Vulnerabilities > CVE-2004-0230

TCP, when using a large Window Size, makes it easier for remote attackers to guess sequence numbers and cause a denial of service (connection loss) to persistent TCP connections by repeatedly injecting a TCP RST packet, especially in protocols that use long-lived connections, such as BGP.

Vulnerable Configurations

Part	Description	Count
OS	Oracle Oracle Solaris 11 Oracle Solaris 10	2
OS	Netbsd Netbsd Netbsd 1.5.3 Netbsd Netbsd 1.6 Netbsd Netbsd 1.5 Netbsd Netbsd 1.6.1 Netbsd Netbsd 1.6.2 Netbsd Netbsd 1.5.1 Netbsd Netbsd 1.5.2 Netbsd Netbsd 2.0	8
OS	Xinuos Xinuos Openserver 5.0.7 Xinuos Openserver 5.0.6 Xinuos Unixware 7.1.3 Xinuos Unixware 7.1.1	4
OS	Juniper Juniper Junos *	1
Application	Openpgp Openpgp Openpgp 2.6.2	1
Application	Mcafee Mcafee Network Data Loss Prevention 9.2.0 Mcafee Network Data Loss Prevention * Mcafee Network Data Loss Prevention 9.2.1 Mcafee Network Data Loss Prevention 9.2.2	4

Exploit-Db

description	Multiple Vendor TCP Sequence Number Approximation Vulnerability (1). CVE-2004-0230. Remote exploits for multiple platform
id	EDB-ID:24030
last seen	2016-02-02
modified	2004-03-05
published	2004-03-05
reporter	Matt Edman
source	https://www.exploit-db.com/download/24030/
title	Multiple Vendor TCP Sequence Number Approximation Vulnerability 1

description	Multiple Vendor TCP Sequence Number Approximation Vulnerability (4). CVE-2004-0230. Remote exploits for multiple platform
id	EDB-ID:24033
last seen	2016-02-02
modified	2004-04-23
published	2004-04-23
reporter	K-sPecial
source	https://www.exploit-db.com/download/24033/
title	Multiple Vendor TCP Sequence Number Approximation Vulnerability 4

description	MS Windows Malformed IP Options DoS Exploit (MS05-019). CVE-2004-0230,CVE-2004-0790,CVE-2004-1060,CVE-2005-0048,CVE-2005-0688. Dos exploit for windows platform
id	EDB-ID:942
last seen	2016-01-31
modified	2005-04-17
published	2005-04-17
reporter	Yuri Gushin
source	https://www.exploit-db.com/download/942/
title	Microsoft Windows - Malformed IP Options DoS Exploit MS05-019

description	Multiple Vendor TCP Sequence Number Approximation Vulnerability (3). CVE-2004-0230. Remote exploits for multiple platform
id	EDB-ID:24032
last seen	2016-02-02
modified	2004-04-20
published	2004-04-20
reporter	Paul Watson
source	https://www.exploit-db.com/download/24032/
title	Multiple Vendor TCP Sequence Number Approximation Vulnerability 3

description	Multiple Vendor TCP Sequence Number Approximation Vulnerability (2). CVE-2004-0230. Remote exploits for multiple platform
id	EDB-ID:24031
last seen	2016-02-02
modified	2004-04-20
published	2004-04-20
reporter	Paul A. Watson
source	https://www.exploit-db.com/download/24031/
title	Multiple Vendor TCP Sequence Number Approximation Vulnerability 2

description	TCP Connection Reset Remote Exploit. CVE-2004-0230. Remote exploit for linux platform
id	EDB-ID:291
last seen	2016-01-31
modified	2004-04-23
published	2004-04-23
reporter	Paul A. Watson
source	https://www.exploit-db.com/download/291/
title	TCP Connection Reset Remote Exploit

description	MS Windows 2K/XP TCP Connection Reset Remote Attack Tool. CVE-2004-0230. Dos exploit for windows platform
id	EDB-ID:276
last seen	2016-01-31
modified	2004-04-22
published	2004-04-22
reporter	Aphex
source	https://www.exploit-db.com/download/276/
title	Microsoft Windows 2000/XP - TCP Connection Reset Remote Attack Tool

