MCAFEE FOUNDSTONE FSL UPDATE 2017-JUN-08 · A privilege escalation vulnerability is present in some...

2017-JUN-08FSL version 7.5.932

MCAFEE FOUNDSTONE FSL UPDATE

To better protect your environment McAfee has created this FSL check update for the Foundstone Product Suite. The following is adetailed summary of the new and updated checks included with this release.

NEW CHECKS

21861 - Trend Micro ServerProtect Multiple Vulnerabilities

Category: SSH Module -> NonIntrusive -> SSH MiscellaneousRisk Level: HighCVE: CVE-2017-9032, CVE-2017-9033, CVE-2017-9034, CVE-2017-9035, CVE-2017-9036, CVE-2017-9037

DescriptionMultiple vulnerabilities are present in some versions of Trend Micro ServerProtect for Linux.

ObservationTrend Micro ServerProtect for Linux provides protection against security risks for file servers based on Linux.

Multiple vulnerabilities are present in some versions of Trend Micro ServerProtect for Linux. The flaws lie in the update mechanism. Successful exploitation could allow an attacker to execute arbitrary code with elevated privleges.

132375 - Oracle VM OVMSA-2017-0112 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Oracle VM Patches and HotfixesRisk Level: HighCVE: CVE-2017-7308, CVE-2017-8890

DescriptionThe scan detected that the host is missing the following update:OVMSA-2017-0112

ObservationUpdates often remediate critical security problems that should be quickly addressed.For more information see:

http://oss.oracle.com/pipermail/oraclevm-errata/2017-June/000738.html

OVM3.3x86_64kernel-uek-firmware-3.8.13-118.18.4.el6uekkernel-uek-3.8.13-118.18.4.el6uek

132376 - Oracle VM OVMSA-2017-0111 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Oracle VM Patches and HotfixesRisk Level: HighCVE: CVE-2017-7308, CVE-2017-8890

DescriptionThe scan detected that the host is missing the following update:OVMSA-2017-0111


http://oss.oracle.com/pipermail/oraclevm-errata/2017-June/000737.html

OVM3.4x86_64kernel-uek-4.1.12-94.3.6.el6uekkernel-uek-firmware-4.1.12-94.3.6.el6uek

170815 - Amazon Linux AMI ALAS-2017-832 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Amazon Linux Patches and HotfixesRisk Level: HighCVE: CVE-2016-10229

DescriptionThe scan detected that the host is missing the following update:ALAS-2017-832


https://alas.aws.amazon.com/ALAS-2017-832.html

Amazon Linux AMIi686kernel-4.9.17-8.31.amzn1kernel-devel-4.9.17-8.31.amzn1kernel-headers-4.9.17-8.31.amzn1kernel-debuginfo-4.9.17-8.31.amzn1kernel-debuginfo-common-i686-4.9.17-8.31.amzn1perf-4.9.17-8.31.amzn1kernel-tools-devel-4.9.17-8.31.amzn1kernel-tools-4.9.17-8.31.amzn1kernel-tools-debuginfo-4.9.17-8.31.amzn1perf-debuginfo-4.9.17-8.31.amzn1

noarchkernel-doc-4.9.17-8.31.amzn1

x86_64kernel-4.9.17-8.31.amzn1kernel-devel-4.9.17-8.31.amzn1kernel-headers-4.9.17-8.31.amzn1kernel-debuginfo-4.9.17-8.31.amzn1perf-4.9.17-8.31.amzn1kernel-tools-devel-4.9.17-8.31.amzn1kernel-tools-4.9.17-8.31.amzn1kernel-tools-debuginfo-4.9.17-8.31.amzn1kernel-debuginfo-common-x86_64-4.9.17-8.31.amzn1

perf-debuginfo-4.9.17-8.31.amzn1


Category: SSH Module -> NonIntrusive -> Amazon Linux Patches and HotfixesRisk Level: HighCVE: CVE-2015-5203, CVE-2015-5221, CVE-2016-1024, CVE-2016-1025, CVE-2016-1577, CVE-2016-1867, CVE-2016-2089, CVE-2016-2116, CVE-2016-8654, CVE-2016-8690, CVE-2016-8691, CVE-2016-8692, CVE-2016-8693, CVE-2016-8883, CVE-2016-8884,CVE-2016-8885, CVE-2016-9262, CVE-2016-9387, CVE-2016-9388, CVE-2016-9389, CVE-2016-9390, CVE-2016-9391, CVE-2016-9392, CVE-2016-9393, CVE-2016-9394, CVE-2016-9560, CVE-2016-9583, CVE-2016-9591, CVE-2016-9600




Amazon Linux AMIx86_64jasper-devel-1.900.1-21.9.amzn1jasper-libs-1.900.1-21.9.amzn1jasper-utils-1.900.1-21.9.amzn1jasper-debuginfo-1.900.1-21.9.amzn1jasper-1.900.1-21.9.amzn1

i686jasper-devel-1.900.1-21.9.amzn1jasper-libs-1.900.1-21.9.amzn1jasper-utils-1.900.1-21.9.amzn1jasper-1.900.1-21.9.amzn1jasper-debuginfo-1.900.1-21.9.amzn1

192163 - Fedora Linux 25 FEDORA-2017-6f06be3fe9 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Fedora Patches and HotfixesRisk Level: HighCVE: CVE-2017-8890, CVE-2017-9074, CVE-2017-9075, CVE-2017-9076, CVE-2017-9077

DescriptionThe scan detected that the host is missing the following update:FEDORA-2017-6f06be3fe9


https://lists.fedoraproject.org/archives/list/[email protected]/2017/6/?count=200&page=1

Fedora Core 25

kernel-4.11.3-200.fc25

192165 - Fedora Linux 25 FEDORA-2017-8e9bd58cbb Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Fedora Patches and HotfixesRisk Level: HighCVE: CVE-2017-9078, CVE-2017-9079

DescriptionThe scan detected that the host is missing the following update:FEDORA-2017-8e9bd58cbb



Fedora Core 25

dropbear-2017.75-1.fc25

192167 - Fedora Linux 24 FEDORA-2017-0b6da97aa5 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Fedora Patches and HotfixesRisk Level: HighCVE: CVE-2017-7692

DescriptionThe scan detected that the host is missing the following update:FEDORA-2017-0b6da97aa5



Fedora Core 24

squirrelmail-1.4.22-19.fc24

192169 - Fedora Linux 24 FEDORA-2017-b22de5c767 Update Is Not Installed


DescriptionThe scan detected that the host is missing the following update:FEDORA-2017-b22de5c767



Fedora Core 24

dropbear-2017.75-1.fc24

192171 - Fedora Linux 25 FEDORA-2017-f85c37ae3d Update Is Not Installed


DescriptionThe scan detected that the host is missing the following update:FEDORA-2017-f85c37ae3d



Fedora Core 25

squirrelmail-1.4.22-19.fc25

21868 - Splunk Hadoop Connect App Path Traversal Vulnerability (SP-CAAAP2F)

Category: Windows Host Assessment -> Miscellaneous (CATEGORY REQUIRES CREDENTIALS)Risk Level: HighCVE: CVE-MAP-NOMATCH

DescriptionA path traversal vulnerability is present in some versions of Splunk Hadoop Connect app.

ObservationSplunk Hadoop Connect app is a management tool that provides integration between Splunk and Hadoop.

A path traversal vulnerability is present in some versions of Splunk Hadoop Connect app. The flaw lies in how the product handles web requests. Successful exploitation could allow an attacker to execute remote code.

