Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Summary
Title Updates to VMware Workstation, VMware Player, VMware ACE, VMware Fusion, VMware Server, VMware VIX API, VMware ESX, VMware ESXi resolve critical security issues
Informations
Name VMSA-2008-0009 First vendor Publication 2008-06-04
Vendor VMware Last vendor Modification 2008-06-04
Severity (Vendor) N/A Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C)
Cvss Base Score 9.3 Attack Range Network
Cvss Impact Score 10 Attack Complexity Medium
Cvss Expoit Score 8.6 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

a. VMware Tools Local Privilege Escalation on Windows-based guest OS

The VMware Tools Package provides support required for shared folders (HGFS) and other features.

An input validation error is present in the Windows-based VMware HGFS.sys driver. Exploitation of this flaw might result in arbitrary code execution on the guest system by an unprivileged guest user. It doesn't matter on what host the Windows guest OS is running, as this is a guest driver vulnerability and not a vulnerability on the host.

The HGFS.sys driver is present in the guest operating system if the VMware Tools package is loaded. Even if the host has HGFS disabled and has no shared folders, Windows-based guests may be affected. This is regardless if a host supports HGFS.

This issue could be mitigated by removing the VMware Tools package from Windows based guests. However this is not recommended as it would impact usability of the product.

NOTE: Installing the new hosted release or ESX patches will not remediate the issue. The VMware Tools packages will need to be updated on each Windows-based guest followed by a reboot of the guest system.

VMware would like to thank iDefense and Stephen Fewer of Harmony Security for reporting this issue to us.

The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2007-5671 to this issue.

b. Privilege escalation on ESX or Linux based hosted operating systems

This update fixes a security issue related to local exploitation of an untrusted library path vulnerability in vmware-authd. In order to exploit this vulnerability, an attacker must have local access and the ability to execute the set-uid vmware-authd binary on an affected system. Exploitation of this flaw might result in arbitrary code execution on the Linux host system by an unprivileged user.

VMware would like to thank iDefense for reporting this issue to us.

The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2008-0967 to this issue.

c. Openwsman Invalid Content-Length Vulnerability

Openwsman is a system management platform that implements the Web Services Management protocol (WS-Management). It is installed and running by default. It is used in the VMware Management Service Console and in ESXi.

The openwsman management service on ESX 3.5 and ESXi 3.5 is vulnerable to a privilege escalation vulnerability, which may allow users with non-privileged ESX or Virtual Center accounts to gain root privileges.

To exploit this vulnerability, an attacker would need a local ESX account or a VirtualCenter account with the Host.Cim.CimInteraction permission.

Systems with no local ESX accounts and no VirtualCenter accounts with the Host.Cim.CimInteraction permission are not vulnerable.

This vulnerability cannot be exploited by users without valid login credentials.

Discovery: Alexander Sotirov, VMware Security Research

The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2008-2097 to this issue.

d. VMware VIX Application Programming Interface (API) Memory Overflow Vulnerabilities

The VIX API (also known as "Vix") is an API that lets users write scripts and programs to manipulate virtual machines.

Multiple buffer overflow vulnerabilities are present in the VIX API. Exploitation of these vulnerabilities might result in code execution on the host system or on the service console in ESX Server from the guest operating system.

The VIX API can be enabled and disabled using the "vix.inGuest.enable" setting in the VMware configuration file. This default value for this setting is "disabled". This configuration setting is present in the following products: VMware Workstation 6.0.2 and higher VMware ACE 6.0.2 and higher VMware Server 1.06 and higher VMware Fusion 1.1.2 and higher ESX Server 3.0 and higher ESX Server 3.5 and higher In previous versions of VMware products where the VIX API was introduced, the VIX API couldn't be disabled.

The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2008-2100 to this issue.

a. Security update for cyrus-sasl

Updated cyrus-sasl package for the ESX Service Console corrects a security issue found in the DIGEST-MD5 authentication mechanism of Cyrus' implementation of Simple Authentication and Security Layer (SASL). As a result of this issue in the authentication mechanism, a remote unauthenticated attacker might be able to cause a denial of service error on the service console.

The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2006-1721 to this issue.

RPMs Updated: cyrus-sasl-2.1.15-15.i386.rpm cyrus-sasl-md5-2.1.15-1.i386.rpm

b. Security update for tcltk

An input validation flaw was discovered in Tk's GIF image handling. A code-size value read from a GIF image was not properly validated before being used, leading to a buffer overflow. A specially crafted GIF file could use this to cause a crash or, potentially, execute code with the privileges of the application using the Tk graphical toolkit.

The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2008-0553 to this issue.

A buffer overflow flaw was discovered in Tk's animated GIF image handling. An animated GIF containing an initial image smaller than subsequent images could cause a crash or, potentially, execute code with the privileges of the application using the Tk library.

The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2007-5378 to this issue.

A flaw first discovered in the Tcl regular expression engine used in the PostgreSQL database server, resulted in an infinite loop when processing certain regular expressions.

The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2007-4772 to this issue.

RPM Updated: tcl-8.3.5-92.8.i386.rpm

c. Security update for unzip

This patch includes a moderate security update to the service console that fixes a flaw in unzip. An attacker could execute malicious code with a user's privileges if the user ran unzip on a file designed to leverage this flaw.

The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2008-0888 to this issue.

RPM Updated: Unzip-5.50-36.EL3.i386.rpm

d. Security update for krb5

KDC in MIT Kerberos 5 (krb5kdc) does not set a global variable for some krb4 message types, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted messages that trigger a NULL pointer dereference or double-free.

The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2008-0062 to this issue.

NOTE: ESX doesn't contain the krb5kdc binary and is not vulnerable to this issue.

The Kerberos 4 support in KDC in MIT Kerberos 5 (krb5kdc) does not properly clear the unused portion of a buffer when generating an error message, which might allow remote attackers to obtain sensitive information, aka "Uninitialized stack values."

The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2008-0063 to this issue.

NOTE: ESX doesn't contain the krb5kdc binary and is not vulnerable to this issue.

Buffer overflow in the RPC library (lib/rpc/rpc_dtablesize.c) used by libgssrpc and kadmind in MIT Kerberos 5 (krb5) 1.2.2, and probably other versions before 1.3, when running on systems whose unistd.h does not define the FD_SETSIZE macro, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by triggering a large number of open file descriptors.

The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2008-0948 to this issue.

