Nessus Report

Nessus Scan Report

18/May/2015:00:48:50

Nessus Home: Commercial use of the report is prohibited

Any time Nessus is used in a commercial environment you MUST maintain an active
subscription to the Nessus Feed in order to be compliant with our license agreement:
http://www.tenable.com/products/nessus
 Table Of Contents
Vulnerabilities By Host......................................................................................................... 3
•192.168.137.131.......................................................................................................................................................... 4
Remediations...................................................................................................................... 81
•Suggested Remediations.......................................................................................................................................... 82
Vulnerabilities By Host
192.168.137.131
Scan Information
Start time: Mon May 18 00:48:51 2015

End time: Mon May 18 00:51:12 2015

Host Information
DNS Name: 192.168.137.131

IP: 192.168.137.131

MAC Address: 00:0c:29:79:0f:f1

OS: Linux Kernel 2.6.32-5-686 on Debian 6.0.7

Results Summary
Critical High Medium Low Info Total

4 26 27 6 39 102
Results Details
0/icmp
10114 - ICMP Timestamp Request Remote Date Disclosure
Synopsis
It is possible to determine the exact time set on the remote host.
Description
The remote host answers to an ICMP timestamp request. This allows an attacker to know the date that is set on
the targeted machine, which may assist an unauthenticated, remote attacker in defeating time-based authentication
protocols.
Timestamps returned from machines running Windows Vista / 7 / 2008 / 2008 R2 are deliberately incorrect, but
usually within 1000 seconds of the actual system time.
Solution
Filter out the ICMP timestamp requests (13), and the outgoing ICMP timestamp replies (14).
Risk Factor
None
References
CVE CVE-1999-0524

XREF OSVDB:94

XREF CWE:200
Plugin Information:
Publication date: 1999/08/01, Modification date: 2012/06/18
Ports
icmp/0
The difference between the local and remote clocks is 6 seconds.

0/tcp
82718 - Debian DLA-195-1 : libtasn1-3 security update
Synopsis
The remote Debian host is missing a security update.
Description
Hanno Boeck discovered a stack-based buffer overflow in the asn1_der_decoding function in Libtasn1, a library to
manage ASN.1 structures. A remote attacker could take advantage of this flaw to cause an application using the
Libtasn1 library to crash, or potentially to execute arbitrary code.

4
 NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security
advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing
additional issues.
See Also
https://lists.debian.org/debian-lts-announce/2015/04/msg00009.html

https://packages.debian.org/source/squeeze-lts/libtasn1-3
Solution
Upgrade the affected packages.
Risk Factor
Critical
CVSS Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score
8.7 (CVSS2#E:ND/RL:OF/RC:C)
References
BID 73436

CVE CVE-2015-2806
Plugin Information:
Publication date: 2015/04/13, Modification date: 2015/04/14
Ports
tcp/0

Remote package installed : libtasn1-3_2.7-1+squeeze+1

Should be : libtasn1-3_2.7-1+squeeze+3

82208 - Debian DLA-63-1 : bash security update

Synopsis
The remote Debian host is missing a security update.
Description
Tavis Ormandy discovered that the patch applied to fix CVE-2014-6271 released in DSA-3032-1 for bash, the GNU
Bourne-Again Shell, was incomplete and could still allow some characters to be injected into another environment
(CVE-2014-7169). With this update prefix and suffix for environment variable names which contain shell functions are
added as hardening measure.
Additionally two out-of-bounds array accesses in the bash parser are fixed which were revealed in Red Hat's internal
analysis for these issues and also independently reported by Todd Sabin.
NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security
advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing
additional issues.
See Also
https://lists.debian.org/debian-lts-announce/2014/09/msg00020.html

https://packages.debian.org/source/squeeze-lts/bash
Solution
Upgrade the affected packages.
Risk Factor
Critical
CVSS Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score

5
 7.8 (CVSS2#E:POC/RL:OF/RC:C)
STIG Severity
I
References
BID 70137

CVE CVE-2014-7169

XREF IAVA:2014-A-0142
Plugin Information:
Publication date: 2015/03/26, Modification date: 2015/03/28
Ports
tcp/0

Remote package installed : bash_4.1-3

Should be : bash_4.1-3+deb6u2

82138 - Debian DLA-155-1 : linux-2.6 security update

Synopsis
The remote Debian host is missing a security update.
Description
This update fixes the CVEs described below.
A further issue, CVE-2014-9419, was considered, but appears to require extensive changes with a consequent high
risk of regression. It is now unlikely to be fixed in squeeze-lts.
CVE-2013-6885
It was discovered that under specific circumstances, a combination of write operations to write-combined memory and
locked CPU instructions may cause a core hang on AMD 16h 00h through 0Fh processors. A local user can use this
flaw to mount a denial of service (system hang) via a crafted application.
For more information please refer to the AMD CPU erratum 793 in http://support.amd.com/
TechDocs/51810_16h_00h-0Fh_Rev_Guide.
pdf
CVE-2014-7822
It was found that the splice() system call did not validate the given file offset and length. A local unprivileged user can
use this flaw to cause filesystem corruption on ext4 filesystems, or possibly other effects.
CVE-2014-8133
It was found that the espfix functionality can be bypassed by installing a 16-bit RW data segment into GDT instead
of LDT (which espfix checks for) and using it for stack. A local unprivileged user could potentially use this flaw to leak
kernel stack addresses.
CVE-2014-8134
It was found that the espfix functionality is wrongly disabled in a 32-bit KVM guest. A local unprivileged user could
potentially use this flaw to leak kernel stack addresses.
CVE-2014-8160
It was found that a netfilter (iptables or ip6tables) rule accepting packets to a specific SCTP, DCCP, GRE or UDPlite
port/endpoint could result in incorrect connection tracking state. If only the generic connection tracking module
(nf_conntrack) was loaded, and not the protocol-specific connection tracking module, this would allow access to any
port/endpoint of the specified protocol.
CVE-2014-9420
It was found that the ISO-9660 filesystem implementation (isofs) follows arbitrarily long chains, including loops, of
Continuation Entries (CEs). This allows local users to mount a denial of service via a crafted disc image.
CVE-2014-9584
It was found that the ISO-9660 filesystem implementation (isofs) does not validate a length value in the Extensions
Reference (ER) System Use Field, which allows local users to obtain sensitive information from kernel memory via a
crafted disc image.
CVE-2014-9585
It was discovered that address randomisation for the vDSO in 64-bit processes is extremely biassed. A local
unprivileged user could potentially use this flaw to bypass the ASLR protection mechanism.
CVE-2015-1421
It was found that the SCTP implementation could free authentication state while it was still in use, resulting in heap
corruption. This could allow remote users to cause a denial of service or privilege escalation.
CVE-2015-1593

6
 It was found that address randomisation for the initial stack in 64-bit processes was limited to 20 rather than 22 bits of
entropy. A local unprivileged user could potentially use this flaw to bypass the ASLR protection mechanism.
NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security
advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing
additional issues.
See Also
http://support.amd.com/TechDocs/51810_16h_00h-0Fh_Rev_Guide.pdf

https://lists.debian.org/debian-lts-announce/2015/02/msg00009.html

https://packages.debian.org/source/squeeze-lts/linux-2.6
Solution
Upgrade the affected packages.
Risk Factor
Critical
CVSS Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score
8.7 (CVSS2#E:ND/RL:OF/RC:C)
References
BID 63983

BID 71650

BID 71684

BID 71717

BID 71883

BID 71990

BID 72061

BID 72347

BID 72356

BID 72607

CVE CVE-2013-6885

CVE CVE-2014-7822

CVE CVE-2014-8133

CVE CVE-2014-8134

CVE CVE-2014-8160

CVE CVE-2014-9420

CVE CVE-2014-9584

CVE CVE-2014-9585

CVE CVE-2015-1421

7
 CVE CVE-2015-1593
Plugin Information:
Publication date: 2015/03/26, Modification date: 2015/03/26
Ports
tcp/0

Remote package installed : firmware-linux-free_2.6.32-48squeeze3

Should be : firmware-linux-free_2.6.32-48squeeze11
Remote package installed : linux-base_2.6.32-48squeeze3
Should be : linux-base_2.6.32-48squeeze11
Remote package installed : linux-image-2.6.32-5-686_2.6.32-48squeeze3
Should be : linux-image-2.6.32-5-686_2.6.32-48squeeze11

82105 - Debian DLA-122-1 : eglibc security update

Synopsis
The remote Debian host is missing a security update.
Description
Avoid infinite loop in nss_dns getnetbyname [BZ #17630]
NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security
advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing
additional issues.
See Also
https://lists.debian.org/debian-lts-announce/2014/12/msg00024.html

https://packages.debian.org/source/squeeze-lts/eglibc
Solution
Upgrade the affected packages.
Risk Factor
High
CVSS Base Score
7.8 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C)
CVSS Temporal Score
6.8 (CVSS2#E:ND/RL:OF/RC:C)
STIG Severity
I
References
BID 71670

CVE CVE-2014-9402

XREF IAVA:2015-A-0038
Plugin Information:
Publication date: 2015/03/26, Modification date: 2015/03/28
Ports
tcp/0

Remote package installed : libc-bin_2.11.3-4

Should be : libc-bin_2.11.3-4+deb6u3
Remote package installed : libc6_2.11.3-4
Should be : libc6_2.11.3-4+deb6u3
Remote package installed : libc6-i686_2.11.3-4
Should be : libc6-i686_2.11.3-4+deb6u3
Remote package installed : locales_2.11.3-4
Should be : locales_2.11.3-4+deb6u3

8
82220 - Debian DLA-75-1 : mysql-5.1 security update
Synopsis
The remote Debian host is missing a security update.
Description
CVE-2014-4274
Insecure handling of a temporary file that could lead to abritrary execution of code through the creation of a mysql
configuration file pointing to an attacker-controlled plugin_dir.
CVE-2013-2162
Insecure creation of the debian.cnf credential file. Credentials could be stolen by a local user monitoring that file while
the package gets installed.
CVE-2014-0001
Buffer overrun in the MySQL client when the server sends a version string that is too big for the allocated buffer.
NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security
advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing
additional issues.
See Also
https://lists.debian.org/debian-lts-announce/2014/10/msg00008.html

https://packages.debian.org/source/squeeze-lts/mysql-5.1
Solution
Upgrade the affected packages.
Risk Factor
High
CVSS Base Score
7.5 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS Temporal Score
6.5 (CVSS2#E:ND/RL:OF/RC:C)
References
BID 60424

BID 65298

BID 69732

CVE CVE-2013-2162

CVE CVE-2014-0001

CVE CVE-2014-4274
Plugin Information:
Publication date: 2015/03/26, Modification date: 2015/03/26
Ports
tcp/0

Remote package installed : libmysqlclient16_5.1.66-0+squeeze1

Should be : libmysqlclient16_5.1.73-1+deb6u1
Remote package installed : mysql-client-5.1_5.1.66-0+squeeze1
Should be : mysql-client-5.1_5.1.73-1+deb6u1
Remote package installed : mysql-common_5.1.66-0+squeeze1
Should be : mysql-common_5.1.73-1+deb6u1
Remote package installed : mysql-server_5.1.66-0+squeeze1
Should be : mysql-server_5.1.73-1+deb6u1
Remote package installed : mysql-server-5.1_5.1.66-0+squeeze1
Should be : mysql-server-5.1_5.1.73-1+deb6u1
Remote package installed : mysql-server-core-5.1_5.1.66-0+squeeze1
Should be : mysql-server-core-5.1_5.1.73-1+deb6u1

82227 - Debian DLA-82-1 : wget security update

9
Synopsis
The remote Debian host is missing a security update.
Description
HD Moore of Rapid7 discovered a symlink attack in Wget, a command-line utility to retrieve files via HTTP, HTTPS,
and FTP. The vulnerability allows to create arbitrary files on the user's system when Wget runs in recursive mode
against a malicious FTP server. Arbitrary file creation may override content of user's files or permit remote code
execution with the user privilege.
This update changes the default setting in Wget such that it no longer creates local symbolic links, but rather traverses
them and retrieves the pointed-to file in such a retrieval.
NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security
advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing
additional issues.
See Also
https://lists.debian.org/debian-lts-announce/2014/11/msg00001.html

https://packages.debian.org/source/squeeze-lts/wget
Solution
Upgrade the affected wget package.
Risk Factor
High
CVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score
8.1 (CVSS2#E:ND/RL:OF/RC:C)
References
BID 70751

CVE CVE-2014-4877
Plugin Information:
Publication date: 2015/03/26, Modification date: 2015/03/26
Ports
tcp/0

Remote package installed : wget_1.12-2.1

Should be : wget_1.12-2.1+deb6u1

83144 - Debian DLA-212-1 : php5 security update

Synopsis
The remote Debian host is missing a security update.
Description
CVE-2014-9705 Heap-based buffer overflow in the enchant_broker_request_dict function in ext/enchant/enchant.c in
PHP before 5.4.38, 5.5.x before 5.5.22, and 5.6.x before 5.6.6 allows remote attackers to execute arbitrary code via
vectors that trigger creation of multiple dictionaries.
CVE-2015-0232 The exif_process_unicode function in ext/exif/exif.c in PHP before 5.4.37, 5.5.x before 5.5.21, and
5.6.x before 5.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (uninitialized pointer
free and application crash) via crafted EXIF data in a JPEG image.
CVE-2015-2301 Use-after-free vulnerability in the phar_rename_archive function in phar_object.c in PHP before
5.5.22 and 5.6.x before 5.6.6 allows remote attackers to cause a denial of service or possibly have unspecified other
impact via vectors that trigger an attempted renaming of a Phar archive to the name of an existing file.
CVE-2015-2331 Integer overflow in the _zip_cdir_new function in zip_dirent.c in libzip 0.11.2 and earlier, as used in
the ZIP extension in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 and other products, allows remote
attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a ZIP archive that
contains many entries, leading to a heap-based buffer overflow.
CVE-2015-2783 Buffer Over-read in unserialize when parsing Phar
CVE-2015-2787 Use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re
in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 allows remote attackers to execute arbitrary code

10
 via a crafted unserialize call that leverages use of the unset function within an __wakeup function, a related issue to
CVE-2015-0231.
CVE-2015-3329 Buffer Overflow when parsing tar/zip/phar in phar_set_inode)
CVE-2015-3330 PHP potential remote code execution with apache 2.4 apache2handler
CVE-2015-temp-68819 denial of service when processing a crafted file with Fileinfo
NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security
advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing
additional issues.
See Also
https://lists.debian.org/debian-lts-announce/2015/04/msg00025.html

https://packages.debian.org/source/squeeze-lts/php5
Solution
Upgrade the affected packages.
Risk Factor
High
CVSS Base Score
7.5 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS Temporal Score
6.5 (CVSS2#E:ND/RL:OF/RC:C)
STIG Severity
I
References
BID 72541

BID 73031

BID 73037

BID 73182

BID 73431

BID 74204

BID 74239

BID 74240

CVE CVE-2014-9705

CVE CVE-2015-0232

CVE CVE-2015-2301

CVE CVE-2015-2331

CVE CVE-2015-2783

CVE CVE-2015-2787

CVE CVE-2015-3329

CVE CVE-2015-3330

XREF IAVB:2015-B-0055
Plugin Information:

11
 Publication date: 2015/04/30, Modification date: 2015/05/02
Ports
tcp/0

Remote package installed : libapache2-mod-php5_5.3.3-7+squeeze15

Should be : libapache2-mod-php5_5.3.3.1-7+squeeze26
Remote package installed : php5_5.3.3-7+squeeze15
Should be : php5_5.3.3.1-7+squeeze26
Remote package installed : php5-cli_5.3.3-7+squeeze15
Should be : php5-cli_5.3.3.1-7+squeeze26
Remote package installed : php5-common_5.3.3-7+squeeze15
Should be : php5-common_5.3.3.1-7+squeeze26
Remote package installed : php5-ldap_5.3.3-7+squeeze15
Should be : php5-ldap_5.3.3.1-7+squeeze26
Remote package installed : php5-mysql_5.3.3-7+squeeze15
Should be : php5-mysql_5.3.3.1-7+squeeze26

82862 - Debian DLA-204-1 : file security update

Synopsis
The remote Debian host is missing a security update.
Description
This update fixes the following issue in the file package :
CVE-2014-9653
readelf.c does not consider that pread calls sometimes read only a subset of the available data, which allows remote
attackers to cause a denial of service (uninitialized memory access) or possibly have unspecified other impact via a
crafted ELF file.
NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security
advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing
additional issues.
See Also
https://lists.debian.org/debian-lts-announce/2015/04/msg00017.html

https://packages.debian.org/source/squeeze-lts/file
Solution
Upgrade the affected packages.
Risk Factor
High
CVSS Base Score
7.5 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS Temporal Score
6.5 (CVSS2#E:ND/RL:OF/RC:C)
References
BID 72516

CVE CVE-2014-9653
Plugin Information:
Publication date: 2015/04/20, Modification date: 2015/04/20
Ports
tcp/0

Remote package installed : file_5.04-5+squeeze2

Should be : file_5.04-5+squeeze10
Remote package installed : libmagic1_5.04-5+squeeze2
Should be : libmagic1_5.04-5+squeeze10

82098 - Debian DLA-114-1 : heirloom-mailx security update

Synopsis

12
 The remote Debian host is missing a security update.
Description
Two security vulnerabilities were discovered in Heirloom mailx, an implementation of the 'mail' command :
CVE-2004-2771
mailx interprets interprets shell meta-characters in certain email addresses.
CVE-2014-7844
An unexpected feature of mailx treats syntactically valid email addresses as shell commands to execute.
Shell command execution can be re-enabled using the 'expandaddr'
option.
Note that this security update does not remove all mailx facilities for command execution, though. Scripts which send
mail to addresses obtained from an untrusted source (such as a web form) should use the '--' separator before the
email addresses (which was fixed to work properly in this update), or they should be changed to invoke 'mail
-t' or 'sendmail -i -t' instead, passing the recipient addresses as part of the mail header.
For the oldstable distribution (squeeze), these problems have been fixed in version 12.4-2+deb6u1.
We recommend that you upgrade your heirloom-mailx packages.
NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security
advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing
additional issues.
See Also
https://lists.debian.org/debian-lts-announce/2014/12/msg00017.html

https://packages.debian.org/source/squeeze-lts/heirloom-mailx
Solution
Upgrade the affected heirloom-mailx package.
Risk Factor
High
CVSS Base Score
7.5 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS Temporal Score
6.5 (CVSS2#E:ND/RL:OF/RC:C)
References
BID 71701

BID 71704

CVE CVE-2004-2771

CVE CVE-2014-7844
Plugin Information:
Publication date: 2015/03/26, Modification date: 2015/03/26
Ports
tcp/0

Remote package installed : heirloom-mailx_12.4-2

Should be : heirloom-mailx_12.4-2+deb6u1

82108 - Debian DLA-125-1 : mime-support security update

Synopsis
The remote Debian host is missing a security update.
Description
Timothy D. Morgan discovered that run-mailcap, an utility to execute programs via entries in the mailcap file, is prone
to shell command injection via shell meta-characters in filenames. In specific scenarios this flaw could allow an
attacker to remotely execute arbitrary code.
For the oldstable distribution (squeeze), this problem has been fixed in version 3.48-1+deb6u1.
We recommend that you upgrade your mime-support packages.

