fedora host is missing a security update. File : fedora_2011-12233.nasl - Type : ACT_GATHER_INFO |
2011-09-12 | Name : The remote Fedora host is missing a security update. File : fedora_2011-12281.nasl - Type : ACT_GATHER_INFO |
2011-09-12 | Name : The remote web server is affected by multiple SSL-related vulnerabilities. File : openssl_1_0_0e.nasl - Type : ACT_GATHER_INFO |
2011-09-08 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_2ecb7b20d97e11e0b2e200215c6a37bb.nasl - Type : ACT_GATHER_INFO |
2011-09-07 | Name : The remote Fedora host is missing a security update. File : fedora_2011-10705.nasl - Type : ACT_GATHER_INFO |
2011-08-01 | Name : The remote VMware ESX host is missing one or more security-related patches. File : vmware_VMSA-2011-0010.nasl - Type : ACT_GATHER_INFO |
2011-07-21 | Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_9a777c23b31011e0832d00215c6a37bb.nasl - Type : ACT_GATHER_INFO |
2011-06-13 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1108-2.nasl - Type : ACT_GATHER_INFO |
2011-06-13 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1124-1.nasl - Type : ACT_GATHER_INFO |
2011-05-28 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2011-097-01.nasl - Type : ACT_GATHER_INFO |
2011-05-06 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12690.nasl - Type : ACT_GATHER_INFO |
2011-05-06 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_rsync-110404.nasl - Type : ACT_GATHER_INFO |
2011-05-06 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_vsftpd-110308.nasl - Type : ACT_GATHER_INFO |
2011-05-06 | Name : The remote SuSE 11 host is missing a security update. File : suse_11_rsync-110404.nasl - Type : ACT_GATHER_INFO |
2011-05-06 | Name : The remote SuSE 11 host is missing a security update. File : suse_11_vsftpd-110308.nasl - Type : ACT_GATHER_INFO |
2011-05-06 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_vsftpd-7373.nasl - Type : ACT_GATHER_INFO |
2011-05-05 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_apache2-mod_php5-110309.nasl - Type : ACT_GATHER_INFO |
2011-05-05 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_dhcp-110406.nasl - Type : ACT_GATHER_INFO |
2011-05-04 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12697.nasl - Type : ACT_GATHER_INFO |
2011-04-20 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_dhcp6-7464.nasl - Type : ACT_GATHER_INFO |
2011-04-19 | Name : The remote Fedora host is missing a security update. File : fedora_2011-0848.nasl - Type : ACT_GATHER_INFO |
2011-04-18 | Name : The remote Fedora host is missing a security update. File : fedora_2011-4934.nasl - Type : ACT_GATHER_INFO |
2011-04-15 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2011-0196.nasl - Type : ACT_GATHER_INFO |
2011-04-13 | Name : The remote Fedora host is missing a security update. File : fedora_2011-4897.nasl - Type : ACT_GATHER_INFO |
2011-04-13 | Name : The remote SuSE 11 host is missing a security update. File : suse_11_dhcpv6-110401.nasl - Type : ACT_GATHER_INFO |
2011-04-13 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_dhcp-7456.nasl - Type : ACT_GATHER_INFO |
2011-04-12 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2011-073.nasl - Type : ACT_GATHER_INFO |
2011-04-12 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1108-1.nasl - Type : ACT_GATHER_INFO |
2011-04-11 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2011-0428.nasl - Type : ACT_GATHER_INFO |
2011-04-11 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2216.nasl - Type : ACT_GATHER_INFO |
2011-04-11 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2217.nasl - Type : ACT_GATHER_INFO |
2011-04-11 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_7e69f00d632a11e09f3a001d092480a4.nasl - Type : ACT_GATHER_INFO |
2011-04-11 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2011-0428.nasl - Type : ACT_GATHER_INFO |
2011-04-11 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12698.nasl - Type : ACT_GATHER_INFO |
2011-04-11 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12699.nasl - Type : ACT_GATHER_INFO |
2011-04-11 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_dhcp-110407.nasl - Type : ACT_GATHER_INFO |
2011-04-08 | Name : The remote Fedora host is missing a security update. File : fedora_2011-4413.nasl - Type : ACT_GATHER_INFO |
2011-04-08 | Name : The remote Fedora host is missing a security update. File : fedora_2011-4427.nasl - Type : ACT_GATHER_INFO |
2011-04-07 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12696.nasl - Type : ACT_GATHER_INFO |
2011-04-06 | Name : The remote Fedora host is missing a security update. File : fedora_2011-4389.nasl - Type : ACT_GATHER_INFO |
2011-04-06 | Name : The remote Mandriva Linux host is missing a security update. File : mandriva_MDVSA-2011-066.nasl - Type : ACT_GATHER_INFO |
2011-04-04 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_apache2-mod_php5-110310.nasl - Type : ACT_GATHER_INFO |
2011-03-30 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1098-1.nasl - Type : ACT_GATHER_INFO |
2011-03-29 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2011-0390.nasl - Type : ACT_GATHER_INFO |
2011-03-22 | Name : The remote Mandriva Linux host is missing a security update. File : mandriva_MDVSA-2011-049.nasl - Type : ACT_GATHER_INFO |
2011-03-17 | Name : The remote FTP server is prone to a denial of service attack. File : vsftpd_2_3_3.nasl - Type : ACT_GATHER_INFO |
2011-03-16 | Name : The remote Fedora host is missing a security update. File : fedora_2011-2567.nasl - Type : ACT_GATHER_INFO |
2011-03-15 | Name : The remote Fedora host is missing a security update. File : fedora_2011-2590.nasl - Type : ACT_GATHER_INFO |
2011-03-15 | Name : The remote Fedora host is missing a security update. File : fedora_2011-2615.nasl - Type : ACT_GATHER_INFO |
2011-03-11 | Name : The remote CentOS host is missing a security update. File : centos_RHSA-2011-0337.nasl - Type : ACT_GATHER_INFO |
2011-03-10 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2011-0337.nasl - Type : ACT_GATHER_INFO |
2011-02-04 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2011-0195.nasl - Type : ACT_GATHER_INFO |
2011-02-04 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2011-0196.nasl - Type : ACT_GATHER_INFO |
2011-01-24 | Name : The remote Fedora host is missing one or more security updates. File : fedora_2011-0321.nasl - Type : ACT_GATHER_INFO |
2011-01-24 | Name : The remote Fedora host is missing one or more security updates. File : fedora_2011-0329.nasl - Type : ACT_GATHER_INFO |
2011-01-12 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1042-1.nasl - Type : ACT_GATHER_INFO |
2011-01-11 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2011-010-01.nasl - Type : ACT_GATHER_INFO |
2011-01-10 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_2b6ed5c71a7f11e0b61d000c29d1636d.nasl - Type : ACT_GATHER_INFO |
2011-01-07 | Name : The remote web server uses a version of PHP that is affected by a denial of s... File : php_5_3_5.nasl - Type : ACT_GATHER_INFO |