Nessus

NASL family	CISCO
NASL id	CISCO-SA-20040420-TCP-IOS.NASL
description	The remote device is running a version of IOS that contains flaws in the TCP implementation that can allow a remote attacker to reset any established TCP connection.
last seen	2020-06-01
modified	2020-06-02
plugin id	17781
published	2012-01-10
reporter	This script is Copyright (C) 2012-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/17781
title	TCP Vulnerabilities in Multiple IOS-Based Cisco Products
code	# # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(17781); script_version("1.10"); script_cvs_date("Date: 2018/11/15 20:50:20"); script_cve_id("CVE-2004-0230"); script_xref(name:"CISCO-BUG-ID", value:"CSCed27956"); script_xref(name:"CISCO-BUG-ID", value:"CSCed93836"); script_xref(name:"CISCO-SA", value:"cisco-sa-20040420-tcp-ios"); script_name(english:"TCP Vulnerabilities in Multiple IOS-Based Cisco Products"); script_summary(english:"Checks IOS version"); script_set_attribute( attribute:"synopsis", value:"The remote device is missing a vendor-supplied security patch." ); script_set_attribute( attribute:"description", value: "The remote device is running a version of IOS that contains flaws in the TCP implementation that can allow a remote attacker to reset any established TCP connection." ); script_set_attribute(attribute:"see_also",value:"http://www.nessus.org/u?03b0dd1e"); script_set_attribute( attribute:"solution", value: "Apply the relevant patch referenced in Cisco Security Advisory cisco-sa-20040420-tcp-ios." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L"); script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2004-0230"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"vuln_publication_date", value:"2004/04/20"); script_set_attribute(attribute:"patch_publication_date", value:"2004/04/20"); script_set_attribute(attribute:"plugin_publication_date", value:"2012/01/10"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:ios"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"CISCO"); script_copyright(english:"This script is Copyright (C) 2012-2018 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("cisco_ios_version.nasl"); script_require_keys("Host/Cisco/IOS/Version"); exit(0); } include("cisco_func.inc"); version = get_kb_item_or_exit('Host/Cisco/IOS/Version'); # Affected: 11.1 if (deprecated_version(version, "11.1")) { security_warning(port:0, extra:'\nMigrate to 11.2 latest version.\n'); exit(0); } # Affected: 11.1AA if (deprecated_version(version, "11.1AA")) { security_warning(port:0, extra:'\nMigrate to 11.2P latest version.\n'); exit(0); } # Affected: 11.1CC if (deprecated_version(version, "11.1CC")) { security_warning(port:0, extra:'\nMigrate to 12.0 latest version.\n'); exit(0); } # Affected: 11.2 if (check_release(version:version, patched:make_list("11.2(26f)"))) { security_warning(port:0, extra:'\nUpdate to ' + patch_update + ' or later.\n'); exit(0); } # Affected: 11.2P if (check_release(version:version, patched:make_list("11.2(26)P6"))) { security_warning(port:0, extra:'\nUpdate to ' + patch_update + ' or later.\n'); exit(0); } # Affected: 11.2SA if (check_release(version:version, patched:make_list("11.2(8.12)SA6"))) { security_warning(port:0, extra:'\nUpdate to ' + patch_update + ' or later.\n'); exit(0); } # Affected: 11.3 if (check_release(version:version, patched:make_list("11.3(11b)T4", "11.3(11e)"))) { security_warning(port:0, extra:'\nUpdate to ' + patch_update + ' or later.\n'); exit(0); } # Affected: 12.0 if (check_release(version:version, patched:make_list("12.0(28)"))) { security_warning(port:0, extra:'\nUpdate to ' + patch_update + ' or later.\n'); exit(0); } # Affected: 12.0DA if (deprecated_version(version, "12.0DA")) { security_warning(port:0, extra:'\nMigrate to 12.2DA latest version.\n'); exit(0); } # Affected: 12.0DB if (deprecated_version(version, "12.0DB")) { security_warning(port:0, extra:'\nMigrate to 12.1DB latest version.\n'); exit(0); } # Affected: 12.0DC if (deprecated_version(version, "12.0DC")) { security_warning(port:0, extra:'\nMigrate to 12.1DC latest version.\n'); exit(0); } # Affected: 12.0S if (check_release(version:version, patched:make_list("12.0(21)S8", "12.0(27)S", "12.0(26)S2", "12.0(16)S11", "12.0(24)S5", "12.0(25)S3", "12.0(23)S6"))) { security_warning(port:0, extra:'\nUpdate to ' + patch_update + ' or later.\n'); exit(0); } # Affected: 12.0SL if (deprecated_version(version, "12.0SL")) { security_warning(port:0, extra:'\nMigrate to 12.0(23)S6 or later.\n'); exit(0); } # Affected: 12.0ST if (deprecated_version(version, "12.0ST")) { security_warning(port:0, extra:'\nMigrate to 12.0(26)S2 or later.\n'); exit(0); } # Affected: 12.0SX if (deprecated_version(version, "12.0SX")) { security_warning(port:0, extra:'\nContact Cisco TAC for fix information.'); exit(0); } # Affected: 12.0SZ if (deprecated_version(version, "12.0SZ")) { security_warning(port:0, extra:'\nMigrate to 12.0(26)S2 or later.\n'); exit(0); } # Affected: 12.0T if (deprecated_version(version, "12.0T")) { security_warning(port:0, extra:'\nMigrate to 12.1 latest version.\n'); exit(0); } # Affected: 12.0W5 if (check_release(version:version, patched:make_list("12.0(25)W5(27b)", "12.0(28)W5(30)"))) { security_warning(port:0, extra:'\nUpdate to ' + patch_update + ' or later.\n'); exit(0); } # Affected: 12.0WC if (check_release(version:version, patched:make_list("12.0(5)WC9a"))) { security_warning(port:0, extra:'\nUpdate to ' + patch_update + ' or later.\n'); exit(0); } # Affected: 12.0WT if (deprecated_version(version, "12.0WT")) { security_warning(port:0, extra:'\nNo fix available - End of Engineering\n'); exit(0); } # Affected: 12.0WX if (deprecated_version(version, "12.0WX")) { security_warning(port:0, extra:'\nMigrate to 12.0W5 latest version.\n'); exit(0); } # Affected: 12.0XA if (deprecated_version(version, "12.0XA")) { security_warning(port:0, extra:'\nMigrate to 12.1 latest version.\n'); exit(0); } # Affected: 12.0XB if (deprecated_version(version, "12.0XB")) { security_warning(port:0, extra:'\nMigrate to 12.2(15)T12 or later.\n'); exit(0); } # Affected: 12.0XC if (deprecated_version(version, "12.0XC")) { security_warning(port:0, extra:'\nMigrate to 12.1 latest version.\n'); exit(0); } # Affected: 12.0XD if (deprecated_version(version, "12.0XD")) { security_warning(port:0, extra:'\nMigrate to 12.1 latest version.\n'); exit(0); } # Affected: 12.0XE if (deprecated_version(version, "12.0XE")) { security_warning(port:0, extra:'\nMigrate to 12.1E latest version.\n'); exit(0); } # Affected: 12.0XG if (deprecated_version(version, "12.0XG")) { security_warning(port:0, extra:'\nMigrate to 12.1 latest version.\n'); exit(0); } # Affected: 12.0XH if (deprecated_version(version, "12.0XH")) { security_warning(port:0, extra:'\nMigrate to 12.1 latest version.\n'); exit(0); } # Affected: 12.0XI if (deprecated_version(version, "12.0XI")) { security_warning(port:0, extra:'\nMigrate to 12.1 latest version.\n'); exit(0); } # Affected: 12.0XJ if (deprecated_version(version, "12.0XJ")) { security_warning(port:0, extra:'\nUpdate to 12.1 latest version.\n'); exit(0); } # Affected: 12.0XK if (deprecated_version(version, "12.0XK")) { security_warning(port:0, extra:'\nMigrate to 12.1T latest version.\n'); exit(0); } # Affected: 12.0XL if (deprecated_version(version, "12.0XL")) { security_warning(port:0, extra:'\nMigrate to 12.2 latest version.\n'); exit(0); } # Affected: 12.0XM if (deprecated_version(version, "12.0XM")) { security_warning(port:0, extra:'\nMigrate to 12.2(15)T12 or later.\n'); exit(0); } # Affected: 12.0XN if (deprecated_version(version, "12.0XN")) { security_warning(port:0, extra:'\nMigrate to 12.1 latest version.\n'); exit(0); } # Affected: 12.0XP if (deprecated_version(version, "12.0XP")) { security_warning(port:0, extra:'\nMigrate to 12.0(5)WC9a or later.\n'); exit(0); } # Affected: 12.0XQ if (deprecated_version(version, "12.0XQ")) { security_warning(port:0, extra:'\nMigrate to 12.1 latest version.\n'); exit(0); } # Affected: 12.0XR if (deprecated_version(version, "12.0XR")) { security_warning(port:0, extra:'\nMigrate to 12.2 latest version.\n'); exit(0); } # Affected: 12.0XS if (deprecated_version(version, "12.0XS")) { security_warning(port:0, extra:'\nMigrate to 12.1E latest version.\n'); exit(0); } # Affected: 12.0XU if (deprecated_version(version, "12.0XU")) { security_warning(port:0, extra:'\nMigrate to 12.0(5)WC or later.\n'); exit(0); } # Affected: 12.0XV if (deprecated_version(version, "12.0XV")) { security_warning(port:0, extra:'\nMigrate to 12.2(15)T12 or later.\n'); exit(0); } # Affected: 12.1 if (check_release(version:version, patched:make_list("12.1(20a)", "12.1(4c)", "12.1(22b)", "12.1(22c)"))) { security_warning(port:0, extra:'\nUpdate to ' + patch_update + ' or later.\n'); exit(0); } # Affected: 12.1AA if (deprecated_version(version, "12.1AA")) { security_warning(port:0, extra:'\nMigrate to 12.2 latest version.\n'); exit(0); } # Affected: 12.1AX if (check_release(version:version, patched:make_list("12.1(14)AX"))) { security_warning(port:0, extra:'\nUpdate to ' + patch_update + ' or later.\n'); exit(0); } # Affected: 12.1AY if (deprecated_version(version, "12.1AY")) { security_warning(port:0, extra:'\nMigrate to 12.1EA latest version.\n'); exit(0); } # Affected: 12.1DA if (deprecated_version(version, "12.1DA")) { security_warning(port:0, extra:'\nMigrate to 12.2DA latest version.\n'); exit(0); } # Affected: 12.1DB if (deprecated_version(version, "12.1DB")) { security_warning(port:0, extra:'\nMigrate to 12.2B latest version.\n'); exit(0); } # Affected 12.1E if (check_release(version:version, patched:make_list("12.1(19)E7", "12.1(22)E1", "12.1(11b)E14", "12.1(20)E2", "12.1(19)E6", "12.1(13)E13", "12.1(8b)E18", "12.1(14)E10", "12.1(13)E14"))) { security_warning(port:0, extra:'\nUpdate to ' + patch_update + ' or later.\n'); exit(0); } # Affected 12.1EA if (check_release(version:version, patched:make_list("12.1(19)EA1b", "12.1(19)EA1c"))) { security_warning(port:0, extra:'\nUpdate to ' + patch_update + ' or later.\n'); exit(0); } # Affected 12.1EB if (check_release(version:version, patched:make_list("12.1(20)EB"))) { security_warning(port:0, extra:'\nUpdate to ' + patch_update + ' or later.\n'); exit(0); } # Affected 12.1EC if (check_release(version:version, patched:make_list("12.1(20)EC"))) { security_warning(port:0, extra:'\nUpdate to ' + patch_update + ' or later.\n'); exit(0); } # Affected 12.1EO if (check_release(version:version, patched:make_list("12.1(20)EO", "12.1(19)EO2"))) { security_warning(port:0, extra:'\nUpdate to ' + patch_update + ' or later.\n'); exit(0); } # Affected 12.1EU if (check_release(version:version, patched:make_list("12.1(20)EU"))) { security_warning(port:0, extra:'\nUpdate to ' + patch_update + ' or later.\n'); exit(0); } # Affected 12.1EV if (deprecated_version(version, "12.1EV")) { security_warning(port:0, extra:'\nMigrate to 12.2(RLS4)S or later.\n'); exit(0); } # Affected 12.1EW if (check_release(version:version, patched:make_list("12.1(20)EW2"))) { security_warning(port:0, extra:'\nUpdate to ' + patch_update + ' or later.\n'); exit(0); } # Affected 12.1EX if (deprecated_version(version, "12.1EX")) { security_warning(port:0, extra:'\nMigrate to 12.1(14)E or later.\n'); exit(0); } # Affected 12.1EY if (deprecated_version(version, "12.1EY")) { security_warning(port:0, extra:'\nMigrate to 12.1(14)E or later.\n'); exit(0); } # Affected 12.1T if (check_release(version:version, patched:make_list("12.1(5)T17"))) { security_warning(port:0, extra:'\nUpdate to ' + patch_update + ' or later.\n'); exit(0); } # Affected 12.1XA if (deprecated_version(version, "12.1XA")) { security_warning(port:0, extra:'\nMigrate to 12.1(5)T18 or later.\n'); exit(0); } # Affected 12.1XB if (deprecated_version(version, "12.1XB")) { security_warning(port:0, extra:'\nMigrate to 12.2(15)T12 or later.\n'); exit(0); } # Affected 12.1XC if (deprecated_version(version, "12.1XC")) { security_warning(port:0, extra:'\nMigrate to 12.2 latest version.\n'); exit(0); } # Affected 12.1XD if (deprecated_version(version, "12.1XD")) { security_warning(port:0, extra:'\nMigrate to 12.2 latest version.\n'); exit(0); } # Affected 12.1XE if (deprecated_version(version, "12.1XE")) { security_warning(port:0, extra:'\nMigrate to 12.1E Lateest Version\n'); exit(0); } # Affected 12.1XF if (deprecated_version(version, "12.1XF")) { security_warning(port:0, extra:'\nMigrate to 12.2(15)T12 or later.\n'); exit(0); } # Affected 12.1XG if (deprecated_version(version, "12.1XG")) { security_warning(port:0, extra:'\nMigrate to 12.2(15)T12 or later.\n'); exit(0); } # Affected 12.1XH if (deprecated_version(version, "12.1XH")) { security_warning(port:0, extra:'\nMigrate to 12.2 latest version.\n'); exit(0); } # Affected 12.1XI if (deprecated_version(version, "12.1XI")) { security_warning(port:0, extra:'\nMigrate to 12.2 latest version.\n'); exit(0); } # Affected 12.1XJ if (deprecated_version(version, "12.1XJ")) { security_warning(port:0, extra:'\nMigrate to 12.2(15)T12 or later.\n'); exit(0); } # Affected 12.1XL if (deprecated_version(version, "12.1XL")) { security_warning(port:0, extra:'\nMigrate to 12.2T latest version.\n'); exit(0); } # Affected 12.1XM if (deprecated_version(version, "12.1XM")) { security_warning(port:0, extra:'\nMigrate to 12.2T latest version.\n'); exit(0); } # Affected 12.1XP if (deprecated_version(version, "12.1XP")) { security_warning(port:0, extra:'\nMigrate to 12.2(15)T12 or later.\n'); exit(0); } # Affected 12.1XQ if (deprecated_version(version, "12.1XQ")) { security_warning(port:0, extra:'\nMigrate to 12.2T latest version.\n'); exit(0); } # Affected 12.1XR if (deprecated_version(version, "12.1XR")) { security_warning(port:0, extra:'\nMigrate to 12.2T latest version.\n'); exit(0); } # Affected 12.1XT if (deprecated_version(version, "12.1XT")) { security_warning(port:0, extra:'\nMigrate to 12.2(15)T12 latest version.\n'); exit(0); } # Affected 12.1XU if (deprecated_version(version, "12.1XU")) { security_warning(port:0, extra:'\nMigrate to 12.2T latest version.\n'); exit(0); } # Affected 12.1XV if (deprecated_version(version, "12.1XV")) { security_warning(port:0, extra:'\nMigrate to 12.2XB latest version.\n'); exit(0); } # Affected 12.1YA if (deprecated_version(version, "12.1YA")) { security_warning(port:0, extra:'\nMigrate to 12.2(8)T or later.\n'); exit(0); } # Affected 12.1YB if (deprecated_version(version, "12.1YB")) { security_warning(port:0, extra:'\nMigrate to 12.2(15)T12 or later.\n'); exit(0); } # Affected 12.1YC if (deprecated_version(version, "12.1YC")) { security_warning(port:0, extra:'\nMigrate to 12.2(15)T12 or later.\n'); exit(0); } # Affected 12.1YD if (deprecated_version(version, "12.1YD")) { security_warning(port:0, extra:'\nMigrate to 12.2(8)T or later.\n'); exit(0); } # Affected 12.1YE if (deprecated_version(version, "12.1YE")) { security_warning(port:0, extra:'\nMigrate to 12.2(2)YC or later.\n'); exit(0); } # Affected 12.1YF if (deprecated_version(version, "12.1YF")) { security_warning(port:0, extra:'\nMigrate to 12.2(2)YC or later.\n'); exit(0); } # Affected 12.1YH if (deprecated_version(version, "12.1YH")) { security_warning(port:0, extra:'\nMigrate to 12.2(13)T or later.\n'); exit(0); } # Affected 12.1YI if (deprecated_version(version, "12.1YI")) { security_warning(port:0, extra:'\nMigrate to 12.2(2)YC or later.\n'); exit(0); } # Affected 12.1YJ if (deprecated_version(version, "12.1YJ")) { security_warning(port:0, extra:'\nMigrate to 12.1EA latest version.\n'); exit(0); } # Affected 12.2 if (check_release(version:version, patched:make_list("12.2(19b)", "12.2(16f)", "12.2(21a)", "12.2(23)", "12.2(12i)", "12.2(10g)", "12.2(13e)", "12.2(17d)", "12.2(21b)", "12.2(23a)"))) { security_warning(port:0, extra:'\nUpdate to ' + patch_update + ' or later.\n'); exit(0); } # Affected 12.2B if (deprecated_version(version, "12.2B")) { security_warning(port:0, extra:'\nMigrate to 12.2(13)T12 / 12.3(5a)B1 or later.\n'); exit(0); } # Affected 12.2BC if (check_release(version:version, patched:make_list("12.2(15)BC1C"))) { security_warning(port:0, extra:'\nUpdate to ' + patch_update + ' or later.\n'); exit(0); } # Affected 12.2BW if (deprecated_version(version, "12.2BW")) { security_warning(port:0, extra:'\nMigrate to 12.2(15)T12 or later.\n'); exit(0); } # Affected 12.2BX if (check_release(version:version, patched:make_list("12.2(16)BX3"))) { security_warning(port:0, extra:'\nUpdate to ' + patch_update + ' or later.\n'); exit(0); } # Affected 12.2BY if (deprecated_version(version, "12.2BY")) { security_warning(port:0, extra:'\nMigrate to 12.2(15)B / 12.2(8)ZB / 12.2(8)BZ or later.\n'); exit(0); } # Affected 12.2BZ if (deprecated_version(version, "12.2BZ")) { security_warning(port:0, extra:'\nMigrate to 12.2(16)BX or later.\n'); exit(0); } # Affected 12.2CX if (deprecated_version(version, "12.2CX")) { security_warning(port:0, extra:'\nMigrate to 12.2(15)BC or later.\n'); exit(0); } # Affected 12.2CY if (deprecated_version(version, "12.2CY")) { security_warning(port:0, extra:'\nMigrate to 12.2(13)BC1C or later.\n'); exit(0); } # Affected 12.2DA if (check_release(version:version, patched:make_list("12.2(12)DA6"))) { security_warning(port:0, extra:'\nUpdate to ' + patch_update + ' or later.\n'); exit(0); } # Affected 12.2DD if (deprecated_version(version, "12.2DD")) { security_warning(port:0, extra:'\nMigrate to 12.2(4)B1 or later.\n'); exit(0); } # Affected 12.2DX if (deprecated_version(version, "12.2DX")) { security_warning(port:0, extra:'\nMigrate to 12.2DD or 12.2B\n'); exit(0); } # Affected 12.2EW if (check_release(version:version, patched:make_list("12.2(18)EW"))) { security_warning(port:0, extra:'\nUpdate to ' + patch_update + ' or later.\n'); exit(0); } # Affected 12.2JA if (check_release(version:version, patched:make_list("12.2(11)JA3", "12.2(13)JA4", "12.2(15)JA"))) { security_warning(port:0, extra:'\nUpdate to ' + patch_update + ' or later.\n'); exit(0); } # Affected 12.2MC if (check_release(version:version, patched:make_list("12.2(15)MC1B"))) { security_warning(port:0, extra:'\nUpdate to ' + patch_update + ' or later.\n'); exit(0); } # Affected 12.2S if (check_release(version:version, patched:make_list("12.2(22)S", "12.2(14)S7", "12.2(20)S1", "12.2(20)S3", "12.2(18)S3"))) { security_warning(port:0, extra:'\nUpdate to ' + patch_update + ' or later.\n'); exit(0); } # Affected 12.2SE if (check_release(version:version, patched:make_list("12.2(18)SE"))) { security_warning(port:0, extra:'\nUpdate to ' + patch_update + ' or later.\n'); exit(0); } # Affected 12.2SW if (check_release(version:version, patched:make_list("12.2(21)SW"))) { security_warning(port:0, extra:'\nUpdate to ' + patch_update + ' or later.\n'); exit(0); } # Affected 12.2SX if (check_release(version:version, patched:make_list("12.2(17a)SX2", "12.2(17a)SX4"))) { security_warning(port:0, extra:'\nUpdate to ' + patch_update + ' or later.\n'); exit(0); } # Affected 12.2SXA if (check_release(version:version, patched:make_list("12.2(17b)SXA2"))) { security_warning(port:0, extra:'\nUpdate to ' + patch_update + ' or later.\n'); exit(0); } # Affected 12.2SXB if (check_release(version:version, patched:make_list("12.2(17d)SXB1", "12.2(17d)SXB"))) { security_warning(port:0, extra:'\nUpdate to ' + patch_update + ' or later.\n'); exit(0); } # Affected 12.2SY if (check_release(version:version, patched:make_list("12.2(14)SY3"))) { security_warning(port:0, extra:'\nUpdate to ' + patch_update + ' or later.\n'); exit(0); } # Affected 12.2SZ if (check_release(version:version, patched:make_list("12.2(14)SZ6"))) { security_warning(port:0, extra:'\nUpdate to ' + patch_update + ' or later.\n'); exit(0); } # Affected 12.2ST if (check_release(version:version, patched:make_list("12.2(15)T11", "12.2(13)T12", "12.2(11)T11", "12.2(13)T11"))) { security_warning(port:0, extra:'\nUpdate to ' + patch_update + ' or later.\n'); exit(0); } # Affected 12.2XA if (deprecated_version(version, "12.2XA")) { security_warning(port:0, extra:'\nMigrate to 12.2(11)T or later.\n'); exit(0); } # Affected 12.2XB if (deprecated_version(version, "12.2XB")) { security_warning(port:0, extra:'\nMigrate to 12.3 latest version.\n'); exit(0); } # Affected 12.2XC if (deprecated_version(version, "12.2XC")) { security_warning(port:0, extra:'\nMigrate to 12.2(8)ZB or later.\n'); exit(0); } # Affected 12.2XD if (deprecated_version(version, "12.2XD")) { security_warning(port:0, extra:'\nMigrate to 12.2(15)T12 or later.\n'); exit(0); } # Affected 12.2XE if (deprecated_version(version, "12.2XE")) { security_warning(port:0, extra:'\nMigrate to 12.2(15)T12 or later.\n'); exit(0); } # Affected 12.2XF if (deprecated_version(version, "12.2XF")) { security_warning(port:0, extra:'\nMigrate to 12.2(4)BC1C or later.\n'); exit(0); } # Affected 12.2XG if (deprecated_version(version, "12.2XG")) { security_warning(port:0, extra:'\nMigrate to 12.2(8)T or later.\n'); exit(0); } # Affected 12.2XH if (deprecated_version(version, "12.2XH")) { security_warning(port:0, extra:'\nMigrate to 12.2(15)T12 or later.\n'); exit(0); } # Affected 12.2XI if (deprecated_version(version, "12.2XI")) { security_warning(port:0, extra:'\nMigrate to 12.2(15)T12 or later.\n'); exit(0); } # Affected 12.2XJ if (deprecated_version(version, "12.2XJ")) { security_warning(port:0, extra:'\nMigrate to 12.2(13)T12 or later.\n'); exit(0); } # Affected 12.2XK if (deprecated_version(version, "12.2XK")) { security_warning(port:0, extra:'\nMigrate to 12.2(15)T12 or later.\n'); exit(0); } # Affected 12.2XL if (deprecated_version(version, "12.2XL")) { security_warning(port:0, extra:'\nMigrate to 12.2(15)T12 or later.\n'); exit(0); } # Affected 12.2XM if (deprecated_version(version, "12.2XM")) { security_warning(port:0, extra:'\nMigrate to 12.2(15)T12 or later.\n'); exit(0); } # Affected 12.2XN if (deprecated_version(version, "12.2XN")) { security_warning(port:0, extra:'\nMigrate to 12.2(11)T or later.\n'); exit(0); } # Affected 12.2XQ if (deprecated_version(version, "12.2XQ")) { security_warning(port:0, extra:'\nMigrate to 12.2(15)T12 or later.\n'); exit(0); } # Affected 12.2XS if (deprecated_version(version, "12.2XS")) { security_warning(port:0, extra:'\nMigrate to 12.2(11)T or later.\n'); exit(0); } # Affected 12.2XT if (deprecated_version(version, "12.2XT")) { security_warning(port:0, extra:'\nMigrate to 12.2(11)T or later.\n'); exit(0); } # Affected 12.2XU if (deprecated_version(version, "12.2XU")) { security_warning(port:0, extra:'\nMigrate to 12.2(15)T12 or later.\n'); exit(0); } # Affected 12.2XW if (deprecated_version(version, "12.2XW")) { security_warning(port:0, extra:'\nMigrate to 12.2(13)T12 or later.\n'); exit(0); } # Affected 12.2YA if (deprecated_version(version, "12.2YA")) { security_warning(port:0, extra:'\nMigrate to 12.2(15)T12 or later.\n'); exit(0); } # Affected 12.2YB if (deprecated_version(version, "12.2YB")) { security_warning(port:0, extra:'\nMigrate to 12.2(15)T12 or later.\n'); exit(0); } # Affected 12.2YC if (deprecated_version(version, "12.2YC")) { security_warning(port:0, extra:'\nMigrate to 12.2(11)T11 or later.\n'); exit(0); } # Affected 12.2YD if (deprecated_version(version, "12.2YD")) { security_warning(port:0, extra:'\nMigrate to 12.2(8)YY or later.\n'); exit(0); } # Affected 12.2YE if (deprecated_version(version, "12.2YE")) { security_warning(port:0, extra:'\nMigrate to 12.2S latest version.\n'); exit(0); } # Affected 12.2YF if (deprecated_version(version, "12.2YF")) { security_warning(port:0, extra:'\nMigrate to 12.2(15)T12 or later.\n'); exit(0); } # Affected 12.2YG if (deprecated_version(version, "12.2YG")) { security_warning(port:0, extra:'\nMigrate to 12.2(13)T12 or later.\n'); exit(0); } # Affected 12.2YH if (deprecated_version(version, "12.2YH")) { security_warning(port:0, extra:'\nMigrate to 12.2(15)T12 or later.\n'); exit(0); } # Affected 12.2YJ if (deprecated_version(version, "12.2YJ")) { security_warning(port:0, extra:'\nMigrate to 12.2(15)T12 or later.\n'); exit(0); } # Affected 12.2YK if (deprecated_version(version, "12.2YK")) { security_warning(port:0, extra:'\nMigrate to 12.2(13)ZC or later.\n'); exit(0); } # Affected 12.2YL if (deprecated_version(version, "12.2YL")) { security_warning(port:0, extra:'\nMigrate to 12.3(2)T or later.\n'); exit(0); } # Affected 12.2YM if (deprecated_version(version, "12.2YM")) { security_warning(port:0, extra:'\nMigrate to 12.3(2)T or later.\n'); exit(0); } # Affected 12.2YN if (deprecated_version(version, "12.2YN")) { security_warning(port:0, extra:'\nMigrate to 12.3(2)T or later.\n'); exit(0); } # Affected 12.2YO if (deprecated_version(version, "12.2YO")) { security_warning(port:0, extra:'\nMigrate to 12.2(14)SY or later.\n'); exit(0); } # Affected 12.2YP if (deprecated_version(version, "12.2YP")) { security_warning(port:0, extra:'\nMigrate to 12.2T latest version.\n'); exit(0); } # Affected 12.2YQ if (deprecated_version(version, "12.2YQ")) { security_warning(port:0, extra:'\nMigrate to 12.3(2)T or later.\n'); exit(0); } # Affected 12.2YR if (deprecated_version(version, "12.2YR")) { security_warning(port:0, extra:'\nMigrate to 12.3(2)T or later.\n'); exit(0); } # Affected 12.2YS if (deprecated_version(version, "12.2YS")) { security_warning(port:0, extra:'\nMigrate to 12.3T latest version.\n'); exit(0); } # Affected 12.2YT if (deprecated_version(version, "12.2YT")) { security_warning(port:0, extra:'\nMigrate to 12.2(15)T or later.\n'); exit(0); } # Affected 12.2YU if (deprecated_version(version, "12.2YU")) { security_warning(port:0, extra:'\nMigrate to 12.3(2)T or later.\n'); exit(0); } # Affected 12.2YV if (deprecated_version(version, "12.2YV")) { security_warning(port:0, extra:'\nMigrate to 12.3(4)T or later.\n'); exit(0); } # Affected 12.2YW if (deprecated_version(version, "12.2YW")) { security_warning(port:0, extra:'\nMigrate to 12.3(2)T or later.\n'); exit(0); } # Affected 12.2YX if (deprecated_version(version, "12.2YX")) { security_warning(port:0, extra:'\nMigrate to 12.2(RLS3)S or later.\n'); exit(0); } # Affected 12.2YY if (deprecated_version(version, "12.2YY")) { security_warning(port:0, extra:'\nMigrate to 12.3(1)T or later.\n'); exit(0); } # Affected 12.2YZ if (deprecated_version(version, "12.2YZ")) { security_warning(port:0, extra:'\nMigrate to 12.2(14)SZ or later.\n'); exit(0); } # Affected 12.2ZA if (check_release(version:version, patched:make_list("12.2(14)ZA6"))) { security_warning(port:0, extra:'\nUpdate to ' + patch_update + ' or later.\n'); exit(0); } # Affected 12.2ZB if (deprecated_version(version, "12.2ZB")) { security_warning(port:0, extra:'\nMigrate to 12.3T latest version.\n'); exit(0); } # Affected 12.2ZC if (deprecated_version(version, "12.2ZC")) { security_warning(port:0, extra:'\nMigrate to 12.3T latest version.\n'); exit(0); } # Affected 12.2ZD if (check_release(version:version, patched:make_list("12.2(13)ZD1"))) { security_warning(port:0, extra:'\nUpdate to ' + patch_update + ' or later.\n'); exit(0); } # Affected 12.2ZE if (deprecated_version(version, "12.2ZE")) { security_warning(port:0, extra:'\nMigrate to 12.3 latest version.\n'); exit(0); } # Affected 12.2ZF if (deprecated_version(version, "12.2ZF")) { security_warning(port:0, extra:'\nMigrate to 12.3(4)T or later.\n'); exit(0); } # Affected 12.2ZG if (deprecated_version(version, "12.2ZG")) { security_warning(port:0, extra:'\nMigrate to 12.3(4)T or later.\n'); exit(0); } # Affected 12.2ZH if (deprecated_version(version, "12.2ZH")) { security_warning(port:0, extra:'\nMigrate to 12.3(4)T or later.\n'); exit(0); } # Affected 12.2ZI if (deprecated_version(version, "12.2ZI")) { security_warning(port:0, extra:'\nMigrate to 12.2(18)S or later.\n'); exit(0); } #Affected 12.2ZJ if (check_release(version:version, patched:make_list("12.2(15)ZJ5", "12.2(15)ZJ4"))) { security_warning(port:0, extra:'\nUpdate to ' + patch_update + ' or later.\n'); exit(0); } # Affected 12.2ZK if (deprecated_version(version, "12.2ZK")) { security_warning(port:0, extra:'\nMigrate to 12.3T latest version.\n'); exit(0); } # Affected 12.2ZL if (deprecated_version(version, "12.2ZL")) { security_warning(port:0, extra:'\nMigrate to 12.3(7)T or later.\n'); exit(0); } # Affected 12.2ZN if (deprecated_version(version, "12.2ZN")) { security_warning(port:0, extra:'\nMigrate to 12.3(2)T or later.\n'); exit(0); } # Affected 12.2ZP if (check_release(version:version, patched:make_list("12.2(13)ZP3"))) { security_warning(port:0, extra:'\nUpdate to ' + patch_update + ' or later.\n'); exit(0); } # Affected 12.3 if (check_release(version:version, patched:make_list("12.3(3e)", "12.3(6)", "12.3(5b)"))) { security_warning(port:0, extra:'\nUpdate to ' + patch_update + ' or later.\n'); exit(0); } # Affected 12.3B if (check_release(version:version, patched:make_list("12.3(5a)B", "12.3(3)B1"))) { security_warning(port:0, extra:'\nUpdate to ' + patch_update + ' or later.\n'); exit(0); } # Affected 12.3BW if (deprecated_version(version, "12.3BW")) { security_warning(port:0, extra:'\nMigrate to 12.3B latest version.\n'); exit(0); } # Affected 12.3T if (check_release(version:version, patched:make_list("12.3(2)T4", "12.3(7)T1", "12.3(4)T3", "12.3(4)T6"))) { security_warning(port:0, extra:'\nUpdate to ' + patch_update + ' or later.\n'); exit(0); } # Affected 12.3XA if (deprecated_version(version, "12.3XA")) { security_warning(port:0, extra:'\nContact Cisco TAC for fix information.\n'); exit(0); } # Affected 12.3XB if (check_release(version:version, patched:make_list("12.3(2)XB2"))) { security_warning(port:0, extra:'\nUpdate to ' + patch_update + ' or later.\n'); exit(0); } # Affected 12.3XC if (check_release(version:version, patched:make_list("12.3(2)XC2"))) { security_warning(port:0, extra:'\nUpdate to ' + patch_update + ' or later.\n'); exit(0); } # Affected 12.3XD if (check_release(version:version, patched:make_list("12.3(4)XD1"))) { security_warning(port:0, extra:'\nUpdate to ' + patch_update + ' or later.\n'); exit(0); } # Affected 12.3XE if (deprecated_version(version, "12.3XE")) { security_warning(port:0, extra:'\nMigrate to 12.3T latest version.\n'); exit(0); } # Affected 12.3XF if (deprecated_version(version, "12.3XF")) { security_warning(port:0, extra:'\nContact Cisco TAC for fix information.\n'); exit(0); } # Affected 12.3XG if (check_release(version:version, patched:make_list("12.3(4)XG"))) { security_warning(port:0, extra:'\nUpdate to ' + patch_update + ' or later.\n'); exit(0); } # Affected 12.3XH if (check_release(version:version, patched:make_list("12.3(4)XH"))) { security_warning(port:0, extra:'\nUpdate to ' + patch_update + ' or later.\n'); exit(0); } # Affected 12.3XI if (deprecated_version(version, "12.3XI")) { security_warning(port:0, extra:'\nMigrate to 12.3T latest version.\n'); exit(0); } # Affected 12.3XJ if (deprecated_version(version, "12.3XJ")) { security_warning(port:0, extra:'\nContact Cisco TAC for fix information.\n'); exit(0); } # Affected 12.3XK if (check_release(version:version, patched:make_list("12.3(4)XK"))) { security_warning(port:0, extra:'\nUpdate to ' + patch_update + ' or later.\n'); exit(0); } # Affected 12.3XL if (deprecated_version(version, "12.3XL")) { security_warning(port:0, extra:'\nContact Cisco TAC for fix information.\n'); exit(0); } # Affected 12.3XM if (deprecated_version(version, "12.3XM")) { security_warning(port:0, extra:'\nContact Cisco TAC for fix information.\n'); exit(0); } # Affected 12.3XN if (deprecated_version(version, "12.3XN")) { security_warning(port:0, extra:'\nContact Cisco TAC for fix information.\n'); exit(0); } # Affected 12.3XQ if (deprecated_version(version, "12.3XQ")) { security_warning(port:0, extra:'\nContact Cisco TAC for fix information.\n'); exit(0); } exit(0, "The host is not affected.");

