Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT Security Bulletin ASB-2019.0306 Denial of service vulnerability addressed in Nessus 23 October 2019 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Tenable Nessus Operating System: UNIX variants (UNIX, Linux, OSX) Windows Impact/Access: Denial of Service -- Existing Account Resolution: Patch/Upgrade CVE Names: CVE-2019-3982 Member content until: Friday, November 22 2019 Comment: This advisory references vulnerabilities in products which run on platforms other than UNIX variants (UNIX, Linux, OSX) or Windows. It is recommended that administrators running Tenable Nessus check for an updated version of the software for their operating system. OVERVIEW Tenable has published an update for Nessus to fix a Denial of Service vulnerability. [1] IMPACT Tenable advises: "Nessus versions 8.6.0 and earlier were found to contain a Denial of Service vulnerability due to improper validation of specific imported scan types. An authenticated, remote attacker could potentially exploit this vulnerability to cause a Nessus scanner to become temporarily unresponsive." [1] MITIGATION Tenable advises updating to the latest version of Nessus to address this vulnerability. [1] REFERENCES [1] [R1] Nessus 8.7.0 Fixes One Vulnerability https://www.tenable.com/security/tns-2019-06 AusCERT has made every effort to ensure that the information contained in this document is accurate. However, the decision to use the information described is the responsibility of each user or organisation. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBXa+wuWaOgq3Tt24GAQg/SxAAnmyOZWdnpvF/u8+XJiIqABHYQ9Y6d4VW JkNytRWVtd3hZNhR+ZD3qLdiZHl3dYIgRfh52AZbtFQoycgH/3VyE6ZK572Zh2FY zPSw3CJU0Af2Me7iVq6uYoraqRo4El86i40QdA5zrEp4nw/Rf7r1JM6JOuqUSdes zmtV5gLaewPlpMugbokZeJ92/ou0aTYfVVH71i2OcITgfuzi5TJkD7YNDAOH89n4 mUYOvAE2jUyMfu3T1syxGakfLjfzHW5ARnfnCfjdoWUxTahB60rklo0WGYUfqXXn 8Q+5c9CV1ZBfV6v9jCx9zC3SQzthMx6tolxWBqHijQSS51F91IgwJ1YB+Sujo+A2 lHnrdlcv6T77REINQexVj2yRohpaSB1MG3de50De+U3P/d7CPlAwIN34kiCcoa8s PntcxxcrHXJqCulpBaAzmei9l11V29ZhBIksKXZYHpZmNq9dfIddpVYkA+HGIxP3 C2oehDYlXM/KHMd6M0EEEqO5sLDZLqe4+sPnq4Bp/SvgiHShncaHBFD2lSs02Rl/ 1tqpFIHoKHSa5Ll165X+GzHodPL/ojUcNHky9CNcOSeJKmSIZvkKQW5jkzCjUqef myDOare000ppGh3hFUOr79Z8rB1DbizQ9QvRO+vYk8rv0bJXrvMxNHKDcvCIxaMx 3zOue8RWHF8= =sITJ -----END PGP SIGNATURE-----