13
 NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security
advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing
additional issues.
See Also
https://lists.debian.org/debian-lts-announce/2014/12/msg00027.html

https://packages.debian.org/source/squeeze-lts/mime-support
Solution
Upgrade the affected mime-support package.
Risk Factor
High
CVSS Base Score
7.5 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS Temporal Score
6.5 (CVSS2#E:ND/RL:OF/RC:C)
References
BID 71797

CVE CVE-2014-7209
Plugin Information:
Publication date: 2015/03/26, Modification date: 2015/03/26
Ports
tcp/0

Remote package installed : mime-support_3.48-1

Should be : mime-support_3.48-1+deb6u1

82190 - Debian DLA-43-1 : eglibc security update

Synopsis
The remote Debian host is missing a security update.
Description
CVE-2014-0475
Stephane Chazelas discovered that the GNU C library, glibc, processed '..' path segments in locale-related
environment variables, possibly allowing attackers to circumvent intended restrictions, such as ForceCommand in
OpenSSH, assuming that they can supply crafted locale settings.
CVE-2014-5119
Tavis Ormandy discovered a heap-based buffer overflow in the transliteration module loading code in eglibc, Debian's
version of the GNU C Library. As a result, an attacker who can supply a crafted destination character set argument to
iconv-related character conversation functions could achieve arbitrary code execution.
This update removes support of loadable gconv transliteration modules. Besides the security vulnerability, the module
loading code had functionality defects which prevented it from working for the intended purpose.
NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security
advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing
additional issues.
See Also
https://lists.debian.org/debian-lts-announce/2014/09/msg00000.html

https://packages.debian.org/source/squeeze-lts/eglibc
Solution
Upgrade the affected packages.
Risk Factor
High
CVSS Base Score

14
 7.5 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS Temporal Score
6.5 (CVSS2#E:ND/RL:OF/RC:C)
References
BID 68505

BID 68983

BID 69738

CVE CVE-2014-0475

CVE CVE-2014-5119
Plugin Information:
Publication date: 2015/03/26, Modification date: 2015/03/26
Ports
tcp/0

Remote package installed : libc-bin_2.11.3-4

Should be : libc-bin_2.11.3-4+deb6u1
Remote package installed : libc6_2.11.3-4
Should be : libc6_2.11.3-4+deb6u1
Remote package installed : libc6-i686_2.11.3-4
Should be : libc6-i686_2.11.3-4+deb6u1
Remote package installed : locales_2.11.3-4
Should be : locales_2.11.3-4+deb6u1

82226 - Debian DLA-81-1 : openssl security update

Synopsis
The remote Debian host is missing a security update.
Description
Several vulnerabilities have been found in OpenSSL.
CVE-2014-3566 ('POODLE')
A flaw was found in the way SSL 3.0 handled padding bytes when decrypting messages encrypted using block
ciphers in cipher block chaining (CBC) mode. This flaw allows a man-in-the-middle (MITM) attacker to decrypt a
selected byte of a cipher text in as few as 256 tries if they are able to force a victim application to repeatedly send the
same data over newly created SSL 3.0 connections.
This update adds support for Fallback SCSV to mitigate this issue.
This does not fix the issue. The proper way to fix this is to disable SSL 3.0.
CVE-2014-3567
A memory leak flaw was found in the way an OpenSSL handled failed session ticket integrity checks. A remote
attacker could exhaust all available memory of an SSL/TLS or DTLS server by sending a large number of invalid
session tickets to that server.
CVE-2014-3568
When OpenSSL is configured with 'no-ssl3' as a build option, servers could accept and complete a SSL 3.0
handshake, and clients could be configured to send them.
Note that the package is Debian is not build with this option.
CVE-2014-3569
When openssl is build with the no-ssl3 option and a SSL v3 Client Hello is received the ssl method would be set to
NULL which could later result in a NULL pointer dereference.
Note that the package is Debian is not build with this option.
NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security
advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing
additional issues.
See Also
https://lists.debian.org/debian-lts-announce/2014/11/msg00000.html

https://packages.debian.org/source/squeeze-lts/openssl
Solution

15
 Upgrade the affected packages.
Risk Factor
High
CVSS Base Score
7.1 (CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C)
CVSS Temporal Score
6.2 (CVSS2#E:ND/RL:OF/RC:C)
References
BID 70585

BID 70586

BID 71934

CVE CVE-2014-3567

CVE CVE-2014-3568

CVE CVE-2014-3569
Plugin Information:
Publication date: 2015/03/26, Modification date: 2015/03/26
Ports
tcp/0

Remote package installed : libssl0.9.8_0.9.8o-4squeeze14

Should be : libssl0.9.8_0.9.8o-4squeeze18
Remote package installed : openssl_0.9.8o-4squeeze14
Should be : openssl_0.9.8o-4squeeze18

83119 - Debian DLA-208-1 : tzdata new upstream version

Synopsis
The remote Debian host is missing a security update.
Description
Upstream published version 2015d, removing the DST rule for Egypt starting in 2015.
NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security
advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing
additional issues.
See Also
https://lists.debian.org/debian-lts-announce/2015/04/msg00022.html

https://packages.debian.org/source/squeeze-lts/tzdata
Solution
Upgrade the affected tzdata, and tzdata-java packages.
Risk Factor
High
Plugin Information:
Publication date: 2015/04/29, Modification date: 2015/04/29
Ports
tcp/0

Remote package installed : tzdata_2012g-0squeeze1

Should be : tzdata_2015d-0+deb6u1

82149 - Debian DLA-165-1 : eglibc security update

16
Synopsis
The remote Debian host is missing a security update.
Description
Several vulnerabilities have been fixed in eglibc, Debian's version of the GNU C library.
#553206 CVE-2015-1472 CVE-2015-1473
The scanf family of functions do not properly limit stack allocation, which allows context-dependent attackers to cause
a denial of service (crash) or possibly execute arbitrary code.
CVE-2012-3405
The printf family of functions do not properly calculate a buffer length, which allows context-dependent attackers to
bypass the FORTIFY_SOURCE format-string protection mechanism and cause a denial of service.
CVE-2012-3406
The printf family of functions do not properly limit stack allocation, which allows context-dependent attackers to bypass
the FORTIFY_SOURCE format-string protection mechanism and cause a denial of service (crash) or possibly execute
arbitrary code via a crafted format string.
CVE-2012-3480
Multiple integer overflows in the strtod, strtof, strtold, strtod_l, and other related functions allow local users to cause a
denial of service (application crash) and possibly execute arbitrary code via a long string, which triggers a stack-based
buffer overflow.
CVE-2012-4412
Integer overflow in the strcoll and wcscoll functions allows context-dependent attackers to cause a denial of service
(crash) or possibly execute arbitrary code via a long string, which triggers a heap-based buffer overflow.
CVE-2012-4424
Stack-based buffer overflow in the strcoll and wcscoll functions allows context-dependent attackers to cause a denial
of service (crash) or possibly execute arbitrary code via a long string that triggers a malloc failure and use of the alloca
function.
CVE-2013-0242
Buffer overflow in the extend_buffers function in the regular expression matcher allows context-dependent attackers to
cause a denial of service (memory corruption and crash) via crafted multibyte characters.
CVE-2013-1914 CVE-2013-4458
Stack-based buffer overflow in the getaddrinfo function allows remote attackers to cause a denial of service (crash) via
a hostname or IP address that triggers a large number of domain conversion results.
CVE-2013-4237
readdir_r allows context-dependent attackers to cause a denial of service (out-of-bounds write and crash) or possibly
execute arbitrary code via a malicious NTFS image or CIFS service.
CVE-2013-4332
Multiple integer overflows in malloc/malloc.c allow context-dependent attackers to cause a denial of service (heap
corruption) via a large value to the pvalloc, valloc, posix_memalign, memalign, or aligned_alloc functions.
CVE-2013-4357
The getaliasbyname, getaliasbyname_r, getaddrinfo, getservbyname, getservbyname_r, getservbyport,
getservbyport_r, and glob functions do not properly limit stack allocation, which allows context-dependent attackers to
cause a denial of service (crash) or possibly execute arbitrary code.
CVE-2013-4788
When the GNU C library is statically linked into an executable, the PTR_MANGLE implementation does not initialize
the random value for the pointer guard, so that various hardening mechanisms are not effective.
CVE-2013-7423
The send_dg function in resolv/res_send.c does not properly reuse file descriptors, which allows remote attackers to
send DNS queries to unintended locations via a large number of requests that trigger a call to the getaddrinfo function.
CVE-2013-7424
The getaddrinfo function may attempt to free an invalid pointer when handling IDNs (Internationalised Domain
Names), which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code.
CVE-2014-4043
The posix_spawn_file_actions_addopen function does not copy its path argument in accordance with the POSIX
specification, which allows context-dependent attackers to trigger use-after-free vulnerabilities.
For the oldstable distribution (squeeze), these problems have been fixed in version 2.11.3-4+deb6u5.
For the stable distribution (wheezy), these problems were fixed in version 2.13-38+deb7u8 or earlier.
NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security
advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing
additional issues.
See Also
https://lists.debian.org/debian-lts-announce/2015/03/msg00002.html

https://packages.debian.org/source/squeeze-lts/eglibc
Solution

17
 Upgrade the affected packages.
Risk Factor
High
CVSS Base Score
7.5 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS Temporal Score
6.5 (CVSS2#E:ND/RL:OF/RC:C)
STIG Severity
I
References
BID 54374

BID 54982

BID 55462

BID 55543

BID 57638

BID 58839

BID 61183

BID 61729

BID 62324

BID 63299

BID 67992

BID 68006

BID 72428

BID 72498

BID 72499

BID 72710

BID 72844

CVE CVE-2012-3405

CVE CVE-2012-3406

CVE CVE-2012-3480

CVE CVE-2012-4412

CVE CVE-2012-4424

CVE CVE-2013-0242

CVE CVE-2013-1914

18
 CVE CVE-2013-4237

CVE CVE-2013-4332

CVE CVE-2013-4357

CVE CVE-2013-4458

CVE CVE-2013-4788

CVE CVE-2013-7423

CVE CVE-2013-7424

CVE CVE-2014-4043

CVE CVE-2015-1472

CVE CVE-2015-1473

XREF IAVA:2015-A-0038
Plugin Information:
Publication date: 2015/03/26, Modification date: 2015/03/28
Ports
tcp/0

Remote package installed : libc-bin_2.11.3-4

Should be : libc-bin_2.11.3-4+deb6u5
Remote package installed : libc6_2.11.3-4
Should be : libc6_2.11.3-4+deb6u5
Remote package installed : libc6-i686_2.11.3-4
Should be : libc6-i686_2.11.3-4+deb6u5
Remote package installed : locales_2.11.3-4
Should be : locales_2.11.3-4+deb6u5

82165 - Debian DLA-18-1 : php5 security update

Synopsis
The remote Debian host is missing a security update.
Description
[CVE-2014-3515]: fix unserialize() SPL ArrayObject / SPLObjectStorage Type Confusion
[CVE-2014-0207]: fileinfo: cdf_read_short_sector insufficient boundary check
[CVE-2014-3480]: fileinfo: cdf_count_chain insufficient boundary check
[CVE-2014-4721]: The phpinfo implementation in ext/standard/info.c in PHP before 5.4.30 and 5.5.x before 5.5.14
does not ensure use of the string data type for the PHP_AUTH_PW, PHP_AUTH_TYPE, PHP_AUTH_USER, and
PHP_SELF variables, which might allow context-dependent attackers to obtain sensitive information from process
memory by using the integer data type with crafted values, related to a 'type confusion'
vulnerability, as demonstrated by reading a private SSL key in an Apache HTTP Server web-hosting environment with
mod_ssl and a PHP 5.3.x mod_php.
NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security
advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing
additional issues.
See Also
https://lists.debian.org/debian-lts-announce/2014/07/msg00006.html

https://packages.debian.org/source/squeeze-lts/php5
Solution
Upgrade the affected packages.
Risk Factor
High

19
CVSS Base Score
7.5 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS Temporal Score
6.5 (CVSS2#E:ND/RL:OF/RC:C)
References
BID 68237

BID 68238

BID 68243

BID 68423

CVE CVE-2014-0207

CVE CVE-2014-3480

CVE CVE-2014-3515

CVE CVE-2014-4721
Plugin Information:
Publication date: 2015/03/26, Modification date: 2015/03/26
Ports
tcp/0

Remote package installed : libapache2-mod-php5_5.3.3-7+squeeze15

Should be : libapache2-mod-php5_5.3.3-7+squeeze20
Remote package installed : php5_5.3.3-7+squeeze15
Should be : php5_5.3.3-7+squeeze20
Remote package installed : php5-cli_5.3.3-7+squeeze15
Should be : php5-cli_5.3.3-7+squeeze20
Remote package installed : php5-common_5.3.3-7+squeeze15
Should be : php5-common_5.3.3-7+squeeze20
Remote package installed : php5-ldap_5.3.3-7+squeeze15
Should be : php5-ldap_5.3.3-7+squeeze20
Remote package installed : php5-mysql_5.3.3-7+squeeze15
Should be : php5-mysql_5.3.3-7+squeeze20

82204 - Debian DLA-58-3 : apt robustness improvements

Synopsis
The remote Debian host is missing a security update.
Description
The recent security updates to apt make apt bug #710924 [1] much easier to trigger. Affected users see '416
Requested Range Not Satisfiable' errors during a apt-get update operation. With the 0.8.10.3+squeeze7 upload the fix
for this error that was originally introduced in version 0.9.12 [2] is now backported.
[1] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=710924 [2] http://anonscm.debian.org/cgit/apt/apt.git/commit/?
id=331e8396ee5a4f2e 7d276eddc54749b2a13dd789
NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security
advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing
additional issues.
See Also
http://www.nessus.org/u?092a3efd

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=710924

https://lists.debian.org/debian-lts-announce/2014/10/msg00012.html

https://packages.debian.org/source/squeeze-lts/apt
Solution

20
 Upgrade the affected packages.
Risk Factor
High
Plugin Information:
Publication date: 2015/03/26, Modification date: 2015/03/26
Ports
tcp/0

Remote package installed : apt_0.8.10.3+squeeze1

Should be : apt_0.8.10.3+squeeze7
Remote package installed : apt-utils_0.8.10.3+squeeze1
Should be : apt-utils_0.8.10.3+squeeze7

74027 - Debian DSA-2928-1 : linux-2.6 - privilege escalation/denial of service/information leak

Synopsis
The remote Debian host is missing a security-related update.
Description
Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service, information leak
or privilege escalation. The Common Vulnerabilities and Exposures project identifies the following problems :
- CVE-2014-0196 Jiri Slaby discovered a race condition in the pty layer, which could lead to a denial of service or
privilege escalation.
- CVE-2014-1737 CVE-2014-1738 Matthew Daley discovered an information leak and missing input sanitising in the
FDRAWCMD ioctl of the floppy driver. This could result in a privilege escalation.
See Also
https://security-tracker.debian.org/tracker/CVE-2014-0196

https://security-tracker.debian.org/tracker/CVE-2014-1737

https://security-tracker.debian.org/tracker/CVE-2014-1738

https://packages.debian.org/source/squeeze/linux-2.6

http://www.debian.org/security/2014/dsa-2928
Solution
Upgrade the linux-2.6 and user-mode-linux packages.
For the oldstable distribution (squeeze), this problem has been fixed in version 2.6.32-48squeeze6.
The following matrix lists additional source packages that were rebuilt for compatibility with or to take advantage of this
update :
Debian 6.0 (squeeze) user-mode-linux 2.6.32-1um-4+48squeeze6 Note: Debian carefully tracks all known security
issues across every linux kernel package in all releases under active security support.
However, given the high frequency at which low-severity security issues are discovered in the kernel and the resource
requirements of doing an update, updates for lower priority issues will normally not be released for all kernels at the
same time. Rather, they will be released in a staggered or 'leap-frog' fashion.
Risk Factor
High
CVSS Base Score
7.2 (CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score
6.3 (CVSS2#E:ND/RL:OF/RC:C)
References
BID 67199