NASL family	Solaris Local Security Checks
NASL id	SOLARIS_JAN2015_SRU11_1_15_4_0.NASL
description	This Solaris system is missing necessary patches to address critical security updates : - Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Network). Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows successful unauthenticated network attacks via TCP/IP. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Solaris. (CVE-2004-0230) - Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Network). Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows successful unauthenticated network attacks via TCP/IP. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Solaris. (CVE-2014-6575)
last seen	2020-06-01
modified	2020-06-02
plugin id	80937
published	2015-01-23
reporter	This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/80937
title	Oracle Solaris Critical Patch Update : jan2015_SRU11_1_15_4_0
code	# # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from the Oracle CPU for jan2015. # include("compat.inc"); if (description) { script_id(80937); script_version("1.10"); script_cvs_date("Date: 2020/01/16"); script_cve_id("CVE-2004-0230", "CVE-2014-6575"); script_bugtraq_id(10183, 72156); script_name(english:"Oracle Solaris Critical Patch Update : jan2015_SRU11_1_15_4_0"); script_summary(english:"Check for the jan2015 CPU"); script_set_attribute( attribute:"synopsis", value: "The remote Solaris system is missing a security patch from CPU jan2015." ); script_set_attribute( attribute:"description", value: "This Solaris system is missing necessary patches to address critical security updates : - Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Network). Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows successful unauthenticated network attacks via TCP/IP. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Solaris. (CVE-2004-0230) - Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Network). Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows successful unauthenticated network attacks via TCP/IP. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Solaris. (CVE-2014-6575)" ); script_set_attribute( attribute:"see_also", value:"https://support.oracle.com/epmos/faces/DocumentDisplay?id=1956176.1" ); # https://www.oracle.com/ocom/groups/public/@otn/documents/webcontent/2367957.xml script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?8b92ae0e" ); script_set_attribute( attribute:"see_also", value:"https://www.oracle.com/security-alerts/cpujan2015.html" ); script_set_attribute( attribute:"solution", value:"Install the jan2015 CPU from the Oracle support website." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:solaris:11.1"); script_set_attribute(attribute:"vuln_publication_date", value:"2004/08/18"); script_set_attribute(attribute:"patch_publication_date", value:"2015/01/20"); script_set_attribute(attribute:"plugin_publication_date", value:"2015/01/23"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Solaris Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Solaris11/release"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("solaris.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/Solaris11/release"); if (isnull(release)) audit(AUDIT_OS_NOT, "Solaris11"); fix_release = "0.5.11-0.175.1.15.0.4.0"; flag = 0; if (solaris_check_release(release:"0.5.11-0.175.1.15.0.4.0", sru:"11.1.15.4.0") > 0) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:solaris_get_report2()); else security_warning(0); exit(0); } audit(AUDIT_OS_RELEASE_NOT, "Solaris", fix_release, release);