RPM Updated: krb5-libs-1.2.7-68.i386.rpm

Original Source

Url : http://www.vmware.com/security/advisories/VMSA-2008-0009.html

CAPEC : Common Attack Pattern Enumeration & Classification

Id Name
CAPEC-26 Leveraging Race Conditions
CAPEC-29 Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions
CAPEC-172 Time and State Attacks

CWE : Common Weakness Enumeration

% Id Name
64 % CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
18 % CWE-20 Improper Input Validation
9 % CWE-399 Resource Management Errors
9 % CWE-189 Numeric Errors (CWE/SANS Top 25)

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:10098
 
Oval ID: oval:org.mitre.oval:def:10098
Title: Stack-based buffer overflow in the ReadImage function in tkImgGIF.c in Tk (Tcl/Tk) before 8.5.1 allows remote attackers to execute arbitrary code via a crafted GIF image, a similar issue to CVE-2006-4484.
Description: Stack-based buffer overflow in the ReadImage function in tkImgGIF.c in Tk (Tcl/Tk) before 8.5.1 allows remote attackers to execute arbitrary code via a crafted GIF image, a similar issue to CVE-2006-4484.
Family: unix Class: vulnerability
Reference(s): CVE-2008-0553
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:11569
 
Oval ID: oval:org.mitre.oval:def:11569
Title: The regular expression parser in TCL before 8.4.17, as used in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, and 7.4 before 7.4.19, allows context-dependent attackers to cause a denial of service (infinite loop) via a crafted regular expression.
Description: The regular expression parser in TCL before 8.4.17, as used in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, and 7.4 before 7.4.19, allows context-dependent attackers to cause a denial of service (infinite loop) via a crafted regular expression.
Family: unix Class: vulnerability
Reference(s): CVE-2007-4772
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13621
 
Oval ID: oval:org.mitre.oval:def:13621
Title: DSA-1743-1 libtk-img -- buffer overflows
Description: Two buffer overflows have been found in the GIF image parsing code of Tk, a cross-platform graphical toolkit, which could lead to the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2007-5137 It was discovered that libtk-img is prone to a buffer overflow via specially crafted multi-frame interlaced GIF files. CVE-2007-5378 It was discovered that libtk-img is prone to a buffer overflow via specially crafted GIF files with certain subimage sizes. For the stable distribution, these problems have been fixed in version 1:1.3-release-7+lenny1. For the oldstable distribution, these problems have been fixed in version 1:1.3-15etch3. For the testing distribution and the unstable distribution, these problems have been fixed in version 1.3-release-8. We recommend that you upgrade your libtk-img packages.
Family: unix Class: patch
Reference(s): DSA-1743-1
CVE-2007-5137
CVE-2007-5378
Version: 7
Platform(s): Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
Product(s): libtk-img
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:17105
 
Oval ID: oval:org.mitre.oval:def:17105
Title: USN-664-1 -- tk8.0, tk8.3, tk8.4 vulnerability
Description: It was discovered that Tk could be made to overrun a buffer when loading certain images.
Family: unix Class: patch
Reference(s): USN-664-1
CVE-2008-0553
Version: 7
Platform(s): Ubuntu 6.06
Ubuntu 7.10
Ubuntu 8.04
Product(s): tk8.0
tk8.3
tk8.4
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:17727
 
Oval ID: oval:org.mitre.oval:def:17727
Title: USN-529-1 -- tk8.3, tk8.4 vulnerability
Description: It was discovered that Tk could be made to overrun a buffer when loading certain images.
Family: unix Class: patch
Reference(s): USN-529-1
CVE-2007-5137
CVE-2007-5378
Version: 7
Platform(s): Ubuntu 6.06
Ubuntu 6.10
Ubuntu 7.04
Product(s): tk8.3
tk8.4
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:17758
 
Oval ID: oval:org.mitre.oval:def:17758
Title: USN-589-1 -- unzip vulnerability
Description: Tavis Ormandy discovered that unzip did not correctly clean up pointers.
Family: unix Class: patch
Reference(s): USN-589-1
CVE-2008-0888
Version: 7
Platform(s): Ubuntu 6.06
Ubuntu 6.10
Ubuntu 7.04
Ubuntu 7.10
Product(s): unzip
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:18578
 
Oval ID: oval:org.mitre.oval:def:18578
Title: DSA-1491-1 tk8.4 - arbitrary code execution
Description: It was discovered that a buffer overflow in the GIF image parsing code of Tk, a cross-platform graphical toolkit, could lead to a denial of service and potentially the execution of arbitrary code.
Family: unix Class: patch
Reference(s): DSA-1491-1
CVE-2008-0553
Version: 7
Platform(s): Debian GNU/Linux 4.0
Product(s): tk8.4
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:18666
 
Oval ID: oval:org.mitre.oval:def:18666
Title: DSA-1598-1 libtk-img - arbitrary code execution
Description: It was discovered that a buffer overflow in the GIF image parsing code of Tk, a cross-platform graphical toolkit, could lead to denial of service and potentially the execution of arbitrary code.
Family: unix Class: patch
Reference(s): DSA-1598-1
CVE-2008-0553
Version: 5
Platform(s): Debian GNU/Linux 4.0
Product(s): libtk-img
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:18685
 
Oval ID: oval:org.mitre.oval:def:18685
Title: DSA-1416-1 tk8.3 - buffer overflow
Description: It was discovered that Tk, a cross-platform graphical toolkit for Tcl, performs insufficient input validation in the code used to load GIF images, which may lead to the execution of arbitrary code.
Family: unix Class: patch
Reference(s): DSA-1416-1
CVE-2007-5378
Version: 7
Platform(s): Debian GNU/Linux 4.0
Product(s): tk8.3
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19954
 
Oval ID: oval:org.mitre.oval:def:19954
Title: DSA-1415-1 tk8.4 - buffer overflow
Description: It was discovered that Tk, a cross-platform graphical toolkit for Tcl, performs insufficient input validation in the code used to load GIF images, which may lead to the execution of arbitrary code.
Family: unix Class: patch
Reference(s): DSA-1415-1
CVE-2007-5378
Version: 5
Platform(s): Debian GNU/Linux 4.0
Product(s): tk8.4
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:20168
 
