Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT Security Bulletin ASB-2016.0014 Tenable Nessus < 6.5.5 Multiple Vulnerabilities 23 February 2016 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Tenable Nessus Operating System: UNIX variants (UNIX, Linux, OSX) Windows Impact/Access: Root Compromise -- Remote with User Interaction Execute Arbitrary Code/Commands -- Remote with User Interaction Resolution: Patch/Upgrade CVE Names: CVE-2016-82001 CVE-2016-82000 Member content until: Thursday, March 24 2016 OVERVIEW Tenable has identified a number of vulnerabilities in Tenable Nessus and Nessus Enterprise prior to version 6.5.5. [1] IMPACT The vendor has provided the following details regarding the vulnerabilities: "CVE-2016-82000 - Two fields in the 'Host Details' section of a scan did not properly sanitize input. By importing a malicious file or scanning a compromised host returning JavaScript instead of a hostname, an attacker could introduce JavaScript that would be stored in the scan results, which could be in turn be executed within the context of the user viewing the results. Note that this issue goes back to the Nessus UI version 2.0.0. CVSSv2 Base/Temporal: 2.6 / 2.1 (AV:N/AC:H/Au:N/C:N/I:P/A:N/E:F/RL:OF/RC:C) CVE-2016-82001 - When scanning a Mac OS X host using credentials, a malicious local user could trick Nessus into executing an arbitrary command as root, thus resulting into a privilege-escalation vulnerability. Note that the following CVSSv2 score reflects the risk to the host being scanned by Nessus, not the system hosting Nessus. Since Nessus is being used as an exploit for a target host, the score does not reflect a threat to Nessus. As such, it is not being listed as the primary CVSSv2 score for this advisory. CVSSv2 Base/Temporal: 7.6 / 4.9 (AV:N/AC:H/Au:N/C:C/I:C/A:C/E:POC/RL:OF/RC:C) Nessus Folder Name Stored Scripting Charlie Svensson reported that Nessus will render script code for folder names. This was also found internally but filed as a regular bug, as the folder names only render to the user who renamed them. Since folder names are not seen across user accounts, this does not pose any risk. Regardless, this issue has been fixed." [1] MITIGATION The vendor advises users should upgrade to the latest version of Tenable Nessus and Nessus Enterprise to resolve these issues. [1] REFERENCES [1] Tenable Nessus < 6.5.5 Multiple Vulnerabilities http://www.tenable.com/security/tns-2016-02 AusCERT has made every effort to ensure that the information contained in this document is accurate. However, the decision to use the information described is the responsibility of each user or organisation. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBVsz5On6ZAP0PgtI9AQIMdRAAwgq4/B7UIXxqvle4KnkpKqpPBkdyWqU2 05GSYpzIkWUhYlkzCcEUmWHWmIJh7ZTnrGQPGcRgsyuEDHx8/CH+UfYdwpxDokM3 CEl0UKHci+YnsaCxFgEPmEnLRW680l5tGS3kD6x/Ymzxem6u0Rrr/grMuh1nAZPx HdoRgb1Ud/5Whqy7gzyLYUuSTSXnVRjkAGhteKxHfcsRYl53gM51pSw1dRV81hsg 14UnYbwVLugRzEnL39e4vNesdsNcXF2/8fM09/CoNrHa1nL7XEDDbZ1P1UXePnqA nImHby1UTm5NrXE1VGIXja2ieIufLXqjImk4gaqtrMPcJxA5GPo7U7nEeSJxCEDG ORSqlYjUoYujW1myeTRENsHGwgPVRDWEjxwH1xlzolxGZCrBJNPAS1gGqK4Llkw6 tVx+0waKPzVflHrdcJfYOGcPSx5LxM+kSSAfrC0hX/bpmKoqXYRv842JeRrn8S0J rYmfxHfC0dDtxnY5qULqcjHnheS/kKskP2IevL5OPRHm+RjbkGOpMHtB2mh5dNzL ImxDG40is5hYYv4SLX6VSXRd4tP8yTT1z1qubwE3vmTtd0RvCCJOYitrMMy+e0qK el0ki4+5SlaL/gl3BcYuQ2PMrXVX3lqkQlMMXFeyt1wXYp4L0mbcjZ4+vaYphszv HuZOVvMgZ3M= =Gvjm -----END PGP SIGNATURE-----