NASL family	Windows
NASL id	SMB_KB893066.NASL
description	The remote host runs a version of Windows that has a flaw in its TCP/IP stack. The flaw may allow an attacker to execute arbitrary code with SYSTEM privileges on the remote host or to perform a denial of service attack against the remote host. Proof of concept code is available to perform a denial of service attack against a vulnerable system.
last seen	2020-06-01
modified	2020-06-02
plugin id	18028
published	2005-04-12
reporter	This script is Copyright (C) 2005-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/18028
title	MS05-019: Vulnerabilities in TCP/IP Could Allow Remote Code Execution (893066) (uncredentialed check)
code	# # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(18028); script_version("1.37"); script_cvs_date("Date: 2018/11/15 20:50:28"); script_cve_id("CVE-2005-0048", "CVE-2004-0790", "CVE-2004-1060", "CVE-2004-0230", "CVE-2005-0688"); script_bugtraq_id(13124, 13116); script_xref(name:"MSFT", value:"MS05-019"); script_xref(name:"MSKB", value:"893066"); script_name(english:"MS05-019: Vulnerabilities in TCP/IP Could Allow Remote Code Execution (893066) (uncredentialed check)"); script_summary(english:"Checks for hotfix KB893066"); script_set_attribute(attribute:"synopsis", value: "Arbitrary code can be executed on the remote host due to a flaw in the TCP/IP stack."); script_set_attribute(attribute:"description", value: "The remote host runs a version of Windows that has a flaw in its TCP/IP stack. The flaw may allow an attacker to execute arbitrary code with SYSTEM privileges on the remote host or to perform a denial of service attack against the remote host. Proof of concept code is available to perform a denial of service attack against a vulnerable system."); script_set_attribute(attribute:"see_also", value:"https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2005/ms05-019"); script_set_attribute(attribute:"solution", value:"Microsoft has released a set of patches for Windows 2000, XP and 2003."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:C"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"vuln_publication_date", value:"2004/04/20"); script_set_attribute(attribute:"plugin_publication_date", value:"2005/04/12"); script_set_attribute(attribute:"potential_vulnerability", value:"true"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_set_attribute(attribute:"cpe", value:"cpe:/o:microsoft:windows"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2005-2018 Tenable Network Security, Inc."); script_family(english:"Windows"); script_dependencies("tcp_seq_window.nasl", "os_fingerprint.nasl"); script_require_keys("TCP/seq_window_flaw", "Host/OS", "Settings/ParanoidReport"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); if (report_paranoia < 2) audit(AUDIT_PARANOID); os = get_kb_item_or_exit("Host/OS") ; conf = get_kb_item_or_exit("Host/OS/Confidence"); if (conf <= 70) exit(1, "Can't determine the host's OS with sufficient confidence."); if ("Windows" >!< os) exit(0, "The host is not running Windows."); if ("Windows 4.0" >< os) exit(0, "Windows NT is not reported to be affected."); if ("Windows Server 2003 Service Pack" >< os) exit(0, "Windows 2003 SP1 and later are not reported to be affected."); if (ereg(pattern:"Windows (95\|98\|ME\|XP\|Server 2003)", string:os)) { if (get_kb_item("TCP/seq_window_flaw")) { security_hole(port:get_kb_item("SMB/transport")); exit(0); } else exit(0, "The host is not affected."); } else exit(0, "The host is not running one of the versions of Windows reportedly affected.");

NASL family	Solaris Local Security Checks
NASL id	SOLARIS10_X86_150401-10.NASL
description	Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Network). Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows successful unauthenticated network attacks via TCP/IP. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Solaris. Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Network). Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows successful unauthenticated network attacks via TCP/IP. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Solaris. Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Network). Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows successful unauthenticated network attacks via TCP/IP. Successful attack of this vulnerability can result in unauthorized read access to a subset of Solaris accessible data.
last seen	2020-06-01
modified	2020-06-02
plugin id	108189
published	2018-03-12
reporter	This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/108189
title	Solaris 10 (x86) : 150401-10
code	# # (C) Tenable Network Security, Inc. # # The descriptive text in this plugin was # extracted from the Oracle SunOS Patch Updates. # include("compat.inc"); if (description) { script_id(108189); script_version("1.5"); script_cvs_date("Date: 2020/01/08"); script_cve_id("CVE-2004-0230", "CVE-2014-6575", "CVE-2015-0375"); script_name(english:"Solaris 10 (x86) : 150401-10"); script_summary(english:"Check for patch 150401-10"); script_set_attribute( attribute:"synopsis", value:"The remote host is missing Sun Security Patch number 150401-10" ); script_set_attribute( attribute:"description", value: "Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Network). Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows successful unauthenticated network attacks via TCP/IP. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Solaris. Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Network). Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows successful unauthenticated network attacks via TCP/IP. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Solaris. Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Network). Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows successful unauthenticated network attacks via TCP/IP. Successful attack of this vulnerability can result in unauthorized read access to a subset of Solaris accessible data." ); script_set_attribute( attribute:"see_also", value:"https://getupdates.oracle.com/readme/150401-10" ); script_set_attribute(attribute:"solution", value:"Install patch 150401-10 or higher"); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2004-0230"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:127981"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:142008"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:142047"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:142333"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:144312"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:144541"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:146448"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:146809"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:146839"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:146849"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:147698"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:148175"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:148232"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:148554"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:148558"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:148678"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:148695"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:148722"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:148767"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:148876"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:149313"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:149503"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:149617"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:149637"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:149641"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:149643"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:149649"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:149730"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:150116"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:150118"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:150154"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:150162"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:150170"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:150301"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:150385"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:150386"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:150401"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:150528"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:150628"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:150630"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:150636"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:150757"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:150761"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:151150"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:151426"); script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:solaris:10"); script_set_attribute(attribute:"vuln_publication_date", value:"2004/08/18"); script_set_attribute(attribute:"patch_publication_date", value:"2014/03/15"); script_set_attribute(attribute:"plugin_publication_date", value:"2018/03/12"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Solaris Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Solaris/showrev"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("solaris.inc"); showrev = get_kb_item("Host/Solaris/showrev"); if (empty_or_null(showrev)) audit(AUDIT_OS_NOT, "Solaris"); os_ver = pregmatch(pattern:"Release: (\d+.(\d+))", string:showrev); if (empty_or_null(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Solaris"); full_ver = os_ver[1]; os_level = os_ver[2]; if (full_ver != "5.10") audit(AUDIT_OS_NOT, "Solaris 10", "Solaris " + os_level); package_arch = pregmatch(pattern:"Application architecture: (\w+)", string:showrev); if (empty_or_null(package_arch)) audit(AUDIT_UNKNOWN_ARCH); package_arch = package_arch[1]; if (package_arch != "i386") audit(AUDIT_ARCH_NOT, "i386", package_arch); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (solaris_check_patch(release:"5.10_x86", arch:"i386", patch:"150401-10", obsoleted_by:"", package:"SUNWarc", version:"11.10.0,REV=2005.01.21.16.34") < 0) flag++; if (solaris_check_patch(release:"5.10_x86", arch:"i386", patch:"150401-10", obsoleted_by:"", package:"SUNWarcr", version:"11.10.0,REV=2005.01.21.16.34") < 0) flag++; if (solaris_check_patch(release:"5.10_x86", arch:"i386", patch:"150401-10", obsoleted_by:"", package:"SUNWbtool", version:"11.10.0,REV=2005.01.21.16.34") < 0) flag++; if (solaris_check_patch(release:"5.10_x86", arch:"i386", patch:"150401-10", obsoleted_by:"", package:"SUNWcakr", version:"11.10.0,REV=2005.01.21.16.34") < 0) flag++; if (solaris_check_patch(release:"5.10_x86", arch:"i386", patch:"150401-10", obsoleted_by:"", package:"SUNWckr", version:"11.10.0,REV=2005.01.21.16.34") < 0) flag++; if (solaris_check_patch(release:"5.10_x86", arch:"i386", patch:"150401-10", obsoleted_by:"", package:"SUNWcpc", version:"11.10.0,REV=2005.01.21.16.34") < 0) flag++; if (solaris_check_patch(release:"5.10_x86", arch:"i386", patch:"150401-10", obsoleted_by:"", package:"SUNWcry", version:"11.10.0,REV=2005.01.21.16.34") < 0) flag++; if (solaris_check_patch(release:"5.10_x86", arch:"i386", patch:"150401-10", obsoleted_by:"", package:"SUNWcsl", version:"11.10.0,REV=2005.01.21.16.34") < 0) flag++; if (solaris_check_patch(release:"5.10_x86", arch:"i386", patch:"150401-10", obsoleted_by:"", package:"SUNWcslr", version:"11.10.0,REV=2005.01.21.16.34") < 0) flag++; if (solaris_check_patch(release:"5.10_x86", arch:"i386", patch:"150401-10", obsoleted_by:"", package:"SUNWcsr", version:"11.10.0,REV=2005.01.21.16.34") < 0) flag++; if (solaris_check_patch(release:"5.10_x86", arch:"i386", patch:"150401-10", obsoleted_by:"", package:"SUNWcsu", version:"11.10.0,REV=2005.01.21.16.34") < 0) flag++; if (solaris_check_patch(release:"5.10_x86", arch:"i386", patch:"150401-10", obsoleted_by:"", package:"SUNWdtrc", version:"11.10.0,REV=2005.01.21.16.34") < 0) flag++; if (solaris_check_patch(release:"5.10_x86", arch:"i386", patch:"150401-10", obsoleted_by:"", package:"SUNWesu", version:"11.10.0,REV=2005.01.21.16.34") < 0) flag++; if (solaris_check_patch(release:"5.10_x86", arch:"i386", patch:"150401-10", obsoleted_by:"", package:"SUNWfmd", version:"11.10.0,REV=2005.01.21.16.34") < 0) flag++; if (solaris_check_patch(release:"5.10_x86", arch:"i386", patch:"150401-10", obsoleted_by:"", package:"SUNWfss", version:"11.10.0,REV=2005.01.21.16.34") < 0) flag++; if (solaris_check_patch(release:"5.10_x86", arch:"i386", patch:"150401-10", obsoleted_by:"", package:"SUNWftdur", version:"11.10.0,REV=2005.01.21.16.34") < 0) flag++; if (solaris_check_patch(release:"5.10_x86", arch:"i386", patch:"150401-10", obsoleted_by:"", package:"SUNWhea", version:"11.10.0,REV=2005.01.21.16.34") < 0) flag++; if (solaris_check_patch(release:"5.10_x86", arch:"i386", patch:"150401-10", obsoleted_by:"", package:"SUNWintgige", version:"11.10.0,REV=2005.01.21.16.34") < 0) flag++; if (solaris_check_patch(release:"5.10_x86", arch:"i386", patch:"150401-10", obsoleted_by:"", package:"SUNWlxr", version:"11.10.0,REV=2007.06.20.13.12") < 0) flag++; if (solaris_check_patch(release:"5.10_x86", arch:"i386", patch:"150401-10", obsoleted_by:"", package:"SUNWmdb", version:"11.10.0,REV=2005.01.21.16.34") < 0) flag++; if (solaris_check_patch(release:"5.10_x86", arch:"i386", patch:"150401-10", obsoleted_by:"", package:"SUNWmdbr", version:"11.10.0,REV=2005.01.21.16.34") < 0) flag++; if (solaris_check_patch(release:"5.10_x86", arch:"i386", patch:"150401-10", obsoleted_by:"", package:"SUNWos86r", version:"11.10.0,REV=2005.01.21.16.34") < 0) flag++; if (solaris_check_patch(release:"5.10_x86", arch:"i386", patch:"150401-10", obsoleted_by:"", package:"SUNWperl584core", version:"11.10.0,REV=2005.01.21.16.34") < 0) flag++; if (solaris_check_patch(release:"5.10_x86", arch:"i386", patch:"150401-10", obsoleted_by:"", package:"SUNWpkcs11kms", version:"11.10.0,REV=2011.04.20.04.51") < 0) flag++; if (solaris_check_patch(release:"5.10_x86", arch:"i386", patch:"150401-10", obsoleted_by:"", package:"SUNWsmapi", version:"11.10.0,REV=2005.01.21.16.34") < 0) flag++; if (solaris_check_patch(release:"5.10_x86", arch:"i386", patch:"150401-10", obsoleted_by:"", package:"SUNWzfskr", version:"11.10.0,REV=2006.05.18.01.46") < 0) flag++; if (solaris_check_patch(release:"5.10_x86", arch:"i386", patch:"150401-10", obsoleted_by:"", package:"SUNWzfsr", version:"11.10.0,REV=2006.05.18.01.46") < 0) flag++; if (solaris_check_patch(release:"5.10_x86", arch:"i386", patch:"150401-10", obsoleted_by:"", package:"SUNWzfsu", version:"11.10.0,REV=2006.05.18.01.46") < 0) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : solaris_get_report() ); } else { patch_fix = solaris_patch_fix_get(); if (!empty_or_null(patch_fix)) audit(AUDIT_PATCH_INSTALLED, patch_fix, "Solaris 10"); tested = solaris_pkg_tests_get(); if (!empty_or_null(tested)) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); audit(AUDIT_PACKAGE_NOT_INSTALLED, "SUNWarc / SUNWarcr / SUNWbtool / SUNWcakr / SUNWckr / SUNWcpc / etc"); }

