Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT Security Bulletin ASB-2016.0080 Multiple vulnerabilities have been identified in Tenable Passive Vulnerability Scanner 3 August 2016 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Tenable Passive Vulnerability Scanner Operating System: Windows Red Hat OS X Impact/Access: Execute Arbitrary Code/Commands -- Remote/Unauthenticated Access Privileged Data -- Remote/Unauthenticated Denial of Service -- Remote/Unauthenticated Resolution: Patch/Upgrade CVE Names: CVE-2016-2176 CVE-2016-2109 CVE-2016-2108 CVE-2016-2107 CVE-2016-2106 CVE-2016-2105 CVE-2015-7036 Member content until: Friday, September 2 2016 Reference: ASB-2016.0074 ASB-2016.0057 ESB-2016.1076 OVERVIEW Multiple vulnerabilities have been identified in Tenable Passive Vulnerability Scanner prior to version 5.1.0. [1] IMPACT The vendor has provided the following information: CVE-2015-7036, CVE-2016-2105, CVE-2016-2106, CVE-2016-2107, CVE-2016-2108, CVE-2016-2109, and CVE-2016-2176: "Tenable's Passive Vulnerability Scanner (PVS) uses third-party libraries to provide certain standardized functionality. Two of these libraries were found to contain vulnerabilities and were fixed upstream. Those fixes have been integrated despite there being no known exploitation scenarios related to PVS. - OpenSSL ASN.1 Encoder Negative Zero Value Handling Remote Memory Corruption - OpenSSL AES-NI CBC MAC Check Padding Oracle MitM Information Disclosure - OpenSSL crypto/evp/encode.c EVP_EncodeUpdate() Function Heap Buffer Overflow Weakness - OpenSSL crypto/evp/evp_enc.c EVP_EncryptUpdate() Function Heap Buffer Overflow Weakness - OpenSSL crypto/x509/x509_obj.c X509_NAME_oneline() Function ASN1 Strings Handling Out-of-bounds Read Memory Disclosure - OpenSSL crypto/asn1/a_d2i_fp.c ASN.1 BIO Length Field Handling Memory Exhaustion Remote DoS SQLite FTS5 Extension Corrupt Database Query Handling Unspecified Buffer Overflow SQLite fts3_tokenizer() Function Optional Second Argument Handling Arbitrary Code Execution Note that the CVSSv2 score associated with this advisory is specific to the OpenSSL integration into PVS and assumes a worst-case scenario. These updates are proactive; Tenable has had no reports of exploitation and some of these issues may not impact PVS at all." [1] MITIGATION The vendor recommends upgrading to the latest version. [1] REFERENCES [1] [R1] PVS 5.1.0 Fixes Multiple Third-party Library Vulnerabilities http://www.tenable.com/security/tns-2016-13 AusCERT has made every effort to ensure that the information contained in this document is accurate. However, the decision to use the information described is the responsibility of each user or organisation. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBV6FyBox+lLeg9Ub1AQjmug//fSiyONyCyiykHb0e8a8zwYYJUoAkLo9X qeRez7yX+DH/b5Y/ifce3z/S3CwfbmIslM8/J3h0ZI++vtaUcG8tcqQ4s4XtiAAv 3ixN0xDhjAF9Xug0DEIhx2TPBZsD3L1gY/WvukEgTaR1scIH1vjIyWulrMjA4Lu2 qXsDioptpQE0hs/x+bEVZjsRfMM7NhxTTimpxfG9C62uLHVesSvjib5LkXJ8LOqc 5BOWLLJTi1VMWJ7OPY4HKa26rWS9U5RCBiv/uPh5fpD38Ynfj4gfMBQimkkLG2dP 7DTXomX9irMxHdmkww+B4crRCjIT97Fp4hGuAhgQFTYM+Slu9ePCdy1aE02PM1fD qSSgxzz1cmYgmO/OjXb7CqnLIHBLYzgQkUVZQw4pvziecHIm9XInRkJjZAL8v6+l 01gW6NeJrHSjG1css23tAJUEBtrhUTVPRgVKqKuR96vef9vRFcH+OOp2rznkQWb6 1EYZubN8G4zPO2L5MQVpx4QeI32Ia/DHUL8T36qFeiSO5HnKMCL99CsVBk6/8Sgz UlNzpGwOV4z6koOqPDhVppKDwFEHuKoU1yJO0S36OPS4HP1DAMwOuTq4nFWm5Dyu t32OLqqzBbzuM3zzDdzF+dCDoy+bqJp+YvvFkjIoKKtpz+Am8fRlWXl68aDVvmWQ 7FyQ+atMGrY= =jlvo -----END PGP SIGNATURE-----