21847 - Novell iManager Vulnerability Prior To 2.7 Support Pack 7 Patch 10 Hotfix 1

Category: Windows Host Assessment -> Miscellaneous (CATEGORY REQUIRES CREDENTIALS)Risk Level: HighCVE: CVE-2017-7430, CVE-2017-7431, CVE-2017-7432

DescriptionMultiple vulnerabilities are present in some versions of Novell (NetIQ) iManager.

ObservationNovell iManager is a web-based administration console.

Multiple vulnerabilities are present in some versions of Novell (NetIQ) iManager. The flaw lies in several components. Successful exploitation could allow an attacker to disclose sensitive information.

21857 - Novell iManager Vulnerability Prior To 2.7 Support Pack 7 Patch 10 Hotfix 1

Category: SSH Module -> NonIntrusive -> SSH MiscellaneousRisk Level: HighCVE: CVE-2017-7430, CVE-2017-7431, CVE-2017-7432

DescriptionMultiple vulnerabilities are present in some versions of Novell (NetIQ) iManager.

ObservationNovell iManager is a web-based administration console.

Multiple vulnerabilities are present in some versions of Novell (NetIQ) iManager. The flaw lies in several components. Successful exploitation could allow an attacker to disclose sensitive information.

21863 - Schneider Electric Wonderware InduSoft Web Studio Privilege Escalation Vulnerability

Category: Windows Host Assessment -> SCADA (CATEGORY REQUIRES CREDENTIALS)Risk Level: HighCVE: CVE-2017-7968

DescriptionA privilege escalation vulnerability is present in some versions of Schneider Electric InduSoft Web Studio.

ObservationInduSoft Web Studio is a tool to build SCADA (Supervisory Control And Data Acquisition) or HMI (Human-Machine Interface) applications.

A privilege escalation vulnerability is present in some versions of Schneider Electric InduSoft Web Studio. The flaw lies in improper validation of system's path. Successful exploitation could allow locally logged in user to gain elevated privileges on the system.

21867 - Rockwell Automation ControlLogix Vulnerability

Category: General Vulnerability Assessment -> NonIntrusive -> Web ServerRisk Level: HighCVE: CVE-2017-6024

DescriptionA denial-of-service vulnerability is present in some versions of Rockwell Automation ControlLogix.

ObservationRockwell Automation ControlLogix is a system controller managed by a web server.

A denial-of-service vulnerability is present in some versions of Rockwell Automation ControlLogix. The flaw lies in an unknown component.Successful exploitation could allow an attacker to cause a full denial-of-service condition.

21873 - Wireshark Multiple Vulnerabilities Prior To 2.0.13

Category: Windows Host Assessment -> Miscellaneous (CATEGORY REQUIRES CREDENTIALS)Risk Level: HighCVE: CVE-2017-9343, CVE-2017-9344, CVE-2017-9345, CVE-2017-9346, CVE-2017-9349, CVE-2017-9350, CVE-2017-9351, CVE-2017-9352, CVE-2017-9354

DescriptionMultiple vulnerabilities are present in some versions of Wireshark.

ObservationWireshark is a tool that is used to analyze the network protocol and traffic.

Multiple vulnerabilities are present in some versions of Wireshark. The flaws lie in multiple dissectors. Successful exploitation could allow an attacker to cause a denial of service condition.

21877 - Microsoft Windows NTFS File System Denial of Service Vulnerability

Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS)Risk Level: HighCVE: CVE-MAP-NOMATCH

DescriptionA vulnerability is present in some versions of Microsoft Windows.

ObservationWindows is a graphical operating systems developed by Microsoft.

A vulnerability is present in some versions of Microsoft Windows. The flaw is due to improper handling of file path. Successful exploitation could allow an attacker to crash the system.

21878 - Wireshark Multiple Vulnerabilities Prior To 2.2.7

Category: Windows Host Assessment -> Miscellaneous (CATEGORY REQUIRES CREDENTIALS)Risk Level: HighCVE: CVE-2017-9343, CVE-2017-9344, CVE-2017-9345, CVE-2017-9346, CVE-2017-9347, CVE-2017-9348, CVE-2017-9349, CVE-2017-9350, CVE-2017-9351, CVE-2017-9352, CVE-2017-9353, CVE-2017-9354

DescriptionMultiple vulnerabilities are present in some versions of Wireshark.

ObservationWireshark is a tool that is used to analyze the network protocol and traffic.

Multiple vulnerabilities are present in some versions of Wireshark. The flaws lie in multiple dissectors. Successful exploitation could allow an attacker to cause a denial of service condition.

21882 - (K39204079) F5 BIG-IP GNU C Library Vulnerability

Category: SSH Module -> NonIntrusive -> F5

Risk Level: HighCVE: CVE-2015-8983

DescriptionA vulnerability is present in some versions of F5's BIG-IP products.

ObservationF5's BIG-IP products are network appliances that run F5's Traffic Management Operating System.

A vulnerability is present in some versions of F5's BIG-IP products. The flaw lies in the GNU C library. Successful exploitation could allow an attacker to cause a denial of service condition or to execute arbitrary code on the target system.

130782 - Debian Linux 8.0 DSA-3872-1 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Debian Patches and HotfixesRisk Level: HighCVE: CVE-2017-5461, CVE-2017-5462, CVE-2017-7502

DescriptionThe scan detected that the host is missing the following update:DSA-3872-1


http://www.debian.org/security/2017/dsa-3872

Debian 8.0alllibnss3-1d_2:3.26-1+debu8u2libnss3-tools_2:3.26-1+debu8u2libnss3-dev_2:3.26-1+debu8u2libnss3-dbg_2:3.26-1+debu8u2libnss3_2:3.26-1+debu8u2


Category: SSH Module -> NonIntrusive -> Debian Patches and HotfixesRisk Level: HighCVE: CVE-2017-8911




Debian 8.0all

tnef_1.4.9-1+deb8u3

141589 - Red Hat Enterprise Linux RHSA-2017-1382 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Red Hat Enterprise Linux Patches and HotfixesRisk Level: HighCVE: CVE-2017-1000367

DescriptionThe scan detected that the host is missing the following update:RHSA-2017-1382


http://www.redhat.com/archives/enterprise-watch-list/2017-May/msg00033.html

RHEL7Sx86_64sudo-debuginfo-1.8.6p7-22.el7_3sudo-1.8.6p7-22.el7_3sudo-devel-1.8.6p7-22.el7_3

RHEL6Si386sudo-1.8.6p3-28.el6_9sudo-debuginfo-1.8.6p3-28.el6_9sudo-devel-1.8.6p3-28.el6_9

x86_64sudo-1.8.6p3-28.el6_9sudo-debuginfo-1.8.6p3-28.el6_9sudo-devel-1.8.6p3-28.el6_9

RHEL6WSx86_64sudo-debuginfo-1.8.6p3-28.el6_9sudo-1.8.6p3-28.el6_9

i386sudo-debuginfo-1.8.6p3-28.el6_9sudo-1.8.6p3-28.el6_9

RHEL7Dx86_64sudo-debuginfo-1.8.6p7-22.el7_3sudo-1.8.6p7-22.el7_3sudo-devel-1.8.6p7-22.el7_3

RHEL6Dx86_64sudo-1.8.6p3-28.el6_9sudo-debuginfo-1.8.6p3-28.el6_9sudo-devel-1.8.6p3-28.el6_9

i386sudo-1.8.6p3-28.el6_9

sudo-debuginfo-1.8.6p3-28.el6_9sudo-devel-1.8.6p3-28.el6_9

RHEL7WSx86_64sudo-debuginfo-1.8.6p7-22.el7_3sudo-1.8.6p7-22.el7_3sudo-devel-1.8.6p7-22.el7_3