NASL family	Solaris Local Security Checks
NASL id	SOLARIS10_150400-10.NASL
description	Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Network). Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows successful unauthenticated network attacks via TCP/IP. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Solaris. Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Network). Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows successful unauthenticated network attacks via TCP/IP. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Solaris. Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Network). Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows successful unauthenticated network attacks via TCP/IP. Successful attack of this vulnerability can result in unauthorized read access to a subset of Solaris accessible data.
last seen	2020-06-01
modified	2020-06-02
plugin id	107708
published	2018-03-12
reporter	This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/107708
title	Solaris 10 (sparc) : 150400-10
code	# # (C) Tenable Network Security, Inc. # # The descriptive text in this plugin was # extracted from the Oracle SunOS Patch Updates. # include("compat.inc"); if (description) { script_id(107708); script_version("1.5"); script_cvs_date("Date: 2020/01/08"); script_cve_id("CVE-2004-0230", "CVE-2014-6575", "CVE-2015-0375"); script_name(english:"Solaris 10 (sparc) : 150400-10"); script_summary(english:"Check for patch 150400-10"); script_set_attribute( attribute:"synopsis", value:"The remote host is missing Sun Security Patch number 150400-10" ); script_set_attribute( attribute:"description", value: "Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Network). Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows successful unauthenticated network attacks via TCP/IP. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Solaris. Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Network). Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows successful unauthenticated network attacks via TCP/IP. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Solaris. Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Network). Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows successful unauthenticated network attacks via TCP/IP. Successful attack of this vulnerability can result in unauthorized read access to a subset of Solaris accessible data." ); script_set_attribute( attribute:"see_also", value:"https://getupdates.oracle.com/readme/150400-10" ); script_set_attribute(attribute:"solution", value:"Install patch 150400-10 or higher"); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2004-0230"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:122255"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:127980"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:137048"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:139510"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:139944"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:142007"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:142332"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:144540"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:146808"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:146838"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:146848"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:147697"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:148161"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:148174"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:148231"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:148338"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:148553"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:148557"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:148721"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:148730"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:148766"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:148875"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:149502"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:149616"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:149640"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:149642"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:149648"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:149718"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:149729"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:150108"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:150109"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:150115"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:150125"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:150161"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:150169"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:150300"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:150307"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:150311"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:150400"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:150527"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:150531"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:150532"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:150541"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:150627"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:150629"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:150756"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:150760"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:150840"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:150841"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:151145"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:151149"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:151425"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:151608"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:152367"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:152530"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:152539"); script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:solaris:10"); script_set_attribute(attribute:"vuln_publication_date", value:"2004/08/18"); script_set_attribute(attribute:"patch_publication_date", value:"2014/03/15"); script_set_attribute(attribute:"plugin_publication_date", value:"2018/03/12"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Solaris Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Solaris/showrev"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("solaris.inc"); showrev = get_kb_item("Host/Solaris/showrev"); if (empty_or_null(showrev)) audit(AUDIT_OS_NOT, "Solaris"); os_ver = pregmatch(pattern:"Release: (\d+.(\d+))", string:showrev); if (empty_or_null(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Solaris"); full_ver = os_ver[1]; os_level = os_ver[2]; if (full_ver != "5.10") audit(AUDIT_OS_NOT, "Solaris 10", "Solaris " + os_level); package_arch = pregmatch(pattern:"Application architecture: (\w+)", string:showrev); if (empty_or_null(package_arch)) audit(AUDIT_UNKNOWN_ARCH); package_arch = package_arch[1]; if (package_arch != "sparc") audit(AUDIT_ARCH_NOT, "sparc", package_arch); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (solaris_check_patch(release:"5.10", arch:"sparc", patch:"150400-10", obsoleted_by:"", package:"FJSVhea", version:"11.10.0,REV=2005.01.20.17.25") < 0) flag++; if (solaris_check_patch(release:"5.10", arch:"sparc", patch:"150400-10", obsoleted_by:"", package:"FJSVmdbr", version:"11.10.0,REV=2005.01.20.17.25") < 0) flag++; if (solaris_check_patch(release:"5.10", arch:"sparc", patch:"150400-10", obsoleted_by:"", package:"SUNWarc", version:"11.10.0,REV=2005.01.21.15.53") < 0) flag++; if (solaris_check_patch(release:"5.10", arch:"sparc", patch:"150400-10", obsoleted_by:"", package:"SUNWarcr", version:"11.10.0,REV=2005.01.21.15.53") < 0) flag++; if (solaris_check_patch(release:"5.10", arch:"sparc", patch:"150400-10", obsoleted_by:"", package:"SUNWcakr", version:"11.10.0,REV=2005.08.25.02.12") < 0) flag++; if (solaris_check_patch(release:"5.10", arch:"sparc", patch:"150400-10", obsoleted_by:"", package:"SUNWcar", version:"11.10.0,REV=2005.08.10.02.13") < 0) flag++; if (solaris_check_patch(release:"5.10", arch:"sparc", patch:"150400-10", obsoleted_by:"", package:"SUNWckr", version:"11.10.0,REV=2005.01.21.15.53") < 0) flag++; if (solaris_check_patch(release:"5.10", arch:"sparc", patch:"150400-10", obsoleted_by:"", package:"SUNWcpr", version:"11.10.0,REV=2005.01.21.15.53") < 0) flag++; if (solaris_check_patch(release:"5.10", arch:"sparc", patch:"150400-10", obsoleted_by:"", package:"SUNWcry", version:"11.10.0,REV=2005.01.21.15.53") < 0) flag++; if (solaris_check_patch(release:"5.10", arch:"sparc", patch:"150400-10", obsoleted_by:"", package:"SUNWcsl", version:"11.10.0,REV=2005.01.21.15.53") < 0) flag++; if (solaris_check_patch(release:"5.10", arch:"sparc", patch:"150400-10", obsoleted_by:"", package:"SUNWcslr", version:"11.10.0,REV=2005.01.21.15.53") < 0) flag++; if (solaris_check_patch(release:"5.10", arch:"sparc", patch:"150400-10", obsoleted_by:"", package:"SUNWcsr", version:"11.10.0,REV=2005.01.21.15.53") < 0) flag++; if (solaris_check_patch(release:"5.10", arch:"sparc", patch:"150400-10", obsoleted_by:"", package:"SUNWcsu", version:"11.10.0,REV=2005.01.21.15.53") < 0) flag++; if (solaris_check_patch(release:"5.10", arch:"sparc", patch:"150400-10", obsoleted_by:"", package:"SUNWdtrc", version:"11.10.0,REV=2005.01.21.15.53") < 0) flag++; if (solaris_check_patch(release:"5.10", arch:"sparc", patch:"150400-10", obsoleted_by:"", package:"SUNWefc", version:"11.10.0,REV=2005.01.21.15.53") < 0) flag++; if (solaris_check_patch(release:"5.10", arch:"sparc", patch:"150400-10", obsoleted_by:"", package:"SUNWefcl", version:"11.10.0,REV=2005.01.21.15.53") < 0) flag++; if (solaris_check_patch(release:"5.10", arch:"sparc", patch:"150400-10", obsoleted_by:"", package:"SUNWfmd", version:"11.10.0,REV=2005.01.21.15.53") < 0) flag++; if (solaris_check_patch(release:"5.10", arch:"sparc", patch:"150400-10", obsoleted_by:"", package:"SUNWfss", version:"11.10.0,REV=2005.01.21.15.53") < 0) flag++; if (solaris_check_patch(release:"5.10", arch:"sparc", patch:"150400-10", obsoleted_by:"", package:"SUNWftdur", version:"11.10.0,REV=2005.01.21.15.53") < 0) flag++; if (solaris_check_patch(release:"5.10", arch:"sparc", patch:"150400-10", obsoleted_by:"", package:"SUNWhea", version:"11.10.0,REV=2005.01.21.15.53") < 0) flag++; if (solaris_check_patch(release:"5.10", arch:"sparc", patch:"150400-10", obsoleted_by:"", package:"SUNWintgige", version:"11.10.0,REV=2005.09.15.00.13") < 0) flag++; if (solaris_check_patch(release:"5.10", arch:"sparc", patch:"150400-10", obsoleted_by:"", package:"SUNWiopc", version:"11.10.0,REV=2006.07.11.11.28") < 0) flag++; if (solaris_check_patch(release:"5.10", arch:"sparc", patch:"150400-10", obsoleted_by:"", package:"SUNWldomr", version:"11.10.0,REV=2006.10.04.00.26") < 0) flag++; if (solaris_check_patch(release:"5.10", arch:"sparc", patch:"150400-10", obsoleted_by:"", package:"SUNWldomu", version:"11.10.0,REV=2006.08.08.12.13") < 0) flag++; if (solaris_check_patch(release:"5.10", arch:"sparc", patch:"150400-10", obsoleted_by:"", package:"SUNWmdb", version:"11.10.0,REV=2005.01.21.15.53") < 0) flag++; if (solaris_check_patch(release:"5.10", arch:"sparc", patch:"150400-10", obsoleted_by:"", package:"SUNWmdbr", version:"11.10.0,REV=2005.01.21.15.53") < 0) flag++; if (solaris_check_patch(release:"5.10", arch:"sparc", patch:"150400-10", obsoleted_by:"", package:"SUNWn2cp", version:"11.10.0,REV=2007.07.08.21.44") < 0) flag++; if (solaris_check_patch(release:"5.10", arch:"sparc", patch:"150400-10", obsoleted_by:"", package:"SUNWpd", version:"11.10.0,REV=2005.01.21.15.53") < 0) flag++; if (solaris_check_patch(release:"5.10", arch:"sparc", patch:"150400-10", obsoleted_by:"", package:"SUNWpdu", version:"11.10.0,REV=2005.01.21.15.53") < 0) flag++; if (solaris_check_patch(release:"5.10", arch:"sparc", patch:"150400-10", obsoleted_by:"", package:"SUNWperl584core", version:"11.10.0,REV=2005.01.21.15.53") < 0) flag++; if (solaris_check_patch(release:"5.10", arch:"sparc", patch:"150400-10", obsoleted_by:"", package:"SUNWs8brandu", version:"11.10.0,REV=2007.10.08.16.51") < 0) flag++; if (solaris_check_patch(release:"5.10", arch:"sparc", patch:"150400-10", obsoleted_by:"", package:"SUNWs9brandr", version:"11.10.0,REV=2008.04.24.03.37") < 0) flag++; if (solaris_check_patch(release:"5.10", arch:"sparc", patch:"150400-10", obsoleted_by:"", package:"SUNWs9brandu", version:"11.10.0,REV=2008.04.24.03.37") < 0) flag++; if (solaris_check_patch(release:"5.10", arch:"sparc", patch:"150400-10", obsoleted_by:"", package:"SUNWsmapi", version:"11.10.0,REV=2005.01.21.15.53") < 0) flag++; if (solaris_check_patch(release:"5.10", arch:"sparc", patch:"150400-10", obsoleted_by:"", package:"SUNWssad", version:"11.10.0,REV=2005.01.21.15.53") < 0) flag++; if (solaris_check_patch(release:"5.10", arch:"sparc", patch:"150400-10", obsoleted_by:"", package:"SUNWust1", version:"11.10.0,REV=2005.08.10.02.13") < 0) flag++; if (solaris_check_patch(release:"5.10", arch:"sparc", patch:"150400-10", obsoleted_by:"", package:"SUNWust2", version:"11.10.0,REV=2007.07.08.17.44") < 0) flag++; if (solaris_check_patch(release:"5.10", arch:"sparc", patch:"150400-10", obsoleted_by:"", package:"SUNWzfskr", version:"11.10.0,REV=2006.05.18.02.15") < 0) flag++; if (solaris_check_patch(release:"5.10", arch:"sparc", patch:"150400-10", obsoleted_by:"", package:"SUNWzfsr", version:"11.10.0,REV=2006.05.18.02.15") < 0) flag++; if (solaris_check_patch(release:"5.10", arch:"sparc", patch:"150400-10", obsoleted_by:"", package:"SUNWzfsu", version:"11.10.0,REV=2006.05.18.02.15") < 0) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : solaris_get_report() ); } else { patch_fix = solaris_patch_fix_get(); if (!empty_or_null(patch_fix)) audit(AUDIT_PATCH_INSTALLED, patch_fix, "Solaris 10"); tested = solaris_pkg_tests_get(); if (!empty_or_null(tested)) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); audit(AUDIT_PACKAGE_NOT_INSTALLED, "FJSVhea / FJSVmdbr / SUNWarc / SUNWarcr / SUNWcakr / SUNWcar / etc"); }

