Vulnerability Assessment

Template Provided by Shawn Siah (COL500)

Conducted by:

Micah Geertson
University of San Diego
San Diego CA

Conducted for:
COL500 – Foundations of Cyber Security

Student’s Home Network

Huntington Beach, California

Date Conducted:
06/01/2018

Focus of the Assessment:

The focus of this assessment was from a purely network vulnerability perspective in regards to
functioning services on open ports of the Metasploitable VM Host Server. This assessment was
conducted as a White Box assessment with full access to credentials. No methods other than
Nessus Vulnerability Scanner will be used during this initial assessment nor will any
recommendations be made on anything other than the Top 10 Critical Vulnerabilities.

Server Hostname Purpose IP Address

Metasploitable Metasploitable VM 10.0.0.13
Host Server

Compliance Requirements: (PCI, HIPAA, ISO700))

None
Table of Contents

Executive Summary ……………………………………………………………………………………………………………..3

Positive Findings……………………………………………………………………………………………………………….3
Overall Summary………………………………………………………………………………………………………………3

Findings and Recommendations……………………………………………………………………………….…………..4

SERVER: Metasploitable VM Host Server……………………………………………………………….………….5
Top 10 Vulnerabilities Found………………………………………………………………………….………….6
Bash Incomplete Fix Remote Code Execution Vulnerability (Shellshock)………….…………7
Bash Remote Code Execution (Shellshock)……………………………………………………….………..8
Bind Shell Backdoor Detection……………………………………………………………..………….…….….9
Debian OpenSSH/OpenSSL Package Random Number Generator Weakness…..……..…10
Debian OpenSSH/OpenSSL Package Random Number Generator Weakness SSL….……11
NFS Exported Share Information Disclosure……………………………………………………..………12
Rexecd Service Detection………………………………………………………………………………….………13
Gnutls12, gnutls13 vulnerabilities (USN-613-1)…………………………………………………………14
Libxml2 vulnerabilities (USN-644-1)………………………………………………………………………….15
Linux, linux-source-2.6.15/20/22 vulnerabilities (USN-625-1)…………………………………..16

Network Profile…………………………………………………………………………………………………………………..17

Additional Analysis (Not Used)……………………………………………………………………………………………18

Conclusion………………………………………………………………………………………………………………………….21

References………………………………………………………………………………………………………………………….22
Executive Summary
On June 1, 2018, ASCME INC’s internal security team lead by Micah Geertson provided an
expedited vulnerability assessment of the ASCME INC Metasploitable VM Host Server. Over the
span of several days, the team carefully examined the results of the assessment and created a
list comprised of several vulnerabilities found with remediation suggestions as outlined by
MITRE’s Common Vulnerabilities and Exposures (CVE) list.

Positive findings

Unfortunately, other than having a functional operating system on reliable hardware, there
were relatively few positive findings found during the assessment. In an attempt to shed some
positive light on the assessment, ASCME INC’s Metasploitable VM Host Server possessed the
following beneficial attributes:

 The host had access control measures in place by requiring a username and password to
be entered in able to access the system.
 The host required that an IP address be assigned to the system prior to allowing any
form of network access.
 The Subject Matter Experts (SMEs) who created the system were very helpful in
diagnosing and resolving known issues prior to conducting the vulnerability assessment
via well written documentation.

Deficiencies Noted

The following findings were noted during the assessment

 Metasploitable VM Host Server
o There were over 400 vulnerabilities found with over 90% of them being ranked
as Medium to Critical.

Overall Summary

The assessment uncovered results which were of little surprise. A total of 423 vulnerabilities
were found utilizing Nessus with 27 critical, 92 high, 135 medium, and 18 (+151 information)
low vulnerabilities requiring immediate attention. While the assessment proved to be a great
success, the tough road to recovery for ASCME INC. will require a remediation effort above and
beyond that of the internal security team. If a numerical score for resiliency to attack were to
be assigned to the Metasploit VM Host Server, it would be assigned a 0 out of a possible score
of 10 with 10 being absolutely impenetrable.
Findings and Recommendations
The following finding and recommendations were dictated via the Nessus Vulnerability
Scanning Tool. These are purely recommendations made via the tool and no explicit promises
have been made to remediate the vulnerabilities found during this assessment.