BID 67300

BID 67302

21
 CVE CVE-2014-0196

CVE CVE-2014-1737

CVE CVE-2014-1738

XREF DSA:2928
Exploitable with
Core Impact (true)
Plugin Information:
Publication date: 2014/05/16, Modification date: 2015/02/16
Ports
tcp/0

Remote package installed : firmware-linux-free_2.6.32-48squeeze3

Should be : firmware-linux-free_2.6.32-48squeeze6
Remote package installed : linux-base_2.6.32-48squeeze3
Should be : linux-base_2.6.32-48squeeze6
Remote package installed : linux-image-2.6.32-5-686_2.6.32-48squeeze3
Should be : linux-image-2.6.32-5-686_2.6.32-48squeeze6

82200 - Debian DLA-53-1 : apt security update

Synopsis
The remote Debian host is missing a security update.
Description
It was discovered that APT, the high level package manager, does not properly invalidate unauthenticated data
(CVE-2014-0488), performs incorrect verification of 304 replies (CVE-2014-0487) and does not perform the checksum
check when the Acquire::GzipIndexes option is used (CVE-2014-0489).
NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security
advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing
additional issues.
See Also
https://lists.debian.org/debian-lts-announce/2014/09/msg00010.html

https://packages.debian.org/source/squeeze-lts/apt
Solution
Upgrade the affected packages.
Risk Factor
High
CVSS Base Score
7.5 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS Temporal Score
6.5 (CVSS2#E:ND/RL:OF/RC:C)
References
BID 69835

BID 69836

BID 69838

BID 74111

CVE CVE-2014-0487

CVE CVE-2014-0488

22
 CVE CVE-2014-0489
Plugin Information:
Publication date: 2015/03/26, Modification date: 2015/04/15
Ports
tcp/0

Remote package installed : apt_0.8.10.3+squeeze1

Should be : apt_0.8.10.3+squeeze3
Remote package installed : apt-utils_0.8.10.3+squeeze1
Should be : apt-utils_0.8.10.3+squeeze3

82122 - Debian DLA-139-1 : eglibc security update

Synopsis
The remote Debian host is missing a security update.
Description
A vulnerability has been fixed in eglibc, Debian's version of the GNU C library :
CVE-2015-0235
Qualys discovered that the gethostbyname and gethostbyname2 functions were subject to a buffer overflow if
provided with a crafted IP address argument. This could be used by an attacker to execute arbitrary code in processes
which called the affected functions.
The original glibc bug was reported by Peter Klotz.
We recommend that you upgrade your eglibc packages.
The other three CVEs fixed in Debian wheezy via DSA 3142-1 have already been fixed in squeeze LTS via DLA DLA
97-1.
NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security
advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing
additional issues.
See Also
https://lists.debian.org/debian-lts-announce/2015/01/msg00012.html

https://packages.debian.org/source/squeeze-lts/eglibc
Solution
Upgrade the affected packages.
Risk Factor
High
CVSS Base Score
7.6 (CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C)
CVSS Temporal Score
6.6 (CVSS2#E:ND/RL:OF/RC:C)
References
BID 72325

CVE CVE-2015-0235
Exploitable with
Core Impact (true)Metasploit (true)
Plugin Information:
Publication date: 2015/03/26, Modification date: 2015/03/26
Ports
tcp/0

Remote package installed : libc-bin_2.11.3-4

Should be : libc-bin_2.11.3-4+deb6u4
Remote package installed : libc6_2.11.3-4
Should be : libc6_2.11.3-4+deb6u4

23
 Remote package installed : libc6-i686_2.11.3-4
Should be : libc6-i686_2.11.3-4+deb6u4
Remote package installed : locales_2.11.3-4
Should be : locales_2.11.3-4+deb6u4

82162 - Debian DLA-177-1 : openssl security update

Synopsis
The remote Debian host is missing a security update.
Description
Multiple vulnerabilities have been discovered in OpenSSL, a Secure Sockets Layer toolkit. The Common
Vulnerabilities and Exposures project identifies the following issues :
CVE-2015-0209
It was discovered that a malformed EC private key might result in memory corruption.
CVE-2015-0286
Stephen Henson discovered that the ASN1_TYPE_cmp() function can be crashed, resulting in denial of service.
CVE-2015-0287
Emilia Kaesper discovered a memory corruption in ASN.1 parsing.
CVE-2015-0288
It was discovered that missing input sanitising in the X509_to_X509_REQ() function might result in denial of service.
CVE-2015-0289
Michal Zalewski discovered a NULL pointer dereference in the PKCS#7 parsing code, resulting in denial of service.
CVE-2015-0292
It was discovered that missing input sanitising in base64 decoding might result in memory corruption.
CVE-2015-0293
A malicious client can trigger an OPENSSL_assert (i.e., an abort) in servers that both support SSLv2 and enable
export cipher suites by sending a specially crafted SSLv2 CLIENT-MASTER-KEY message.
NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security
advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing
additional issues.
See Also
https://lists.debian.org/debian-lts-announce/2015/03/msg00014.html

https://packages.debian.org/source/squeeze-lts/openssl
Solution
Upgrade the affected packages.
Risk Factor
High
CVSS Base Score
7.5 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS Temporal Score
7.5 (CVSS2#E:ND/RL:U/RC:C)
STIG Severity
I
References
BID 73196

BID 73225

BID 73227

BID 73228

BID 73231

BID 73232

BID 73237

24
 BID 73239

CVE CVE-2015-0209

CVE CVE-2015-0286

CVE CVE-2015-0287

CVE CVE-2015-0288

CVE CVE-2015-0289

CVE CVE-2015-0292

CVE CVE-2015-0293

XREF IAVA:2015-A-0063
Plugin Information:
Publication date: 2015/03/26, Modification date: 2015/03/28
Ports
tcp/0

Remote package installed : libssl0.9.8_0.9.8o-4squeeze14

Should be : libssl0.9.8_0.9.8o-4squeeze20
Remote package installed : openssl_0.9.8o-4squeeze14
Should be : openssl_0.9.8o-4squeeze20

82101 - Debian DLA-118-1 : linux-2.6 security update

Synopsis
The remote Debian host is missing a security update.
Description
Non-maintainer upload by the Squeeze LTS and Kernel Teams.
New upstream stable release 2.6.32.65, see http://lkml.org/lkml/2014/12/13/81 for more information.
The stable release 2.6.32.65 includes the following new commits compared to the previous 2.6.32-48squeeze9
package :
- USB: whiteheat: Added bounds checking for bulk command response (CVE-2014-3185)
- net: sctp: fix panic on duplicate ASCONF chunks (CVE-2014-3687)
- net: sctp: fix remote memory pressure from excessive queueing (CVE-2014-3688)
- udf: Avoid infinite loop when processing indirect ICBs (CVE-2014-6410)
- net: sctp: fix NULL pointer dereference in af->from_addr_param on malformed packet (CVE-2014-7841)
- mac80211: fix fragmentation code, particularly for encryption (CVE-2014-8709)
- ttusb-dec: buffer overflow in ioctl (CVE-2014-8884)
We recommend that you upgrade your linux-2.6 packages.
We apologize for a minor cosmetic glitch :
The following commits were already included in 2.6.32-48squeeze9 despite claims in debian/changelog they were
only fixed in 2.6.32-48squeez10 :
- vlan: Don't propagate flag changes on down interfaces.
- sctp: Fix double-free introduced by bad backport in 2.6.32.62
- md/raid6: Fix misapplied backport in 2.6.32.64
- block: add missing blk_queue_dead() checks
- block: Fix blk_execute_rq_nowait() dead queue handling
- proc connector: Delete spurious memset in proc_exit_connector()
NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security
advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing
additional issues.
See Also
http://lkml.org/lkml/2014/12/13/81

https://lists.debian.org/debian-lts-announce/2014/12/msg00020.html

https://packages.debian.org/source/squeeze-lts/linux-2.6

25
Solution
Upgrade the affected packages.
Risk Factor
High
CVSS Base Score
7.8 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C)
CVSS Temporal Score
6.8 (CVSS2#E:ND/RL:OF/RC:C)
References
BID 69781

BID 69799

BID 70766

BID 70768

BID 70965

BID 71081

BID 71097

CVE CVE-2014-3185

CVE CVE-2014-3687

CVE CVE-2014-3688

CVE CVE-2014-6410

CVE CVE-2014-7841

CVE CVE-2014-8709

CVE CVE-2014-8884
Plugin Information:
Publication date: 2015/03/26, Modification date: 2015/03/26
Ports
tcp/0

Remote package installed : firmware-linux-free_2.6.32-48squeeze3

Should be : firmware-linux-free_2.6.32-48squeeze10
Remote package installed : linux-base_2.6.32-48squeeze3
Should be : linux-base_2.6.32-48squeeze10
Remote package installed : linux-image-2.6.32-5-686_2.6.32-48squeeze3
Should be : linux-image-2.6.32-5-686_2.6.32-48squeeze10

82189 - Debian DLA-42-1 : live-config security update

Synopsis
The remote Debian host is missing a security update.
Description
A vulnerability against Debian Live, the live systems project, was reported. The default, the live images include a SSH
server allowing for log in with default user and password. This fix set PasswordAuthentication in /etc/ssh/sshd_config
as 'no'.
NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security
advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing
additional issues.

26
See Also
https://lists.debian.org/debian-lts-announce/2014/08/msg00016.html

https://packages.debian.org/source/squeeze-lts/live-config
Solution
Upgrade the affected packages.
Risk Factor
High
Plugin Information:
Publication date: 2015/03/26, Modification date: 2015/03/26
Ports
tcp/0

Remote package installed : live-config_2.0.15-1

Should be : live-config_2.0.15-1.1+deb6u1
Remote package installed : live-config-sysvinit_2.0.15-1
Should be : live-config-sysvinit_2.0.15-1.1+deb6u1

82217 - Debian DLA-72-2 : rsyslog regression update

Synopsis
The remote Debian host is missing a security update.
Description
The Wheezy patch left an unresolved symbol in the imklog module of the Squeeze version. rsyslog worked fine except
that messages from the kernel couldn't be submitted any longer. This update fixes this issue.
NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security
advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing
additional issues.
See Also
https://lists.debian.org/debian-lts-announce/2014/10/msg00005.html

https://packages.debian.org/source/squeeze-lts/rsyslog
Solution
Upgrade the affected packages.
Risk Factor
High
Plugin Information:
Publication date: 2015/03/26, Modification date: 2015/03/26
Ports
tcp/0

Remote package installed : rsyslog_4.6.4-2

Should be : rsyslog_4.6.4-2+deb6u2

82239 - Debian DLA-94-1 : php5 security update

Synopsis
The remote Debian host is missing a security update.
Description
CVE-2014-3668
Fix bug #68027 - fix date parsing in XMLRPC lib
CVE-2014-3669
Fix bug #68044: Integer overflow in unserialize() (32-bits only)
CVE-2014-3670
Fix bug #68113 (Heap corruption in exif_thumbnail())
CVE-2014-3710
Fix bug #68283: fileinfo: out-of-bounds read in elf note headers

27
 Additional bugfix
Fix null byte handling in LDAP bindings in ldap-fix.patch
NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security
advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing
additional issues.
See Also
https://lists.debian.org/debian-lts-announce/2014/11/msg00013.html

https://packages.debian.org/source/squeeze-lts/php5
Solution
Upgrade the affected packages.
Risk Factor
High
CVSS Base Score
7.5 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS Temporal Score
5.9 (CVSS2#E:POC/RL:OF/RC:C)
References
BID 70611

BID 70665

BID 70666

BID 70807

CVE CVE-2014-3668

CVE CVE-2014-3669

CVE CVE-2014-3670

CVE CVE-2014-3710
Plugin Information:
Publication date: 2015/03/26, Modification date: 2015/03/26
Ports
tcp/0

Remote package installed : libapache2-mod-php5_5.3.3-7+squeeze15

Should be : libapache2-mod-php5_5.3.3-7+squeeze23
Remote package installed : php5_5.3.3-7+squeeze15
Should be : php5_5.3.3-7+squeeze23
Remote package installed : php5-cli_5.3.3-7+squeeze15
Should be : php5-cli_5.3.3-7+squeeze23
Remote package installed : php5-common_5.3.3-7+squeeze15
Should be : php5-common_5.3.3-7+squeeze23
Remote package installed : php5-ldap_5.3.3-7+squeeze15
Should be : php5-ldap_5.3.3-7+squeeze23
Remote package installed : php5-mysql_5.3.3-7+squeeze15
Should be : php5-mysql_5.3.3-7+squeeze23

82837 - Debian DLA-201-1 : tzdata new upstream version

Synopsis
The remote Debian host is missing a security update.
Description
Upstream published version 2015c, fixing the DST rule for Egypt.

28
 NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security
advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing
additional issues.
See Also
https://lists.debian.org/debian-lts-announce/2015/04/msg00014.html

https://packages.debian.org/source/squeeze-lts/tzdata
Solution
Upgrade the affected tzdata, and tzdata-java packages.
Risk Factor
High
Plugin Information:
Publication date: 2015/04/17, Modification date: 2015/04/17
Ports
tcp/0

Remote package installed : tzdata_2012g-0squeeze1

Should be : tzdata_2015c-0+deb6u1

82164 - Debian DLA-179-1 : tzdata new upstream version

Synopsis
The remote Debian host is missing a security update.
Description
Upstream published version 2015b.
Changes since 2014h-0squeeze1 currently in squeeze-lts are the following :
- New leap second 2015-06-30 23:59:60 UTC.
- New DST for Mongolia.
- New DST for Palestine.
- New DST for Cancun (Mexico).
- New DST for Chile.
- New DST for Fiji.
- Time zone change for Turks & Caicos.
- New time zone for Bougainville (Papua New Guinea).
- New time zone abbreviation for Belarus.
NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security
advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing
additional issues.
See Also
https://lists.debian.org/debian-lts-announce/2015/03/msg00016.html

https://packages.debian.org/source/squeeze-lts/tzdata
Solution
Upgrade the affected tzdata, and tzdata-java packages.
Risk Factor
High
Plugin Information:
Publication date: 2015/03/26, Modification date: 2015/03/26
Ports
tcp/0

Remote package installed : tzdata_2012g-0squeeze1

Should be : tzdata_2015b-0squeeze1

82861 - Debian DLA-203-1 : openldap security update

Synopsis

29
 The remote Debian host is missing a security update.
Description
Multiple vulnerabilities were found in OpenLDAP, a free implementation of the Lightweight Directory Access Protocol.
Please carefully check whether you are affected by CVE-2014-9713: if you are, you will need to manually upgrade
your configuration! See below for more details on this. Just upgrading the packages might not be enough!
CVE-2012-1164
Fix a crash when doing an attrsOnly search of a database configured with both the rwm and translucent overlays.
CVE-2013-4449
Michael Vishchers from Seven Principles AG discovered a denial of service vulnerability in slapd, the directory server
implementation.
When the server is configured to used the RWM overlay, an attacker can make it crash by unbinding just after
connecting, because of an issue with reference counting.
CVE-2014-9713
The default Debian configuration of the directory database allows every users to edit their own attributes. When LDAP
directories are used for access control, and this is done using user attributes, an authenticated user can leverage this
to gain access to unauthorized resources. . Please note this is a Debian specific vulnerability. .
The new package won't use the unsafe access control rule for new databases, but existing configurations won't
be automatically modified. Administrators are incited to look at the README.Debian file provided by the updated
package if they need to fix the access control rule.
CVE-2015-1545
Ryan Tandy discovered a denial of service vulnerability in slapd. When using the deref overlay, providing an empty
attribute list in a query makes the daemon crashes.
Thanks to Ryan Tandy for preparing this update.
NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security
advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing
additional issues.
See Also
https://lists.debian.org/debian-lts-announce/2015/04/msg00016.html

https://packages.debian.org/source/squeeze-lts/openldap
Solution
Upgrade the affected packages.
Risk Factor
High
Plugin Information:
Publication date: 2015/04/20, Modification date: 2015/04/20
Ports
tcp/0

Remote package installed : ldap-utils_2.4.23-7.3

Should be : ldap-utils_2.4.23-7.3+deb6u1
Remote package installed : libldap-2.4-2_2.4.23-7.3
Should be : libldap-2.4-2_2.4.23-7.3+deb6u1
Remote package installed : slapd_2.4.23-7.3
Should be : slapd_2.4.23-7.3+deb6u1

82218 - Debian DLA-73-1 : tzdata update

Synopsis
The remote Debian host is missing a security update.
Description
Upstream published version 2014h.
Changes since 2014e-0squeeze1 currently in squeeze are adjustments to the DST rules of Russia and a time zone
change for Turks & Caicos.
NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security
advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing
additional issues.
See Also
https://lists.debian.org/debian-lts-announce/2014/10/msg00006.html