145382 - SuSE SLES 12 SP2, SLED 12 SP2 SUSE-SU-2017:1473-1 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> SuSE Patches and HotfixesRisk Level: HighCVE: CVE-2017-9022, CVE-2017-9023

DescriptionThe scan detected that the host is missing the following update:SUSE-SU-2017:1473-1


http://lists.suse.com/pipermail/sle-security-updates/2017-June/002934.html

SuSE SLED 12 SP2x86_64strongswan-ipsec-debuginfo-5.1.3-25.1strongswan-libs0-5.1.3-25.1strongswan-debugsource-5.1.3-25.1strongswan-5.1.3-25.1strongswan-libs0-debuginfo-5.1.3-25.1strongswan-ipsec-5.1.3-25.1

noarchstrongswan-doc-5.1.3-25.1

SuSE SLES 12 SP2noarchstrongswan-doc-5.1.3-25.1

x86_64strongswan-ipsec-debuginfo-5.1.3-25.1strongswan-libs0-5.1.3-25.1strongswan-libs0-debuginfo-5.1.3-25.1strongswan-debugsource-5.1.3-25.1strongswan-5.1.3-25.1strongswan-hmac-5.1.3-25.1strongswan-ipsec-5.1.3-25.1

145384 - SuSE SLES 11 SP4 SUSE-SU-2017:1471-1 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> SuSE Patches and HotfixesRisk Level: HighCVE: CVE-2017-9022, CVE-2017-9023

Description

The scan detected that the host is missing the following update:SUSE-SU-2017:1471-1



SuSE SLES 11 SP4i586strongswan-doc-4.4.0-6.35.1strongswan-4.4.0-6.35.1

x86_64strongswan-doc-4.4.0-6.35.1strongswan-4.4.0-6.35.1


Category: SSH Module -> NonIntrusive -> SuSE Patches and HotfixesRisk Level: HighCVE: CVE-2017-6502, CVE-2017-7606, CVE-2017-7941, CVE-2017-7942, CVE-2017-7943, CVE-2017-8343, CVE-2017-8344, CVE-2017-8345, CVE-2017-8346, CVE-2017-8347, CVE-2017-8348, CVE-2017-8349, CVE-2017-8350, CVE-2017-8351, CVE-2017-8352,CVE-2017-8353, CVE-2017-8354, CVE-2017-8355, CVE-2017-8356, CVE-2017-8357, CVE-2017-8765, CVE-2017-8830, CVE-2017-9098, CVE-2017-9141, CVE-2017-9142, CVE-2017-9143, CVE-2017-9144




SuSE SLED 12 SP2x86_64libMagickCore-6_Q16-1-debuginfo-32bit-6.8.8.1-70.1libMagick++-6_Q16-3-debuginfo-6.8.8.1-70.1libMagickWand-6_Q16-1-6.8.8.1-70.1ImageMagick-6.8.8.1-70.1libMagickCore-6_Q16-1-32bit-6.8.8.1-70.1ImageMagick-debuginfo-6.8.8.1-70.1libMagickWand-6_Q16-1-debuginfo-6.8.8.1-70.1libMagick++-6_Q16-3-6.8.8.1-70.1libMagickCore-6_Q16-1-6.8.8.1-70.1ImageMagick-debugsource-6.8.8.1-70.1libMagickCore-6_Q16-1-debuginfo-6.8.8.1-70.1

SuSE SLES 12 SP2x86_64libMagickCore-6_Q16-1-6.8.8.1-70.1ImageMagick-debuginfo-6.8.8.1-70.1libMagickWand-6_Q16-1-debuginfo-6.8.8.1-70.1libMagickWand-6_Q16-1-6.8.8.1-70.1

ImageMagick-debugsource-6.8.8.1-70.1libMagickCore-6_Q16-1-debuginfo-6.8.8.1-70.1

145386 - SuSE SLES 11 SP4 SUSE-SU-2017:1468-1 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> SuSE Patches and HotfixesRisk Level: HighCVE: CVE-2017-8779



http://lists.suse.com/pipermail/sle-security-updates/2017-May/002932.html

SuSE SLES 11 SP4i586libtirpc1-0.2.1-1.12.3rpcbind-0.1.6+git20080930-6.27.2

x86_64libtirpc1-0.2.1-1.12.3rpcbind-0.1.6+git20080930-6.27.2

160263 - CentOS 6 CESA-2017-1364 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Cent OS Patches and HotfixesRisk Level: HighCVE: CVE-2017-7502

DescriptionThe scan detected that the host is missing the following update:CESA-2017-1364


http://lists.centos.org/pipermail/centos-announce/2017-May/022449.html

CentOS 6x86_64nss-sysinit-3.28.4-3.el6_9nss-3.28.4-3.el6_9nss-devel-3.28.4-3.el6_9nss-pkcs11-devel-3.28.4-3.el6_9nss-tools-3.28.4-3.el6_9

i686nss-sysinit-3.28.4-3.el6_9nss-3.28.4-3.el6_9nss-devel-3.28.4-3.el6_9

nss-pkcs11-devel-3.28.4-3.el6_9nss-tools-3.28.4-3.el6_9






CentOS 7x86_64nss-pkcs11-devel-3.28.4-1.2.el7_3nss-tools-3.28.4-1.2.el7_3nss-devel-3.28.4-1.2.el7_3nss-sysinit-3.28.4-1.2.el7_3nss-3.28.4-1.2.el7_3

i686nss-pkcs11-devel-3.28.4-1.2.el7_3nss-devel-3.28.4-1.2.el7_3nss-3.28.4-1.2.el7_3

160266 - CentOS 6, 7 CESA-2017-1382 Update Is Not Installed




http://lists.centos.org/pipermail/centos-announce/2017-May/022450.htmlhttp://lists.centos.org/pipermail/centos-announce/2017-May/022442.html

CentOS 7x86_64sudo-1.8.6p7-22.el7_3sudo-devel-1.8.6p7-22.el7_3

i686sudo-devel-1.8.6p7-22.el7_3

CentOS 6x86_64sudo-devel-1.8.6p3-28.el6_9sudo-1.8.6p3-28.el6_9

i686sudo-devel-1.8.6p3-28.el6_9sudo-1.8.6p3-28.el6_9

163369 - Oracle Enterprise Linux ELSA-2017-1381 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Oracle Enterprise Linux Patches and HotfixesRisk Level: HighCVE: CVE-2017-1000367

DescriptionThe scan detected that the host is missing the following update:ELSA-2017-1381


http://oss.oracle.com/pipermail/el-errata/2017-June/006977.html

OEL5i386sudo-1.7.2p1-29.0.1.el5_10

x86_64sudo-1.7.2p1-29.0.1.el5_10





http://oss.oracle.com/pipermail/el-errata/2017-June/006972.htmlhttp://oss.oracle.com/pipermail/el-errata/2017-June/006971.html

OEL7x86_64kernel-uek-debug-devel-4.1.12-94.3.6.el7uekkernel-uek-firmware-4.1.12-94.3.6.el7uekkernel-uek-4.1.12-94.3.6.el7uekkernel-uek-devel-4.1.12-94.3.6.el7uek

kernel-uek-debug-4.1.12-94.3.6.el7uekkernel-uek-doc-4.1.12-94.3.6.el7uekdtrace-modules-4.1.12-94.3.6.el7uek-0.6.0-4.el7