For the findings, note the following:

 While there were over 400 vulnerabilities found, only the Top 10 Critical Vulnerabilities
will be discussed in this report.
 “Top 10” refers to the first 10 vulnerabilities listed under the “Critical Vulnerabilities”
section of the Nessus Vulnerability Scanning Tool report.
 Host details were composed using the Nessus Vulnerability Scanning Tool and NMAP OS
Fingerprinting.
 “Information found” maps to “Low” vulnerabilities.
 “Warning found” maps to “Medium” vulnerabilities.
 “Vulnerability found” maps to “High” vulnerabilities.
 Remediation actions should follow the suggested solution included on each of the
vulnerability analysis pages.
SERVER: Metasploitable VM Host Server
Hostname: Metasploitable IP Address: 10.0.0.13 FQDN: metasploitable.localdomain

Operating System: Linux Kernel 2.6.24-16-Server running on Ubuntu 8.0.4

List of observed open ports found on host (provided via NMAP):

Port State Service Version

21/TCP OPEN FTP Vsftpd 2.3.4
22/TCP OPEN SSH Openssh 4.7p1
23/TCP OPEN TELNET Linux telnetd
25/TCP OPEN SMTP Postfix smtpd
53/TCP OPEN DOMAIN ISC Bind 9.4.2
80/TCP OPEN HTTP Apache HTTPD 2.2.8
111/TCP OPEN RPCBIND RCP 100000
139/TCP OPEN NETBIOS-SSN Samba SMBD 3.X
445/TCP OPEN NETBIOS-SSN Samba SMBD 3.X
512/TCP OPEN EXEC Netkit-rsh rexecd
513/TCP OPEN LOGIN OpenBSD
514/TCP OPEN TCPWRAPPED
1099/TCP OPEN RMIREGISTRY GNU Classpath
1524/TCP OPEN SHELL MSP Root Shell
2049/TCP OPEN NFS RPC 100003
2121/TCP OPEN FTP ProFTPD 1.3.1
3306/TCP OPEN MYSQL MySQL 5.0.51a
5432/TCP OPEN POSTGRESQL PostGreSQL DB 8.3.0
5900/TCP OPEN VNC VNC 3.3
6000/TCP OPEN X11
6667/TCP OPEN IRC UnrealIRCd
8009/TCP OPEN AJP13 Apache Jserv 1.3
8180/TCP OPEN HTTP Apache Tomcat JSP 1
Top 10 Vulnerabilities Found
The following table of vulnerabilities found within the Metasploitable VM Server Host was
populated using the results of the Nessus Vulnerability Scanning Tool operated by the ASCME
INC. internal security team. While all ten vulnerabilities possess the rating of CRITICAL, a column
has been included in the table for completeness.

Severity Name Family Count

Critical Bash Incomplete Fix Gain a shell remotely 1
Remote Code Exec
SHELLSHOCK
Critical Bash Remote Code Gain a shell remotely 1
Execution
SHELLSHOCK
Critical Bind Shell Backdoor Backdoors 1
Detection
Critical Debian OpenSSH Gain a shell remotely 1
PRNG Weakness
Critical Debian OpenSSH Gain a shell remotely 1
PRNG Weakness –
SSL CHECK
Critical NFS Exported Share RPC 1
Information
Disclosure
Critical REXECD Service Service Detection 1
Detection
Critical Ubuntu 8.04 LTS: Ubuntu Local Security 1
gnults12, gnults13 Checks
vulnerability:
USN-613-1
Critical Ubuntu 8.04 LTS: Ubuntu Local Security 1
libxml1 vulnerability: Checks
USN-644-1
Critical Ubuntu 8.04 LTS: Ubuntu Local Security 1
Linux-source- Checks
2.6.15/20/22
vulnerability:
USN-625-1
VULNERABILITY: Bash Incomplete Fix Remote Code Execution
Vulnerability (Shellshock)
Legend:
A – Availability Impact ND – Not Defined
AC – Access Complexity OF – Official Fix
Au – Authentication POC – Proof of Concept
AV – Access Vector RC – Report Confidence
C – Confidentiality Impact RL – Remediation Level
CVSS – Common Vulnerability Scoring System TF – Temporary Fix
F – Functional U - Unavailable
H – High W - Workaround
I – Integrity Impact

Risk Information:

Risk Factor Critical

CVSS Base Score 10
CVSS Temporal Score 7.8
CVSS Vector CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C
CVSS Temporal Vector CVSS2#E:POC/RL:OF/RC:C
IAVM Severity 1

Description: The remote host is running a version of Bash that is vulnerable to command
injection via environment variable manipulation. Depending on the configuration of the system,
an attacker can remotely execute arbitrary code.