Oval ID: oval:org.mitre.oval:def:20168
Title: DSA-1490-1 tk8.3 - arbitrary code execution
Description: It was discovered that a buffer overflow in the GIF image parsing code of Tk, a cross-platform graphical toolkit, could lead to a denial of service and potentially the execution of arbitrary code.
Family: unix Class: patch
Reference(s): DSA-1490-1
CVE-2008-0553
Version: 5
Platform(s): Debian GNU/Linux 4.0
Product(s): tk8.3
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:20339
 
Oval ID: oval:org.mitre.oval:def:20339
Title: DSA-1522-1 unzip - potential code execution
Description: Tavis Ormandy discovered that unzip, when processing specially crafted ZIP archives, could pass invalid pointers to the C library's free routine, potentially leading to arbitrary code execution (<a href="http://security-tracker.debian.org/tracker/CVE-2008-0888">CVE-2008-0888</a>).
Family: unix Class: patch
Reference(s): DSA-1522-1
CVE-2008-0888
Version: 5
Platform(s): Debian GNU/Linux 4.0
Product(s): unzip
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:4768
 
Oval ID: oval:org.mitre.oval:def:4768
Title: VMware Unsafe Library Path in vmware-authd Lets Local Users Gain Elevated Privileges
Description: Untrusted search path vulnerability in vmware-authd in VMware Workstation 5.x before 5.5.7 build 91707 and 6.x before 6.0.4 build 93057, VMware Player 1.x before 1.0.7 build 91707 and 2.x before 2.0.4 build 93057, and VMware Server before 1.0.6 build 91891 on Linux, and VMware ESXi 3.5 and VMware ESX 2.5.4 through 3.5, allows local users to gain privileges via a library path option in a configuration file.
Family: unix Class: vulnerability
Reference(s): CVE-2008-0967
Version: 3
Platform(s): VMWare ESX Server 3
VMWare ESX Server 2
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:5081
 
Oval ID: oval:org.mitre.oval:def:5081
Title: VMware Buffer Overflows in VIX API Let Local Users Execute Arbitrary Code
Description: Multiple buffer overflows in VIX API 1.1.x before 1.1.4 build 93057 on VMware Workstation 5.x and 6.x, VMware Player 1.x and 2.x, VMware ACE 2.x, VMware Server 1.x, VMware Fusion 1.x, VMware ESXi 3.5, and VMware ESX 3.0.1 through 3.5 allow guest OS users to execute arbitrary code on the host OS via unspecified vectors.
Family: unix Class: vulnerability
Reference(s): CVE-2008-2100
Version: 3
Platform(s): VMWare ESX Server 3
VMWare ESX Server 2
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:5358
 
Oval ID: oval:org.mitre.oval:def:5358
Title: VMware Tools Input Validation Flaw in Windows Guest OS Lets Local Users Gain Elevated Privileges
Description: HGFS.sys in the VMware Tools package in VMware Workstation 5.x before 5.5.6 build 80404, VMware Player before 1.0.6 build 80404, VMware ACE before 1.0.5 build 79846, VMware Server before 1.0.5 build 80187, and VMware ESX 2.5.4 through 3.0.2 does not properly validate arguments in user-mode METHOD_NEITHER IOCTLs to the \\.\hgfs device, which allows guest OS users to modify arbitrary memory locations in guest kernel memory and gain privileges.
Family: unix Class: vulnerability
Reference(s): CVE-2007-5671
Version: 3
Platform(s): VMWare ESX Server 3
VMWare ESX Server 2
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:5583
 
Oval ID: oval:org.mitre.oval:def:5583
Title: VMware Unsafe Library Path in vmware-authd Lets Local Users Gain Elevated Privileges
Description: Untrusted search path vulnerability in vmware-authd in VMware Workstation 5.x before 5.5.7 build 91707 and 6.x before 6.0.4 build 93057, VMware Player 1.x before 1.0.7 build 91707 and 2.x before 2.0.4 build 93057, and VMware Server before 1.0.6 build 91891 on Linux, and VMware ESXi 3.5 and VMware ESX 2.5.4 through 3.5, allows local users to gain privileges via a library path option in a configuration file.
Family: unix Class: vulnerability
Reference(s): CVE-2008-0967
Version: 3
Platform(s): VMWare ESX Server 3
VMWare ESX Server 2
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:5640
 
Oval ID: oval:org.mitre.oval:def:5640
Title: VMware ESX Openwsman Lets Local Users Gain Root Privileges
Description: Buffer overflow in the openwsman management service in VMware ESXi 3.5 and ESX 3.5 allows remote authenticated users to gain privileges via an "invalid Content-Length."
Family: unix Class: vulnerability
Reference(s): CVE-2008-2097
Version: 3
Platform(s): VMWare ESX Server 3
VMWare ESX Server 2
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:5647
 
Oval ID: oval:org.mitre.oval:def:5647
Title: VMware Buffer Overflows in VIX API Let Local Users Execute Arbitrary Code
Description: Multiple buffer overflows in VIX API 1.1.x before 1.1.4 build 93057 on VMware Workstation 5.x and 6.x, VMware Player 1.x and 2.x, VMware ACE 2.x, VMware Server 1.x, VMware Fusion 1.x, VMware ESXi 3.5, and VMware ESX 3.0.1 through 3.5 allow guest OS users to execute arbitrary code on the host OS via unspecified vectors.
Family: unix Class: vulnerability
Reference(s): CVE-2008-2100
Version: 3
Platform(s): VMWare ESX Server 3
VMWare ESX Server 2
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:5688
 
Oval ID: oval:org.mitre.oval:def:5688
Title: VMware Tools Input Validation Flaw in Windows Guest OS Lets Local Users Gain Elevated Privileges
Description: HGFS.sys in the VMware Tools package in VMware Workstation 5.x before 5.5.6 build 80404, VMware Player before 1.0.6 build 80404, VMware ACE before 1.0.5 build 79846, VMware Server before 1.0.5 build 80187, and VMware ESX 2.5.4 through 3.0.2 does not properly validate arguments in user-mode METHOD_NEITHER IOCTLs to the \\.\hgfs device, which allows guest OS users to modify arbitrary memory locations in guest kernel memory and gain privileges.
Family: unix Class: vulnerability
Reference(s): CVE-2007-5671
Version: 3
Platform(s): VMWare ESX Server 3
VMWare ESX Server 2
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:5759
 