NASL family	Junos Local Security Checks
NASL id	JUNIPER_JSA10638.NASL
description	According to its self-reported version number, the remote Juniper Junos device is affected by a denial of service vulnerability. An attacker who can guess an in-window sequence number, source and destination addresses, and port numbers can exploit this vulnerability to reset any established TCP session. This issue only affects TCP sessions terminating on the router. Transit traffic and TCP Proxy services are unaffected by this vulnerability.
last seen	2019-10-28
modified	2014-07-15
plugin id	76506
published	2014-07-15
reporter	This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/76506
title	Juniper Junos TCP Packet Processing Remote DoS (JSA10638)
code	#TRUSTED 5f434e6a7c9071c098304ae4af638cae9e07441ec814ff789ba27e107cac76abef7c2374ec35060d25ffc87ef9d8179e7e01382d569dcf61c9c4cbb7908ddcbf5bb8bfabf7ceeb43e2c7cc13e07f1541545264e1323e7c24403c913f87c8a8fa98fe3e2d2168757d58f92281f787eb33ed9330375e20cdb71e6ed1bfd278c425d2ce70a592ad637d623cd65ffc9f5286b589434a2188f6f03adab1503b7c264b83ed546f887d21411714e8df0b010e90ff22982a594abf65c3bbb93e95344879398005ba48331e1cd09626761f4de83e8d4d8c93f0d8e30b5682e750c9f2898df0132c161dcad7fe433e5067c0841596a1d6cea0e0b19ae753e1a5ec8f3a8c5614de3875b8dae96ec6776c1ff7da29f83868d6944327cf15be132f8cfa716526ffc847ac2922845c66ec908f666481e3db0d4cbdffa65fc3e557bffe5e1d4c469b69ab1a0d934cf913bd6f014420c048c6c43b09308e91ac5dfa2b9776f737f11a7e978d03eb8b4ad196f015498b9cd72e0bc74571cf700ed48d882f991132d40abe5a98e0e3dedbeb22a330acb68f443d3c7574c205a620c36f2e7a648ec094b2ef308f03ca2215583621f46422558776559f782880213e4fbf9983ce6a02b3d8f7b047c2ccfd7fb6e303806a1be67ace3413cfa44cc3bd06e108a5929134f5efd8f3c985e1968066464e6409117953e39f93ab4b9522a269257d6820ffc435 # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(76506); script_version("1.7"); script_set_attribute(attribute:"plugin_modification_date", value:"2018/07/12"); script_cve_id("CVE-2004-0230"); script_bugtraq_id(10183); script_xref(name:"JSA", value:"JSA10638"); script_name(english:"Juniper Junos TCP Packet Processing Remote DoS (JSA10638)"); script_summary(english:"Checks the Junos version, build date, and configuration."); script_set_attribute(attribute:"synopsis", value: "The remote device is missing a vendor-supplied security patch."); script_set_attribute(attribute:"description", value: "According to its self-reported version number, the remote Juniper Junos device is affected by a denial of service vulnerability. An attacker who can guess an in-window sequence number, source and destination addresses, and port numbers can exploit this vulnerability to reset any established TCP session. This issue only affects TCP sessions terminating on the router. Transit traffic and TCP Proxy services are unaffected by this vulnerability."); script_set_attribute(attribute:"see_also", value:"https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10638"); script_set_attribute(attribute:"solution", value: "Apply the relevant Junos software release referenced in Juniper advisory JSA10638."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"vuln_publication_date", value:"2004/08/18"); script_set_attribute(attribute:"patch_publication_date", value:"2014/07/09"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/07/15"); script_set_attribute(attribute:"plugin_type", value:"combined"); script_set_attribute(attribute:"cpe", value:"cpe:/o:juniper:junos"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Junos Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc."); script_dependencies("junos_version.nasl"); script_require_keys("Host/Juniper/JUNOS/Version", "Host/Juniper/JUNOS/BuildDate"); exit(0); } include("audit.inc"); include("junos_kb_cmd_func.inc"); include("misc_func.inc"); ver = get_kb_item_or_exit('Host/Juniper/JUNOS/Version'); build_date = get_kb_item_or_exit('Host/Juniper/JUNOS/BuildDate'); # Junos OS 14.1R1 release date if (compare_build_dates(build_date, '2014-06-26') >= 0) audit(AUDIT_INST_VER_NOT_VULN, 'Junos', ver + ' (build date ' + build_date + ')'); fixes = make_array(); fixes['11.4'] = '11.4R11'; fixes['12.1X44'] = '12.1X44-D35'; fixes['12.1X45'] = '12.1X45-D25'; fixes['12.1X46'] = '12.1X46-D20'; fixes['12.1X47'] = '12.1X47-D10'; fixes['12.1'] = '12.1R10'; fixes['12.2'] = '12.2R8'; fixes['12.3'] = '12.3R6'; fixes['13.1'] = '13.1R4'; fixes['13.2'] = '13.2R4'; fixes['13.3'] = '13.3R2'; fixes['14.1'] = '14.1R1'; fix = check_junos(ver:ver, fixes:fixes, exit_on_fail:TRUE); override = TRUE; buf = junos_command_kb_item(cmd:"show configuration \| display set"); # Multiple workarounds are available but all other workarounds are difficult to check if (buf) { pattern = "^set system internet-options tcp-reset-syn-acknowledge"; if (junos_check_config(buf:buf, pattern:pattern)) override = FALSE; # Display caveat instead of checking for other workarounds/auditing out } junos_report(ver:ver, fix:fix, override:override, severity:SECURITY_WARNING);

NASL family	Windows : Microsoft Bulletins
NASL id	SMB_NT_MS05-019.NASL
description	The remote host runs a version of Windows that has a flaw in its TCP/IP stack. The flaw could allow an attacker to execute arbitrary code with SYSTEM privileges on the remote host, or to perform a denial of service attack against the remote host. Proof of concept code is available to perform a Denial of Service against a vulnerable system.
last seen	2020-06-01
modified	2020-06-02
plugin id	18023
published	2005-04-12
reporter	This script is Copyright (C) 2005-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/18023
title	MS05-019: Vulnerabilities in TCP/IP Could Allow Remote Code Execution (893066)
code	# # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(18023); script_version("1.43"); script_cvs_date("Date: 2018/11/15 20:50:29"); script_cve_id( "CVE-2004-0230", "CVE-2004-0790", "CVE-2004-1060", "CVE-2005-0048", "CVE-2005-0065", "CVE-2005-0066", "CVE-2005-0067", "CVE-2005-0068", "CVE-2005-0688" ); script_bugtraq_id(13116, 13124, 13658); script_xref(name:"MSFT", value:"MS05-019"); script_xref(name:"CERT", value:"222750"); script_xref(name:"CERT", value:"233754"); script_xref(name:"CERT", value:"396645"); script_xref(name:"CERT", value:"415294"); script_xref(name:"EDB-ID", value:"276"); script_xref(name:"EDB-ID", value:"291"); script_xref(name:"EDB-ID", value:"861"); script_xref(name:"EDB-ID", value:"948"); script_xref(name:"EDB-ID", value:"24030"); script_xref(name:"EDB-ID", value:"24031"); script_xref(name:"EDB-ID", value:"24032"); script_xref(name:"EDB-ID", value:"24033"); script_xref(name:"EDB-ID", value:"25383"); script_xref(name:"EDB-ID", value:"25388"); script_xref(name:"EDB-ID", value:"25389"); script_xref(name:"MSKB", value:"893066"); script_name(english:"MS05-019: Vulnerabilities in TCP/IP Could Allow Remote Code Execution (893066)"); script_summary(english:"Checks the remote registry for 893066"); script_set_attribute(attribute:"synopsis", value: "Arbitrary code can be executed on the remote host due to a flaw in the TCP/IP stack."); script_set_attribute(attribute:"description", value: "The remote host runs a version of Windows that has a flaw in its TCP/IP stack. The flaw could allow an attacker to execute arbitrary code with SYSTEM privileges on the remote host, or to perform a denial of service attack against the remote host. Proof of concept code is available to perform a Denial of Service against a vulnerable system."); script_set_attribute(attribute:"see_also", value:"https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2005/ms05-019"); script_set_attribute(attribute:"solution", value: "Microsoft has released a set of patches for Windows 2000, XP and 2003."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:C"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"vuln_publication_date", value:"2005/03/05"); script_set_attribute(attribute:"patch_publication_date", value:"2005/04/12"); script_set_attribute(attribute:"plugin_publication_date", value:"2005/04/12"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:microsoft:windows"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2005-2018 Tenable Network Security, Inc."); script_family(english:"Windows : Microsoft Bulletins"); script_dependencies("smb_hotfixes.nasl", "ms_bulletin_checks_possible.nasl"); script_require_keys("SMB/MS_Bulletin_Checks/Possible"); script_require_ports(139, 445, 'Host/patch_management_checks'); exit(0); } include("audit.inc"); include("smb_hotfixes_fcheck.inc"); include("smb_hotfixes.inc"); include("smb_func.inc"); include("misc_func.inc"); get_kb_item_or_exit("SMB/MS_Bulletin_Checks/Possible"); bulletin = 'MS05-019'; kb = '893066'; kbs = make_list(kb); if (get_kb_item("Host/patch_management_checks")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE); get_kb_item_or_exit("SMB/Registry/Enumerated"); get_kb_item_or_exit("SMB/WindowsVersion", exit_code:1); if (hotfix_check_sp_range(win2k:'3,4', xp:'1,2', win2003:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN); rootfile = hotfix_get_systemroot(); if (!rootfile) exit(1, "Failed to get the system root."); share = hotfix_path2share(path:rootfile); if (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share); if ( hotfix_is_vulnerable(os:"5.2", sp:0, file:"Tcpip.sys", version:"5.2.3790.336", dir:"\system32\drivers", bulletin:bulletin, kb:kb) \|\| hotfix_is_vulnerable(os:"5.1", sp:1, file:"Tcpip.sys", version:"5.1.2600.1693", dir:"\system32\drivers", bulletin:bulletin, kb:kb) \|\| hotfix_is_vulnerable(os:"5.1", sp:2, file:"Tcpip.sys", version:"5.1.2600.2685", dir:"\system32\drivers", bulletin:bulletin, kb:kb) \|\| hotfix_is_vulnerable(os:"5.0", file:"Tcpip.sys", version:"5.0.2195.7049", dir:"\system32\drivers", bulletin:bulletin, kb:kb) ) { set_kb_item(name:"SMB/Missing/"+bulletin, value:TRUE); hotfix_security_hole(); hotfix_check_fversion_end(); exit(0); } else { hotfix_check_fversion_end(); audit(AUDIT_HOST_NOT, 'affected'); }

NASL family	Windows : Microsoft Bulletins
NASL id	SMB_NT_MS06-064.NASL
description	The remote host runs a version of Windows that has a flaw in its TCP/IP IPv6 stack. The flaw could allow an attacker to perform a denial of service attack against the remote host. To exploit this vulnerability, an attacker needs to send a specially crafted ICMP or TCP packet to the remote host.
last seen	2020-06-01
modified	2020-06-02
plugin id	22537
published	2006-10-10
reporter	This script is Copyright (C) 2006-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/22537
title	MS06-064: Vulnerability in TCP/IP IPv6 Could Allow Denial of Service (922819)
code	# # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(22537); script_version("1.31"); script_cvs_date("Date: 2018/11/15 20:50:30"); script_cve_id("CVE-2004-0790","CVE-2004-0230","CVE-2005-0688"); script_bugtraq_id(13124, 13658); script_xref(name:"CERT", value:"415294"); script_xref(name:"CERT", value:"222750"); script_xref(name:"CERT", value:"396645"); script_xref(name:"MSFT", value:"MS06-064"); script_xref(name:"MSKB", value:"922819"); script_name(english:"MS06-064: Vulnerability in TCP/IP IPv6 Could Allow Denial of Service (922819)"); script_summary(english:"Checks the remote registry for 922819"); script_set_attribute(attribute:"synopsis", value: "It is possible to crash the remote host due to a flaw in the TCP/IP IPv6 stack."); script_set_attribute(attribute:"description", value: "The remote host runs a version of Windows that has a flaw in its TCP/IP IPv6 stack. The flaw could allow an attacker to perform a denial of service attack against the remote host. To exploit this vulnerability, an attacker needs to send a specially crafted ICMP or TCP packet to the remote host."); script_set_attribute(attribute:"see_also", value:"https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2006/ms06-064"); script_set_attribute(attribute:"solution", value:"Microsoft has released a set of patches for Windows XP and 2003."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"vuln_publication_date", value:"2003/12/22"); script_set_attribute(attribute:"patch_publication_date", value:"2006/10/10"); script_set_attribute(attribute:"plugin_publication_date", value:"2006/10/10"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:microsoft:windows"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2006-2018 Tenable Network Security, Inc."); script_family(english:"Windows : Microsoft Bulletins"); script_dependencies("smb_hotfixes.nasl", "ms_bulletin_checks_possible.nasl"); script_require_keys("SMB/MS_Bulletin_Checks/Possible"); script_require_ports(139, 445, 'Host/patch_management_checks'); exit(0); } include("audit.inc"); include("smb_hotfixes_fcheck.inc"); include("smb_hotfixes.inc"); include("smb_func.inc"); include("misc_func.inc"); get_kb_item_or_exit("SMB/MS_Bulletin_Checks/Possible"); bulletin = 'MS06-064'; kb = '922819'; kbs = make_list(kb); if (get_kb_item("Host/patch_management_checks")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_WARNING); get_kb_item_or_exit("SMB/Registry/Enumerated"); get_kb_item_or_exit("SMB/WindowsVersion", exit_code:1); if (hotfix_check_sp_range(xp:'1,2', win2003:'0,1') <= 0) audit(AUDIT_OS_SP_NOT_VULN); rootfile = hotfix_get_systemroot(); if (!rootfile) exit(1, "Failed to get the system root."); share = hotfix_path2share(path:rootfile); if (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share); if ( hotfix_is_vulnerable(os:"5.2", sp:0, file:"Tcpip6.sys", version:"5.2.3790.576", dir:"\system32\drivers", bulletin:bulletin, kb:kb) \|\| hotfix_is_vulnerable(os:"5.2", sp:1, file:"Tcpip6.sys", version:"5.2.3790.2771", dir:"\system32\drivers", bulletin:bulletin, kb:kb) \|\| hotfix_is_vulnerable(os:"5.1", sp:1, file:"Tcpip6.sys", version:"5.1.2600.1886", dir:"\system32\drivers", bulletin:bulletin, kb:kb) \|\| hotfix_is_vulnerable(os:"5.1", sp:2, file:"Tcpip6.sys", version:"5.1.2600.2975", dir:"\system32\drivers", bulletin:bulletin, kb:kb) ) { set_kb_item(name:"SMB/Missing/"+bulletin, value:TRUE); hotfix_security_warning(); hotfix_check_fversion_end(); exit(0); } else { hotfix_check_fversion_end(); audit(AUDIT_HOST_NOT, 'affected'); }

