Operating System:

[WIN][MAC][RedHat]

Published:

03 August 2016

Protect yourself against future threats.

//Service

Early Warning SMS

Receive SMS notifications for the most critical security threats and vulnerabilities.

Read more
Resources > Security Bulletins > ASB-2016.0080 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
                         AUSCERT Security Bulletin

                               ASB-2016.0080
         Multiple vulnerabilities have been identified in Tenable
                       Passive Vulnerability Scanner
                               3 August 2016

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:              Tenable Passive Vulnerability Scanner
Operating System:     Windows
                      Red Hat
                      OS X
Impact/Access:        Execute Arbitrary Code/Commands -- Remote/Unauthenticated
                      Access Privileged Data          -- Remote/Unauthenticated
                      Denial of Service               -- Remote/Unauthenticated
Resolution:           Patch/Upgrade
CVE Names:            CVE-2016-2176 CVE-2016-2109 CVE-2016-2108
                      CVE-2016-2107 CVE-2016-2106 CVE-2016-2105
                      CVE-2015-7036  
Member content until: Friday, September  2 2016
Reference:            ASB-2016.0074
                      ASB-2016.0057
                      ESB-2016.1076

OVERVIEW

        Multiple vulnerabilities have been identified in Tenable Passive 
        Vulnerability Scanner prior to version 5.1.0. [1]


IMPACT

        The vendor has provided the following information:
        
        CVE-2015-7036, CVE-2016-2105, CVE-2016-2106, CVE-2016-2107, 
        CVE-2016-2108, CVE-2016-2109, and CVE-2016-2176:
        
        "Tenable's Passive Vulnerability Scanner (PVS) uses third-party 
        libraries to provide certain standardized functionality. Two of 
        these libraries were found to contain vulnerabilities and were fixed
        upstream. Those fixes have been integrated despite there being no 
        known exploitation scenarios related to PVS.
        
        - OpenSSL ASN.1 Encoder Negative Zero Value Handling Remote Memory 
        Corruption
        
        - OpenSSL AES-NI CBC MAC Check Padding Oracle MitM Information 
        Disclosure
        
        - OpenSSL crypto/evp/encode.c EVP_EncodeUpdate() Function Heap 
        Buffer Overflow Weakness
        
        - OpenSSL crypto/evp/evp_enc.c EVP_EncryptUpdate() Function Heap 
        Buffer Overflow Weakness
        
        - OpenSSL crypto/x509/x509_obj.c X509_NAME_oneline() Function ASN1 
        Strings Handling Out-of-bounds Read Memory Disclosure
        
        - OpenSSL crypto/asn1/a_d2i_fp.c ASN.1 BIO Length Field Handling 
        Memory Exhaustion Remote DoS
        
        SQLite FTS5 Extension Corrupt Database Query Handling Unspecified 
        Buffer Overflow
        
        SQLite fts3_tokenizer() Function Optional Second Argument Handling 
        Arbitrary Code Execution
        
        Note that the CVSSv2 score associated with this advisory is specific
        to the OpenSSL integration into PVS and assumes a worst-case 
        scenario. These updates are proactive; Tenable has had no reports of
        exploitation and some of these issues may not impact PVS at all." 
        [1]


MITIGATION

        The vendor recommends upgrading to the latest version. [1]


REFERENCES

        [1] [R1] PVS 5.1.0 Fixes Multiple Third-party Library Vulnerabilities
            http://www.tenable.com/security/tns-2016-13

AusCERT has made every effort to ensure that the information contained
in this document is accurate.  However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours 
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBV6FyBox+lLeg9Ub1AQjmug//fSiyONyCyiykHb0e8a8zwYYJUoAkLo9X
qeRez7yX+DH/b5Y/ifce3z/S3CwfbmIslM8/J3h0ZI++vtaUcG8tcqQ4s4XtiAAv
3ixN0xDhjAF9Xug0DEIhx2TPBZsD3L1gY/WvukEgTaR1scIH1vjIyWulrMjA4Lu2
qXsDioptpQE0hs/x+bEVZjsRfMM7NhxTTimpxfG9C62uLHVesSvjib5LkXJ8LOqc
5BOWLLJTi1VMWJ7OPY4HKa26rWS9U5RCBiv/uPh5fpD38Ynfj4gfMBQimkkLG2dP
7DTXomX9irMxHdmkww+B4crRCjIT97Fp4hGuAhgQFTYM+Slu9ePCdy1aE02PM1fD
qSSgxzz1cmYgmO/OjXb7CqnLIHBLYzgQkUVZQw4pvziecHIm9XInRkJjZAL8v6+l
01gW6NeJrHSjG1css23tAJUEBtrhUTVPRgVKqKuR96vef9vRFcH+OOp2rznkQWb6
1EYZubN8G4zPO2L5MQVpx4QeI32Ia/DHUL8T36qFeiSO5HnKMCL99CsVBk6/8Sgz
UlNzpGwOV4z6koOqPDhVppKDwFEHuKoU1yJO0S36OPS4HP1DAMwOuTq4nFWm5Dyu
t32OLqqzBbzuM3zzDdzF+dCDoy+bqJp+YvvFkjIoKKtpz+Am8fRlWXl68aDVvmWQ
7FyQ+atMGrY=
=jlvo
-----END PGP SIGNATURE-----