30
 https://packages.debian.org/source/squeeze-lts/tzdata
Solution
Upgrade the affected tzdata, and tzdata-java packages.
Risk Factor
High
Plugin Information:
Publication date: 2015/03/26, Modification date: 2015/03/26
Ports
tcp/0

Remote package installed : tzdata_2012g-0squeeze1

Should be : tzdata_2014h-0squeeze1

82785 - Debian DLA-199-1 : libx11 security update

Synopsis
The remote Debian host is missing a security update.
Description
Abhishek Arya discovered a buffer overflow in the MakeBigReq macro provided by libx11, which could result in denial
of service or the execution of arbitrary code.
Several other xorg packages (e.g. libxrender) will be recompiled against the fixed package after the release of this
update. For detailed information on the status of recompiled packages please refer to the Debian Security Tracker at
https://security-tracker.debian.org/tracker/CVE-2013-7439
For the oldstable distribution (squeeze), this problem has been fixed in version 2:1.3.3-4+squeeze2.
For the stable distribution (wheezy), this problem has been fixed in version 2:1.5.0-1+deb7u2.
NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security
advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing
additional issues.
See Also
https://lists.debian.org/debian-lts-announce/2015/04/msg00012.html

https://packages.debian.org/source/squeeze-lts/libx11

https://security-tracker.debian.org/tracker/CVE-2013-7439
Solution
Upgrade the affected packages.
Risk Factor
High
CVSS Base Score
7.5 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS Temporal Score
6.5 (CVSS2#E:ND/RL:OF/RC:C)
References
BID 73962

CVE CVE-2013-7439
Plugin Information:
Publication date: 2015/04/15, Modification date: 2015/04/21
Ports
tcp/0

Remote package installed : libx11-6_2:1.3.3-4+squeeze1

Should be : libx11-6_2:1.3.3-4+squeeze2
Remote package installed : libx11-data_2:1.3.3-4+squeeze1

31
 Should be : libx11-data_2:1.3.3-4+squeeze2

82144 - Debian DLA-160-1 : sudo security update

Synopsis
The remote Debian host is missing a security update.
Description
This update fixes the CVEs described below.
CVE-2014-0106
Todd C. Miller reported that if the env_reset option is disabled in the sudoers file, the env_delete option is not correctly
applied to environment variables specified on the command line. A malicious user with sudo permissions may be
able to run arbitrary commands with elevated privileges by manipulating the environment of a command the user is
legitimately allowed to run.
CVE-2014-9680
Jakub Wilk reported that sudo preserves the TZ variable from a user's environment without any sanitization. A user
with sudo access may take advantage of this to exploit bugs in the C library functions which parse the TZ environment
variable or to open files that the user would not otherwise be able to open. The latter could potentially cause changes
in system behavior when reading certain device special files or cause the program run via sudo to block.
For the oldstable distribution (squeeze), these problems have been fixed in version 1.7.4p4-2.squeeze.5.
For the stable distribution (wheezy), they have been fixed in version 1.8.5p2-1+nmu2.
We recommend that you upgrade your sudo packages.
NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security
advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing
additional issues.
See Also
https://lists.debian.org/debian-lts-announce/2015/02/msg00014.html

https://packages.debian.org/source/squeeze-lts/sudo
Solution
Upgrade the affected sudo, and sudo-ldap packages.
Risk Factor
Medium
CVSS Base Score
6.6 (CVSS2#AV:L/AC:M/Au:S/C:C/I:C/A:C)
CVSS Temporal Score
5.7 (CVSS2#E:ND/RL:OF/RC:C)
References
BID 65997

BID 72649

CVE CVE-2014-0106

CVE CVE-2014-9680
Exploitable with
Core Impact (true)
Plugin Information:
Publication date: 2015/03/26, Modification date: 2015/03/26
Ports
tcp/0

Remote package installed : sudo_1.7.4p4-2.squeeze.4

Should be : sudo_1.7.4p4-2.squeeze.5

74375 - Debian DSA-2953-1 : dpkg - security update

Synopsis
The remote Debian host is missing a security-related update.

32
Description
Multiple vulnerabilities were discovered in dpkg that allow file modification through path traversal when unpacking
source packages with specially crafted patch files.
This update had been scheduled before the end of security support for the oldstable distribution (squeeze), hence
an exception has been made and was released through the security archive. However, no further updates should be
expected.
See Also
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=746498

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=749183

https://packages.debian.org/source/squeeze/dpkg

https://packages.debian.org/source/wheezy/dpkg

http://www.debian.org/security/2014/dsa-2953
Solution
Upgrade the dpkg packages.
For the oldstable distribution (squeeze), these problems have been fixed in version 1.15.11.
For the stable distribution (wheezy), these problems have been fixed in version 1.16.15.
Risk Factor
Medium
CVSS Base Score
6.4 (CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:P)
CVSS Temporal Score
5.6 (CVSS2#E:ND/RL:OF/RC:C)
References
BID 67725

BID 67727

CVE CVE-2014-3864

CVE CVE-2014-3865

XREF DSA:2953
Plugin Information:
Publication date: 2014/06/09, Modification date: 2015/02/16
Ports
tcp/0

Remote package installed : dpkg_1.15.8.13

Should be : dpkg_1.15.11

82211 - Debian DLA-66-1 : apache2 security update

Synopsis
The remote Debian host is missing a security update.
Description
CVE-2014-0231: prevent denial of service in mod_cgid.
CVE-2014-0226: prevent denial of service via race in mod_status.
CVE-2014-0118: fix resource consumption via mod_deflate body decompression.
CVE-2013-6438: prevent denial of service via mod_dav incorrect end of string
NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security
advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing
additional issues.

33
See Also
https://lists.debian.org/debian-lts-announce/2014/09/msg00023.html

https://packages.debian.org/source/squeeze-lts/apache2
Solution
Upgrade the affected packages.
Risk Factor
Medium
CVSS Base Score
6.8 (CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)
CVSS Temporal Score
5.9 (CVSS2#E:ND/RL:OF/RC:C)
STIG Severity
I
References
BID 66303

BID 68678

BID 68742

BID 68745

CVE CVE-2013-6438

CVE CVE-2014-0118

CVE CVE-2014-0226

CVE CVE-2014-0231

XREF IAVA:2015-A-0060
Plugin Information:
Publication date: 2015/03/26, Modification date: 2015/03/28
Ports
tcp/0

Remote package installed : apache2_2.2.16-6+squeeze11

Should be : apache2_2.2.16-6+squeeze13
Remote package installed : apache2-mpm-prefork_2.2.16-6+squeeze11
Should be : apache2-mpm-prefork_2.2.16-6+squeeze13
Remote package installed : apache2-utils_2.2.16-6+squeeze11
Should be : apache2-utils_2.2.16-6+squeeze13
Remote package installed : apache2.2-bin_2.2.16-6+squeeze11
Should be : apache2.2-bin_2.2.16-6+squeeze13
Remote package installed : apache2.2-common_2.2.16-6+squeeze11
Should be : apache2.2-common_2.2.16-6+squeeze13

82242 - Debian DLA-97-1 : eglibc security update

Synopsis
The remote Debian host is missing a security update.
Description
CVE-2012-6656
Fix validation check when converting from ibm930 to utf. When converting IBM930 code with iconv(), if IBM930 code
which includes invalid multibyte character '0xffff' is specified, then iconv() segfaults.
CVE-2014-6040

34
 Crashes on invalid input in IBM gconv modules [BZ #17325] These changes are based on the fix for BZ #14134 in
commit 6e230d11837f3ae7b375ea69d7905f0d18eb79e5.
CVE-2014-7817
The function wordexp() fails to properly handle the WRDE_NOCMD flag when processing arithmetic inputs in the
form of '$((... ``))' where '...' can be anything valid. The backticks in the arithmetic epxression are evaluated by in a
shell even if WRDE_NOCMD forbade command substitution. This allows an attacker to attempt to pass dangerous
commands via constructs of the above form, and bypass the WRDE_NOCMD flag. This patch fixes this by checking
for WRDE_NOCMD in exec_comm(), the only place that can execute a shell. All other checks for WRDE_NOCMD are
superfluous and removed.
NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security
advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing
additional issues.
See Also
https://lists.debian.org/debian-lts-announce/2014/11/msg00015.html

https://packages.debian.org/source/squeeze-lts/eglibc
Solution
Upgrade the affected packages.
Risk Factor
Medium
CVSS Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVSS Temporal Score
4.3 (CVSS2#E:ND/RL:OF/RC:C)
STIG Severity
I
References
BID 69470

BID 69472

BID 71216

CVE CVE-2012-6656

CVE CVE-2014-6040

CVE CVE-2014-7817

XREF IAVA:2015-A-0038
Plugin Information:
Publication date: 2015/03/26, Modification date: 2015/03/28
Ports
tcp/0

Remote package installed : libc-bin_2.11.3-4

Should be : libc-bin_2.11.3-4+deb6u2
Remote package installed : libc6_2.11.3-4
Should be : libc6_2.11.3-4+deb6u2
Remote package installed : libc6-i686_2.11.3-4
Should be : libc6-i686_2.11.3-4+deb6u2
Remote package installed : locales_2.11.3-4
Should be : locales_2.11.3-4+deb6u2

82143 - Debian DLA-16-1 : libxml2 security update

Synopsis
The remote Debian host is missing a security update.

35
Description
Daniel P. Berrange discovered a denial of service vulnerability in libxml2 entity substitution.
NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security
advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing
additional issues.
See Also
https://lists.debian.org/debian-lts-announce/2014/07/msg00005.html

https://packages.debian.org/source/squeeze-lts/libxml2
Solution
Upgrade the affected packages.
Risk Factor
Medium
CVSS Base Score
4.3 (CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P)
CVSS Temporal Score
3.7 (CVSS2#E:ND/RL:OF/RC:C)
References
BID 67233

CVE CVE-2014-0191
Plugin Information:
Publication date: 2015/03/26, Modification date: 2015/03/26
Ports
tcp/0

Remote package installed : libxml2_2.7.8.dfsg-2+squeeze7

Should be : libxml2_2.7.8.dfsg-2+squeeze9

72010 - Debian DSA-2845-1 : mysql-5.1 - several vulnerabilities

Synopsis
The remote Debian host is missing a security-related update.
Description
This DSA updates the MySQL 5.1 database to 5.1.73. This fixes multiple unspecified security problems in MySQL:
http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.h tml
See Also
http://www.nessus.org/u?17c46362

https://packages.debian.org/source/squeeze/mysql-5.1

http://www.debian.org/security/2014/dsa-2845
Solution
Upgrade the mysql-5.1 packages.
For the oldstable distribution (squeeze), these problems have been fixed in version 5.1.73-1.
Risk Factor
Medium
CVSS Base Score
4.0 (CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P)
CVSS Temporal Score
3.5 (CVSS2#E:ND/RL:OF/RC:C)
References

36
 BID 64849

BID 64877

BID 64880

BID 64896

BID 64898

BID 64904

BID 64908

CVE CVE-2013-5908

CVE CVE-2014-0386

CVE CVE-2014-0393

CVE CVE-2014-0401

CVE CVE-2014-0402

CVE CVE-2014-0412

CVE CVE-2014-0437

XREF DSA:2845
Plugin Information:
Publication date: 2014/01/20, Modification date: 2015/02/16
Ports
tcp/0

Remote package installed : libmysqlclient16_5.1.66-0+squeeze1

Should be : libmysqlclient16_5.1.73-1
Remote package installed : mysql-client-5.1_5.1.66-0+squeeze1
Should be : mysql-client-5.1_5.1.73-1
Remote package installed : mysql-common_5.1.66-0+squeeze1
Should be : mysql-common_5.1.73-1
Remote package installed : mysql-server_5.1.66-0+squeeze1
Should be : mysql-server_5.1.73-1
Remote package installed : mysql-server-5.1_5.1.66-0+squeeze1
Should be : mysql-server-5.1_5.1.73-1
Remote package installed : mysql-server-core-5.1_5.1.66-0+squeeze1
Should be : mysql-server-core-5.1_5.1.73-1

82225 - Debian DLA-80-1 : libxml2 security update

Synopsis
The remote Debian host is missing a security update.
Description
Sogeti found a denial of service flaw in libxml2, a library providing support to read, modify and write XML and HTML
files. A remote attacker could provide a specially crafted XML file that, when processed by an application using
libxml2, would lead to excessive CPU consumption (denial of service) based on excessive entity substitutions, even if
entity substitution was disabled, which is the parser default behavior. (CVE-2014-3660)
In addition, this update addresses a misapplied chunk for a patch released the previous version (#762864).
NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security
advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing
additional issues.
See Also
https://lists.debian.org/debian-lts-announce/2014/10/msg00014.html

37
 https://packages.debian.org/source/squeeze-lts/libxml2
Solution
Upgrade the affected packages.
Risk Factor
Medium
CVSS Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVSS Temporal Score
4.3 (CVSS2#E:ND/RL:OF/RC:C)
References
BID 67233

BID 70644

CVE CVE-2014-0191

CVE CVE-2014-3660
Plugin Information:
Publication date: 2015/03/26, Modification date: 2015/03/26
Ports
tcp/0

Remote package installed : libxml2_2.7.8.dfsg-2+squeeze7

Should be : libxml2_2.7.8.dfsg-2+squeeze10

72952 - Debian DSA-2873-1 : file - several vulnerabilities

Synopsis
The remote Debian host is missing a security-related update.
Description
Several vulnerabilities have been found in file, a file type classification tool.
Aaron Reffett reported a flaw in the way the file utility determined the type of Portable Executable (PE) format files,
the executable format used on Windows. When processing a defective or intentionally prepared PE executable which
contains invalid offset information, the file_strncmp routine will access memory that is out of bounds, causing file to
crash. The Common Vulnerabilities and Exposures project ID CVE-2014-2270 has been assigned to identify this flaw.
Mike Frysinger reported that file's rule for detecting AWK scripts significantly slows down file. The regular expression
to detect AWK files contained two star operators, which could be exploited to cause excessive backtracking in the
regex engine.
See Also
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=703993

https://security-tracker.debian.org/tracker/CVE-2014-2270

https://packages.debian.org/source/squeeze/file

https://packages.debian.org/source/wheezy/file

http://www.debian.org/security/2014/dsa-2873
Solution
Upgrade the file packages.
For the oldstable distribution (squeeze), these problems have been fixed in version 5.04-5+squeeze4.
For the stable distribution (wheezy), these problems have been fixed in version 5.11-2+deb7u2.
Risk Factor
Medium

38
CVSS Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVSS Temporal Score
4.3 (CVSS2#E:ND/RL:OF/RC:C)
References
BID 66002

CVE CVE-2013-7345

CVE CVE-2014-2270

XREF OSVDB:104081

XREF OSVDB:104208

XREF DSA:2873
Plugin Information:
Publication date: 2014/03/12, Modification date: 2015/02/16
Ports
tcp/0

Remote package installed : file_5.04-5+squeeze2

Should be : file_5.04-5+squeeze4
Remote package installed : libmagic1_5.04-5+squeeze2
Should be : libmagic1_5.04-5+squeeze4

72782 - Debian DSA-2869-1 : gnutls26 - incorrect certificate verification

Synopsis
The remote Debian host is missing a security-related update.
Description
Nikos Mavrogiannopoulos of Red Hat discovered an X.509 certificate verification issue in GnuTLS, an SSL/TLS
library. A certificate validation could be reported sucessfully even in cases were an error would prevent all verification
steps to be performed.
An attacker doing a man-in-the-middle of a TLS connection could use this vulnerability to present a carefully crafted
certificate that would be accepted by GnuTLS as valid even if not signed by one of the trusted authorities.
See Also
https://packages.debian.org/source/squeeze/gnutls26

https://packages.debian.org/source/wheezy/gnutls26

http://www.debian.org/security/2014/dsa-2869
Solution
Upgrade the gnutls26 packages.
For the oldstable distribution (squeeze), this problem has been fixed in version 2.8.6-1+squeeze3.
For the stable distribution (wheezy), this problem has been fixed in version 2.12.20-8+deb7u1.
Risk Factor
Medium
CVSS Base Score
5.8 (CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N)
CVSS Temporal Score
5.0 (CVSS2#E:ND/RL:OF/RC:C)
References
BID 65919

39
 CVE CVE-2014-0092

XREF DSA:2869
Plugin Information:
Publication date: 2014/03/04, Modification date: 2015/02/16
Ports
tcp/0

Remote package installed : libgnutls26_2.8.6-1+squeeze2

Should be : libgnutls26_2.8.6-1+squeeze3

82095 - Debian DLA-111-1 : cpio security update

Synopsis
The remote Debian host is missing a security update.
Description
Multiple issues have been identified in cpio, including a buffer overflow and multiple NULL pointer dereference,
resulting at least in a denial of service and possibly also in an unwanted code execution.
This has been fixed in Debian 6 Squeeze with version 2.11-4+deb6u1 by applying the upstream patches.
NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security
advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing
additional issues.
See Also
https://lists.debian.org/debian-lts-announce/2014/12/msg00014.html

https://packages.debian.org/source/squeeze-lts/cpio
Solution
Upgrade the affected cpio, and cpio-win32 packages.
Risk Factor
Medium
CVSS Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVSS Temporal Score
4.3 (CVSS2#E:ND/RL:OF/RC:C)
References
BID 71248

CVE CVE-2014-9112
Plugin Information:
Publication date: 2015/03/26, Modification date: 2015/03/26
Ports
tcp/0

Remote package installed : cpio_2.11-4

Should be : cpio_2.11-4+deb6u1

82087 - Debian DLA-103-1 : linux-2.6 security update

Synopsis
The remote Debian host is missing a security update.
Description
This security upload has been prepared in cooperation of the Debian Kernel, Security and LTS Teams and features
the upstream stable release 2.6.32.64 (see https://lkml.org/lkml/2014/11/23/181 for more information for that). It fixes
the CVEs described below.