NASL family	SuSE Local Security Checks
NASL id	SUSE_SU-2017-0333-1.NASL
description	The SUSE Linux Enterprise 11 SP2 LTSS kernel was updated to receive various security and bugfixes. This is the last planned LTSS kernel update for the SUSE Linux Enterprise Server 11 SP2 LTSS. The following security bugs were fixed : - CVE-2016-10088: The sg implementation in the Linux kernel did not properly restrict write operations in situations where the KERNEL_DS option is set, which allowed local users to read or write to arbitrary kernel memory locations or cause a denial of service (use-after-free) by leveraging access to a /dev/sg device, related to block/bsg.c and drivers/scsi/sg.c. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-9576 (bnc#1017710). - CVE-2004-0230: TCP, when using a large Window Size, made it easier for remote attackers to guess sequence numbers and cause a denial of service (connection loss) to persistent TCP connections by repeatedly injecting a TCP RST packet, especially in protocols that use long-lived connections, such as BGP (bnc#969340). - CVE-2016-8632: The tipc_msg_build function in net/tipc/msg.c in the Linux kernel did not validate the relationship between the minimum fragment length and the maximum packet size, which allowed local users to gain privileges or cause a denial of service (heap-based buffer overflow) by leveraging the CAP_NET_ADMIN capability (bnc#1008831). - CVE-2016-8399: An out of bounds read in the ping protocol handler could have lead to information disclosure (bsc#1014746). - CVE-2016-9793: The sock_setsockopt function in net/core/sock.c in the Linux kernel mishandled negative values of sk_sndbuf and sk_rcvbuf, which allowed local users to cause a denial of service (memory corruption and system crash) or possibly have unspecified other impact by leveraging the CAP_NET_ADMIN capability for a crafted setsockopt system call with the (1) SO_SNDBUFFORCE or (2) SO_RCVBUFFORCE option (bnc#1013531). - CVE-2012-6704: The sock_setsockopt function in net/core/sock.c in the Linux kernel mishandled negative values of sk_sndbuf and sk_rcvbuf, which allowed local users to cause a denial of service (memory corruption and system crash) or possibly have unspecified other impact by leveraging the CAP_NET_ADMIN capability for a crafted setsockopt system call with the (1) SO_SNDBUF or (2) SO_RCVBUF option (bnc#1013542). - CVE-2016-9756: arch/x86/kvm/emulate.c in the Linux kernel did not properly initialize Code Segment (CS) in certain error cases, which allowed local users to obtain sensitive information from kernel stack memory via a crafted application (bnc#1013038). - CVE-2016-3841: The IPv6 stack in the Linux kernel mishandled options data, which allowed local users to gain privileges or cause a denial of service (use-after-free and system crash) via a crafted sendmsg system call (bnc#992566). - CVE-2016-9685: Multiple memory leaks in error paths in fs/xfs/xfs_attr_list.c in the Linux kernel allowed local users to cause a denial of service (memory consumption) via crafted XFS filesystem operations (bnc#1012832). - CVE-2015-1350: The VFS subsystem in the Linux kernel 3.x provides an incomplete set of requirements for setattr operations that underspecified removing extended privilege attributes, which allowed local users to cause a denial of service (capability stripping) via a failed invocation of a system call, as demonstrated by using chown to remove a capability from the ping or Wireshark dumpcap program (bnc#914939). - CVE-2015-8962: Double free vulnerability in the sg_common_write function in drivers/scsi/sg.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (memory corruption and system crash) by detaching a device during an SG_IO ioctl call (bnc#1010501). - CVE-2016-9555: The sctp_sf_ootb function in net/sctp/sm_statefuns.c in the Linux kernel lacked chunk-length checking for the first chunk, which allowed remote attackers to cause a denial of service (out-of-bounds slab access) or possibly have unspecified other impact via crafted SCTP data (bnc#1011685). - CVE-2016-7910: Use-after-free vulnerability in the disk_seqf_stop function in block/genhd.c in the Linux kernel allowed local users to gain privileges by leveraging the execution of a certain stop operation even if the corresponding start operation had failed (bnc#1010716). - CVE-2016-7911: Race condition in the get_task_ioprio function in block/ioprio.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (use-after-free) via a crafted ioprio_get system call (bnc#1010711). - CVE-2015-8964: The tty_set_termios_ldisc function in drivers/tty/tty_ldisc.c in the Linux kernel allowed local users to obtain sensitive information from kernel memory by reading a tty data structure (bnc#1010507). - CVE-2016-7916: Race condition in the environ_read function in fs/proc/base.c in the Linux kernel allowed local users to obtain sensitive information from kernel memory by reading a /proc/*/environ file during a process-setup time interval in which environment-variable copying is incomplete (bnc#1010467). - CVE-2016-8646: The hash_accept function in crypto/algif_hash.c in the Linux kernel allowed local users to cause a denial of service (OOPS) by attempting to trigger use of in-kernel hash algorithms for a socket that has received zero bytes of data (bnc#1010150). - CVE-2016-8633: drivers/firewire/net.c in the Linux kernel before 4.8.7, in certain unusual hardware configurations, allowed remote attackers to execute arbitrary code via crafted fragmented packets (bnc#1008833). - CVE-2016-7042: The proc_keys_show function in security/keys/proc.c in the Linux kernel used an incorrect buffer size for certain timeout data, which allowed local users to cause a denial of service (stack memory corruption and panic) by reading the /proc/keys file (bnc#1004517). - CVE-2016-7097: The filesystem implementation in the Linux kernel preserves the setgid bit during a setxattr call, which allowed local users to gain group privileges by leveraging the existence of a setgid program with restrictions on execute permissions (bnc#995968). - CVE-2017-5551: The filesystem implementation in the Linux kernel preserves the setgid bit during a setxattr call, which allowed local users to gain group privileges by leveraging the existence of a setgid program with restrictions on execute permissions. This CVE tracks the fix for the tmpfs filesystem. (bsc#1021258). - CVE-2015-8956: The rfcomm_sock_bind function in net/bluetooth/rfcomm/sock.c in the Linux kernel allowed local users to obtain sensitive information or cause a denial of service (NULL pointer dereference) via vectors involving a bind system call on a Bluetooth RFCOMM socket (bnc#1003925). - CVE-2016-7117: Use-after-free vulnerability in the __sys_recvmmsg function in net/socket.c in the Linux kernel allowed remote attackers to execute arbitrary code via vectors involving a recvmmsg system call that is mishandled during error processing (bnc#1003077). - CVE-2016-0823: The pagemap_open function in fs/proc/task_mmu.c in the Linux kernel allowed local users to obtain sensitive physical-address information by reading a pagemap file, aka Android internal bug 25739721 (bnc#994759). - CVE-2016-7425: The arcmsr_iop_message_xfer function in drivers/scsi/arcmsr/arcmsr_hba.c in the Linux kernel did not restrict a certain length field, which allowed local users to gain privileges or cause a denial of service (heap-based buffer overflow) via an ARCMSR_MESSAGE_WRITE_WQBUFFER control code (bnc#999932). - CVE-2016-6828: The tcp_check_send_head function in include/net/tcp.h in the Linux kernel did not properly maintain certain SACK state after a failed data copy, which allowed local users to cause a denial of service (tcp_xmit_retransmit_queue use-after-free and system crash) via a crafted SACK option (bnc#994296). - CVE-2016-6480: Race condition in the ioctl_send_fib function in drivers/scsi/aacraid/commctrl.c in the Linux kernel allowed local users to cause a denial of service (out-of-bounds access or system crash) by changing a certain size value, aka a
last seen	2020-06-01
modified	2020-06-02
plugin id	96903
published	2017-01-31
reporter	This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/96903
title	SUSE SLES11 Security Update : kernel (SUSE-SU-2017:0333-1)

NASL family	SuSE Local Security Checks
NASL id	SUSE_SU-2017-0494-1.NASL
description	The SUSE Linux Enterprise 11 SP3 LTSS kernel was updated to receive various security and bugfixes. The following security bugs were fixed : - CVE-2015-8970: crypto/algif_skcipher.c in the Linux kernel did not verify that a setkey operation has been performed on an AF_ALG socket before an accept system call is processed, which allowed local users to cause a denial of service (NULL pointer dereference and system crash) via a crafted application that did not supply a key, related to the lrw_crypt function in crypto/lrw.c (bnc#1008374). - CVE-2017-5551: Clear S_ISGID on tmpfs when setting posix ACLs (bsc#1021258). - CVE-2016-7097: The filesystem implementation in the Linux kernel preserves the setgid bit during a setxattr call, which allowed local users to gain group privileges by leveraging the existence of a setgid program with restrictions on execute permissions (bnc#995968). - CVE-2016-10088: The sg implementation in the Linux kernel did not properly restrict write operations in situations where the KERNEL_DS option is set, which allowed local users to read or write to arbitrary kernel memory locations or cause a denial of service (use-after-free) by leveraging access to a /dev/sg device, related to block/bsg.c and drivers/scsi/sg.c. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-9576 (bnc#1017710). - CVE-2004-0230: TCP, when using a large Window Size, made it easier for remote attackers to guess sequence numbers and cause a denial of service (connection loss) to persistent TCP connections by repeatedly injecting a TCP RST packet, especially in protocols that use long-lived connections, such as BGP (bnc#969340). - CVE-2016-8632: The tipc_msg_build function in net/tipc/msg.c in the Linux kernel did not validate the relationship between the minimum fragment length and the maximum packet size, which allowed local users to gain privileges or cause a denial of service (heap-based buffer overflow) by leveraging the CAP_NET_ADMIN capability (bnc#1008831). - CVE-2016-8399: An elevation of privilege vulnerability in the kernel networking subsystem could have enabled a local malicious application to execute arbitrary code within the context of the kernel bnc#1014746). - CVE-2016-9793: The sock_setsockopt function in net/core/sock.c in the Linux kernel mishandled negative values of sk_sndbuf and sk_rcvbuf, which allowed local users to cause a denial of service (memory corruption and system crash) or possibly have unspecified other impact by leveraging the CAP_NET_ADMIN capability for a crafted setsockopt system call with the (1) SO_SNDBUFFORCE or (2) SO_RCVBUFFORCE option (bnc#1013531). - CVE-2012-6704: The sock_setsockopt function in net/core/sock.c in the Linux kernel mishandled negative values of sk_sndbuf and sk_rcvbuf, which allowed local users to cause a denial of service (memory corruption and system crash) or possibly have unspecified other impact by leveraging the CAP_NET_ADMIN capability for a crafted setsockopt system call with the (1) SO_SNDBUF or (2) SO_RCVBUF option (bnc#1013542). - CVE-2016-9756: arch/x86/kvm/emulate.c in the Linux kernel did not properly initialize Code Segment (CS) in certain error cases, which allowed local users to obtain sensitive information from kernel stack memory via a crafted application (bnc#1013038). - CVE-2016-3841: The IPv6 stack in the Linux kernel mishandled options data, which allowed local users to gain privileges or cause a denial of service (use-after-free and system crash) via a crafted sendmsg system call (bnc#992566). - CVE-2016-9685: Multiple memory leaks in error paths in fs/xfs/xfs_attr_list.c in the Linux kernel allowed local users to cause a denial of service (memory consumption) via crafted XFS filesystem operations (bnc#1012832). - CVE-2015-1350: The VFS subsystem in the Linux kernel provided an incomplete set of requirements for setattr operations that underspecifies removing extended privilege attributes, which allowed local users to cause a denial of service (capability stripping) via a failed invocation of a system call, as demonstrated by using chown to remove a capability from the ping or Wireshark dumpcap program (bnc#914939). - CVE-2015-8962: Double free vulnerability in the sg_common_write function in drivers/scsi/sg.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (memory corruption and system crash) by detaching a device during an SG_IO ioctl call (bnc#1010501). - CVE-2016-9555: The sctp_sf_ootb function in net/sctp/sm_statefuns.c in the Linux kernel lacked chunk-length checking for the first chunk, which allowed remote attackers to cause a denial of service (out-of-bounds slab access) or possibly have unspecified other impact via crafted SCTP data (bnc#1011685). - CVE-2016-7910: Use-after-free vulnerability in the disk_seqf_stop function in block/genhd.c in the Linux kernel allowed local users to gain privileges by leveraging the execution of a certain stop operation even if the corresponding start operation had failed (bnc#1010716). - CVE-2016-7911: Race condition in the get_task_ioprio function in block/ioprio.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (use-after-free) via a crafted ioprio_get system call (bnc#1010711). - CVE-2015-8964: The tty_set_termios_ldisc function in drivers/tty/tty_ldisc.c in the Linux kernel allowed local users to obtain sensitive information from kernel memory by reading a tty data structure (bnc#1010507). - CVE-2016-7916: Race condition in the environ_read function in fs/proc/base.c in the Linux kernel allowed local users to obtain sensitive information from kernel memory by reading a /proc/*/environ file during a process-setup time interval in which environment-variable copying is incomplete (bnc#1010467). - CVE-2016-8646: The hash_accept function in crypto/algif_hash.c in the Linux kernel allowed local users to cause a denial of service (OOPS) by attempting to trigger use of in-kernel hash algorithms for a socket that has received zero bytes of data (bnc#1010150). - CVE-2016-8633: drivers/firewire/net.c in the Linux kernel in certain unusual hardware configurations allowed remote attackers to execute arbitrary code via crafted fragmented packets (bnc#1008833). - CVE-2016-7042: The proc_keys_show function in security/keys/proc.c in the Linux, when the GNU Compiler Collection (gcc) stack protector is enabled, used an incorrect buffer size for certain timeout data, which allowed local users to cause a denial of service (stack memory corruption and panic) by reading the /proc/keys file (bnc#1004517). - CVE-2015-8956: The rfcomm_sock_bind function in net/bluetooth/rfcomm/sock.c in the Linux kernel allowed local users to obtain sensitive information or cause a denial of service (NULL pointer dereference) via vectors involving a bind system call on a Bluetooth RFCOMM socket (bnc#1003925). - CVE-2016-7117: Use-after-free vulnerability in the __sys_recvmmsg function in net/socket.c in the Linux kernel allowed remote attackers to execute arbitrary code via vectors involving a recvmmsg system call that is mishandled during error processing (bnc#1003077). - CVE-2016-0823: The pagemap_open function in fs/proc/task_mmu.c in the Linux kernel allowed local users to obtain sensitive physical-address information by reading a pagemap file (bnc#994759). - CVE-2016-7425: The arcmsr_iop_message_xfer function in drivers/scsi/arcmsr/arcmsr_hba.c in the Linux kernel did not restrict a certain length field, which allowed local users to gain privileges or cause a denial of service (heap-based buffer overflow) via an ARCMSR_MESSAGE_WRITE_WQBUFFER control code (bnc#999932). - CVE-2016-6828: The tcp_check_send_head function in include/net/tcp.h in the Linux kernel did not properly maintain certain SACK state after a failed data copy, which allowed local users to cause a denial of service (tcp_xmit_retransmit_queue use-after-free and system crash) via a crafted SACK option (bnc#994296). The update package also includes non-security fixes. See advisory for details. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	97297
published	2017-02-21
reporter	This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/97297
title	SUSE SLES11 Security Update : kernel (SUSE-SU-2017:0494-1)

