Operating System:

[WIN][UNIX/Linux]

Published:

23 February 2016

Protect yourself against future threats.

//Service

Phishing Take-Down

Drawing on our strong international CERT relationships we have a high success rate in delivering phishing take-downs.

Read more
Resources > Security Bulletins > ASB-2016.0014 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===========================================================================
                         AUSCERT Security Bulletin

                               ASB-2016.0014
              Tenable Nessus < 6.5.5 Multiple Vulnerabilities
                             23 February 2016

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:              Tenable Nessus
Operating System:     UNIX variants (UNIX, Linux, OSX)
                      Windows
Impact/Access:        Root Compromise                 -- Remote with User Interaction
                      Execute Arbitrary Code/Commands -- Remote with User Interaction
Resolution:           Patch/Upgrade
CVE Names:            CVE-2016-82001 CVE-2016-82000 
Member content until: Thursday, March 24 2016

OVERVIEW

        Tenable has identified a number of vulnerabilities in Tenable Nessus 
        and Nessus Enterprise prior to version 6.5.5. [1]


IMPACT

        The vendor has provided the following details regarding the 
        vulnerabilities:
        
        "CVE-2016-82000 - Two fields in the 'Host Details' section of a scan
        did not properly sanitize input. By importing a malicious file or 
        scanning a compromised host returning JavaScript instead of a 
        hostname, an attacker could introduce JavaScript that would be 
        stored in the scan results, which could be in turn be executed 
        within the context of the user viewing the results.
        
        Note that this issue goes back to the Nessus UI version 2.0.0.
        
        CVSSv2 Base/Temporal: 2.6 / 2.1 
        (AV:N/AC:H/Au:N/C:N/I:P/A:N/E:F/RL:OF/RC:C)
        
        CVE-2016-82001 - When scanning a Mac OS X host using credentials, a
        malicious local user could trick Nessus into executing an arbitrary
        command as root, thus resulting into a privilege-escalation 
        vulnerability.
        
        Note that the following CVSSv2 score reflects the risk to the host 
        being scanned by Nessus, not the system hosting Nessus. Since Nessus
        is being used as an exploit for a target host, the score does not 
        reflect a threat to Nessus. As such, it is not being listed as the 
        primary CVSSv2 score for this advisory.
        
        CVSSv2 Base/Temporal: 7.6 / 4.9 
        (AV:N/AC:H/Au:N/C:C/I:C/A:C/E:POC/RL:OF/RC:C)
        
        Nessus Folder Name Stored Scripting
        
        Charlie Svensson reported that Nessus will render script code for 
        folder names. This was also found internally but filed as a regular
        bug, as the folder names only render to the user who renamed them. 
        Since folder names are not seen across user accounts, this does not
        pose any risk. Regardless, this issue has been fixed." [1]


MITIGATION

        The vendor advises users should upgrade to the latest 
        version of Tenable Nessus and Nessus Enterprise to resolve these 
        issues. [1]


REFERENCES

        [1] Tenable Nessus < 6.5.5 Multiple Vulnerabilities
            http://www.tenable.com/security/tns-2016-02

AusCERT has made every effort to ensure that the information contained
in this document is accurate.  However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours 
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBVsz5On6ZAP0PgtI9AQIMdRAAwgq4/B7UIXxqvle4KnkpKqpPBkdyWqU2
05GSYpzIkWUhYlkzCcEUmWHWmIJh7ZTnrGQPGcRgsyuEDHx8/CH+UfYdwpxDokM3
CEl0UKHci+YnsaCxFgEPmEnLRW680l5tGS3kD6x/Ymzxem6u0Rrr/grMuh1nAZPx
HdoRgb1Ud/5Whqy7gzyLYUuSTSXnVRjkAGhteKxHfcsRYl53gM51pSw1dRV81hsg
14UnYbwVLugRzEnL39e4vNesdsNcXF2/8fM09/CoNrHa1nL7XEDDbZ1P1UXePnqA
nImHby1UTm5NrXE1VGIXja2ieIufLXqjImk4gaqtrMPcJxA5GPo7U7nEeSJxCEDG
ORSqlYjUoYujW1myeTRENsHGwgPVRDWEjxwH1xlzolxGZCrBJNPAS1gGqK4Llkw6
tVx+0waKPzVflHrdcJfYOGcPSx5LxM+kSSAfrC0hX/bpmKoqXYRv842JeRrn8S0J
rYmfxHfC0dDtxnY5qULqcjHnheS/kKskP2IevL5OPRHm+RjbkGOpMHtB2mh5dNzL
ImxDG40is5hYYv4SLX6VSXRd4tP8yTT1z1qubwE3vmTtd0RvCCJOYitrMMy+e0qK
el0ki4+5SlaL/gl3BcYuQ2PMrXVX3lqkQlMMXFeyt1wXYp4L0mbcjZ4+vaYphszv
HuZOVvMgZ3M=
=Gvjm
-----END PGP SIGNATURE-----