OEL6x86_64kernel-uek-firmware-4.1.12-94.3.6.el6uekkernel-uek-doc-4.1.12-94.3.6.el6uekdtrace-modules-4.1.12-94.3.6.el6uek-0.6.0-4.el6kernel-uek-devel-4.1.12-94.3.6.el6uekkernel-uek-debug-devel-4.1.12-94.3.6.el6uekkernel-uek-4.1.12-94.3.6.el6uekkernel-uek-debug-4.1.12-94.3.6.el6uek





http://oss.oracle.com/pipermail/el-errata/2017-June/006974.htmlhttp://oss.oracle.com/pipermail/el-errata/2017-June/006973.html

OEL7x86_64dtrace-modules-3.8.13-118.18.4.el7uek-0.4.5-3.el7kernel-uek-devel-3.8.13-118.18.4.el7uekkernel-uek-debug-devel-3.8.13-118.18.4.el7uekkernel-uek-debug-3.8.13-118.18.4.el7uekkernel-uek-firmware-3.8.13-118.18.4.el7uekkernel-uek-3.8.13-118.18.4.el7uekkernel-uek-doc-3.8.13-118.18.4.el7uek

OEL6x86_64kernel-uek-firmware-3.8.13-118.18.4.el6uekkernel-uek-3.8.13-118.18.4.el6uekkernel-uek-devel-3.8.13-118.18.4.el6uekkernel-uek-debug-3.8.13-118.18.4.el6uekdtrace-modules-3.8.13-118.18.4.el6uek-0.4.5-3.el6kernel-uek-doc-3.8.13-118.18.4.el6uekkernel-uek-debug-devel-3.8.13-118.18.4.el6uek






Amazon Linux AMIx86_64libtirpc-0.2.4-0.8.14.amzn1libtirpc-debuginfo-0.2.4-0.8.14.amzn1libtirpc-devel-0.2.4-0.8.14.amzn1

i686libtirpc-0.2.4-0.8.14.amzn1libtirpc-debuginfo-0.2.4-0.8.14.amzn1libtirpc-devel-0.2.4-0.8.14.amzn1






Amazon Linux AMIx86_64rpcbind-0.2.0-13.9.amzn1rpcbind-debuginfo-0.2.0-13.9.amzn1

i686rpcbind-0.2.0-13.9.amzn1rpcbind-debuginfo-0.2.0-13.9.amzn1






Amazon Linux AMIx86_64sudo-devel-1.8.6p3-28.25.amzn1sudo-1.8.6p3-28.25.amzn1sudo-debuginfo-1.8.6p3-28.25.amzn1

i686sudo-devel-1.8.6p3-28.25.amzn1sudo-1.8.6p3-28.25.amzn1sudo-debuginfo-1.8.6p3-28.25.amzn1






Amazon Linux AMIx86_64bind-sdb-9.8.2-0.62.rc1.55.amzn1bind-libs-9.8.2-0.62.rc1.55.amzn1bind-debuginfo-9.8.2-0.62.rc1.55.amzn1bind-9.8.2-0.62.rc1.55.amzn1bind-chroot-9.8.2-0.62.rc1.55.amzn1bind-utils-9.8.2-0.62.rc1.55.amzn1bind-devel-9.8.2-0.62.rc1.55.amzn1

i686bind-utils-9.8.2-0.62.rc1.55.amzn1bind-libs-9.8.2-0.62.rc1.55.amzn1bind-debuginfo-9.8.2-0.62.rc1.55.amzn1bind-9.8.2-0.62.rc1.55.amzn1bind-devel-9.8.2-0.62.rc1.55.amzn1bind-chroot-9.8.2-0.62.rc1.55.amzn1bind-sdb-9.8.2-0.62.rc1.55.amzn1


Category: SSH Module -> NonIntrusive -> Amazon Linux Patches and HotfixesRisk Level: High

CVE: CVE-2016-2125, CVE-2016-2126, CVE-2017-2619, CVE-2017-7494




Amazon Linux AMIi686samba-python-4.4.4-13.35.amzn1samba-winbind-4.4.4-13.35.amzn1samba-test-libs-4.4.4-13.35.amzn1samba-debuginfo-4.4.4-13.35.amzn1ctdb-tests-4.4.4-13.35.amzn1libwbclient-devel-4.4.4-13.35.amzn1samba-common-libs-4.4.4-13.35.amzn1samba-libs-4.4.4-13.35.amzn1samba-winbind-clients-4.4.4-13.35.amzn1libsmbclient-devel-4.4.4-13.35.amzn1samba-common-tools-4.4.4-13.35.amzn1samba-winbind-modules-4.4.4-13.35.amzn1ctdb-4.4.4-13.35.amzn1libwbclient-4.4.4-13.35.amzn1samba-client-libs-4.4.4-13.35.amzn1samba-test-4.4.4-13.35.amzn1samba-krb5-printing-4.4.4-13.35.amzn1samba-winbind-krb5-locator-4.4.4-13.35.amzn1libsmbclient-4.4.4-13.35.amzn1samba-devel-4.4.4-13.35.amzn1samba-client-4.4.4-13.35.amzn1samba-4.4.4-13.35.amzn1

noarchsamba-common-4.4.4-13.35.amzn1samba-pidl-4.4.4-13.35.amzn1

x86_64samba-python-4.4.4-13.35.amzn1samba-winbind-4.4.4-13.35.amzn1samba-debuginfo-4.4.4-13.35.amzn1ctdb-tests-4.4.4-13.35.amzn1samba-libs-4.4.4-13.35.amzn1libwbclient-devel-4.4.4-13.35.amzn1samba-winbind-krb5-locator-4.4.4-13.35.amzn1samba-common-tools-4.4.4-13.35.amzn1samba-winbind-clients-4.4.4-13.35.amzn1libsmbclient-devel-4.4.4-13.35.amzn1samba-winbind-modules-4.4.4-13.35.amzn1ctdb-4.4.4-13.35.amzn1libwbclient-4.4.4-13.35.amzn1samba-client-libs-4.4.4-13.35.amzn1samba-common-libs-4.4.4-13.35.amzn1samba-krb5-printing-4.4.4-13.35.amzn1samba-test-4.4.4-13.35.amzn1

libsmbclient-4.4.4-13.35.amzn1samba-devel-4.4.4-13.35.amzn1samba-client-4.4.4-13.35.amzn1samba-test-libs-4.4.4-13.35.amzn1samba-4.4.4-13.35.amzn1


Category: SSH Module -> NonIntrusive -> Amazon Linux Patches and HotfixesRisk Level: HighCVE: CVE-2016-5542, CVE-2017-3509, CVE-2017-3511, CVE-2017-3526, CVE-2017-3533, CVE-2017-3539, CVE-2017-3544




Amazon Linux AMIi686java-1.7.0-openjdk-devel-1.7.0.141-2.6.10.1.73.amzn1java-1.7.0-openjdk-debuginfo-1.7.0.141-2.6.10.1.73.amzn1java-1.7.0-openjdk-src-1.7.0.141-2.6.10.1.73.amzn1java-1.7.0-openjdk-1.7.0.141-2.6.10.1.73.amzn1java-1.7.0-openjdk-demo-1.7.0.141-2.6.10.1.73.amzn1

noarchjava-1.7.0-openjdk-javadoc-1.7.0.141-2.6.10.1.73.amzn1

x86_64java-1.7.0-openjdk-devel-1.7.0.141-2.6.10.1.73.amzn1java-1.7.0-openjdk-debuginfo-1.7.0.141-2.6.10.1.73.amzn1java-1.7.0-openjdk-src-1.7.0.141-2.6.10.1.73.amzn1java-1.7.0-openjdk-1.7.0.141-2.6.10.1.73.amzn1java-1.7.0-openjdk-demo-1.7.0.141-2.6.10.1.73.amzn1