Solution:
Apply the appropriate update.

See Also:
http://www.nessus.org/u?dacf7829

Notes:
VULNERABILITY: Bash Remote Code Execution (Shellshock)
Legend:
A – Availability Impact ND – Not Defined
AC – Access Complexity OF – Official Fix
Au – Authentication POC – Proof of Concept
AV – Access Vector RC – Report Confidence
C – Confidentiality Impact RL – Remediation Level
CVSS – Common Vulnerability Scoring System TF – Temporary Fix
F – Functional U - Unavailable
H – High W - Workaround
I – Integrity Impact

Risk Information:

Risk Factor Critical

CVSS Base Score 10
CVSS Temporal Score 8.7
CVSS Vector CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C
CVSS Temporal Vector CVSS2#E:POC/RL:OF/RC:C
IAVM Severity 1

Description: The remote host is running a version of Bash that is vulnerable to command
injection via environment variable manipulation. Depending on the configuration of the system,
an attacker could remotely execute arbitrary code.

Solution:
Update Bash.

See Also:
http://seclists.org/oss-sec/2014/q3/650
http://www.nessus.org/u?dacf7829
https://www.invisiblethreat.ca/post/shellshock/

Notes:
VULNERABILITY: Bind Shell Backdoor Detection
Legend:
A – Availability Impact ND – Not Defined
AC – Access Complexity OF – Official Fix
Au – Authentication POC – Proof of Concept
AV – Access Vector RC – Report Confidence
C – Confidentiality Impact RL – Remediation Level
CVSS – Common Vulnerability Scoring System TF – Temporary Fix
F – Functional U - Unavailable
H – High W - Workaround
I – Integrity Impact

Risk Information:

Risk Factor Critical

CVSS Base Score 10
CVSS Temporal Score N/A
CVSS Vector CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C
CVSS Temporal Vector N/A
IAVM Severity N/A

Description: A shell is listening on the remote port without any authentication being required.
An attacker may use it by connecting to the remote port and sending commands directly.

Solution:
Verify if the remote host has been compromised and reinstall the system if necessary.

See Also:
https://www.tenable.com/plugins/nessus/51988

Notes:
VULNERABILITY: Debian OpenSSH/OpenSSL Package Random Number
Generator Weakness
Legend:
A – Availability Impact ND – Not Defined
AC – Access Complexity OF – Official Fix
Au – Authentication POC – Proof of Concept
AV – Access Vector RC – Report Confidence
C – Confidentiality Impact RL – Remediation Level
CVSS – Common Vulnerability Scoring System TF – Temporary Fix
F – Functional U - Unavailable
H – High W - Workaround
I – Integrity Impact

Risk Information:

Risk Factor Critical

CVSS Base Score 10
CVSS Temporal Score 8.3
CVSS Vector CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C
CVSS Temporal Vector CVSS2#E:F/RL:OF/RC:C
IAVM Severity N/A

Description: The remote SSH host key has been generated on a Debian or Ubuntu system which
contains a bug in the random number generator of its OpenSSL library. The problem is due to a
Debian packager removing nearly all sources of entropy in the remote version of OpenSSL. An
attacker can easily obtain the private part of the remote key and use this to set up decipher the
remote session or set up a man in the middle attack.

Solution:
Consider all cryptographic material generated on the remote host to be guessable. In particular,
all SSH, SSL and OpenVPN key material should be re-generated.