Oval ID: oval:org.mitre.oval:def:5759
Title: VMware ESX Openwsman Lets Local Users Gain Root Privileges
Description: Buffer overflow in the openwsman management service in VMware ESXi 3.5 and ESX 3.5 allows remote authenticated users to gain privileges via an "invalid Content-Length."
Family: unix Class: vulnerability
Reference(s): CVE-2008-2097
Version: 3
Platform(s): VMWare ESX Server 3
VMWare ESX Server 2
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:7228
 
Oval ID: oval:org.mitre.oval:def:7228
Title: DSA-1490 tk8.3 -- buffer overflow
Description: It was discovered that a buffer overflow in the GIF image parsing code of Tk, a cross-platform graphical toolkit, could lead to a denial of service and potentially the execution of arbitrary code.
Family: unix Class: patch
Reference(s): DSA-1490
CVE-2008-0553
Version: 3
Platform(s): Debian GNU/Linux 4.0
Debian GNU/Linux 3.1
Product(s): tk8.3
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:7812
 
Oval ID: oval:org.mitre.oval:def:7812
Title: DSA-1491 tk8.4 -- buffer overflow
Description: It was discovered that a buffer overflow in the GIF image parsing code of Tk, a cross-platform graphical toolkit, could lead to a denial of service and potentially the execution of arbitrary code.
Family: unix Class: patch
Reference(s): DSA-1491
CVE-2008-0553
Version: 3
Platform(s): Debian GNU/Linux 4.0
Debian GNU/Linux 3.1
Product(s): tk8.4
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:8229
 
Oval ID: oval:org.mitre.oval:def:8229
Title: DSA-1522 unzip -- programming error
Description: Tavis Ormandy discovered that unzip, when processing specially crafted ZIP archives, could pass invalid pointers to the C library's free routine, potentially leading to arbitrary code execution (CVE-2008-0888).
Family: unix Class: patch
Reference(s): DSA-1522
CVE-2008-0888
Version: 3
Platform(s): Debian GNU/Linux 4.0
Debian GNU/Linux 3.1
Product(s): unzip
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:8362
 
Oval ID: oval:org.mitre.oval:def:8362
Title: DSA-1743 libtk-img -- buffer overflows
Description: Two buffer overflows have been found in the GIF image parsing code of Tk, a cross-platform graphical toolkit, which could lead to the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems: It was discovered that libtk-img is prone to a buffer overflow via specially crafted multi-frame interlaced GIF files. It was discovered that libtk-img is prone to a buffer overflow via specially crafted GIF files with certain subimage sizes.
Family: unix Class: patch
Reference(s): DSA-1743
CVE-2007-5137
CVE-2007-5378
Version: 5
Platform(s): Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
Product(s): libtk-img
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:8363
 
Oval ID: oval:org.mitre.oval:def:8363
Title: DSA-1598 libtk-img -- buffer overflow
Description: It was discovered that a buffer overflow in the GIF image parsing code of Tk, a cross-platform graphical toolkit, could lead to denial of service and potentially the execution of arbitrary code.
Family: unix Class: patch
Reference(s): DSA-1598
CVE-2008-0553
Version: 5
Platform(s): Debian GNU/Linux 4.0
Product(s): libtk-img
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:8916
 
Oval ID: oval:org.mitre.oval:def:8916
Title: The Kerberos 4 support in KDC in MIT Kerberos 5 (krb5kdc) does not properly clear the unused portion of a buffer when generating an error message, which might allow remote attackers to obtain sensitive information, aka "Uninitialized stack values."
Description: The Kerberos 4 support in KDC in MIT Kerberos 5 (krb5kdc) does not properly clear the unused portion of a buffer when generating an error message, which might allow remote attackers to obtain sensitive information, aka "Uninitialized stack values."
Family: unix Class: vulnerability
Reference(s): CVE-2008-0063
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:9209
 
Oval ID: oval:org.mitre.oval:def:9209
Title: Buffer overflow in the RPC library (lib/rpc/rpc_dtablesize.c) used by libgssrpc and kadmind in MIT Kerberos 5 (krb5) 1.2.2, and probably other versions before 1.3, when running on systems whose unistd.h does not define the FD_SETSIZE macro, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by triggering a large number of open file descriptors.
Description: Buffer overflow in the RPC library (lib/rpc/rpc_dtablesize.c) used by libgssrpc and kadmind in MIT Kerberos 5 (krb5) 1.2.2, and probably other versions before 1.3, when running on systems whose unistd.h does not define the FD_SETSIZE macro, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by triggering a large number of open file descriptors.
Family: unix Class: vulnerability
Reference(s): CVE-2008-0948
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:9480
 
Oval ID: oval:org.mitre.oval:def:9480
Title: Buffer overflow in the FileReadGIF function in tkImgGIF.c for Tk Toolkit 8.4.12 and earlier, and 8.3.5 and earlier, allows user-assisted attackers to cause a denial of service (segmentation fault) via an animated GIF in which the first subimage is smaller than a subsequent subimage, which triggers the overflow in the ReadImage function, a different vulnerability than CVE-2007-5137.
Description: Buffer overflow in the FileReadGIF function in tkImgGIF.c for Tk Toolkit 8.4.12 and earlier, and 8.3.5 and earlier, allows user-assisted attackers to cause a denial of service (segmentation fault) via an animated GIF in which the first subimage is smaller than a subsequent subimage, which triggers the overflow in the ReadImage function, a different vulnerability than CVE-2007-5137.
Family: unix Class: vulnerability
Reference(s): CVE-2007-5378
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:9496
 
Oval ID: oval:org.mitre.oval:def:9496
Title: KDC in MIT Kerberos 5 (krb5kdc) does not set a global variable for some krb4 message types, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted messages that trigger a NULL pointer dereference or double-free.
Description: KDC in MIT Kerberos 5 (krb5kdc) does not set a global variable for some krb4 message types, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted messages that trigger a NULL pointer dereference or double-free.
Family: unix Class: vulnerability
Reference(s): CVE-2008-0062
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:9733
 
Oval ID: oval:org.mitre.oval:def:9733
Title: The NEEDBITS macro in the inflate_dynamic function in inflate.c for unzip can be invoked using invalid buffers, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors that trigger a free of uninitialized or previously-freed data.
Description: The NEEDBITS macro in the inflate_dynamic function in inflate.c for unzip can be invoked using invalid buffers, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors that trigger a free of uninitialized or previously-freed data.
Family: unix Class: vulnerability
Reference(s): CVE-2008-0888
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:9861
 