40
 Note: if you are using the openvz flavors, please consider three things: a.) we haven't got any feedback on them
(while we have for all other flavors) b.) so do your test before deploying them and c.) once you have done so, please
give feedback to [email protected].
If you are not using openvz flavors, please still consider b+c :-)
CVE-2012-6657
Fix the sock_setsockopt function to prevent local users from being able to cause a denial of service (system crash)
attack.
CVE-2013-0228
Fix a XEN priviledge escalation, which allowed guest OS users to gain guest OS priviledges.
CVE-2013-7266
Fix the mISDN_sock_recvmsg function to prevent local users from obtaining sensitive information from kernel
memory.
CVE-2014-4157
MIPS platform: prevent local users from bypassing intended PR_SET_SECCOMP restrictions.
CVE-2014-4508
Prevent local users from causing a denial of service (OOPS and system crash) when syscall auditing is enabled .
CVE-2014-4653 CVE-2014-4654 CVE-2014-4655
Fix the ALSA control implementation to prevent local users from causing a denial of service attack and from obtaining
sensitive information from kernel memory.
CVE-2014-4943
Fix PPPoL2TP feature to prevent local users to from gaining privileges.
CVE-2014-5077
Prevent remote attackers from causing a denial of service attack involving SCTP.
CVE-2014-5471 CVE-2014-5472
Fix the parse_rock_ridge_inode_internal function to prevent local users from causing a denial of service attack via a
crafted iso9660 images.
CVE-2014-9090
Fix the do_double_fault function to prevent local users from causing a denial of service (panic) attack.
NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security
advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing
additional issues.
See Also
https://lists.debian.org/debian-lts-announce/2014/12/msg00006.html

https://lkml.org/lkml/2014/11/23/181

https://packages.debian.org/source/squeeze-lts/linux-2.6
Solution
Upgrade the affected packages.
Risk Factor
Medium
CVSS Base Score
6.9 (CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score
6.0 (CVSS2#E:ND/RL:OF/RC:C)
References
BID 57940

BID 64743

BID 68083

BID 68126

BID 68162

BID 68164

BID 68683

41
 BID 68768

BID 68881

BID 69396

BID 69428

BID 69803

BID 71250

CVE CVE-2012-6657

CVE CVE-2013-0228

CVE CVE-2013-7266

CVE CVE-2014-4157

CVE CVE-2014-4508

CVE CVE-2014-4653

CVE CVE-2014-4654

CVE CVE-2014-4655

CVE CVE-2014-4943

CVE CVE-2014-5077

CVE CVE-2014-5471

CVE CVE-2014-5472

CVE CVE-2014-9090
Plugin Information:
Publication date: 2015/03/26, Modification date: 2015/03/26
Ports
tcp/0

Remote package installed : firmware-linux-free_2.6.32-48squeeze3

Should be : firmware-linux-free_2.6.32-48squeeze9
Remote package installed : linux-base_2.6.32-48squeeze3
Should be : linux-base_2.6.32-48squeeze9
Remote package installed : linux-image-2.6.32-5-686_2.6.32-48squeeze3
Should be : linux-image-2.6.32-5-686_2.6.32-48squeeze9

70417 - Debian DSA-2779-1 : libxml2 - denial of service

Synopsis
The remote Debian host is missing a security-related update.
Description
Aki Helin of OUSPG discovered many out-of-bounds read issues in libxml2, the GNOME project's XML parser library,
which can lead to denial of service issues when handling XML documents that end abruptly.
See Also
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=715531

https://packages.debian.org/source/squeeze/libxml2

42
 https://packages.debian.org/source/wheezy/libxml2

http://www.debian.org/security/2013/dsa-2779
Solution
Upgrade the libxml2 packages.
For the oldstable distribution (squeeze), this problem has been fixed in version 2.7.8.dfsg-2+squeeze8.
For the stable distribution (wheezy), this problem has been fixed in version 2.8.0+dfsg1-7+nmu2.
Risk Factor
Medium
CVSS Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVSS Temporal Score
4.3 (CVSS2#E:ND/RL:OF/RC:C)
References
BID 61050

CVE CVE-2013-2877

XREF DSA:2779
Plugin Information:
Publication date: 2013/10/15, Modification date: 2015/02/16
Ports
tcp/0

Remote package installed : libxml2_2.7.8.dfsg-2+squeeze7

Should be : libxml2_2.7.8.dfsg-2+squeeze8

82134 - Debian DLA-151-1 : libxml2 security update

Synopsis
The remote Debian host is missing a security update.
Description
It was discovered that the update released for libxml2 in DSA 2978 fixing CVE-2014-0191 was incomplete. This
caused libxml2 to still fetch external entities regardless of whether entity substitution or validation is enabled.
In addition, this update addresses a regression introduced in DSA 3057 by the patch fixing CVE-2014-3660. This
caused libxml2 to not parse an entity when it's used first in another entity referenced from an attribute value.
NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security
advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing
additional issues.
See Also
https://lists.debian.org/debian-lts-announce/2015/02/msg00005.html

https://packages.debian.org/source/squeeze-lts/libxml2
Solution
Upgrade the affected packages.
Risk Factor
Medium
CVSS Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVSS Temporal Score
4.3 (CVSS2#E:ND/RL:OF/RC:C)
References

43
 BID 67233

BID 70644

CVE CVE-2014-0191

CVE CVE-2014-3660
Plugin Information:
Publication date: 2015/03/26, Modification date: 2015/03/26
Ports
tcp/0

Remote package installed : libxml2_2.7.8.dfsg-2+squeeze7

Should be : libxml2_2.7.8.dfsg-2+squeeze11

82212 - Debian DLA-67-1 : php5 security update

Synopsis
The remote Debian host is missing a security update.
Description
CVE-2014-3538
It was discovered that the original fix for CVE-2013-7345 did not sufficiently address the problem. A remote attacker
could still cause a denial of service (CPU consumption) via a specially crafted input file that triggers backtracking
during processing of an awk regular expression rule.
CVE-2014-3587
It was discovered that the CDF parser of the fileinfo module does not properly process malformed files in the
Composite Document File (CDF) format, leading to crashes.
CVE-2014-3597
It was discovered that the original fix for CVE-2014-4049 did not completely address the issue. A malicious server or
man-in-the-middle attacker could cause a denial of service (crash) and possibly execute arbitrary code via a crafted
DNS TXT record.
CVE-2014-4670
It was discovered that PHP incorrectly handled certain SPL Iterators.
A local attacker could use this flaw to cause PHP to crash, resulting in a denial of service.
NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security
advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing
additional issues.
See Also
https://lists.debian.org/debian-lts-announce/2014/09/msg00024.html

https://packages.debian.org/source/squeeze-lts/php5
Solution
Upgrade the affected packages.
Risk Factor
Medium
CVSS Base Score
6.8 (CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)
CVSS Temporal Score
5.9 (CVSS2#E:ND/RL:OF/RC:C)
References
BID 68348

BID 69322

BID 69325

CVE CVE-2014-3538

44
 CVE CVE-2014-3587

CVE CVE-2014-3597
Plugin Information:
Publication date: 2015/03/26, Modification date: 2015/03/26
Ports
tcp/0

Remote package installed : libapache2-mod-php5_5.3.3-7+squeeze15

Should be : libapache2-mod-php5_5.3.3-7+squeeze22
Remote package installed : php5_5.3.3-7+squeeze15
Should be : php5_5.3.3-7+squeeze22
Remote package installed : php5-cli_5.3.3-7+squeeze15
Should be : php5-cli_5.3.3-7+squeeze22
Remote package installed : php5-common_5.3.3-7+squeeze15
Should be : php5-common_5.3.3-7+squeeze22
Remote package installed : php5-ldap_5.3.3-7+squeeze15
Should be : php5-ldap_5.3.3-7+squeeze22
Remote package installed : php5-mysql_5.3.3-7+squeeze15
Should be : php5-mysql_5.3.3-7+squeeze22

82114 - Debian DLA-131-1 : file security update

Synopsis
The remote Debian host is missing a security update.
Description
Multiple security issues have been found in file, a tool/library to determine a file type. Processing a malformed file
could result in denial of service. Most of the changes are related to parsing ELF files.
As part of the fixes, several limits on aspects of the detection were added or tightened, sometimes resulting in
messages like 'recursion limit exceeded' or 'too many program header sections'.
To mitigate such shortcomings, these limits are controllable by a new '-R'/'--recursion' parameter in the file program.
Note: A future upgrade for file in squeeze-lts might replace this with the '-P'
parameter to keep usage consistent across all distributions.
CVE-2014-8116
The ELF parser (readelf.c) allows remote attackers to cause a denial of service (CPU consumption or crash).
CVE-2014-8117
softmagic.c does not properly limit recursion, which allows remote attackers to cause a denial of service (CPU
consumption or crash).
(no identifier has been assigned so far)
out-of-bounds memory access
NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security
advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing
additional issues.
See Also
https://lists.debian.org/debian-lts-announce/2015/01/msg00004.html

https://packages.debian.org/source/squeeze-lts/file
Solution
Upgrade the affected packages.
Risk Factor
Medium
CVSS Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVSS Temporal Score
4.3 (CVSS2#E:ND/RL:OF/RC:C)
References
BID 71692

45
 BID 71700

CVE CVE-2014-8116

CVE CVE-2014-8117
Plugin Information:
Publication date: 2015/03/26, Modification date: 2015/03/26
Ports
tcp/0

Remote package installed : file_5.04-5+squeeze2

Should be : file_5.04-5+squeeze9
Remote package installed : libmagic1_5.04-5+squeeze2
Should be : libmagic1_5.04-5+squeeze9

82222 - Debian DLA-77-1 : libtasn1-3 security update

Synopsis
The remote Debian host is missing a security update.
Description
Several vulnerabilities were discovered in libtasn1-3, a library that manages ASN1 (Abstract Syntax Notation One)
structures. An attacker could use those to cause a denial of service via out-of-bounds access or NULL pointer
dereference.
NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security
advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing
additional issues.
See Also
https://lists.debian.org/debian-lts-announce/2014/10/msg00010.html

https://packages.debian.org/source/squeeze-lts/libtasn1-3
Solution
Upgrade the affected packages.
Risk Factor
Medium
CVSS Base Score
6.8 (CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)
CVSS Temporal Score
5.9 (CVSS2#E:ND/RL:OF/RC:C)
References
BID 67745

BID 67748

BID 67749

CVE CVE-2014-3467

CVE CVE-2014-3468

CVE CVE-2014-3469
Plugin Information:
Publication date: 2015/03/26, Modification date: 2015/03/26
Ports
tcp/0

46
 Remote package installed : libtasn1-3_2.7-1+squeeze+1
Should be : libtasn1-3_2.7-1+squeeze+2

82175 - Debian DLA-27-1 : file security update

Synopsis
The remote Debian host is missing a security update.
Description
Fix various denial of service attacks :
CVE-2014-3487
The cdf_read_property_info function does not properly validate a stream offset, which allows remote attackers to
cause a denial of service (application crash) via a crafted CDF file.
CVE-2014-3480
The cdf_count_chain function in cdf.c in does not properly validate sector-count data, which allows remote attackers to
cause a denial of service (application crash) via a crafted CDF file.
CVE-2014-3479
The cdf_check_stream_offset function in cdf.c relies on incorrect sector-size data, which allows remote attackers to
cause a denial of service (application crash) via a crafted stream offset in a CDF file.
CVE-2014-3478
Buffer overflow in the mconvert function in softmagic.c allows remote attackers to cause a denial of service
(application crash) via a crafted Pascal string in a FILE_PSTRING conversion.
CVE-2014-0238
The cdf_read_property_info function in cdf.c allows remote attackers to cause a denial of service (infinite loop or out-
of-bounds memory access) via a vector that (1) has zero length or (2) is too long.
CVE-2014-0237
The cdf_unpack_summary_info function in cdf.c allows remote attackers to cause a denial of service (performance
degradation) by triggering many file_printf calls.
CVE-2014-0207
The cdf_read_short_sector function in cdf.c allows remote attackers to cause a denial of service (assertion failure and
application exit) via a crafted CDF file.
NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security
advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing
additional issues.
See Also
https://lists.debian.org/debian-lts-announce/2014/07/msg00013.html

https://packages.debian.org/source/squeeze-lts/file
Solution
Upgrade the affected packages.
Risk Factor
Medium
CVSS Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVSS Temporal Score
4.3 (CVSS2#E:ND/RL:OF/RC:C)
References
BID 67759

BID 67765

BID 68120

BID 68238

BID 68239

BID 68241

BID 68243

47
 CVE CVE-2014-0207

CVE CVE-2014-0237

CVE CVE-2014-0238

CVE CVE-2014-3478

CVE CVE-2014-3479

CVE CVE-2014-3480

CVE CVE-2014-3487
Plugin Information:
Publication date: 2015/03/26, Modification date: 2015/03/26
Ports
tcp/0

Remote package installed : file_5.04-5+squeeze2

Should be : file_5.04-5+squeeze6
Remote package installed : libmagic1_5.04-5+squeeze2
Should be : libmagic1_5.04-5+squeeze6

82231 - Debian DLA-86-1 : file security update

Synopsis
The remote Debian host is missing a security update.
Description
Francisco Alonso of Red Hat Product Security found an issue in the file utility: when checking ELF files, note headers
are incorrectly checked, thus potentially allowing attackers to cause a denial of service (out-of-bounds read and
application crash) by supplying a specially crafted ELF file.
For the long-term stable distribution (squeeze-lts), this problem has been fixed in version 5.04-5+squeeze8.
NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security
advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing
additional issues.
See Also
https://lists.debian.org/debian-lts-announce/2014/11/msg00005.html

https://packages.debian.org/source/squeeze-lts/file
Solution
Upgrade the affected packages.
Risk Factor
Medium
CVSS Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVSS Temporal Score
4.3 (CVSS2#E:ND/RL:OF/RC:C)
References
BID 70807

CVE CVE-2014-3710
Plugin Information:
Publication date: 2015/03/26, Modification date: 2015/03/26
Ports
tcp/0

48
 Remote package installed : file_5.04-5+squeeze2
Should be : file_5.04-5+squeeze8
Remote package installed : libmagic1_5.04-5+squeeze2
Should be : libmagic1_5.04-5+squeeze8

73350 - Debian DSA-2894-1 : openssh - security update

Synopsis
The remote Debian host is missing a security-related update.
Description
Two vulnerabilities were discovered in OpenSSH, an implementation of the SSH protocol suite. The Common
Vulnerabilities and Exposures project identifies the following problems :
- CVE-2014-2532 Jann Horn discovered that OpenSSH incorrectly handled wildcards in AcceptEnv lines. A remote
attacker could use this issue to trick OpenSSH into accepting any environment variable that contains the characters
before the wildcard character.
- CVE-2014-2653 Matthew Vernon reported that if a SSH server offers a HostCertificate that the ssh client doesn't
accept, then the client doesn't check the DNS for SSHFP records. As a consequence a malicious server can disable
SSHFP-checking by presenting a certificate.
Note that a host verification prompt is still displayed before connecting.
See Also
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=742513

https://security-tracker.debian.org/tracker/CVE-2014-2532

https://security-tracker.debian.org/tracker/CVE-2014-2653

https://packages.debian.org/source/squeeze/openssh

https://packages.debian.org/source/wheezy/openssh

http://www.debian.org/security/2014/dsa-2894
Solution
Upgrade the openssh packages.
For the oldstable distribution (squeeze), these problems have been fixed in version 1:5.5p1-6+squeeze5.
For the stable distribution (wheezy), these problems have been fixed in version 1:6.0p1-4+deb7u1.
Risk Factor
Medium
CVSS Base Score
5.8 (CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N)
CVSS Temporal Score
5.0 (CVSS2#E:ND/RL:OF/RC:C)
References
BID 66355

BID 66459

CVE CVE-2014-2532

CVE CVE-2014-2653

XREF DSA:2894
Plugin Information:
Publication date: 2014/04/07, Modification date: 2015/02/16
Ports
tcp/0

49
 Remote package installed : openssh-client_1:5.5p1-6+squeeze3
Should be : openssh-client_1:5.5p1-6+squeeze5
Remote package installed : openssh-server_1:5.5p1-6+squeeze3
Should be : openssh-server_1:5.5p1-6+squeeze5

82197 - Debian DLA-50-1 : file security update

Synopsis
The remote Debian host is missing a security update.
Description
CVE-2014-3538
file does not properly restrict the amount of data read during a regex search, which allows remote attackers to cause a
denial of service (CPU consumption).
CVE-2014-3587
Integer overflow in the cdf_read_property_info function in cdf.c allows remote attackers to cause a denial of service
(application crash).
Note: The other seven issues for wheezy, fixed in 5.11-2+deb7u4 (DSA-3021-1), were already handled in
5.04-5+squeeze6 (DLA 27-1) in July 2014. Also, as an amendment, as a side effect of the changes done back then
then, the MIME type detection of some files had improved from 'application/octet-stream' to something more specific
like 'application/x-dosexec' or 'application/x-iso9660-image'.
NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security
advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing
additional issues.
See Also
https://lists.debian.org/debian-lts-announce/2014/09/msg00006.html

https://packages.debian.org/source/squeeze-lts/file
Solution
Upgrade the affected packages.
Risk Factor
Medium
CVSS Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVSS Temporal Score
4.3 (CVSS2#E:ND/RL:OF/RC:C)
References
BID 68348

BID 69325

CVE CVE-2014-3538

CVE CVE-2014-3587
Plugin Information:
Publication date: 2015/03/26, Modification date: 2015/03/26
Ports
tcp/0

Remote package installed : file_5.04-5+squeeze2

Should be : file_5.04-5+squeeze7
Remote package installed : libmagic1_5.04-5+squeeze2
Should be : libmagic1_5.04-5+squeeze7

82216 - Debian DLA-71-1 : apache2 security update

Synopsis
The remote Debian host is missing a security update.
Description
This update fixes two security issues with apache2.