See Also:
http://www.nessus.org/u?5d01bdab
http://www.nessus.org/u?f14f4224

Notes:
VULNERABILITY: Debian OpenSSH/OpenSSL Package Random Number
Generator Weakness (SSL check)
Legend:
A – Availability Impact ND – Not Defined
AC – Access Complexity OF – Official Fix
Au – Authentication POC – Proof of Concept
AV – Access Vector RC – Report Confidence
C – Confidentiality Impact RL – Remediation Level
CVSS – Common Vulnerability Scoring System TF – Temporary Fix
F – Functional U - Unavailable
H – High W - Workaround
I – Integrity Impact

Risk Information:

Risk Factor Critical

CVSS Base Score 10
CVSS Temporal Score 8.3
CVSS Vector CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C
CVSS Temporal Vector CVSS2#E:F/RL:OF/RC:C
IAVM Severity N/A

Description: The remote x509 certificate on the remote SSL server has been generated on a
Debian or Ubuntu system which contains a bug in the random number generator of its OpenSSL
library. The problem is due to a Debian packager removing nearly all sources of entropy in the
remote version of OpenSSL. An attacker can easily obtain the private part of the remote key
and use this to decipher the remote session or set up a man in the middle attack.

Solution:
Consider all cryptographic material generated on the remote host to be guessable. In particular,
all SSH, SSL and OpenVPN key material should be re-generated.

See Also:
http://www.nessus.org/u?5d01bdab
http://www.nessus.org/u?f14f4224

Notes:
VULNERABILITY: NFS Exported Share Information Disclosure
Legend:
A – Availability Impact ND – Not Defined
AC – Access Complexity OF – Official Fix
Au – Authentication POC – Proof of Concept
AV – Access Vector RC – Report Confidence
C – Confidentiality Impact RL – Remediation Level
CVSS – Common Vulnerability Scoring System TF – Temporary Fix
F – Functional U - Unavailable
H – High W - Workaround
I – Integrity Impact

Risk Information:

Risk Factor Critical

CVSS Base Score 10
CVSS Temporal Score N/A
CVSS Vector CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C
CVSS Temporal Vector N/A
IAVM Severity N/A

Description: At least one of the NFS shares exported by the remote server could be mounted by
the scanning host. An attacker may be able to leverage this to read (and possibly write) files on
remote host.

Solution:
Configure NFS on the remote host so that only authorized hosts can mount its remote shares.

See Also:
https://www.tenable.com/plugins/nessus/11356

Notes:
VULNERABILITY: rexecd Service Detection
Legend:
A – Availability Impact ND – Not Defined
AC – Access Complexity OF – Official Fix
Au – Authentication POC – Proof of Concept
AV – Access Vector RC – Report Confidence
C – Confidentiality Impact RL – Remediation Level
CVSS – Common Vulnerability Scoring System TF – Temporary Fix
F – Functional U - Unavailable
H – High W - Workaround
I – Integrity Impact

Risk Information:

Risk Factor Critical

CVSS Base Score 10
CVSS Temporal Score N/A
CVSS Vector CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C
CVSS Temporal Vector N/A
IAVM Severity N/A

Description: The rexecd service is running on the remote host. This service is design to allow
users of a network to execute commands remotely. However, rexecd does not provide any
good means of authentication, so it may be abused by an attacker to scan a third-party host.

Solution:
Comment out the 'exec' line in /etc/inetd.conf and restart the inetd process.

See Also:
https://www.tenable.com/plugins/nessus/10203

Notes:
VULNERABILITY: Ubuntu 6.06 LTS / 7.04 / 7.10 / 8.04 LTS : gnutls12,
gnutls13 vulnerabilities (USN-613-1)
Legend:
A – Availability Impact ND – Not Defined
AC – Access Complexity OF – Official Fix
Au – Authentication POC – Proof of Concept
AV – Access Vector RC – Report Confidence
C – Confidentiality Impact RL – Remediation Level
CVSS – Common Vulnerability Scoring System TF – Temporary Fix
F – Functional U - Unavailable
H – High W - Workaround
I – Integrity Impact

Risk Information:

Risk Factor Critical

CVSS Base Score 10
CVSS Temporal Score N/A
CVSS Vector CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C
CVSS Temporal Vector N/A
IAVM Severity N/A

Description: Multiple flaws were discovered in the connection handling of GnuTLS. A remote
attacker could exploit this to crash applications linked against GnuTLS, or possibly execute
arbitrary code with permissions of the application's user. Note that Tenable Network Security
has extracted the preceding description block directly from the Ubuntu security advisory.
Tenable has attempted to automatically clean and format it as much as possible without
introducing additional issues.

Solution:
Update the affected packages.