Oval ID: oval:org.mitre.oval:def:9861
Title: digestmd5.c in the CMU Cyrus Simple Authentication and Security Layer (SASL) library 2.1.18, and possibly other versions before 2.1.21, allows remote unauthenticated attackers to cause a denial of service (segmentation fault) via malformed inputs in DIGEST-MD5 negotiation.
Description: digestmd5.c in the CMU Cyrus Simple Authentication and Security Layer (SASL) library 2.1.18, and possibly other versions before 2.1.21, allows remote unauthenticated attackers to cause a denial of service (segmentation fault) via malformed inputs in DIGEST-MD5 negotiation.
Family: unix Class: vulnerability
Reference(s): CVE-2006-1721
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Product(s):
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 5
Application 1
Application 38
Application 158
Application 1
Application 68
Application 16
Application 1
Application 6
Application 1
Application 7
Application 14
Application 10
Application 5
Application 5
Application 7
Application 45
Os 4
Os 1
Os 6

OpenVAS Exploits

Date Description
2012-10-03 Name : Gentoo Security Advisory GLSA 201209-25 (vmware-server vmware-player vmware-w...
File : nvt/glsa_201209_25.nasl
2010-05-12 Name : Mac OS X 10.6.3 Update / Mac OS X Security Update 2010-002
File : nvt/macosx_upd_10_6_3_secupd_2010-002.nasl
2009-11-17 Name : Mac OS X Version
File : nvt/macosx_version.nasl
2009-10-13 Name : SLES10: Security update for Tk
File : nvt/sles10_tk.nasl
2009-10-13 Name : SLES10: Security update for PostgreSQL
File : nvt/sles10_postgresql1.nasl
2009-10-10 Name : SLES9: Security update for Tk
File : nvt/sles9p5023004.nasl
2009-10-10 Name : SLES9: Security update for postgresql
File : nvt/sles9p5021809.nasl
2009-06-03 Name : Solaris Update for tk 137911-02
File : nvt/gb_solaris_137911_02.nasl
2009-06-03 Name : Solaris Update for tk 137910-02
File : nvt/gb_solaris_137910_02.nasl
2009-06-03 Name : Solaris Update for tk 137872-02
File : nvt/gb_solaris_137872_02.nasl
2009-06-03 Name : Solaris Update for tk 137871-02
File : nvt/gb_solaris_137871_02.nasl
2009-04-09 Name : Mandriva Update for postgresql MDVSA-2008:004 (postgresql)
File : nvt/gb_mandriva_MDVSA_2008_004.nasl
2009-04-09 Name : Mandriva Update for tk MDVSA-2008:041 (tk)
File : nvt/gb_mandriva_MDVSA_2008_041.nasl
2009-04-09 Name : Mandriva Update for tcl MDVSA-2008:059 (tcl)
File : nvt/gb_mandriva_MDVSA_2008_059.nasl
2009-04-09 Name : Mandriva Update for unzip MDVSA-2008:068 (unzip)
File : nvt/gb_mandriva_MDVSA_2008_068.nasl
2009-04-09 Name : Mandriva Update for krb5 MDVSA-2008:069 (krb5)
File : nvt/gb_mandriva_MDVSA_2008_069.nasl
2009-04-09 Name : Mandriva Update for krb5 MDVSA-2008:070 (krb5)
File : nvt/gb_mandriva_MDVSA_2008_070.nasl
2009-04-09 Name : Mandriva Update for tk MDKSA-2007:200 (tk)
File : nvt/gb_mandriva_MDKSA_2007_200.nasl
2009-03-23 Name : Ubuntu Update for postgresql vulnerabilities USN-568-1
File : nvt/gb_ubuntu_USN_568_1.nasl
2009-03-23 Name : Ubuntu Update for krb5 vulnerabilities USN-587-1
File : nvt/gb_ubuntu_USN_587_1.nasl
2009-03-23 Name : Ubuntu Update for unzip vulnerability USN-589-1
File : nvt/gb_ubuntu_USN_589_1.nasl
2009-03-23 Name : Ubuntu Update for tk8.0, tk8.3, tk8.4 vulnerability USN-664-1
File : nvt/gb_ubuntu_USN_664_1.nasl
2009-03-20 Name : Ubuntu USN-736-1 (gst-plugins-good0.10)
File : nvt/ubuntu_736_1.nasl
2009-03-20 Name : Debian Security Advisory DSA 1743-1 (libtk-img)
File : nvt/deb_1743_1.nasl
2009-03-06 Name : RedHat Update for tk RHSA-2008:0136-01
File : nvt/gb_RHSA-2008_0136-01_tk.nasl
2009-03-06 Name : RedHat Update for unzip RHSA-2008:0196-01
File : nvt/gb_RHSA-2008_0196-01_unzip.nasl
2009-03-06 Name : RedHat Update for krb5 RHSA-2008:0181-01
File : nvt/gb_RHSA-2008_0181-01_krb5.nasl
2009-03-06 Name : RedHat Update for krb5 RHSA-2008:0180-01
File : nvt/gb_RHSA-2008_0180-01_krb5.nasl
2009-03-06 Name : RedHat Update for krb5 RHSA-2008:0164-01
File : nvt/gb_RHSA-2008_0164-01_krb5.nasl
2009-03-06 Name : RedHat Update for tk RHSA-2008:0135-02
File : nvt/gb_RHSA-2008_0135-02_tk.nasl
2009-03-06 Name : RedHat Update for tcltk RHSA-2008:0134-01
File : nvt/gb_RHSA-2008_0134-01_tcltk.nasl
2009-03-06 Name : RedHat Update for postgresql RHSA-2008:0038-01
File : nvt/gb_RHSA-2008_0038-01_postgresql.nasl
2009-02-27 Name : CentOS Update for krb5-devel CESA-2008:0181 centos3 i386
File : nvt/gb_CESA-2008_0181_krb5-devel_centos3_i386.nasl
2009-02-27 Name : CentOS Update for expect CESA-2008:0134 centos3 i386
File : nvt/gb_CESA-2008_0134_expect_centos3_i386.nasl
2009-02-27 Name : CentOS Update for tcltk CESA-2008:0134-01 centos2 i386
File : nvt/gb_CESA-2008_0134-01_tcltk_centos2_i386.nasl
2009-02-27 Name : CentOS Update for postgresql CESA-2008:0038 centos4 x86_64
File : nvt/gb_CESA-2008_0038_postgresql_centos4_x86_64.nasl
2009-02-27 Name : CentOS Update for postgresql CESA-2008:0038 centos4 i386
File : nvt/gb_CESA-2008_0038_postgresql_centos4_i386.nasl