50
 CVE-2013-5704
Disable the possibility to replace HTTP headers with HTTP trailers as this could be used to circumvent earlier header
operations made by other modules. This can be restored with a new MergeTrailers directive.
CVE-2014-3581
Fix denial of service where Apache can segfault when mod_cache is used and when the cached request contains an
empty Content-Type header.
NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security
advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing
additional issues.
See Also
https://lists.debian.org/debian-lts-announce/2014/10/msg00003.html

https://packages.debian.org/source/squeeze-lts/apache2
Solution
Upgrade the affected packages.
Risk Factor
Medium
CVSS Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)
CVSS Temporal Score
4.3 (CVSS2#E:ND/RL:OF/RC:C)
STIG Severity
I
References
BID 66550

BID 71656

CVE CVE-2013-5704

CVE CVE-2014-3581

XREF IAVA:2015-A-0060
Plugin Information:
Publication date: 2015/03/26, Modification date: 2015/03/28
Ports
tcp/0

Remote package installed : apache2_2.2.16-6+squeeze11

Should be : apache2_2.2.16-6+squeeze14
Remote package installed : apache2-mpm-prefork_2.2.16-6+squeeze11
Should be : apache2-mpm-prefork_2.2.16-6+squeeze14
Remote package installed : apache2-utils_2.2.16-6+squeeze11
Should be : apache2-utils_2.2.16-6+squeeze14
Remote package installed : apache2.2-bin_2.2.16-6+squeeze11
Should be : apache2.2-bin_2.2.16-6+squeeze14
Remote package installed : apache2.2-common_2.2.16-6+squeeze11
Should be : apache2.2-common_2.2.16-6+squeeze14

82181 - Debian DLA-33-1 : openssl security update

Synopsis
The remote Debian host is missing a security update.
Description
Detailed descriptions of the vulnerabilities can be found at:
https://www.openssl.org/news/secadv_20140806.txt
It's important that you upgrade the libssl0.9.8 package and not just the openssl package.

51
 All applications linked to openssl need to be restarted. You can use the 'checkrestart' tool from the debian-goodies
package to detect affected programs. Alternatively, you may reboot your system.
NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security
advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing
additional issues.
See Also
https://lists.debian.org/debian-lts-announce/2014/08/msg00007.html

https://packages.debian.org/source/squeeze-lts/openssl

https://www.openssl.org/news/secadv_20140806.txt
Solution
Upgrade the affected packages.
Risk Factor
Medium
CVSS Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVSS Temporal Score
4.3 (CVSS2#E:ND/RL:OF/RC:C)
References
BID 69075

BID 69076

BID 69078

BID 69081

BID 69082

CVE CVE-2014-3505

CVE CVE-2014-3506

CVE CVE-2014-3507

CVE CVE-2014-3508

CVE CVE-2014-3510
Plugin Information:
Publication date: 2015/03/26, Modification date: 2015/03/26
Ports
tcp/0

Remote package installed : libssl0.9.8_0.9.8o-4squeeze14

Should be : libssl0.9.8_0.9.8o-4squeeze17
Remote package installed : openssl_0.9.8o-4squeeze14
Should be : openssl_0.9.8o-4squeeze17

82128 - Debian DLA-145-1 : php5 security update

Synopsis
The remote Debian host is missing a security update.
Description
Brief introduction
CVE-2014-0237

52
 The cdf_unpack_summary_info function in cdf.c in the Fileinfo component in PHP before 5.4.29 and 5.5.x before
5.5.13 allows remote attackers to cause a denial of service (performance degradation) by triggering many file_printf
calls.
CVE-2014-0238
The cdf_read_property_info function in cdf.c in the Fileinfo component in PHP before 5.4.29 and 5.5.x before 5.5.13
allows remote attackers to cause a denial of service (infinite loop or out-of-bounds memory access) via a vector that
(1) has zero length or (2) is too long.
CVE-2014-2270
softmagic.c in file before 5.17 and libmagic allows context dependent attackers to cause a denial of service (out-of-
bounds memory access and crash) via crafted offsets in the softmagic of a PE executable.
CVE-2014-8117
- Stop reporting bad capabilities after the first few.
- limit the number of program and section header number of sections
- limit recursion level
CVE-2015-TEMP (no official CVE number available yet)
- NULL pointer deference (PHP bugs: 68739 68740)
- out-of-bounds memory access (file bug: 398) additional patches from CVE-2014-3478 added
NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security
advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing
additional issues.
See Also
https://lists.debian.org/debian-lts-announce/2015/01/msg00019.html

https://packages.debian.org/source/squeeze-lts/php5
Solution
Upgrade the affected packages.
Risk Factor
Medium
CVSS Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVSS Temporal Score
4.3 (CVSS2#E:ND/RL:OF/RC:C)
References
BID 66002

BID 67759

BID 67765

BID 71692

CVE CVE-2014-0237

CVE CVE-2014-0238

CVE CVE-2014-2270

CVE CVE-2014-8117
Plugin Information:
Publication date: 2015/03/26, Modification date: 2015/03/26
Ports
tcp/0

Remote package installed : libapache2-mod-php5_5.3.3-7+squeeze15

Should be : libapache2-mod-php5_5.3.3-7+squeeze24
Remote package installed : php5_5.3.3-7+squeeze15
Should be : php5_5.3.3-7+squeeze24
Remote package installed : php5-cli_5.3.3-7+squeeze15

53
 Should be : php5-cli_5.3.3-7+squeeze24
Remote package installed : php5-common_5.3.3-7+squeeze15
Should be : php5-common_5.3.3-7+squeeze24
Remote package installed : php5-ldap_5.3.3-7+squeeze15
Should be : php5-ldap_5.3.3-7+squeeze24
Remote package installed : php5-mysql_5.3.3-7+squeeze15
Should be : php5-mysql_5.3.3-7+squeeze24

72758 - Debian DSA-2868-1 : php5 - denial of service

Synopsis
The remote Debian host is missing a security-related update.
Description
It was discovered that file, a file type classification tool, contains a flaw in the handling of 'indirect' magic rules in the
libmagic library, which leads to an infinite recursion when trying to determine the file type of certain files. The Common
Vulnerabilities and Exposures project ID CVE-2014-1943 has been assigned to identify this flaw. Additionally, other
well-crafted files might result in long computation times (while using 100% CPU) and overlong results.
This update corrects this flaw in the copy that is embedded in the php5 package.
See Also
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=739012

https://security-tracker.debian.org/tracker/CVE-2014-1943

https://packages.debian.org/source/squeeze/php5

https://packages.debian.org/source/wheezy/php5

http://www.debian.org/security/2014/dsa-2868
Solution
Upgrade the php5 packages.
For the oldstable distribution (squeeze), this problem has been fixed in version 5.3.3-7+squeeze19.
For the stable distribution (wheezy), this problem has been fixed in version 5.4.4-14+deb7u8.
Risk Factor
Medium
CVSS Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVSS Temporal Score
4.3 (CVSS2#E:ND/RL:OF/RC:C)
References
BID 65596

CVE CVE-2014-1943

XREF DSA:2868
Plugin Information:
Publication date: 2014/03/03, Modification date: 2015/02/16
Ports
tcp/0

Remote package installed : libapache2-mod-php5_5.3.3-7+squeeze15

Should be : libapache2-mod-php5_5.3.3-7+squeeze19
Remote package installed : php5_5.3.3-7+squeeze15
Should be : php5_5.3.3-7+squeeze19
Remote package installed : php5-cli_5.3.3-7+squeeze15
Should be : php5-cli_5.3.3-7+squeeze19
Remote package installed : php5-common_5.3.3-7+squeeze15
Should be : php5-common_5.3.3-7+squeeze19
Remote package installed : php5-ldap_5.3.3-7+squeeze15
Should be : php5-ldap_5.3.3-7+squeeze19
Remote package installed : php5-mysql_5.3.3-7+squeeze15

54
 Should be : php5-mysql_5.3.3-7+squeeze19

82115 - Debian DLA-132-1 : openssl security update

Synopsis
The remote Debian host is missing a security update.
Description
Multiple vulnerabilities have been discovered in OpenSSL, a Secure Sockets Layer toolkit. The Common
Vulnerabilities and Exposures project identifies the following issues :
CVE-2014-3570
Pieter Wuille of Blockstream reported that the bignum squaring (BN_sqr) may produce incorrect results on some
platforms, which might make it easier for remote attackers to defeat cryptographic protection mechanisms.
CVE-2014-3571
Markus Stenberg of Cisco Systems, Inc. reported that a carefully crafted DTLS message can cause a segmentation
fault in OpenSSL due to a NULL pointer dereference. A remote attacker could use this flaw to mount a denial of
service attack.
CVE-2014-3572
Karthikeyan Bhargavan of the PROSECCO team at INRIA reported that an OpenSSL client would accept a
handshake using an ephemeral ECDH ciphersuite if the server key exchange message is omitted. This allows remote
SSL servers to conduct ECDHE-to-ECDH downgrade attacks and trigger a loss of forward secrecy.
CVE-2014-8275
Antti Karjalainen and Tuomo Untinen of the Codenomicon CROSS project and Konrad Kraszewski of Google reported
various certificate fingerprint issues, which allow remote attackers to defeat a fingerprint-based certificate-blacklist
protection mechanism.
CVE-2015-0204
Karthikeyan Bhargavan of the PROSECCO team at INRIA reported that an OpenSSL client will accept the use of an
ephemeral RSA key in a non-export RSA key exchange ciphersuite, violating the TLS standard.
This allows remote SSL servers to downgrade the security of the session.
NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security
advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing
additional issues.
See Also
https://lists.debian.org/debian-lts-announce/2015/01/msg00005.html

https://packages.debian.org/source/squeeze-lts/openssl
Solution
Upgrade the affected packages.
Risk Factor
Medium
CVSS Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)
CVSS Temporal Score
4.3 (CVSS2#E:ND/RL:OF/RC:C)
References
BID 71935

BID 71936

BID 71937

BID 71939

BID 71942

BID 74107

CVE CVE-2014-3570

CVE CVE-2014-3571

55
 CVE CVE-2014-3572

CVE CVE-2014-8275

CVE CVE-2015-0204
Plugin Information:
Publication date: 2015/03/26, Modification date: 2015/04/15
Ports
tcp/0

Remote package installed : libssl0.9.8_0.9.8o-4squeeze14

Should be : libssl0.9.8_0.9.8o-4squeeze19
Remote package installed : openssl_0.9.8o-4squeeze14
Should be : openssl_0.9.8o-4squeeze19

82166 - Debian DLA-180-1 : gnutls26 security update

Synopsis
The remote Debian host is missing a security update.
Description
Multiple vulnerabilities have been discovered in GnuTLS, a library implementing the TLS and SSL protocols. The
Common Vulnerabilities and Exposures project identifies the following problems :
CVE-2014-8155
Missing date/time checks on CA certificates
CVE-2015-0282
GnuTLS does not verify the RSA PKCS #1 signature algorithm to match the signature algorithm in the certificate,
leading to a potential downgrade to a disallowed algorithm without detecting it.
CVE-2015-0294
GnuTLS does not check whether the two signature algorithms match on certificate import.
NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security
advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing
additional issues.
See Also
https://lists.debian.org/debian-lts-announce/2015/03/msg00017.html

https://packages.debian.org/source/squeeze-lts/gnutls26
Solution
Upgrade the affected packages.
Risk Factor
Medium
CVSS Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)
CVSS Temporal Score
4.3 (CVSS2#E:ND/RL:OF/RC:C)
References
BID 73119

BID 73162

BID 73317

CVE CVE-2014-8155

CVE CVE-2015-0282

CVE CVE-2015-0294
Plugin Information:

56
 Publication date: 2015/03/26, Modification date: 2015/03/26
Ports
tcp/0

Remote package installed : libgnutls26_2.8.6-1+squeeze2

Should be : libgnutls26_2.8.6-1+squeeze5

82160 - Debian DLA-175-1 : gnupg security update

Synopsis
The remote Debian host is missing a security update.
Description
Multiple vulnerabilities were discovered in GnuPG, the GNU Privacy Guard :
CVE-2014-3591
The Elgamal decryption routine was susceptible to a side-channel attack discovered by researchers of Tel Aviv
University. Ciphertext blinding was enabled to counteract it. Note that this may have a quite noticeable impact on
Elgamal decryption performance.
CVE-2015-0837
The modular exponentiation routine mpi_powm() was susceptible to a side-channel attack caused by data-dependent
timing variations when accessing its internal pre-computed table.
CVE-2015-1606
The keyring parsing code did not properly reject certain packet types not belonging in a keyring, which caused an
access to memory already freed. This could allow remote attackers to cause a denial of service (crash) via crafted
keyring files.
For the oldstable distribution (squeeze), those problems have been fixed in version 1.4.10-4+squeeze7.
For the stable distribution (wheezy), these problems have been fixed in version 1.4.12-7+deb7u7.
We recommend that you upgrade your gnupg packages.
NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security
advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing
additional issues.
See Also
https://lists.debian.org/debian-lts-announce/2015/03/msg00012.html

https://packages.debian.org/source/squeeze-lts/gnupg
Solution
Upgrade the affected packages.
Risk Factor
Medium
CVSS Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVSS Temporal Score
4.3 (CVSS2#E:ND/RL:OF/RC:C)
References
BID 72609

BID 73064

BID 73066

CVE CVE-2014-3591

CVE CVE-2015-0837

CVE CVE-2015-1606
Plugin Information:
Publication date: 2015/03/26, Modification date: 2015/03/26
Ports

57
tcp/0

Remote package installed : gnupg_1.4.10-4+squeeze1

Should be : gnupg_1.4.10-4+squeeze7
Remote package installed : gpgv_1.4.10-4+squeeze1
Should be : gpgv_1.4.10-4+squeeze7

82668 - Debian DLA-190-1 : libgcrypt11 security update

Synopsis
The remote Debian host is missing a security update.
Description
Multiple vulnerabilities were discovered in libgcrypt :
CVE-2014-3591
The Elgamal decryption routine was susceptible to a side-channel attack discovered by researchers of Tel Aviv
University. Ciphertext blinding was enabled to counteract it. Note that this may have a quite noticeable impact on
Elgamal decryption performance.
CVE-2015-0837
The modular exponentiation routine mpi_powm() was susceptible to a side-channel attack caused by data-dependent
timing variations when accessing its internal pre-computed table.
NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security
advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing
additional issues.
See Also
https://lists.debian.org/debian-lts-announce/2015/04/msg00004.html

https://packages.debian.org/source/squeeze-lts/libgcrypt11
Solution
Upgrade the affected packages.
Risk Factor
Low
CVSS Base Score
1.2 (CVSS2#AV:L/AC:H/Au:N/C:P/I:N/A:N)
CVSS Temporal Score
1.0 (CVSS2#E:ND/RL:OF/RC:C)
References
BID 73064

BID 73066

CVE CVE-2014-3591

CVE CVE-2015-0837
Plugin Information:
Publication date: 2015/04/10, Modification date: 2015/04/10
Ports
tcp/0

Remote package installed : libgcrypt11_1.4.5-2

Should be : libgcrypt11_1.4.5-2+squeeze3

69109 - Debian DSA-2731-1 : libgcrypt11 - information leak

Synopsis
The remote Debian host is missing a security-related update.
Description

58
 Yarom and Falkner discovered that RSA secret keys in applications using the libgcrypt11 library, for example GnuPG
2.x, could be leaked via a side channel attack, where a malicious local user could obtain private key information from
another user on the system.
See Also
https://packages.debian.org/source/squeeze/libgcrypt11

https://packages.debian.org/source/wheezy/libgcrypt11

http://www.debian.org/security/2013/dsa-2731
Solution
Upgrade the libgcrypt11 packages.
For the oldstable distribution (squeeze), this problem has been fixed in version 1.4.5-2+squeeze1.
For the stable distribution (wheezy), this problem has been fixed in version 1.5.0-5+deb7u1.
Risk Factor
Low
CVSS Base Score
1.9 (CVSS2#AV:L/AC:M/Au:N/C:P/I:N/A:N)
CVSS Temporal Score
1.7 (CVSS2#E:ND/RL:OF/RC:C)
References
BID 61464

CVE CVE-2013-4242

XREF OSVDB:95657

XREF DSA:2731
Plugin Information:
Publication date: 2013/07/30, Modification date: 2015/02/16
Ports
tcp/0