178439 - Gentoo Linux GLSA-201706-12 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Gentoo Linux Patches and HotFixesRisk Level: HighCVE: CVE-2017-6014, CVE-2017-7700, CVE-2017-7701, CVE-2017-7702, CVE-2017-7703, CVE-2017-7704, CVE-2017-7705

DescriptionThe scan detected that the host is missing the following update:GLSA-201706-12


https://security.gentoo.org/glsa/201706-12

Affected packages: net-analyzer/wireshark < 2.2.6


Category: SSH Module -> NonIntrusive -> Gentoo Linux Patches and HotFixesRisk Level: HighCVE: CVE-2017-8779




Affected packages: net-nds/rpcbind < 0.2.4-r1net-libs/libtirpc < 1.0.1-r1


Category: SSH Module -> NonIntrusive -> Gentoo Linux Patches and HotFixesRisk Level: HighCVE: CVE-2017-7452, CVE-2017-7453, CVE-2017-7454, CVE-2017-7939, CVE-2017-7940, CVE-2017-7962, CVE-2017-8325, CVE-2017-8326, CVE-2017-8327




Affected packages: media-gfx/imageworsener < 1.3.1


Category: SSH Module -> NonIntrusive -> Gentoo Linux Patches and HotFixesRisk Level: HighCVE: CVE-2017-6542


Observation

Updates often remediate critical security problems that should be quickly addressed.For more information see:


Affected packages: net-ftp/filezilla < 3.25.2


Category: SSH Module -> NonIntrusive -> Gentoo Linux Patches and HotFixesRisk Level: HighCVE: CVE-2016-10244, CVE-2016-10328, CVE-2017-7857, CVE-2017-7858, CVE-2017-7864, CVE-2017-8105, CVE-2017-8287




Affected packages: media-libs/freetype < 2.8


Category: SSH Module -> NonIntrusive -> Gentoo Linux Patches and HotFixesRisk Level: HighCVE: CVE-2016-9603, CVE-2017-7377, CVE-2017-7471, CVE-2017-7493, CVE-2017-7718, CVE-2017-7980, CVE-2017-8086, CVE-2017-8112, CVE-2017-8309, CVE-2017-8379, CVE-2017-8380, CVE-2017-9060, CVE-2017-9310, CVE-2017-9330




Affected packages: app-emulation/qemu < 2.9.0-r2


Category: SSH Module -> NonIntrusive -> Gentoo Linux Patches and HotFixesRisk Level: HighCVE: CVE-MAP-NOMATCH

Description

The scan detected that the host is missing the following update:GLSA-201706-01



Affected packages: sys-auth/munge < 0.5.10-r2

185728 - Ubuntu Linux 14.04, 16.04, 16.10, 17.04 USN-3311-1 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Ubuntu Patches and HotfixesRisk Level: HighCVE: CVE-2017-0553

DescriptionThe scan detected that the host is missing the following update:USN-3311-1


https://lists.ubuntu.com/archives/ubuntu-security-announce/2017-June/003885.html

Ubuntu 16.04

libnl-3-200_3.2.27-1ubuntu0.16.04.1

Ubuntu 14.04

libnl-3-200_3.2.21-1ubuntu4.1

Ubuntu 16.10

libnl-3-200_3.2.27-1ubuntu0.16.10.1

Ubuntu 17.04

libnl-3-200_3.2.29-0ubuntu2.1


Category: SSH Module -> NonIntrusive -> Ubuntu Patches and HotfixesRisk Level: HighCVE: CVE-2017-0350, CVE-2017-0351, CVE-2017-0352


Observation


https://lists.ubuntu.com/archives/ubuntu-security-announce/2017-May/003879.html

Ubuntu 16.04

nvidia-375_375.66-0ubuntu0.16.04.1nvidia-367_375.66-0ubuntu0.16.04.1

Ubuntu 14.04


Ubuntu 16.10


Ubuntu 17.04


192172 - Fedora Linux 26 FEDORA-2017-6125002d79 Update Is Not Installed


DescriptionThe scan detected that the host is missing the following update:FEDORA-2017-6125002d79



Fedora Core 26

libvncserver-0.9.11-2.fc26

21837 - (SB10193) McAfee Host Intrusion Prevention Arbitrary Code Injection Vulnerability

Category: Windows Host Assessment -> Miscellaneous (CATEGORY REQUIRES CREDENTIALS)Risk Level: MediumCVE: CVE-2017-4028

DescriptionA vulnerability is present in some versions of McAfee Host Intrusion Prevention.

Observation

McAfee Host Intrusion Prevention is an industry standard security application that monitors and blocks unwanted activity and makes it easier to keep desktops safe with multiple proven methods system firewall, signature analysis, and behavioral analysis.

A vulnerability is present in some versions of McAfee Host Intrusion Prevention. The flaw is related with a registry vulnerability in Microsoft Windows. Successful exploitation could allow a local attacker to execute arbitrary code on the target system.

21864 - (K41107914) F5 BIG-IP iControl REST Vulnerability

Category: SSH Module -> NonIntrusive -> F5Risk Level: MediumCVE: CVE-2016-9251

DescriptionA privilege escalation vulnerability is present in some versions of F5 BIG-IP systems.


A privilege escalation vulnerability is present in some versions of F5 BIG-IP systems. The flaw lies in iControl REST component. Successful exploitation could allow an attacker to gain elevated privileges on the target system.


Category: SSH Module -> NonIntrusive -> Debian Patches and HotfixesRisk Level: MediumCVE: CVE-2017-8295, CVE-2017-9061, CVE-2017-9062, CVE-2017-9063, CVE-2017-9064, CVE-2017-9065




Debian 8.0allwordpress_4.1+dfsg-1+deb8u13


Category: SSH Module -> NonIntrusive -> Amazon Linux Patches and HotfixesRisk Level: MediumCVE: CVE-2017-8291


ObservationUpdates often remediate critical security problems that should be quickly addressed.

For more information see:


Amazon Linux AMIx86_64ghostscript-devel-8.70-23.25.amzn1ghostscript-debuginfo-8.70-23.25.amzn1ghostscript-doc-8.70-23.25.amzn1ghostscript-8.70-23.25.amzn1

i686ghostscript-doc-8.70-23.25.amzn1ghostscript-debuginfo-8.70-23.25.amzn1ghostscript-8.70-23.25.amzn1ghostscript-devel-8.70-23.25.amzn1


Category: SSH Module -> NonIntrusive -> Gentoo Linux Patches and HotFixesRisk Level: MediumCVE: CVE-2016-10221, CVE-2017-5991, CVE-2017-6060




Affected packages: app-text/mupdf < 1.11-r1


Category: SSH Module -> NonIntrusive -> Ubuntu Patches and HotfixesRisk Level: MediumCVE: CVE-2017-6891




Ubuntu 16.04

libtasn1-6_4.7-3ubuntu0.16.04.2

Ubuntu 14.04

libtasn1-6_3.4-3ubuntu0.5

Ubuntu 16.10


Ubuntu 17.04


185726 - Ubuntu Linux 16.04, 16.10, 17.04 USN-3310-1 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Ubuntu Patches and HotfixesRisk Level: MediumCVE: CVE-2017-8829




Ubuntu 16.04

lintian_2.5.43ubuntu0.1

Ubuntu 16.10

lintian_2.5.48ubuntu0.1

Ubuntu 17.04

lintian_2.5.50.1ubuntu0.1

185727 - Ubuntu Linux 14.04 USN-3308-1 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Ubuntu Patches and HotfixesRisk Level: MediumCVE: CVE-2014-3248, CVE-2017-2295




Ubuntu 14.04

puppet-common_3.4.3-1ubuntu1.2

192161 - Fedora Linux 25 FEDORA-2017-c7c3f7ed26 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Fedora Patches and HotfixesRisk Level: MediumCVE: CVE-2017-6891

DescriptionThe scan detected that the host is missing the following update:FEDORA-2017-c7c3f7ed26



Fedora Core 25

libtasn1-4.12-1.fc25

21836 - (VMSA-2017-0009) VMware Workstation Player Multiple Vulnerabilities

Category: Windows Host Assessment -> Miscellaneous (CATEGORY REQUIRES CREDENTIALS)Risk Level: MediumCVE: CVE-2017-4915, CVE-2017-4916

DescriptionMultiple vulnerabilities are present in some versions of VMware Workstation Player.