2009-02-27 Name : CentOS Update for expect CESA-2008:0134 centos3 x86_64
File : nvt/gb_CESA-2008_0134_expect_centos3_x86_64.nasl
2009-02-27 Name : CentOS Update for tk CESA-2008:0135 centos4 i386
File : nvt/gb_CESA-2008_0135_tk_centos4_i386.nasl
2009-02-27 Name : CentOS Update for tk CESA-2008:0135 centos4 x86_64
File : nvt/gb_CESA-2008_0135_tk_centos4_x86_64.nasl
2009-02-27 Name : CentOS Update for tk CESA-2008:0136 centos5 i386
File : nvt/gb_CESA-2008_0136_tk_centos5_i386.nasl
2009-02-27 Name : CentOS Update for tk CESA-2008:0136 centos5 x86_64
File : nvt/gb_CESA-2008_0136_tk_centos5_x86_64.nasl
2009-02-27 Name : CentOS Update for krb5-devel CESA-2008:0180 centos4 i386
File : nvt/gb_CESA-2008_0180_krb5-devel_centos4_i386.nasl
2009-02-27 Name : CentOS Update for krb5-devel CESA-2008:0180 centos4 x86_64
File : nvt/gb_CESA-2008_0180_krb5-devel_centos4_x86_64.nasl
2009-02-27 Name : CentOS Update for unzip CESA-2008:0196 centos3 x86_64
File : nvt/gb_CESA-2008_0196_unzip_centos3_x86_64.nasl
2009-02-27 Name : CentOS Update for unzip CESA-2008:0196 centos3 i386
File : nvt/gb_CESA-2008_0196_unzip_centos3_i386.nasl
2009-02-27 Name : CentOS Update for unzip CESA-2008:0196-01 centos2 i386
File : nvt/gb_CESA-2008_0196-01_unzip_centos2_i386.nasl
2009-02-27 Name : CentOS Update for krb5-devel CESA-2008:0181 centos3 x86_64
File : nvt/gb_CESA-2008_0181_krb5-devel_centos3_x86_64.nasl
2009-02-27 Name : CentOS Update for krb5 CESA-2008:0181-01 centos2 i386
File : nvt/gb_CESA-2008_0181-01_krb5_centos2_i386.nasl
2009-02-17 Name : Fedora Update for tkimg FEDORA-2008-3545
File : nvt/gb_fedora_2008_3545_tkimg_fc7.nasl
2009-02-17 Name : Fedora Update for tkimg FEDORA-2008-3621
File : nvt/gb_fedora_2008_3621_tkimg_fc9.nasl
2009-02-17 Name : Fedora Update for postgresql FEDORA-2008-0552
File : nvt/gb_fedora_2008_0552_postgresql_fc7.nasl
2009-02-17 Name : Fedora Update for postgresql FEDORA-2008-0478
File : nvt/gb_fedora_2008_0478_postgresql_fc8.nasl
2009-02-16 Name : Fedora Update for perl-Tk FEDORA-2008-1384
File : nvt/gb_fedora_2008_1384_perl-Tk_fc7.nasl
2009-02-16 Name : Fedora Update for krb5 FEDORA-2008-2637
File : nvt/gb_fedora_2008_2637_krb5_fc7.nasl
2009-02-16 Name : Fedora Update for krb5 FEDORA-2008-2647
File : nvt/gb_fedora_2008_2647_krb5_fc8.nasl
2009-02-16 Name : Fedora Update for perl-Tk FEDORA-2008-1323
File : nvt/gb_fedora_2008_1323_perl-Tk_fc8.nasl
2009-02-13 Name : Fedora Update for tk FEDORA-2008-1131
File : nvt/gb_fedora_2008_1131_tk_fc7.nasl
2009-02-13 Name : Fedora Update for tk FEDORA-2008-1122
File : nvt/gb_fedora_2008_1122_tk_fc8.nasl
2009-01-23 Name : SuSE Update for krb5 SUSE-SA:2008:016
File : nvt/gb_suse_2008_016.nasl
2009-01-23 Name : SuSE Update for postgresql SUSE-SA:2008:005
File : nvt/gb_suse_2008_005.nasl
2008-09-29 Name : VMware VIX API Multiple Buffer Overflow Vulnerabilities (Win)
File : nvt/gb_vmware_prdts_vix_api_mult_vuln.nasl
2008-09-26 Name : VMware Product(s) Local Privilege Escalation Vulnerability
File : nvt/gb_vmware_prdts_prv_esc_vuln.nasl
2008-09-26 Name : VMware Tools Local Privilege Escalation Vulnerability (Linux)
File : nvt/gb_vmware_tools_local_prv_esc_vuln_lin.nasl
2008-09-26 Name : VMware Tools Local Privilege Escalation Vulnerability (Win)
File : nvt/gb_vmware_tools_local_prv_esc_vuln_win.nasl
2008-09-24 Name : Gentoo Security Advisory GLSA 200801-15 (postgresql)
File : nvt/glsa_200801_15.nasl
2008-09-24 Name : Gentoo Security Advisory GLSA 200804-06 (unzip)
File : nvt/glsa_200804_06.nasl
2008-09-24 Name : Gentoo Security Advisory GLSA 200803-31 (mit-krb5)
File : nvt/glsa_200803_31.nasl
2008-09-24 Name : Gentoo Security Advisory GLSA 200604-09 (cyrus-sasl)
File : nvt/glsa_200604_09.nasl
2008-09-04 Name : FreeBSD Ports: cyrus-sasl
File : nvt/freebsd_cyrus-sasl1.nasl
2008-09-04 Name : FreeBSD Ports: postgresql, postgresql-server
File : nvt/freebsd_postgresql4.nasl
2008-06-28 Name : Debian Security Advisory DSA 1598-1 (libtk-img)
File : nvt/deb_1598_1.nasl
2008-06-17 Name : Kerberos < 1.6.4 vulnerability
File : nvt/kerberos_CB-A08-0044.nasl
2008-03-19 Name : Debian Security Advisory DSA 1524-1 (krb5)
File : nvt/deb_1524_1.nasl
2008-03-19 Name : Debian Security Advisory DSA 1522-1 (unzip)
File : nvt/deb_1522_1.nasl
2008-02-15 Name : Debian Security Advisory DSA 1491-1 (tk8.4)
File : nvt/deb_1491_1.nasl
2008-02-15 Name : Debian Security Advisory DSA 1490-1 (tk8.3)
File : nvt/deb_1490_1.nasl
2008-01-31 Name : Debian Security Advisory DSA 1463-1 (postgresql-7.4)
File : nvt/deb_1463_1.nasl
2008-01-31 Name : Debian Security Advisory DSA 1460-1 (postgresql-8.1)
File : nvt/deb_1460_1.nasl
2008-01-17 Name : Debian Security Advisory DSA 1042-1 (cyrus-sasl2)
File : nvt/deb_1042_1.nasl
2008-01-17 Name : Debian Security Advisory DSA 1415-1 (tk8.4)
File : nvt/deb_1415_1.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
46205 VMware Multiple Products HGFS.sys user-mode METHOD_NEITHER IOCTLs Local Privi...