Remote package installed : libgcrypt11_1.4.5-2

Should be : libgcrypt11_1.4.5-2+squeeze1

82238 - Debian DLA-93-1 : libgcrypt11 security update

Synopsis
The remote Debian host is missing a security update.
Description
Daniel Genkin, Itamar Pipman and Eran Tromer discovered that Elgamal encryption subkeys in applications using
the libgcrypt11 library, for example GnuPG 2.x, could be leaked via a side-channel attack (see http://www.cs.tau.ac.il/
~tromer/handsoff/).
This is fixed in Squeeze in version 1.4.5-2+squeeze2.
We recommend that you upgrade your libgcrypt11 packages.
NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security
advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing
additional issues.
See Also
http://www.cs.tau.ac.il/~tromer/handsoff/

https://lists.debian.org/debian-lts-announce/2014/11/msg00012.html

https://packages.debian.org/source/squeeze-lts/libgcrypt11
Solution

59
 Upgrade the affected packages.
Risk Factor
Low
CVSS Base Score
2.1 (CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N)
CVSS Temporal Score
1.8 (CVSS2#E:ND/RL:OF/RC:C)
References
BID 69164

CVE CVE-2014-5270
Plugin Information:
Publication date: 2015/03/26, Modification date: 2015/03/26
Ports
tcp/0

Remote package installed : libgcrypt11_1.4.5-2

Should be : libgcrypt11_1.4.5-2+squeeze2

71526 - Debian DSA-2821-1 : gnupg - side channel attack

Synopsis
The remote Debian host is missing a security-related update.
Description
Genkin, Shamir and Tromer discovered that RSA key material could be extracted by using the sound generated by the
computer during the decryption of some chosen ciphertexts.
See Also
https://packages.debian.org/source/squeeze/gnupg

https://packages.debian.org/source/wheezy/gnupg

http://www.debian.org/security/2013/dsa-2821
Solution
Upgrade the gnupg packages.
For the oldstable distribution (squeeze), this problem has been fixed in version 1.4.10-4+squeeze4.
For the stable distribution (wheezy), this problem has been fixed in version 1.4.12-7+deb7u3.
Risk Factor
Low
CVSS Base Score
2.1 (CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N)
References
CVE CVE-2013-4576

XREF OSVDB:101170

XREF DSA:2821
Plugin Information:
Publication date: 2013/12/19, Modification date: 2015/02/16
Ports
tcp/0

Remote package installed : gnupg_1.4.10-4+squeeze1

60
 Should be : gnupg_1.4.10-4+squeeze4
Remote package installed : gpgv_1.4.10-4+squeeze1
Should be : gpgv_1.4.10-4+squeeze4

64582 - Netstat Connection Information

Synopsis
Nessus is able to parse the results of the 'netstat' command on the remote host.
Description
The remote host has listening ports or established connections that Nessus was able to extract from the results of the
'netstat' command.
Solution
n/a
Risk Factor
None
Plugin Information:
Publication date: 2013/02/13, Modification date: 2013/06/18
Ports
tcp/0
tcp4 (listen)
src: [host=0.0.0.0, port=3306]
dst: [host=0.0.0.0, port=*]

tcp4 (listen)
src: [host=0.0.0.0, port=22]
dst: [host=0.0.0.0, port=*]

tcp4 (listen)
src: [host=0.0.0.0, port=389]
dst: [host=0.0.0.0, port=*]

tcp4 (established)
src: [host=192.168.137.131, port=22]
dst: [host=192.168.137.1, port=62202]

tcp6 (listen)
src: [host=::, port=80]
dst: [host=::, port=*]

tcp6 (listen)
src: [host=::, port=389]
dst: [host=::, port=*]

udp4 (listen)
src: [host=0.0.0.0, port=68]
dst: [host=0.0.0.0, port=*]

58651 - Netstat Active Connections

Synopsis
Active connections are enumerated via the 'netstat' command.
Description
This plugin runs 'netstat' on the remote machine to enumerate all active 'ESTABLISHED' or 'LISTENING' tcp/udp
connections.
Solution
n/a
Risk Factor
None
Plugin Information:
Publication date: 2012/04/10, Modification date: 2012/04/10
Ports

61
tcp/0

Netstat output :
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:389 0.0.0.0:* LISTEN
tcp 0 0 192.168.137.131:22 192.168.137.1:62202 ESTABLISHED
tcp6 0 0 :::80 :::* LISTEN
tcp6 0 0 :::389 :::* LISTEN
udp 0 0 0.0.0.0:68 0.0.0.0:*

25220 - TCP/IP Timestamps Supported

Synopsis
The remote service implements TCP timestamps.
Description
The remote host implements TCP timestamps, as defined by RFC1323. A side effect of this feature is that the uptime
of the remote host can sometimes be computed.
See Also
http://www.ietf.org/rfc/rfc1323.txt
Solution
n/a
Risk Factor
None
Plugin Information:
Publication date: 2007/05/16, Modification date: 2011/03/20
Ports
tcp/0
12634 - Authenticated Check : OS Name and Installed Package Enumeration
Synopsis
This plugin gathers information about the remote host via an authenticated session.
Description
This plugin logs into the remote host using SSH, RSH, RLOGIN, Telnet, or local commands and extracts the list of
installed packages.
If using SSH, the scan should be configured with a valid SSH public key and possibly an SSH passphrase (if the SSH
public key is protected by a passphrase).
Solution
n/a
Risk Factor
None
Plugin Information:
Publication date: 2004/07/06, Modification date: 2015/05/12
Ports
tcp/0
It was possible to log into the remote host using the supplied
password.

The output of "uname -a" is :

Linux debian 2.6.32-5-686 #1 SMP Fri May 10 08:33:48 UTC 2013 i686 GNU/Linux

The remote Debian system is :

6.0.7

Local security checks have been enabled for this host.

18261 - Apache Banner Linux Distribution Disclosure

62
Synopsis
The name of the Linux distribution running on the remote host was found in the banner of the web server.
Description
This plugin extracts the banner of the Apache web server and attempts to determine which Linux distribution the
remote host is running.
Solution
If you do not wish to display this information, edit 'httpd.conf' and set the directive 'ServerTokens Prod' and restart
Apache.
Risk Factor
None
Plugin Information:
Publication date: 2005/05/15, Modification date: 2015/05/06
Ports
tcp/0

The Linux distribution detected was :

- Debian 6.0 (squeeze)

22869 - Software Enumeration (SSH)

Synopsis
It is possible to enumerate installed software on the remote host via SSH.
Description
This plugin lists the software installed on the remote host by calling the appropriate command, e.g. 'rpm -qa' on RPM-
based Linux distributions, qpkg, dpkg, etc.
Solution
Remove any software that is not in compliance with your organization's acceptable use and security policies.
Risk Factor
None
Plugin Information:
Publication date: 2006/10/15, Modification date: 2014/12/22
Ports
tcp/0

Here is the list of packages installed on the remote Debian Linux system :

+++-========================================================-
========================================================-
==============================================================================================================
Desired=Unknown/Install/Remove/Purge/Hold
ii adduser 3.112+nmu2
add and remove users and groups
ii apache2 2.2.16-6+squeeze11
Apache HTTP Server metapackage
ii apache2-mpm-prefork 2.2.16-6+squeeze11
Apache HTTP Server - traditional non-threaded model
ii apache2-utils 2.2.16-6+squeeze11
utility programs for webservers
ii apache2.2-bin 2.2.16-6+squeeze11
Apache HTTP Server common binary files
ii apache2.2-common 2.2.16-6+squeeze11
Apache HTTP Server common files
ii apt 0.8.10.3+squeeze1
Advanced front-end for dpkg
ii apt-utils 0.8.10.3+squeeze1
APT utility programs
ii aptitude 0.6.3-3.2+squeeze1
terminal-based package manager (terminal interface only)
ii base-files 6.0squeeze7
Debian base system miscellaneous files

63
 ii base-passwd 3.5.22
[...]

55472 - Device Hostname

Synopsis
It is possible to determine the remote system hostname.
Description
This plugin reports a device's hostname collected via SSH or WMI.
Solution
n/a
Risk Factor
None
Plugin Information:
Publication date: 2011/06/30, Modification date: 2014/01/07
Ports
tcp/0

Hostname : debian

20094 - VMware Virtual Machine Detection

Synopsis
The remote host seems to be a VMware virtual machine.
Description
According to the MAC address of its network adapter, the remote host is a VMware virtual machine.
Since it is physically accessible through the network, ensure that its configuration matches your organization's security
policy.
Solution
n/a
Risk Factor
None
Plugin Information:
Publication date: 2005/10/27, Modification date: 2011/03/27
Ports
tcp/0
35716 - Ethernet Card Manufacturer Detection
Synopsis
The manufacturer can be deduced from the Ethernet OUI.
Description
Each ethernet MAC address starts with a 24-bit 'Organizationally Unique Identifier'.
These OUI are registered by IEEE.
See Also
http://standards.ieee.org/faqs/OUI.html

http://standards.ieee.org/regauth/oui/index.shtml
Solution
n/a
Risk Factor
None
Plugin Information:
Publication date: 2009/02/19, Modification date: 2011/03/27

64
Ports
tcp/0

The following card manufacturers were identified :

00:0c:29:79:0f:f1 : VMware, Inc.

11936 - OS Identification
Synopsis
It is possible to guess the remote operating system.
Description
Using a combination of remote probes (e.g. TCP/IP, SMB, HTTP, NTP, SNMP, etc.), it is possible to guess the name
of the remote operating system in use. It is also sometimes possible to guess the version of the operating system.
Solution
n/a
Risk Factor
None
Plugin Information:
Publication date: 2003/12/09, Modification date: 2015/05/12
Ports
tcp/0

Remote operating system : Linux Kernel 2.6.32-5-686 on Debian 6.0.7

Confidence level : 100
Method : LinuxDistribution

The remote host is running Linux Kernel 2.6.32-5-686 on Debian 6.0.7

66293 - Unix Operating System on Extended Support

Synopsis
The remote host is running an operating system that is on extended support.
Description
According to its version, the remote host uses a Unix or Unix-like operating system that has transitioned to an
extended portion in its support life cycle. Continued access to new security updates requires payment of an additional
fee and / or configuration changes to the package management tool. Without that, the host likely will be missing
security updates.
Solution
Ensure that the host subscribes to the vendor's extended support plan and continues to receive security updates.
Risk Factor
None
Plugin Information:
Publication date: 2013/05/02, Modification date: 2014/08/19
Ports
tcp/0
Debian 6.0 support ends on 2014-05-31 end of regular support / 2016-02-15 (end of extended support
for Squeeze-LTS).

54615 - Device Type

Synopsis
It is possible to guess the remote device type.
Description
Based on the remote operating system, it is possible to determine what the remote system type is (eg: a printer,
router, general-purpose computer, etc).
Solution

65
 n/a
Risk Factor
None
Plugin Information:
Publication date: 2011/05/23, Modification date: 2011/05/23
Ports
tcp/0
Remote device type : general-purpose
Confidence level : 100

25203 - Enumerate IPv4 Interfaces via SSH

Synopsis
This plugin enumerates IPv4 interfaces on a remote host.
Description
By connecting to the remote host via SSH with the supplied credentials, this plugin enumerates network interfaces
configured with IPv4 addresses.
Solution
Disable any unused IPv4 interfaces.
Risk Factor
None
Plugin Information:
Publication date: 2007/05/11, Modification date: 2014/11/21
Ports
tcp/0

The following IPv4 addresses are set on the remote host :

- 192.168.137.131 (on interface eth0)

- 127.0.0.1 (on interface lo)

45590 - Common Platform Enumeration (CPE)

Synopsis
It is possible to enumerate CPE names that matched on the remote system.
Description
By using information obtained from a Nessus scan, this plugin reports CPE (Common Platform Enumeration) matches
for various hardware and software products found on a host.
Note that if an official CPE is not available for the product, this plugin computes the best possible CPE based on the
information available from the scan.
See Also
http://cpe.mitre.org/
Solution
n/a
Risk Factor
None
Plugin Information:
Publication date: 2010/04/21, Modification date: 2014/11/20
Ports
tcp/0

The remote operating system matched the following CPE :

cpe:/o:debian:debian_linux:6.0.7

66
 Following application CPE's matched on the remote system :

cpe:/a:openbsd:openssh:5.5 -> OpenBSD OpenSSH 5.5

cpe:/a:apache:http_server:2.2.16 -> Apache Software Foundation Apache HTTP Server 2.2.16
cpe:/a:php:php:5.3.3 -> PHP 5.3.3

56468 - Time of Last System Startup

Synopsis
The system has been started.
Description
Using the supplied credentials, Nessus was able to determine when the host was last started.
Solution
n/a
Risk Factor
None
Plugin Information:
Publication date: 2011/10/12, Modification date: 2014/07/25
Ports
tcp/0

reboot system boot 2.6.32-5-686 Sun May 17 21:21 - 22:49 (01:28)

wtmp begins Sun May 17 21:20:49 2015

25202 - Enumerate IPv6 Interfaces via SSH

Synopsis
This plugin enumerates IPv6 interfaces on a remote host.
Description
By connecting to the remote host via SSH with the supplied credentials, this plugin enumerates network interfaces
configured with IPv6 addresses.
Solution
Disable IPv6 if you are not actually using it. Otherwise, disable any unused IPv6 interfaces.
Risk Factor
None
Plugin Information:
Publication date: 2007/05/11, Modification date: 2014/11/21
Ports
tcp/0

The following IPv6 interfaces are set on the remote host :

- fe80::20c:29ff:fe79:ff1 (on interface eth0)

- ::1 (on interface lo)

33276 - Enumerate MAC Addresses via SSH

Synopsis
This plugin enumerates MAC addresses on a remote host.
Description
By connecting to the remote host via SSH with the supplied credentials, this plugin enumerates MAC addresses.
Solution
Disable any unused interfaces.
Risk Factor
None
Plugin Information:

67
 Publication date: 2008/06/30, Modification date: 2014/11/21
Ports
tcp/0

The following MAC address exists on the remote host :

- 00:0c:29:79:0f:f1 (interface eth0)

66334 - Patch Report

Synopsis
The remote host is missing several patches.
Description
The remote host is missing one or more security patches. This plugin lists the newest version of each patch to install
to make sure the remote host is up-to-date.
Solution
Install the patches listed below.
Risk Factor
None
Plugin Information:
Publication date: 2013/07/08, Modification date: 2015/05/12
Ports
tcp/0

. You need to take the following 11 actions :

[ Bash Remote Code Execution (CVE-2014-6277 / CVE-2014-6278) (Shellshock) (78067) ]

+ Action to take : Update Bash.

+Impact : Taking this action will resolve 4 different vulnerabilities (CVEs).

[ Debian DSA-2731-1 : libgcrypt11 - information leak (69109) ]

+ Action to take : Upgrade the libgcrypt11 packages.

For the oldstable distribution (squeeze), this problem has been fixed in version 1.4.5-2+squeeze1.

For the stable distribution (wheezy), this problem has been fixed in version 1.5.0-5+deb7u1.

[ Debian DSA-2779-1 : libxml2 - denial of service (70417) ]

+ Action to take : Upgrade the libxml2 packages.

For the oldstable distribution (squeeze), this problem has been fixed in version
2.7.8.dfsg-2+squeeze8.

For the stable distribution (wheezy), this problem has been fixed in version 2.8.0+dfsg1-7+nmu2.

[ Debian DSA-2821-1 : gnupg - side channel attack (71526) ]

+ Action to take : Upgrade the gnupg packages.

For the oldstable distribution (squeeze), this problem has been fixed in version
1.4.10-4+squeeze4.

For the stable distribution (wheezy), this problem has been fixed in version 1.4.12-7+deb7u3.

+Impact : Taking this action will resolve 4 different vulnerabilities (CVEs).

68
 [ Debian DSA-2845-1 : mysql-5.1 - several vulnerabilities (72010) ]

+ Action to take : Upgrade the mysql-5.1 packages.

For the oldstable distribution (squeeze), these problems have been fixed in version 5.1.73-1.

+Impact : Taking this action will resolve 9 different vulnerabilities (CVEs).

[ Debian DSA-2868-1 : php5 - denial of service (72758) ]

+ Action to take : Upgrade the php5 packages.

For the oldstable distribution (squeeze), this problem has been fixed in version
5.3.3-7+squeeze19.

For the stable distribution (wheezy), this problem has been fixed in version 5.4.4-14+deb7u8.

+Impact : Taking this action will resolve 4 different vulnerabilities (CVEs).

[ Debian DSA-2869-1 : gnutls26 - incorrect certificate verification (72782) ]

+ Action to take : Upgrade th [...]