ObservationVMware Workstation Player is a virtualization software.

Multiple vulnerabilities are present in some versions of VMware Workstation Player. The flaws lie in several components. Successful exploitation could allow an attacker to escalate privileges and cause denial of services.

21862 - (VMSA-2017-0009) VMware Workstation Player Multiple Vulnerabilities

Category: SSH Module -> NonIntrusive -> SSH MiscellaneousRisk Level: MediumCVE: CVE-2017-4915, CVE-2017-4916

DescriptionMultiple vulnerabilities are present in some versions of VMware Workstation Player.

ObservationVMware Workstation Player is a virtualization software.

Multiple vulnerabilities are present in some versions of VMware Workstation Player. The flaws lie in several components. Successful

exploitation could allow an attacker to escalate privileges and cause denial of services.

21870 - (SB10199) McAfee ePolicy Orchestrator Tomcat Vulnerability

Category: Windows Host Assessment -> Miscellaneous (CATEGORY REQUIRES CREDENTIALS)Risk Level: MediumCVE: CVE-2017-5647

DescriptionA vulnerability is present in some versions of McAfee ePolicy Orchestrator.

ObservationMcAfee ePolicy Orchestrator (ePO) is widely acknowledged as the most advanced and scalable security management software.

A vulnerability is present in some versions of McAfee ePolicy Orchestrator. The flaw lies in the Tomcat component. Successful exploitation could allow an attacker to retrieve sensitive data from the target system.

21874 - (K59503294) F5 BIG-IP libjpeg Vulnerability


DescriptionA vulnerability is present in some versions of F5 BIG-IP systems.


A vulnerability is present in some versions of F5 BIG-IP systems. The flaw lies in libjpeg. Successful exploitation could allow a remote attacker to obtain sensitive information.

141588 - Red Hat Enterprise Linux RHSA-2017-1372 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Red Hat Enterprise Linux Patches and HotfixesRisk Level: MediumCVE: CVE-2017-6214

DescriptionThe scan detected that the host is missing the following update:RHSA-2017-1372


http://www.redhat.com/archives/enterprise-watch-list/2017-May/msg00034.html

RHEL6Di386python-perf-2.6.32-696.3.1.el6kernel-debuginfo-2.6.32-696.3.1.el6

perf-2.6.32-696.3.1.el6kernel-debug-devel-2.6.32-696.3.1.el6kernel-debuginfo-common-i686-2.6.32-696.3.1.el6kernel-debug-debuginfo-2.6.32-696.3.1.el6perf-debuginfo-2.6.32-696.3.1.el6kernel-2.6.32-696.3.1.el6python-perf-debuginfo-2.6.32-696.3.1.el6kernel-devel-2.6.32-696.3.1.el6kernel-headers-2.6.32-696.3.1.el6kernel-debug-2.6.32-696.3.1.el6

noarchkernel-abi-whitelists-2.6.32-696.3.1.el6kernel-firmware-2.6.32-696.3.1.el6kernel-doc-2.6.32-696.3.1.el6

x86_64kernel-debuginfo-2.6.32-696.3.1.el6kernel-debug-devel-2.6.32-696.3.1.el6kernel-debuginfo-common-x86_64-2.6.32-696.3.1.el6kernel-debug-2.6.32-696.3.1.el6python-perf-2.6.32-696.3.1.el6kernel-headers-2.6.32-696.3.1.el6python-perf-debuginfo-2.6.32-696.3.1.el6kernel-debug-debuginfo-2.6.32-696.3.1.el6perf-2.6.32-696.3.1.el6kernel-devel-2.6.32-696.3.1.el6kernel-debuginfo-common-i686-2.6.32-696.3.1.el6kernel-2.6.32-696.3.1.el6perf-debuginfo-2.6.32-696.3.1.el6

RHEL6Si386python-perf-2.6.32-696.3.1.el6kernel-debuginfo-2.6.32-696.3.1.el6perf-2.6.32-696.3.1.el6kernel-debug-devel-2.6.32-696.3.1.el6kernel-debuginfo-common-i686-2.6.32-696.3.1.el6kernel-debug-debuginfo-2.6.32-696.3.1.el6perf-debuginfo-2.6.32-696.3.1.el6kernel-2.6.32-696.3.1.el6python-perf-debuginfo-2.6.32-696.3.1.el6kernel-devel-2.6.32-696.3.1.el6kernel-headers-2.6.32-696.3.1.el6kernel-debug-2.6.32-696.3.1.el6


x86_64kernel-debuginfo-2.6.32-696.3.1.el6kernel-debug-devel-2.6.32-696.3.1.el6kernel-debuginfo-common-x86_64-2.6.32-696.3.1.el6kernel-debug-2.6.32-696.3.1.el6python-perf-2.6.32-696.3.1.el6kernel-headers-2.6.32-696.3.1.el6python-perf-debuginfo-2.6.32-696.3.1.el6kernel-debug-debuginfo-2.6.32-696.3.1.el6

perf-2.6.32-696.3.1.el6kernel-devel-2.6.32-696.3.1.el6kernel-debuginfo-common-i686-2.6.32-696.3.1.el6kernel-2.6.32-696.3.1.el6perf-debuginfo-2.6.32-696.3.1.el6

RHEL6WSi386kernel-debuginfo-2.6.32-696.3.1.el6perf-2.6.32-696.3.1.el6kernel-debug-devel-2.6.32-696.3.1.el6kernel-debuginfo-common-i686-2.6.32-696.3.1.el6kernel-debug-debuginfo-2.6.32-696.3.1.el6perf-debuginfo-2.6.32-696.3.1.el6kernel-2.6.32-696.3.1.el6python-perf-debuginfo-2.6.32-696.3.1.el6kernel-devel-2.6.32-696.3.1.el6kernel-headers-2.6.32-696.3.1.el6kernel-debug-2.6.32-696.3.1.el6


x86_64kernel-debuginfo-2.6.32-696.3.1.el6kernel-debuginfo-common-x86_64-2.6.32-696.3.1.el6kernel-debug-devel-2.6.32-696.3.1.el6kernel-debuginfo-common-i686-2.6.32-696.3.1.el6kernel-debug-debuginfo-2.6.32-696.3.1.el6perf-2.6.32-696.3.1.el6kernel-2.6.32-696.3.1.el6perf-debuginfo-2.6.32-696.3.1.el6kernel-devel-2.6.32-696.3.1.el6python-perf-debuginfo-2.6.32-696.3.1.el6kernel-headers-2.6.32-696.3.1.el6kernel-debug-2.6.32-696.3.1.el6


Category: SSH Module -> NonIntrusive -> SuSE Patches and HotfixesRisk Level: MediumCVE: CVE-2016-6489