46204 VMware Multiple Products vmware-authd Search Path Subversion Local Privilege ...

46203 VMware Multiple Products VIX API Unspecified VM Host Arbitrary Code Execution

46089 VMware openwsman Management Service Content-Length Processing Remote Overflow

43344 MIT Kerberos 5 (krb5) libgssrpc / kadmind RPC library (lib/rpc/rpc_dtablesize...

43342 MIT Kerberos 5 KDC (krb5kdc) Error Response Information Disclosure

43341 MIT Kerberos 5 KDC (krb5kdc) Arbitrary Memory Disclosure

43332 UnZip inflate.c inflate_dynamic() Function NEEDBITS Macro Unspecified Code Ex...

41264 Tcl (Tcl/Tk) generic/tkImgGIF.c Multiple Function GIF Handling Overflow

40905 TCL in PostgreSQL Crafted Regexp Infinite Loop Remote DoS

24510 Cyrus SASL DIGEST-MD5 Pre-Authentication Unspecified DoS

Nessus® Vulnerability Scanner

Date Description
2016-03-08 Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2016-0677-1.nasl - Type : ACT_GATHER_INFO
2016-02-26 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2016-271.nasl - Type : ACT_GATHER_INFO
2016-02-25 Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2016-0555-1.nasl - Type : ACT_GATHER_INFO
2016-02-24 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2016-253.nasl - Type : ACT_GATHER_INFO
2016-02-23 Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2016-0539-1.nasl - Type : ACT_GATHER_INFO
2014-12-15 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201412-08.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2007-0795.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2007-0878.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2008-0038.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2008-0134.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2008-0135.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2008-0136.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2008-0164.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2008-0180.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2008-0181.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing a security update.
File : oraclelinux_ELSA-2008-0196.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2013-0122.nasl - Type : ACT_GATHER_INFO
2013-01-24 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2008-0182.nasl - Type : ACT_GATHER_INFO
2013-01-17 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2013-0122.nasl - Type : ACT_GATHER_INFO
2013-01-17 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20130108_tcl_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2013-01-08 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2013-0122.nasl - Type : ACT_GATHER_INFO
2012-10-01 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201209-25.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20070904_cyrus_sasl_on_SL4_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20080111_postgresql_on_SL3_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20080221_tcltk_on_SL3_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20080221_tk_on_SL4_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20080318_krb5_on_SL3_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing a security update.
File : sl_20080318_unzip_on_SL3_x.nasl - Type : ACT_GATHER_INFO
2010-03-29 Name : The remote host is missing a Mac OS X update that fixes various security issues.
File : macosx_SecUpd2010-002.nasl - Type : ACT_GATHER_INFO
2010-01-06 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2008-0164.nasl - Type : ACT_GATHER_INFO
2009-09-24 Name : The remote SuSE 9 host is missing a security-related patch.
File : suse9_12065.nasl - Type : ACT_GATHER_INFO
2009-09-24 Name : The remote SuSE 9 host is missing a security-related patch.
File : suse9_12071.nasl - Type : ACT_GATHER_INFO
2009-07-27 Name : The remote VMware ESXi / ESX host is missing one or more security-related pat...
File : vmware_VMSA-2008-0009.nasl - Type : ACT_GATHER_INFO
2009-04-23 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2008-004.nasl - Type : ACT_GATHER_INFO
2009-04-23 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2008-041.nasl - Type : ACT_GATHER_INFO
2009-04-23 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2008-059.nasl - Type : ACT_GATHER_INFO
2009-04-23 Name : The remote Mandriva Linux host is missing a security update.
File : mandriva_MDVSA-2008-068.nasl - Type : ACT_GATHER_INFO
2009-04-23 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2008-069.nasl - Type : ACT_GATHER_INFO
2009-04-23 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2008-070.nasl - Type : ACT_GATHER_INFO
2009-04-23 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-664-1.nasl - Type : ACT_GATHER_INFO
2009-03-17 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1743.nasl - Type : ACT_GATHER_INFO
2008-06-24 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1598.nasl - Type : ACT_GATHER_INFO
2008-06-09 Name : The remote openSUSE host is missing a security update.
File : suse_tkimg-5320.nasl - Type : ACT_GATHER_INFO
2008-06-09 Name : The remote openSUSE host is missing a security update.
File : suse_tkimg-5328.nasl - Type : ACT_GATHER_INFO
2008-06-09 Name : The remote Windows host has an application that is affected by multiple issues.
File : vmware_multiple_vmsa_2008_0009.nasl - Type : ACT_GATHER_INFO
2008-06-09 Name : The remote host contains an application that is affected by multiple buffer o...
File : vmware_vix_api_buffer_overflow.nasl - Type : ACT_GATHER_INFO
2008-06-04 Name : The remote openSUSE host is missing a security update.
File : suse_openwsman-5241.nasl - Type : ACT_GATHER_INFO
2008-05-16 Name : The remote Fedora host is missing a security update.
File : fedora_2008-3621.nasl - Type : ACT_GATHER_INFO
2008-05-11 Name : The remote Fedora host is missing a security update.
File : fedora_2008-3545.nasl - Type : ACT_GATHER_INFO
2008-04-28 Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_51436b4c125011ddbab70016179b2dd5.nasl - Type : ACT_GATHER_INFO
2008-04-11 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-200804-06.nasl - Type : ACT_GATHER_INFO
2008-04-11 Name : The remote openSUSE host is missing a security update.
File : suse_tk-4973.nasl - Type : ACT_GATHER_INFO
2008-04-11 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_tk-4974.nasl - Type : ACT_GATHER_INFO
2008-03-26 Name : The remote Fedora host is missing a security update.
