Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT Security Bulletin
ASB-2019.0306
Denial of service vulnerability addressed in Nessus
23 October 2019
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: Tenable Nessus
Operating System: UNIX variants (UNIX, Linux, OSX)
Windows
Impact/Access: Denial of Service -- Existing Account
Resolution: Patch/Upgrade
CVE Names: CVE-2019-3982
Member content until: Friday, November 22 2019
Comment: This advisory references vulnerabilities in products which run on
platforms other than UNIX variants (UNIX, Linux, OSX) or Windows. It
is recommended that administrators running Tenable Nessus check for
an updated version of the software for their operating system.
OVERVIEW
Tenable has published an update for Nessus to fix a Denial of Service
vulnerability. [1]
IMPACT
Tenable advises:
"Nessus versions 8.6.0 and earlier were found to contain a Denial of
Service vulnerability due to improper validation of specific imported
scan types. An authenticated, remote attacker could potentially exploit
this vulnerability to cause a Nessus scanner to become temporarily
unresponsive." [1]
MITIGATION
Tenable advises updating to the latest version of Nessus to address
this vulnerability. [1]
REFERENCES
[1] [R1] Nessus 8.7.0 Fixes One Vulnerability
https://www.tenable.com/security/tns-2019-06
AusCERT has made every effort to ensure that the information contained
in this document is accurate. However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBXa+wuWaOgq3Tt24GAQg/SxAAnmyOZWdnpvF/u8+XJiIqABHYQ9Y6d4VW
JkNytRWVtd3hZNhR+ZD3qLdiZHl3dYIgRfh52AZbtFQoycgH/3VyE6ZK572Zh2FY
zPSw3CJU0Af2Me7iVq6uYoraqRo4El86i40QdA5zrEp4nw/Rf7r1JM6JOuqUSdes
zmtV5gLaewPlpMugbokZeJ92/ou0aTYfVVH71i2OcITgfuzi5TJkD7YNDAOH89n4
mUYOvAE2jUyMfu3T1syxGakfLjfzHW5ARnfnCfjdoWUxTahB60rklo0WGYUfqXXn
8Q+5c9CV1ZBfV6v9jCx9zC3SQzthMx6tolxWBqHijQSS51F91IgwJ1YB+Sujo+A2
lHnrdlcv6T77REINQexVj2yRohpaSB1MG3de50De+U3P/d7CPlAwIN34kiCcoa8s
PntcxxcrHXJqCulpBaAzmei9l11V29ZhBIksKXZYHpZmNq9dfIddpVYkA+HGIxP3
C2oehDYlXM/KHMd6M0EEEqO5sLDZLqe4+sPnq4Bp/SvgiHShncaHBFD2lSs02Rl/
1tqpFIHoKHSa5Ll165X+GzHodPL/ojUcNHky9CNcOSeJKmSIZvkKQW5jkzCjUqef
myDOare000ppGh3hFUOr79Z8rB1DbizQ9QvRO+vYk8rv0bJXrvMxNHKDcvCIxaMx
3zOue8RWHF8=
=sITJ
-----END PGP SIGNATURE-----