SuSE SLED 12 SP2x86_64libnettle-debugsource-2.7.1-12.1

libhogweed2-debuginfo-2.7.1-12.1libnettle4-debuginfo-32bit-2.7.1-12.1libnettle4-debuginfo-2.7.1-12.1libhogweed2-32bit-2.7.1-12.1libhogweed2-debuginfo-32bit-2.7.1-12.1libhogweed2-2.7.1-12.1libnettle4-2.7.1-12.1libnettle4-32bit-2.7.1-12.1

SuSE SLES 12 SP2x86_64libnettle-debugsource-2.7.1-12.1libhogweed2-debuginfo-2.7.1-12.1libnettle4-debuginfo-32bit-2.7.1-12.1libnettle4-debuginfo-2.7.1-12.1libhogweed2-32bit-2.7.1-12.1libnettle4-2.7.1-12.1libhogweed2-debuginfo-32bit-2.7.1-12.1libhogweed2-2.7.1-12.1libnettle4-32bit-2.7.1-12.1


Category: SSH Module -> NonIntrusive -> Cent OS Patches and HotfixesRisk Level: MediumCVE: CVE-2017-6214




CentOS 6i686python-perf-2.6.32-696.3.1.el6perf-2.6.32-696.3.1.el6kernel-debug-devel-2.6.32-696.3.1.el6kernel-headers-2.6.32-696.3.1.el6kernel-2.6.32-696.3.1.el6kernel-devel-2.6.32-696.3.1.el6kernel-debug-2.6.32-696.3.1.el6


x86_64python-perf-2.6.32-696.3.1.el6perf-2.6.32-696.3.1.el6kernel-debug-devel-2.6.32-696.3.1.el6kernel-headers-2.6.32-696.3.1.el6kernel-2.6.32-696.3.1.el6

kernel-devel-2.6.32-696.3.1.el6kernel-debug-2.6.32-696.3.1.el6


Category: SSH Module -> NonIntrusive -> Amazon Linux Patches and HotfixesRisk Level: MediumCVE: CVE-2017-8386




Amazon Linux AMIi686git-debuginfo-2.7.5-1.49.amzn1git-svn-2.7.5-1.49.amzn1git-2.7.5-1.49.amzn1git-daemon-2.7.5-1.49.amzn1

noarchgit-p4-2.7.5-1.49.amzn1perl-Git-SVN-2.7.5-1.49.amzn1git-all-2.7.5-1.49.amzn1gitweb-2.7.5-1.49.amzn1git-hg-2.7.5-1.49.amzn1git-bzr-2.7.5-1.49.amzn1perl-Git-2.7.5-1.49.amzn1emacs-git-2.7.5-1.49.amzn1emacs-git-el-2.7.5-1.49.amzn1git-email-2.7.5-1.49.amzn1git-cvs-2.7.5-1.49.amzn1

x86_64git-2.7.5-1.49.amzn1git-svn-2.7.5-1.49.amzn1git-debuginfo-2.7.5-1.49.amzn1git-daemon-2.7.5-1.49.amzn1


Category: SSH Module -> NonIntrusive -> Amazon Linux Patches and HotfixesRisk Level: MediumCVE: CVE-2017-7484, CVE-2017-7486


Observation



Amazon Linux AMIx86_64postgresql92-debuginfo-9.2.21-1.60.amzn1postgresql92-server-9.2.21-1.60.amzn1postgresql92-libs-9.2.21-1.60.amzn1postgresql92-plperl-9.2.21-1.60.amzn1postgresql92-9.2.21-1.60.amzn1postgresql92-docs-9.2.21-1.60.amzn1postgresql92-test-9.2.21-1.60.amzn1postgresql92-server-compat-9.2.21-1.60.amzn1postgresql92-pltcl-9.2.21-1.60.amzn1postgresql92-plpython27-9.2.21-1.60.amzn1postgresql92-plpython26-9.2.21-1.60.amzn1postgresql92-contrib-9.2.21-1.60.amzn1postgresql92-devel-9.2.21-1.60.amzn1

i686postgresql92-debuginfo-9.2.21-1.60.amzn1postgresql92-server-9.2.21-1.60.amzn1postgresql92-plperl-9.2.21-1.60.amzn1postgresql92-docs-9.2.21-1.60.amzn1postgresql92-9.2.21-1.60.amzn1postgresql92-test-9.2.21-1.60.amzn1postgresql92-server-compat-9.2.21-1.60.amzn1postgresql92-pltcl-9.2.21-1.60.amzn1postgresql92-plpython27-9.2.21-1.60.amzn1postgresql92-plpython26-9.2.21-1.60.amzn1postgresql92-libs-9.2.21-1.60.amzn1postgresql92-contrib-9.2.21-1.60.amzn1postgresql92-devel-9.2.21-1.60.amzn1


Category: SSH Module -> NonIntrusive -> Amazon Linux Patches and HotfixesRisk Level: MediumCVE: CVE-2017-7484, CVE-2017-7485, CVE-2017-7486




Amazon Linux AMIx86_64postgresql95-plpython26-9.5.7-1.72.amzn1postgresql94-docs-9.4.12-1.68.amzn1postgresql95-9.5.7-1.72.amzn1postgresql95-libs-9.5.7-1.72.amzn1

postgresql95-contrib-9.5.7-1.72.amzn1postgresql93-docs-9.3.17-1.63.amzn1postgresql95-devel-9.5.7-1.72.amzn1postgresql93-contrib-9.3.17-1.63.amzn1postgresql95-plperl-9.5.7-1.72.amzn1postgresql93-devel-9.3.17-1.63.amzn1postgresql94-devel-9.4.12-1.68.amzn1postgresql94-contrib-9.4.12-1.68.amzn1postgresql94-debuginfo-9.4.12-1.68.amzn1postgresql94-server-9.4.12-1.68.amzn1postgresql95-docs-9.5.7-1.72.amzn1postgresql94-9.4.12-1.68.amzn1postgresql93-9.3.17-1.63.amzn1postgresql93-server-9.3.17-1.63.amzn1postgresql93-plperl-9.3.17-1.63.amzn1postgresql94-test-9.4.12-1.68.amzn1postgresql95-plpython27-9.5.7-1.72.amzn1postgresql93-debuginfo-9.3.17-1.63.amzn1postgresql95-static-9.5.7-1.72.amzn1postgresql94-plpython26-9.4.12-1.68.amzn1postgresql93-plpython26-9.3.17-1.63.amzn1postgresql93-test-9.3.17-1.63.amzn1postgresql95-server-9.5.7-1.72.amzn1postgresql95-test-9.5.7-1.72.amzn1postgresql93-pltcl-9.3.17-1.63.amzn1postgresql93-libs-9.3.17-1.63.amzn1postgresql93-plpython27-9.3.17-1.63.amzn1postgresql94-plperl-9.4.12-1.68.amzn1postgresql94-libs-9.4.12-1.68.amzn1postgresql95-debuginfo-9.5.7-1.72.amzn1postgresql94-plpython27-9.4.12-1.68.amzn1