19506 - Nessus Scan Information

Synopsis
Information about the Nessus scan.
Description
This script displays, for each tested host, information about the scan itself :
- The version of the plugin set
- The type of scanner (Nessus or Nessus Home)
- The version of the Nessus Engine
- The port scanner(s) used
- The port range scanned
- Whether credentialed or third-party patch management checks are possible
- The date of the scan
- The duration of the scan
- The number of hosts scanned in parallel
- The number of checks done in parallel
Solution
n/a
Risk Factor
None
Plugin Information:
Publication date: 2005/08/26, Modification date: 2015/01/20
Ports
tcp/0
Information about this scan :

Nessus version : 6.3.6

Plugin feed version : 201505170515
Scanner edition used : Nessus Home
Scan type : Normal
Scan policy used : Testing Linux/Unix system vulns
Scanner IP : 192.168.137.1
Port scanner(s) : netstat
Port range : default
Thorough tests : no
Experimental tests : no
Paranoia level : 1
Report Verbosity : 1
Safe checks : yes

69
 Optimize the test : yes
Credentialed checks : yes, as 'user' via ssh
Patch management checks : None
CGI scanning : disabled
Web application tests : disabled
Max hosts : 5
Max checks : 5
Recv timeout : 5
Backports : Detected
Allow post-scan editing: Yes
Scan Start Date : 2015/5/18 0:48
Scan duration : 141 sec

0/udp
10287 - Traceroute Information
Synopsis
It was possible to obtain traceroute information.
Description
Makes a traceroute to the remote host.
Solution
n/a
Risk Factor
None
Plugin Information:
Publication date: 1999/11/27, Modification date: 2013/04/11
Ports
udp/0
For your information, here is the traceroute from 192.168.137.1 to 192.168.137.131 :
192.168.137.1
192.168.137.131

22/tcp
78067 - Bash Remote Code Execution (CVE-2014-6277 / CVE-2014-6278) (Shellshock)
Synopsis
A system shell on the remote host is vulnerable to command injection.
Description
The remote host is running a version of Bash that is vulnerable to command injection via environment variable
manipulation. Depending on the configuration of the system, an attacker could remotely execute arbitrary code.
See Also
http://seclists.org/fulldisclosure/2014/Oct/9

http://www.nessus.org/u?e40f2f5a
Solution
Update Bash.
Risk Factor
Critical
CVSS Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score
8.7 (CVSS2#E:ND/RL:OF/RC:C)
STIG Severity
I
References
BID 70165

70
 BID 70166

CVE CVE-2014-6277

CVE CVE-2014-6278

XREF OSVDB:112158

XREF OSVDB:112169

XREF CERT:252743

XREF IAVA:2014-A-0142

XREF EDB-ID:34860
Exploitable with
Core Impact (true)Metasploit (true)
Plugin Information:
Publication date: 2014/10/06, Modification date: 2015/04/23
Ports
tcp/22

Nessus was able to login via SSH and run the following command :

E="() { x() { _; }; x() { _; } <<A; }" bash -c E

and read the output :

Segmentation fault

70658 - SSH Server CBC Mode Ciphers Enabled

Synopsis
The SSH server is configured to use Cipher Block Chaining.
Description
The SSH server is configured to support Cipher Block Chaining (CBC) encryption. This may allow an attacker to
recover the plaintext message from the ciphertext.
Note that this plugin only checks for the options of the SSH server and does not check for vulnerable software
versions.
Solution
Contact the vendor or consult product documentation to disable CBC mode cipher encryption, and enable CTR or
GCM cipher mode encryption.
Risk Factor
Low
CVSS Base Score
2.6 (CVSS2#AV:N/AC:H/Au:N/C:P/I:N/A:N)
CVSS Temporal Score
2.3 (CVSS2#E:ND/RL:OF/RC:C)
References
BID 32319

CVE CVE-2008-5161

XREF OSVDB:50035

XREF OSVDB:50036

71
 XREF CERT:958563

XREF CWE:200
Plugin Information:
Publication date: 2013/10/28, Modification date: 2014/01/28
Ports
tcp/22

The following client-to-server Cipher Block Chaining (CBC) algorithms

are supported :

3des-cbc
aes128-cbc
aes192-cbc
aes256-cbc
blowfish-cbc
cast128-cbc
[email protected]

The following server-to-client Cipher Block Chaining (CBC) algorithms

are supported :

3des-cbc
aes128-cbc
aes192-cbc
aes256-cbc
blowfish-cbc
cast128-cbc
[email protected]

71049 - SSH Weak MAC Algorithms Enabled

Synopsis
SSH is configured to allow MD5 and 96-bit MAC algorithms.
Description
The SSH server is configured to allow either MD5 or 96-bit MAC algorithms, both of which are considered weak.
Note that this plugin only checks for the options of the SSH server and does not check for vulnerable software
versions.
Solution
Contact the vendor or consult product documentation to disable MD5 and 96-bit MAC algorithms.
Risk Factor
Low
CVSS Base Score
2.6 (CVSS2#AV:N/AC:H/Au:N/C:P/I:N/A:N)
Plugin Information:
Publication date: 2013/11/22, Modification date: 2014/07/08
Ports
tcp/22

The following client-to-server Message Authentication Code (MAC) algorithms

are supported :

hmac-md5
hmac-md5-96
hmac-sha1-96

The following server-to-client Message Authentication Code (MAC) algorithms

are supported :

hmac-md5
hmac-md5-96
hmac-sha1-96

72
14272 - netstat portscanner (SSH)
Synopsis
Remote open ports are enumerated via SSH.
Description
This plugin runs 'netstat' on the remote machine to enumerate open ports.
See the section 'plugins options' to configure it.
Solution
n/a
Risk Factor
None
Plugin Information:
Publication date: 2004/08/15, Modification date: 2014/05/23
Ports
tcp/22
Port 22/tcp was found to be open

22964 - Service Detection

Synopsis
The remote service could be identified.
Description
It was possible to identify the remote service by its banner or by looking at the error message it sends when it receives
an HTTP request.
Solution
n/a
Risk Factor
None
Plugin Information:
Publication date: 2007/08/19, Modification date: 2015/05/14
Ports
tcp/22
An SSH server is running on this port.

10267 - SSH Server Type and Version Information

Synopsis
An SSH server is listening on this port.
Description
It is possible to obtain information about the remote SSH server by sending an empty authentication request.
Solution
n/a
Risk Factor
None
Plugin Information:
Publication date: 1999/10/12, Modification date: 2015/03/26
Ports
tcp/22

SSH version : SSH-2.0-OpenSSH_5.5p1 Debian-6+squeeze3

70657 - SSH Algorithms and Languages Supported

Synopsis

73
 An SSH server is listening on this port.
Description
This script detects which algorithms and languages are supported by the remote service for encrypting
communications.
Solution
n/a
Risk Factor
None
Plugin Information:
Publication date: 2013/10/28, Modification date: 2014/04/04
Ports
tcp/22

Nessus negotiated the following encryption algorithm with the server : aes128-cbc

The server supports the following options for kex_algorithms :

diffie-hellman-group-exchange-sha1
diffie-hellman-group-exchange-sha256
diffie-hellman-group1-sha1
diffie-hellman-group14-sha1

The server supports the following options for server_host_key_algorithms :

ssh-dss
ssh-rsa

The server supports the following options for encryption_algorithms_client_to_server :

3des-cbc
aes128-cbc
aes128-ctr
aes192-cbc
aes192-ctr
aes256-cbc
aes256-ctr
arcfour
arcfour128
arcfour256
blowfish-cbc
cast128-cbc
[email protected]

The server supports the following options for encryption_algorithms_server_to_client :

3des-cbc
aes128-cbc
aes128-ctr
aes192-cbc
aes192-ctr
aes256-cbc
aes256-ctr
arcfour
arcfour128
arcfour256
blowfish-cbc
cast128-cbc
[email protected]

The server supports the following options for mac_algorithms_client_to_server :

hmac-md5
hmac-md5-96
hmac-ripemd160
[email protected]
hmac-sha1
hmac-sha1-96

74
 [email protected]

The server supports the following options for mac_algorithms_server_to_client :

hmac-md5
hmac-md5-96
hmac-ripemd160
[email protected]
hmac-sha1
hmac-sha1-96
[email protected]

The server supports the following options for compression_algorithms_client_to_server :

none
[email protected]

The server supports the following options for compression_algorithms_server_to_client :

none
[email protected]

10881 - SSH Protocol Versions Supported

Synopsis
A SSH server is running on the remote host.
Description
This plugin determines the versions of the SSH protocol supported by the remote SSH daemon.
Solution
n/a
Risk Factor
None
Plugin Information:
Publication date: 2002/03/06, Modification date: 2013/10/21
Ports
tcp/22
The remote SSH daemon supports the following versions of the
SSH protocol :

- 1.99
- 2.0

39520 - Backported Security Patch Detection (SSH)

Synopsis
Security patches are backported.
Description
Security patches may have been 'backported' to the remote SSH server without changing its version number.
Banner-based checks have been disabled to avoid false positives.
Note that this test is informational only and does not denote any security problem.
See Also
http://www.nessus.org/u?d636c8c7
Solution
n/a
Risk Factor
None
Plugin Information:
Publication date: 2009/06/25, Modification date: 2013/04/03
Ports
tcp/22

75
 Local checks have been enabled.

68/udp
14272 - netstat portscanner (SSH)
Synopsis
Remote open ports are enumerated via SSH.
Description
This plugin runs 'netstat' on the remote machine to enumerate open ports.
See the section 'plugins options' to configure it.
Solution
n/a
Risk Factor
None
Plugin Information:
Publication date: 2004/08/15, Modification date: 2014/05/23
Ports
udp/68
Port 68/udp was found to be open

80/tcp
14272 - netstat portscanner (SSH)
Synopsis
Remote open ports are enumerated via SSH.
Description
This plugin runs 'netstat' on the remote machine to enumerate open ports.
See the section 'plugins options' to configure it.
Solution
n/a
Risk Factor
None
Plugin Information:
Publication date: 2004/08/15, Modification date: 2014/05/23
Ports
tcp/80
Port 80/tcp was found to be open

22964 - Service Detection

Synopsis
The remote service could be identified.
Description
It was possible to identify the remote service by its banner or by looking at the error message it sends when it receives
an HTTP request.
Solution
n/a
Risk Factor
None
Plugin Information:
Publication date: 2007/08/19, Modification date: 2015/05/14
Ports
tcp/80

76
 A web server is running on this port.

10107 - HTTP Server Type and Version

Synopsis
A web server is running on the remote host.
Description
This plugin attempts to determine the type and the version of the remote web server.
Solution
n/a
Risk Factor
None
Plugin Information:
Publication date: 2000/01/04, Modification date: 2014/08/01
Ports
tcp/80
The remote web server type is :

Apache/2.2.16 (Debian)

You can set the directive 'ServerTokens Prod' to limit the information
emanating from the server in its response headers.

48243 - PHP Version

Synopsis
It is possible to obtain the version number of the remote PHP install.
Description
This plugin attempts to determine the version of PHP available on the remote web server.
Solution
n/a
Risk Factor
None
Plugin Information:
Publication date: 2010/08/04, Modification date: 2014/10/31
Ports
tcp/80

Nessus was able to identify the following PHP version information :

Version : 5.3.3-7+squeeze15
Source : X-Powered-By: PHP/5.3.3-7+squeeze15

24260 - HyperText Transfer Protocol (HTTP) Information

Synopsis
Some information about the remote HTTP configuration can be extracted.
Description
This test gives some information about the remote HTTP protocol - the version used, whether HTTP Keep-Alive and
HTTP pipelining are enabled, etc...
This test is informational only and does not denote any security problem.
Solution
n/a
Risk Factor
None
Plugin Information:

77
 Publication date: 2007/01/30, Modification date: 2011/05/31
Ports
tcp/80

Protocol version : HTTP/1.1

SSL : no
Keep-Alive : yes
Options allowed : (Not implemented)
Headers :

Date: Sun, 17 May 2015 22:49:45 GMT

Server: Apache/2.2.16 (Debian)
X-Powered-By: PHP/5.3.3-7+squeeze15
X-XSS-Protection: 0
Vary: Accept-Encoding
Content-Length: 6033
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/html

39521 - Backported Security Patch Detection (WWW)

Synopsis
Security patches are backported.
Description
Security patches may have been 'backported' to the remote HTTP server without changing its version number.
Banner-based checks have been disabled to avoid false positives.
Note that this test is informational only and does not denote any security problem.
See Also
http://www.nessus.org/u?d636c8c7
Solution
n/a
Risk Factor
None
Plugin Information:
Publication date: 2009/06/25, Modification date: 2013/10/02
Ports
tcp/80

Local checks have been enabled.

389/tcp
14272 - netstat portscanner (SSH)
Synopsis
Remote open ports are enumerated via SSH.
Description
This plugin runs 'netstat' on the remote machine to enumerate open ports.
See the section 'plugins options' to configure it.
Solution
n/a
Risk Factor
None
Plugin Information:
Publication date: 2004/08/15, Modification date: 2014/05/23
Ports
tcp/389

78
 Port 389/tcp was found to be open

20870 - LDAP Server Detection

Synopsis
There is an LDAP server active on the remote host.
Description
The remote host is running a Lightweight Directory Access Protocol, or LDAP, server. LDAP is a protocol for providing
access to directory services over TCP/IP.
See Also
http://en.wikipedia.org/wiki/LDAP
Solution
n/a
Risk Factor
None
Plugin Information:
Publication date: 2006/02/10, Modification date: 2011/10/19
Ports
tcp/389
25701 - LDAP Crafted Search Request Server Information Disclosure
Synopsis
It is possible to discover information about the remote LDAP server.
Description
By sending a search request with a filter set to 'objectClass=*', it is possible to extract information about the remote
LDAP server.
Solution
n/a
Risk Factor
None
Plugin Information:
Publication date: 2007/07/12, Modification date: 2012/02/20
Ports
tcp/389
[+]-namingContexts:
| dc=pentesterlab,dc=com
[+]-objectClass:
| top
| OpenLDAProotDSE

3306/tcp
14272 - netstat portscanner (SSH)
Synopsis
Remote open ports are enumerated via SSH.
Description
This plugin runs 'netstat' on the remote machine to enumerate open ports.
See the section 'plugins options' to configure it.
Solution
n/a
Risk Factor
None
Plugin Information:

79
 Publication date: 2004/08/15, Modification date: 2014/05/23
Ports
tcp/3306
Port 3306/tcp was found to be open

22964 - Service Detection

Synopsis
The remote service could be identified.
Description
It was possible to identify the remote service by its banner or by looking at the error message it sends when it receives
an HTTP request.
Solution
n/a
Risk Factor
None
Plugin Information:
Publication date: 2007/08/19, Modification date: 2015/05/14
Ports
tcp/3306
A MySQL server is running on this port.

80
Remediations
Suggested Remediations
Taking the following actions across 1 hosts would resolve 32% of the vulnerabilities on the network:

Action to take Vulns Hosts

Debian DSA-2928-1 : linux-2.6 - privilege escalation/denial of service/information leak: Upgrade the 40 1

linux-2.6 and user-mode-linux packages. For the oldstable distribution (squeeze), this problem has been
fixed in version 2.6.32-48squeeze6. The following matrix lists additional source packages that were
rebuilt for compatibility with or to take advantage of this update : .. Debian 6.0 (squeeze) user-mode-
linux 2.6.32-1um-4+48squeeze6 Note: Debian carefully tracks all known security issues across every
linux kernel package in all releases under active security support. However, given the high frequency at
which low-severity security issues are discovered in the kernel and the resource requirements of doing
an update, updates for lower priority issues will normally not be released for all kernels at the same time.
Rather, they will be released in a staggered or 'leap-frog' fashion.

Debian DSA-2845-1 : mysql-5.1 - several vulnerabilities: Upgrade the mysql-5.1 packages. For the 9 1
oldstable distribution (squeeze), these problems have been fixed in version 5.1.73-1.

Debian DSA-2868-1 : php5 - denial of service: Upgrade the php5 packages. For the oldstable distribution 4 1
(squeeze), this problem has been fixed in version 5.3.3-7+squeeze19. For the stable distribution
(wheezy), this problem has been fixed in version 5.4.4-14+deb7u8.

Debian DSA-2821-1 : gnupg - side channel attack: Upgrade the gnupg packages. For the oldstable 4 1
distribution (squeeze), this problem has been fixed in version 1.4.10-4+squeeze4. For the stable
distribution (wheezy), this problem has been fixed in version 1.4.12-7+deb7u3.

Bash Remote Code Execution (CVE-2014-6277 / CVE-2014-6278) (Shellshock): Update Bash. 4 1

Debian DSA-2953-1 : dpkg - security update: Upgrade the dpkg packages. For the oldstable distribution 3 1
(squeeze), these problems have been fixed in version 1.15.11. For the stable distribution (wheezy), these
problems have been fixed in version 1.16.15.

Debian DSA-2873-1 : file - several vulnerabilities: Upgrade the file packages. For the oldstable distribution 3 1
(squeeze), these problems have been fixed in version 5.04-5+squeeze4. For the stable distribution
(wheezy), these problems have been fixed in version 5.11-2+deb7u2.

Debian DSA-2894-1 : openssh - security update: Upgrade the openssh packages. For the oldstable 2 1
distribution (squeeze), these problems have been fixed in version 1:5.5p1-6+squeeze5. For the stable
distribution (wheezy), these problems have been fixed in version 1:6.0p1-4+deb7u1.

Debian DSA-2731-1 : libgcrypt11 - information leak: Upgrade the libgcrypt11 packages. For the 1 1
oldstable distribution (squeeze), this problem has been fixed in version 1.4.5-2+squeeze1. For the stable
distribution (wheezy), this problem has been fixed in version 1.5.0-5+deb7u1.

Debian DSA-2869-1 : gnutls26 - incorrect certificate verification: Upgrade the gnutls26 packages. For the 1 1
oldstable distribution (squeeze), this problem has been fixed in version 2.8.6-1+squeeze3. For the stable
distribution (wheezy), this problem has been fixed in version 2.12.20-8+deb7u1.

Debian DSA-2779-1 : libxml2 - denial of service: Upgrade the libxml2 packages. For the oldstable 1 1
distribution (squeeze), this problem has been fixed in version 2.7.8.dfsg-2+squeeze8. For the stable
distribution (wheezy), this problem has been fixed in version 2.8.0+dfsg1-7+nmu2.

82