File : fedora_2008-2637.nasl - Type : ACT_GATHER_INFO
2008-03-26 Name : The remote Fedora host is missing a security update.
File : fedora_2008-2647.nasl - Type : ACT_GATHER_INFO
2008-03-26 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-200803-31.nasl - Type : ACT_GATHER_INFO
2008-03-21 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2008-0180.nasl - Type : ACT_GATHER_INFO
2008-03-21 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1522.nasl - Type : ACT_GATHER_INFO
2008-03-21 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1524.nasl - Type : ACT_GATHER_INFO
2008-03-21 Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-589-1.nasl - Type : ACT_GATHER_INFO
2008-03-19 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2008-0181.nasl - Type : ACT_GATHER_INFO
2008-03-19 Name : The remote CentOS host is missing a security update.
File : centos_RHSA-2008-0196.nasl - Type : ACT_GATHER_INFO
2008-03-19 Name : The remote host is missing a Mac OS X update that fixes various security issues.
File : macosx_SecUpd2008-002.nasl - Type : ACT_GATHER_INFO
2008-03-19 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2008-0164.nasl - Type : ACT_GATHER_INFO
2008-03-19 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2008-0180.nasl - Type : ACT_GATHER_INFO
2008-03-19 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2008-0181.nasl - Type : ACT_GATHER_INFO
2008-03-19 Name : The remote Red Hat host is missing a security update.
File : redhat-RHSA-2008-0196.nasl - Type : ACT_GATHER_INFO
2008-03-19 Name : The remote openSUSE host is missing a security update.
File : suse_krb5-5081.nasl - Type : ACT_GATHER_INFO
2008-03-19 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_krb5-5082.nasl - Type : ACT_GATHER_INFO
2008-03-19 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-587-1.nasl - Type : ACT_GATHER_INFO
2008-02-25 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2008-0134.nasl - Type : ACT_GATHER_INFO
2008-02-25 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2008-0135.nasl - Type : ACT_GATHER_INFO
2008-02-25 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2008-0136.nasl - Type : ACT_GATHER_INFO
2008-02-25 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2008-0134.nasl - Type : ACT_GATHER_INFO
2008-02-25 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2008-0135.nasl - Type : ACT_GATHER_INFO
2008-02-25 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2008-0136.nasl - Type : ACT_GATHER_INFO
2008-02-11 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1490.nasl - Type : ACT_GATHER_INFO
2008-02-11 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1491.nasl - Type : ACT_GATHER_INFO
2008-02-11 Name : The remote Fedora host is missing a security update.
File : fedora_2008-1122.nasl - Type : ACT_GATHER_INFO
2008-02-11 Name : The remote Fedora host is missing a security update.
File : fedora_2008-1131.nasl - Type : ACT_GATHER_INFO
2008-02-11 Name : The remote Fedora host is missing a security update.
File : fedora_2008-1323.nasl - Type : ACT_GATHER_INFO
2008-02-11 Name : The remote Fedora host is missing a security update.
File : fedora_2008-1384.nasl - Type : ACT_GATHER_INFO
2008-02-11 Name : The remote openSUSE host is missing a security update.
File : suse_postgresql-4955.nasl - Type : ACT_GATHER_INFO
2008-02-06 Name : The remote openSUSE host is missing a security update.
File : suse_postgresql-4958.nasl - Type : ACT_GATHER_INFO
2008-02-06 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_postgresql-4962.nasl - Type : ACT_GATHER_INFO
2008-01-29 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-200801-15.nasl - Type : ACT_GATHER_INFO
2008-01-15 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1463.nasl - Type : ACT_GATHER_INFO
2008-01-15 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-568-1.nasl - Type : ACT_GATHER_INFO
2008-01-14 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2008-0038.nasl - Type : ACT_GATHER_INFO
2008-01-14 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1460.nasl - Type : ACT_GATHER_INFO
2008-01-14 Name : The remote Fedora host is missing a security update.
File : fedora_2008-0478.nasl - Type : ACT_GATHER_INFO
2008-01-14 Name : The remote Fedora host is missing a security update.
File : fedora_2008-0552.nasl - Type : ACT_GATHER_INFO
2008-01-14 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2008-0038.nasl - Type : ACT_GATHER_INFO
2007-11-29 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1415.nasl - Type : ACT_GATHER_INFO
2007-11-29 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1416.nasl - Type : ACT_GATHER_INFO
2007-11-10 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-529-1.nasl - Type : ACT_GATHER_INFO
2007-10-19 Name : The remote Mandrake Linux host is missing one or more security updates.
File : mandrake_MDKSA-2007-200.nasl - Type : ACT_GATHER_INFO
2007-09-07 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2007-0795.nasl - Type : ACT_GATHER_INFO
2007-09-05 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2007-0878.nasl - Type : ACT_GATHER_INFO
2007-09-05 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2007-0795.nasl - Type : ACT_GATHER_INFO
2007-09-05 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2007-0878.nasl - Type : ACT_GATHER_INFO
2006-10-14 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1042.nasl - Type : ACT_GATHER_INFO
2006-09-29 Name : The remote host is missing a Mac OS X update which fixes a security issue.
File : macosx_10_4_8.nasl - Type : ACT_GATHER_INFO
2006-09-29 Name : The remote host is missing a Mac OS X update which fixes a security issue.
File : macosx_SecUpd2006-006.nasl - Type : ACT_GATHER_INFO
2006-05-13 Name : The remote FreeBSD host is missing a security-related update.
File : freebsd_pkg_408f6ebfd15211da962f000b972eb521.nasl - Type : ACT_GATHER_INFO
2006-05-13 Name : The remote host is missing a vendor-supplied security patch
File : suse_SA_2006_025.nasl - Type : ACT_GATHER_INFO
2006-04-26 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-272-1.nasl - Type : ACT_GATHER_INFO
2006-04-21 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-200604-09.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
1
Date Informations
2014-02-17 12:07:08
  • Multiple Updates
2013-12-14 21:19:30
  • Multiple Updates