Tenable Appliance: Multiple vulnerabilities

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
                         AUSCERT Security Bulletin

                               ASB-2017.0021
         Multiple vulnerabilities identified in Tenable Appliance
                               9 March 2017

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:              Tenable Appliance
Operating System:     Network Appliance
Impact/Access:        Root Compromise        -- Existing Account
                      Modify Arbitrary Files -- Existing Account
                      Denial of Service      -- Existing Account
                      Unauthorised Access    -- Existing Account
Resolution:           Patch/Upgrade
CVE Names:            CVE-2017-6543 CVE-2017-6074 CVE-2017-3732
                      CVE-2017-3731 CVE-2016-1000104 CVE-2016-1000102
                      CVE-2016-10167 CVE-2016-10161 CVE-2016-10160
                      CVE-2016-10159 CVE-2016-10158 CVE-2016-9594
                      CVE-2016-8743 CVE-2016-8740 CVE-2016-7055
                      CVE-2016-5387 CVE-2016-2161 CVE-2016-0736
Member content until: Saturday, April  8 2017
Reference:            ESB-2017.0574
                      ESB-2017.0554
                      ESB-2017.0522

OVERVIEW

        Multiple vulnerabilities have been identified in Tenable Appliance 
        prior to version 4.5.0. [1]


IMPACT

        Tenable has provided the following details regarding the 
        vulnerabilities:
        
        "The Tenable Appliance has recently been discovered to contain 
        several vulnerabilities. One exists in the underlying operating 
        system kernel, two in the Appliance web interface, and multiple 
        issues in bundled applications. Since the Appliance ships with other
        Tenable products, please consult the associated advisories linked 
        below for more details." [1]
        
        CVE-2017-6074: "Linux Kernel net/dccp/input.c 
        dccp_rcv_state_process() Function DCCP_PKT_REQUEST Handling 
        Use-after-free Remote Code Execution (VulnDB 152302 / 
        CVE-2017-6074)" [1, 2]
        
        Tenable Appliance Web UI Unauthorized Admin Password Manipulation 
        (VulnDB 153134)
        
        Tenable Appliance Web UI Unauthenticated Remote Command Execution 
        (VulnDB 153135)
        
        CVE-2017-6543: "Tenable Nessus on Windows Unspecified Remote File 
        Upload (TNS-2017-06)" [1, 3]
        
        Tenable SecurityCenter File Upload PHP Object Deserialization Remote
        File Deletion (TNS-2017-05)[1, 4]
        
        CVE-2016-0736, CVE-2016-2161, CVE-2016-5387, CVE-2016-7055, 
        CVE-2016-8740, CVE-2016-8743, CVE-2016-9594, CVE-2016-10158, 
        CVE-2016-10160, CVE-2016-10161, CVE-2016-10159, CVE-2016-10167, 
        CVE-2016-1000102, CVE-2016-1000104, CVE-2017-3731, 
        CVE-2017-3732: "Tenable SecurityCenter Multiple Vulnerabilities 
        (TNS-2017-04)" [1, 5]


MITIGATION

        Tenable strongly encourages users to update to the latest version to
        address these vulnerabilities. [1]


REFERENCES

        [1] [R1] Tenable Appliance 4.5.0 Fixes Multiple Vulnerabilities
            https://www.tenable.com/security/tns-2017-07

        [2] Vulnerability Summary for CVE-2017-6543
            https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-6543

        [3] [R3] Nessus 6.10.2 Fixes One Vulnerability
            https://www.tenable.com/security/tns-2017-06

        [4] [R4] SecurityCenter 5.4.4 Fixes File Upload unserialize() Function
            PHP Object Handling Remote File Deletion
            https://www.tenable.com/security/tns-2017-05

        [5] [R5] SecurityCenter 5.4.3 Fixes Multiple Vulnerabilities
            https://www.tenable.com/security/tns-2017-04

AusCERT has made every effort to ensure that the information contained
in this document is accurate.  However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours 
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBWMC5dYx+lLeg9Ub1AQhVHQ//bN9mOtlhrvV7oswsulWsZrpgwC6zqKKg
MM+YoKYLxewOH5m+hqM2yi8smcGyKssRp803U6lLpeB6GFWMl48bLL3tRQelf4ei
NyeNo+/9FYesFbakQea305624mjRPVTL9icUyaleYSvYP1wunC4QzfKNQLvrPzjd
9b6SaO5QG6EzZ6EKXQYSAzWS4D+6KISVWIUZ96Cj8DjF13ZsY3k93bjB994PCfPj
ErotGuTnlvKXtDWJ6xSvGD1oOK4i3iaUyQkR2ivM43s+NPW+g7P7y+L/tEklycBD
DBEE2liL6ylTDzHeV8ON8INqXhQ7ZPfOSA5R6diQTwRWjKfL/t70K2jbtgyMa6bj
36OagwxWqX3qhp6/WvzZO48wEKltjaHjdoCtbDOWebeDqQ8nenM2zrVcQEFOIulq
a3LH6oe5mF34eBjaRV5Mb7d4GTErGCIGGOGHwTNfVJaTErzjkJQuZD8CiY9Tq+vh
L13DPtiuOjrGV1y0AnYFsruT4/F5mkGpRIouewO7A9cpJMAIBDHzT80ChrT3gjgn
ThQ+Dg0ml40LCXcRLTUxDH7yR1H7DqSiBwXw87iIxWZM1iEgJXsQlVfXaKBqiVkj
9S1leQnXKhZVOc26aF0lSy5SFDpqKFdnWzTS4lJIe2qX8Y0ZPRpS+fJfqXTSIpmM
6BAlCFLi3W0=
=AFAu
-----END PGP SIGNATURE-----