NASL family	FreeBSD Local Security Checks
NASL id	FREEBSD_PKG_729C4A9F600711E6A6C314DAE9D210B8.NASL
description	When a segment with the SYN flag for an already existing connection arrives, the TCP stack tears down the connection, bypassing a check that the sequence number in the segment is in the expected window. Impact : An attacker who has the ability to spoof IP traffic can tear down a TCP connection by sending only 2 packets, if they know both TCP port numbers. In case one of the two port numbers is unknown, a successful attack requires less than 2**17 packets spoofed, which can be generated within less than a second on a decent connection to the Internet.
last seen	2020-06-01
modified	2020-06-02
plugin id	92907
published	2016-08-12
reporter	This script is Copyright (C) 2016-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/92907
title	FreeBSD : FreeBSD -- Denial of Service in TCP packet processing (729c4a9f-6007-11e6-a6c3-14dae9d210b8)

NASL family	Denial of Service
NASL id	TCP_SEQ_WINDOW.NASL
description	The remote host is affected by a sequence number approximation vulnerability that allows an attacker to send spoofed RST packets to the remote host and close established connections. This may cause problems for some dedicated services (BGP, a VPN over TCP, etc).
last seen	2020-06-01
modified	2020-06-02
plugin id	12213
published	2004-04-25
reporter	This script is (C) 2004-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/12213
title	TCP/IP Sequence Prediction Blind Reset Spoofing DoS

NASL family	Misc.
NASL id	JUNIPER_NSM_2012_1.NASL
description	According to the version of one or more Juniper NSM servers running on the remote host, it is potentially vulnerable to multiple vulnerabilities, the worst of which may allow an authenticated user to trigger a denial of service condition or execute arbitrary code.
last seen	2020-06-01
modified	2020-06-02
plugin id	69872
published	2013-09-13
reporter	This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/69872
title	Juniper NSM Servers < 2012.1 Multiple Vulnerabilities

NASL family	SuSE Local Security Checks
NASL id	SUSE_SU-2017-0437-1.NASL
description	The SUSE Linux Enterprise 11 SP4 kernel was updated to 3.0.101-94 to receive various security and bugfixes. The following security bugs were fixed : - CVE-2017-5551: tmpfs: clear S_ISGID when setting posix ACLs (bsc#1021258). - CVE-2016-10088: The sg implementation in the Linux kernel did not properly restrict write operations in situations where the KERNEL_DS option is set, which allowed local users to read or write to arbitrary kernel memory locations or cause a denial of service (use-after-free) by leveraging access to a /dev/sg device NOTE: this vulnerability existed because of an incomplete fix for CVE-2016-9576 (bnc#1017710). - CVE-2016-5696: TCP, when using a large Window Size, made it easier for remote attackers to guess sequence numbers and cause a denial of service (connection loss) to persistent TCP connections by repeatedly injecting a TCP RST packet, especially in protocols that use long-lived connections, such as BGP (bnc#989152). - CVE-2015-1350: The VFS subsystem in the Linux kernel 3.x provided an incomplete set of requirements for setattr operations that underspecified removing extended privilege attributes, which allowed local users to cause a denial of service (capability stripping) via a failed invocation of a system call, as demonstrated by using chown to remove a capability from the ping or Wireshark dumpcap program (bnc#914939). - CVE-2016-8632: The tipc_msg_build function in net/tipc/msg.c in the Linux kernel did not validate the relationship between the minimum fragment length and the maximum packet size, which allowed local users to gain privileges or cause a denial of service (heap-based buffer overflow) by leveraging the CAP_NET_ADMIN capability (bnc#1008831). - CVE-2016-8399: An elevation of privilege vulnerability in the kernel networking subsystem could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Moderate because it first requires compromising a privileged process and current compiler optimizations restrict access to the vulnerable code. (bnc#1014746). - CVE-2016-9793: The sock_setsockopt function in net/core/sock.c in the Linux kernel mishandled negative values of sk_sndbuf and sk_rcvbuf, which allowed local users to cause a denial of service (memory corruption and system crash) or possibly have unspecified other impact by leveraging the CAP_NET_ADMIN capability for a crafted setsockopt system call with the (1) SO_SNDBUFFORCE or (2) SO_RCVBUFFORCE option (bnc#1013531). - CVE-2012-6704: The sock_setsockopt function in net/core/sock.c in the Linux kernel mishandled negative values of sk_sndbuf and sk_rcvbuf, which allowed local users to cause a denial of service (memory corruption and system crash) or possibly have unspecified other impact by leveraging the CAP_NET_ADMIN capability for a crafted setsockopt system call with the (1) SO_SNDBUF or (2) SO_RCVBUF option (bnc#1013542). - CVE-2016-9756: arch/x86/kvm/emulate.c in the Linux kernel did not properly initialize Code Segment (CS) in certain error cases, which allowed local users to obtain sensitive information from kernel stack memory via a crafted application (bnc#1013038). - CVE-2016-9685: Multiple memory leaks in error paths in fs/xfs/xfs_attr_list.c in the Linux kernel allowed local users to cause a denial of service (memory consumption) via crafted XFS filesystem operations (bnc#1012832). - CVE-2015-8962: Double free vulnerability in the sg_common_write function in drivers/scsi/sg.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (memory corruption and system crash) by detaching a device during an SG_IO ioctl call (bnc#1010501). - CVE-2016-9555: The sctp_sf_ootb function in net/sctp/sm_statefuns.c in the Linux kernel lacked chunk-length checking for the first chunk, which allowed remote attackers to cause a denial of service (out-of-bounds slab access) or possibly have unspecified other impact via crafted SCTP data (bnc#1011685). - CVE-2016-7910: Use-after-free vulnerability in the disk_seqf_stop function in block/genhd.c in the Linux kernel allowed local users to gain privileges by leveraging the execution of a certain stop operation even if the corresponding start operation had failed (bnc#1010716). - CVE-2016-7911: Race condition in the get_task_ioprio function in block/ioprio.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (use-after-free) via a crafted ioprio_get system call (bnc#1010711). - CVE-2013-6368: The KVM subsystem in the Linux kernel allowed local users to gain privileges or cause a denial of service (system crash) via a VAPIC synchronization operation involving a page-end address (bnc#853052). - CVE-2015-8964: The tty_set_termios_ldisc function in drivers/tty/tty_ldisc.c in the Linux kernel allowed local users to obtain sensitive information from kernel memory by reading a tty data structure (bnc#1010507). - CVE-2016-7916: Race condition in the environ_read function in fs/proc/base.c in the Linux kernel allowed local users to obtain sensitive information from kernel memory by reading a /proc/*/environ file during a process-setup time interval in which environment-variable copying is incomplete (bnc#1010467). - CVE-2016-8646: The hash_accept function in crypto/algif_hash.c in the Linux kernel allowed local users to cause a denial of service (OOPS) by attempting to trigger use of in-kernel hash algorithms for a socket that has received zero bytes of data (bnc#1010150). - CVE-2016-8633: drivers/firewire/net.c in the Linux kernel, in certain unusual hardware configurations, allowed remote attackers to execute arbitrary code via crafted fragmented packets (bnc#1008833). The update package also includes non-security fixes. See advisory for details. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	97097
published	2017-02-10
reporter	This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/97097
title	SUSE SLES11 Security Update : kernel (SUSE-SU-2017:0437-1)

Oval

accepted

2013-09-02T04:05:45.550-04:00

class

vulnerability

contributors

name Matthew Burton
organization The MITRE Corporation
name John Hoyland
organization Centennial Software
name Sudhir Gandhe
organization Telos
name Shane Shaffer
organization G2, Inc.
name Dragos Prisaca
organization G2, Inc.

description

family

windows

oval:org.mitre.oval:def:2689

status

accepted

submitted

2005-08-18T04:00:00.000-04:00

title

Server 2003 Large Window Size TCP RST Denial of Service

version

accepted

2011-05-09T04:01:29.162-04:00

class

vulnerability

contributors

name Robert L. Hollis
organization ThreatGuard, Inc.
name Shane Shaffer
organization G2, Inc.

definition_extensions

comment Microsoft Windows XP SP1 (32-bit) is installed
oval oval:org.mitre.oval:def:1
comment Microsoft Windows XP SP2 or later is installed
oval oval:org.mitre.oval:def:521
comment Microsoft Windows XP SP1 (64-bit) is installed
oval oval:org.mitre.oval:def:480
comment Microsoft Windows Server 2003 (x86) Gold is installed
oval oval:org.mitre.oval:def:165
comment Microsoft Windows Server 2003 SP1 (x86) is installed
oval oval:org.mitre.oval:def:565

description

family

windows

oval:org.mitre.oval:def:270

status

accepted

submitted

2006-10-11T05:29:41

title

TCP Connection Reset Vulnerability

version

accepted

2011-05-16T04:02:48.829-04:00

class

vulnerability

contributors

name Matthew Burton
organization The MITRE Corporation
name John Hoyland
organization Centennial Software
name Dragos Prisaca
organization Gideon Technologies, Inc.
name Brendan Miles
organization The MITRE Corporation
name Sudhir Gandhe
organization Telos
name Shane Shaffer
organization G2, Inc.

description

family

windows

oval:org.mitre.oval:def:3508

status

accepted

submitted

2005-08-18T04:00:00.000-04:00

title

WinXP Large Window Size TCP RST Denial of Service

version

accepted

2011-05-16T04:03:04.644-04:00

class

vulnerability

contributors

name Matthew Burton
organization The MITRE Corporation
name John Hoyland
organization Centennial Software
name Sudhir Gandhe
organization Telos
name Shane Shaffer
organization G2, Inc.

description

family

windows

oval:org.mitre.oval:def:4791

status

accepted

submitted

2005-04-22T12:00:00.000-04:00

title

Win2k Large Window Size TCP RST Denial of Service

version

accepted

2008-09-08T04:00:38.111-04:00

class

vulnerability

contributors

name	Yuzheng Zhou
organization	Hewlett-Packard

description

family

ios

oval:org.mitre.oval:def:5711

status

accepted

submitted

2008-05-26T11:06:36.000-04:00

title

Cisco Systems Spoofed TCP Reset and SYN Denial of Service Vulnerability

version

Packetstorm

data source	https://packetstormsecurity.com/files/download/33185/disconn.py
id	PACKETSTORM:33185
last seen	2016-12-05
published	2004-04-28
reporter	Michael Gschwandtner
source	https://packetstormsecurity.com/files/33185/disconn.py.html
title	disconn.py

data source	https://packetstormsecurity.com/files/download/33182/Kreset.pl
id	PACKETSTORM:33182
last seen	2016-12-05
published	2004-04-25
reporter	K-sPecial
source	https://packetstormsecurity.com/files/33182/Kreset.pl.html
title	Kreset.pl

Statements

contributor	Mark J Cox
lastmodified	2006-08-16
organization	Red Hat
statement	The DHS advisory is a good source of background information about the issue: http://www.us-cert.gov/cas/techalerts/TA04-111A.html It is important to note that the issue described is a known function of TCP. In order to perform a connection reset an attacker would need to know the source and destination ip address and ports as well as being able to guess the sequence number within the window. These requirements seriously reduce the ability to trigger a connection reset on normal TCP connections. The DHS advisory explains that BGP routing is a specific case where being able to trigger a reset is easier than expected as the end points can be easily determined and large window sizes are used. BGP routing is also signficantly affected by having it’s connections terminated. The major BGP peers have recently switched to requiring md5 signatures which mitigates against this attack. The following article from Linux Weekly News also puts the flaw into context and shows why it does not pose a significant threat: http://lwn.net/Articles/81560/ Red Hat does not have any plans for action regarding this issue.

Vulnerabilities > CVE-2004-0230 {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"CVE-2004-0230"}]}

Summary

Vulnerable Configurations

Exploit-Db

Nessus

Oval

Packetstorm

Statements

References

Vulnerabilities > CVE-2004-0230