-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
                         AUSCERT Security Bulletin

                               ASB-2016.0075
                 Nessus 6.8 Fixes Multiple Vulnerabilities
                               20 July 2016

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:              Tenable Nessus
Operating System:     Windows
                      UNIX variants (UNIX, Linux, OSX)
Impact/Access:        Execute Arbitrary Code/Commands -- Remote with User Interaction
                      Cross-site Scripting            -- Remote with User Interaction
                      Denial of Service               -- Remote with User Interaction
Resolution:           Patch/Upgrade
CVE Names:            CVE-2016-1000029 CVE-2016-1000028 CVE-2016-0718
Member content until: Friday, August 19 2016
Reference:            ASB-2016.0065
                      ESB-2016.1771
                      ESB-2016.1432
                      ESB-2016.1250

OVERVIEW

        Multiple vulnerabilities have been identified in Tenable Nessus 
        prior to version 6.8. [1]


IMPACT

        The vendor has provided the following details regarding the
        vulnerabilities:
        
        "CVE-2016-0718 - The Expat XML Parser (expat/libexpat) contains an 
        overflow condition that is triggered as user-supplied input is not 
        properly validated when handling malformed input documents. This may 
        allow a remote attacker to cause a buffer overflow, resulting in a 
        denial of service or potentially allowing the execution of arbitrary
        code. (9.0 / 6.7 (AV:N/AC:L/Au:S/C:C/I:C/A:C/E:U/RL:OF/RC:C))
        
        CVE-2016-1000028 / Tenable ID 5198 - A stored cross-site scripting 
        (XSS) issue that requires user-level authentication to the Nessus 
        UI. [4.0 / 3.1 (AV:N/AC:L/Au:S/C:N/I:P/A:N/E:POC/RL:OF/RC:C)]
        
        CVE-2016-1000029 / Tenable ID 5218 - A stored cross-site scripting 
        (XSS) issue that requires admin-level authentication to the Nessus 
        UI, and would only potentially impact other admins. [2.1 / 1.6 
        (AV:N/AC:H/Au:S/C:N/I:P/A:N/E:POC/RL:OF/RC:C)]
        
        CVE-2016-1000029 / Tenable ID 5269 - A stored cross-site scripting 
        (XSS) issue that requires admin-level authentication to the Nessus UI,
        and would only potentially impact other admins. [2.1 / 1.6 
        (AV:N/AC:H/Au:S/C:N/I:P/A:N/E:POC/RL:OF/RC:C)]" [1]


MITIGATION

        Tenable advises users should upgrade to the latest version of Nessus
        to address these issues. [1]


REFERENCES

        [1] Nessus 6.8 Fixes Multiple Vulnerabilities
            http://www.tenable.com/security/tns-2016-11

AusCERT has made every effort to ensure that the information contained
in this document is accurate.  However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours 
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBV48NZox+lLeg9Ub1AQgLLw/+Jo1GIHN6Xn9b5eRZhRofxn3vMhAz4ZWx
CF7U/OBx0sQpDhFW96k+5PiKMPaRSTgWgezKlXRroKNr5CKWNdCYlkYQ623yBkCc
NwF0Ojex8w0Jupkf2peDaGwIozijcjU3tPv6/4hZysRntEjbCG+dqoCp+MGzEzAL
Du4wCZ41nGNhkI5Ktgz/Gr7m3TDb5ePr7pEj0bitIujqmWQSsVS3Ln4XHSk5vTR+
MbUrvOgYzD5ONSShiESQ76MhzYCWL+rSUNnfTFP3IFT5ZTCvOJYATYyUNoEGZ00a
h/5EAmnaGEJJlL6e2W50rPUo6tAD+vYuwUg1CbDT0p7Y3Bp5zcdVZ/9NgoIjgikc
Ftk0lSScMxEIeySQmrKg5+NqEBvqFGZravvo7gnOCZbEDc7Gg6yleVTwJj3lXOP8
jRq+hEw5cHw6iOlD/DauN9tj2NhB/qGa2ylIgNjMgk0aE7DkprymwdoljiJm5yVj
ZRGIkYdqwWZHVTc8Oh3QN8tGPfQctVvNSRdEh68xzZjIjIApyinYV2l3hrWKJg7A
2zYvgxX8dFQCcvrWA7J+EZjjCZVtG9uE6QwrwaIHp36Mzbi4o4vefrmtdKQnWbcs
2iSTQvIGrWU7KaG0Nu29uKPOnZxwEXdi49dEC5BCm0PXdbH49SAiwQI3P35S6sUT
MZI1DYPuAnA=
=ha9t
-----END PGP SIGNATURE-----