See Also:
https://www.tenable.com/plugins/nessus/32432

Notes:
VULNERABILITY: Ubuntu 6.06 LTS / 7.04 / 7.10 / 8.04 LTS : libxml2
vulnerabilities (USN-644-1)
Legend:
A – Availability Impact ND – Not Defined
AC – Access Complexity OF – Official Fix
Au – Authentication POC – Proof of Concept
AV – Access Vector RC – Report Confidence
C – Confidentiality Impact RL – Remediation Level
CVSS – Common Vulnerability Scoring System TF – Temporary Fix
F – Functional U - Unavailable
H – High W - Workaround
I – Integrity Impact

Risk Information:

Risk Factor Critical

CVSS Base Score 10
CVSS Temporal Score 8.7
CVSS Vector CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C
CVSS Temporal Vector CVSS2#E:ND/RL:OF/RC:C
IAVM Severity N/A

Description: It was discovered that libxml2 did not correctly handle long entity names. If a user
were tricked into processing a specially crafted XML document, a remote attacker could
execute arbitrary code with user privileges or cause the application linked against libxml2 to
crash, leading to a denial of service. (CVE-2008-3529).

Solution:
Update the affected packages.

See Also:
https://www.tenable.com/plugins/nessus/37936

Notes:
VULNERABILITY: Ubuntu 6.06 LTS / 7.04 / 7.10 / 8.04 LTS : linux, linux-
source-2.6.15/20/22 vulnerabilities (USN-625-1)
Legend:
A – Availability Impact ND – Not Defined
AC – Access Complexity OF – Official Fix
Au – Authentication POC – Proof of Concept
AV – Access Vector RC – Report Confidence
C – Confidentiality Impact RL – Remediation Level
CVSS – Common Vulnerability Scoring System TF – Temporary Fix
F – Functional U - Unavailable
H – High W - Workaround
I – Integrity Impact

Risk Information:

Risk Factor Critical

CVSS Base Score 10
CVSS Temporal Score 8.7
CVSS Vector CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C
CVSS Temporal Vector CVSS2#E:ND/RL:OF/RC:C
IAVM Severity 1

Description: A race condition was discovered between ptrace and utrace in the kernel. A local
attacker could exploit this to crash the system, leading to a denial of service. (CVE-2008-2365)

The copy_to_user routine in the kernel did not correctly clear memory destination addresses
when running on 64bit kernels. A local attacker could exploit this to gain access to sensitive
kernel memory, leading to a loss of privacy. (CVE-2008-2729)

The PPP over L2TP routines in the kernel did not correctly handle certain messages. A remote
attacker could send a specially crafted packet that could crash the system or execute arbitrary
code.
(CVE-2008-2750)

Solution:
Update the affected packages.

See Also:
https://www.tenable.com/plugins/nessus/33531

Notes:
Network Profile

Source Addresses:
10.0.0.2 Windows 10 Host Operating System
10.0.0.18 VMWare Workstation, VM Kali Linux

Destination Address:
10.0.013 Metasploitable Metasploitable VM Host Server

Domain information:
N/A

Zone Transfer Information:

N/A
Additional Analysis (Not Used)
Firewall Analysis Template

Fingerprinting
This test is to determine the success of various packet response fingerprinting methods through
the firewall.

Method Result

Stealth
This test determines the viability of SYN stealth scanning through the firewall for enumeration.

Results

Source Port Control

This test measures the use of scanning with specific source ports through the firewall for
enumeration.

Protocol Source Port Result

UDP 53
UDP 161
TCP 53
TCP 69

ICMP Responses
This test is to measure the firewall’s responses to various types of ICMP packets.

Type Type Description Response RTT

Protocol
This test is to discover the firewalls to screen packets of various protocols.

Protocol Result
Google Trolling

Search String Result

Social Engineering Target Template

Name Email Telephone Description

Social Engineering Telephone Attack Template

Attack Scenario Description

Telephone #
Person
Description
Results

Social Engineering E-mail Attack Template

Attack Scenario Description

Telephone #
Person
Description
Results

Personally Identifiable Information (PII)

Info Found and Location Description

Password Cracking Template

Protected File
File name
File type
Crack time
User name
Password

Encoded Password File

IP Address
Services Port
Service Type
Protocol
File name
File Type
Crack Time
Login Names
Passwords

Protected Online Service

IP Address
Service Port
Service Type
Protocol
Login Names
Passwords
Conclusion
ASCME INC’s internal security team conducted vulnerability analysis on METASPLOITABLE VM
HOST SERVER (IP: 10.0.0.13). The team’s in-depth analysis of the host device resulted in the
detection of 423 vulnerabilities. Given the high number of critical vulnerabilities alone, this
document contains information and remediation notes on only the top 10 critical
vulnerabilities. Those top 10 critical vulnerabilities are as follows:

Bash Incomplete Fix Remote Code Execution Vulnerability (Shellshock)

Bash Remote Code Execution (Shellshock)
Bind Shell Backdoor Detection
Debian OpenSSH/OpenSSL Package Random Number Generator Weakness
Debian OpenSSH/OpenSSL Package Random Number Generator Weakness SSL
NFS Exported Share Information Disclosure
Rexecd Service Detection
Gnutls12, gnutls13 vulnerabilities (USN-613-1)
Libxml2 vulnerabilities (USN-644-1)
Linux, linux-source-2.6.15/20/22 vulnerabilities (USN-625-1)

It is the recommendation of the ASCME INC’s internal security team that METASPLOITABLE VM
HOST SERVER (IP: 10.0.0.13) be gracefully terminated IMMEDIATELY. ASCME INC’s internal
security team is unable to provide assistance in replacement of this system and steps should be
taken with the appropriate team to replace the machine.

ASCME INC’s internal security team officially concluded the vulnerability analysis #00001A on
03 JUNE 2018. The Vulnerability Assessment for ASCME INC. shall officially conclude upon
signed receipt of this document. ASCME INC. will have the opportunity to discuss the
aforementioned findings and remediation suggestions with ASCME INC’s internal security team
prior to this assessment’s conclusion.
 References
Mell, P., Scarfone, K., & Romanosky, S. (n.d.). CVSS v2 Complete Documentation. Retrieved June 01, 2018,
from https://www.first.org/cvss/v2/guide#1-Introduction

Proffitt, Tim (n.d.) Creating a Comprehensive Vulnerability Assessment Program for a Large Company Using
QualysGuard. Retrieved June 01, 2018 from http://www.sans.org/reading-
room/whitepapers/auditing/creating-comprehensive-vulnerability-assessment-program-large-company-
qualysguard-2139

Tenable.com, Nessus Documentation Site. Retrieved June 01, 2018, from

https://docs.tenable.com/?doc=nessus3

Vulnerability References
Bash Incomplete Fix Remote Code Execution Vulnerability (Shellshock), Retrieved June 01, 2018, from
https://www.tenable.com/plugins/nessus/78385

Bash Remote Code Execution (Shellshock), Retrieved June 01, 2018, from
https://www.tenable.com/plugins/nessus/77823

Bind Shell Backdoor Detection, Retrieved June 01, 2018, from

https://www.tenable.com/plugins/nessus/51988

Debian OpenSSH/OpenSSL Package Random Number Generator Weakness, Retrieved June 01, 2018, from
https://www.tenable.com/plugins/nessus/32314

Debian OpenSSH/OpenSSL Package Random Number Generator Weakness (SSL check), Retrieved June 01,
2018, from https://www.tenable.com/plugins/nessus/32321

NFS Exported Share Information Disclosure, Retrieved June 01, 2018, from
https://www.tenable.com/plugins/nessus/11356

rexecd Service Detection, Retrieved June 01, 2018, from https://www.tenable.com/plugins/nessus/10203

Ubuntu 6.06 LTS / 7.04 / 7.10 / 8.04 LTS : gnutls12, gnutls13 vulnerabilities (USN-613-1), Retrieved June 01,
2018, from https://www.tenable.com/plugins/nessus/32432

Ubuntu 6.06 LTS / 7.04 / 7.10 / 8.04 LTS : libxml2 vulnerabilities (USN-644-1), Retrieved June 01, 2018, from
https://www.tenable.com/plugins/nessus/37936

Ubuntu 6.06 LTS / 7.04 / 7.10 / 8.04 LTS : linux, linux-source-2.6.15/20/22 vulnerabilities (USN-625-1),
Retrieved June 01, 2018, from https://www.tenable.com/plugins/nessus/33531