i686postgresql95-plpython26-9.5.7-1.72.amzn1postgresql94-docs-9.4.12-1.68.amzn1postgresql95-9.5.7-1.72.amzn1postgresql95-libs-9.5.7-1.72.amzn1postgresql95-contrib-9.5.7-1.72.amzn1postgresql94-server-9.4.12-1.68.amzn1postgresql93-contrib-9.3.17-1.63.amzn1postgresql95-plperl-9.5.7-1.72.amzn1postgresql95-server-9.5.7-1.72.amzn1postgresql93-devel-9.3.17-1.63.amzn1postgresql94-devel-9.4.12-1.68.amzn1postgresql94-contrib-9.4.12-1.68.amzn1postgresql94-debuginfo-9.4.12-1.68.amzn1postgresql95-devel-9.5.7-1.72.amzn1postgresql95-docs-9.5.7-1.72.amzn1postgresql94-test-9.4.12-1.68.amzn1postgresql94-9.4.12-1.68.amzn1postgresql93-9.3.17-1.63.amzn1postgresql93-server-9.3.17-1.63.amzn1postgresql93-plperl-9.3.17-1.63.amzn1postgresql94-plpython27-9.4.12-1.68.amzn1postgresql95-plpython27-9.5.7-1.72.amzn1postgresql93-docs-9.3.17-1.63.amzn1postgresql95-static-9.5.7-1.72.amzn1postgresql94-plpython26-9.4.12-1.68.amzn1postgresql93-plpython26-9.3.17-1.63.amzn1postgresql93-test-9.3.17-1.63.amzn1

postgresql93-debuginfo-9.3.17-1.63.amzn1postgresql95-test-9.5.7-1.72.amzn1postgresql93-pltcl-9.3.17-1.63.amzn1postgresql93-libs-9.3.17-1.63.amzn1postgresql93-plpython27-9.3.17-1.63.amzn1postgresql94-plperl-9.4.12-1.68.amzn1postgresql94-libs-9.4.12-1.68.amzn1postgresql95-debuginfo-9.5.7-1.72.amzn1

175186 - Scientific Linux Security ERRATA Moderate: kernel on SL6.x i386/x86_64 (1705-14413)

Category: SSH Module -> NonIntrusive -> Scientific Linux Patches and HotFixesRisk Level: MediumCVE: CVE-2017-6214

DescriptionThe scan detected that the host is missing the following update:Security ERRATA Moderate: kernel on SL6.x i386/x86_64 (1705-14413)


https://listserv.fnal.gov/scripts/wa.exe?A2=ind1705&L=scientific-linux-errata&F=&S=&P=14413

SL6i386python-perf-2.6.32-696.3.1.el6kernel-debuginfo-2.6.32-696.3.1.el6perf-2.6.32-696.3.1.el6kernel-debug-devel-2.6.32-696.3.1.el6kernel-debuginfo-common-i686-2.6.32-696.3.1.el6kernel-debug-debuginfo-2.6.32-696.3.1.el6perf-debuginfo-2.6.32-696.3.1.el6kernel-2.6.32-696.3.1.el6python-perf-debuginfo-2.6.32-696.3.1.el6kernel-devel-2.6.32-696.3.1.el6kernel-headers-2.6.32-696.3.1.el6kernel-debug-2.6.32-696.3.1.el6


x86_64kernel-debuginfo-2.6.32-696.3.1.el6kernel-debug-devel-2.6.32-696.3.1.el6kernel-debuginfo-common-x86_64-2.6.32-696.3.1.el6kernel-debug-2.6.32-696.3.1.el6python-perf-2.6.32-696.3.1.el6kernel-headers-2.6.32-696.3.1.el6python-perf-debuginfo-2.6.32-696.3.1.el6kernel-debug-debuginfo-2.6.32-696.3.1.el6perf-2.6.32-696.3.1.el6kernel-devel-2.6.32-696.3.1.el6kernel-debuginfo-common-i686-2.6.32-696.3.1.el6kernel-2.6.32-696.3.1.el6

perf-debuginfo-2.6.32-696.3.1.el6


Category: SSH Module -> NonIntrusive -> Gentoo Linux Patches and HotFixesRisk Level: MediumCVE: CVE-MAP-NOMATCH




Affected packages: sys-apps/dbus < 1.10.18


Category: SSH Module -> NonIntrusive -> Gentoo Linux Patches and HotFixesRisk Level: MediumCVE: CVE-2017-2640




Affected packages: net-im/pidgin < 2.12.0






Affected packages: dev-vcs/git < 2.13.0






Affected packages: net-dialup/minicom < 2.7.1






Affected packages: dev-libs/libpcre < 8.40-r1

21830 - (VMSA-2017-0009) VMware Workstation Pro Multiple Vulnerabilities

Category: Windows Host Assessment -> Miscellaneous (CATEGORY REQUIRES CREDENTIALS)Risk Level: MediumCVE: CVE-2017-4915, CVE-2017-4916

DescriptionMultiple vulnerabilities are present in some versions of VMware Workstation Pro.

Observation

VMware Workstation is a virtualization software.

Multiple vulnerabilities are present in some versions of VMware Workstation Pro. The flaws are related with the vstor2 and ALSA drivers. Successful exploitation could allow an attacker to cause a denial of service or escalate privileges.

21865 - (K43523962) F5 BIG-IP BIG-IP APM XSS Vulnerability


DescriptionA vulnerability is present in some versions of F5 BIG-IP systems.

ObservationF5's BIG-IP product is a network appliance that runs F5's Traffic Management Operating System.

A vulnerability is present in some versions of F5 BIG-IP systems. The flaw is present in the BIG-IP APM product and is related with the Access Reports feature. Successful exploitation could allow an attacker to remotely inject arbitrary code on the target system.

21884 - (K25552364) F5 BIG-IP GNU C Library Vulnerability


DescriptionA denial of service vulnerability is present in some versions of F5 BIG-IP systems.


A denial of service vulnerability is present in some versions of F5 BIG-IP systems. The flaw lies in GNU C Library. Successful exploitation could allow an attacker to cause a denial of service condition.

21885 - (K22012502) F5 BIG-IP Linux kernel Vulnerability


DescriptionA denial-of-service vulnerability is present in some versions of F5 BIG-IP systems.


A denial-of-service vulnerability is present in some versions of F5 BIG-IP systems. The flaw lies in the Linux Kernel. Successful exploitation could allow a physically proximate attacker to cause a denial-of-service.


Category: SSH Module -> NonIntrusive -> Gentoo Linux Patches and HotFixes

Risk Level: MediumCVE: CVE-2016-6252, CVE-2017-2616




Affected packages: sys-apps/shadow < 4.4-r2


Category: SSH Module -> NonIntrusive -> Ubuntu Patches and HotfixesRisk Level: MediumCVE: CVE-2017-7585, CVE-2017-7586, CVE-2017-7741, CVE-2017-7742, CVE-2017-8361, CVE-2017-8362, CVE-2017-8363, CVE-2017-8365




Ubuntu 16.04

libsndfile1_1.0.25-10ubuntu0.16.04.1

Ubuntu 14.04

libsndfile1_1.0.25-7ubuntu2.2

Ubuntu 16.10

libsndfile1_1.0.25-10ubuntu0.16.10.1

Ubuntu 17.04

libsndfile1_1.0.27-1ubuntu0.1

192164 - Fedora Linux 25 FEDORA-2017-22f1a8404e Update Is Not Installed


DescriptionThe scan detected that the host is missing the following update:FEDORA-2017-22f1a8404e



Fedora Core 25

wget-1.18-3.fc25


Category: SSH Module -> NonIntrusive -> Debian Patches and HotfixesRisk Level: LowCVE: CVE-2017-9287




Debian 8.0allslapd-smbk5pwd_2.4.40+dfsg-1+deb8u3ldap-utils_2.4.40+dfsg-1+deb8u3slapd-dbg_2.4.40+dfsg-1+deb8u3slapd_2.4.40+dfsg-1+deb8u3libldap2-dev_2.4.40+dfsg-1+deb8u3libldap-2.4-2-dbg_2.4.40+dfsg-1+deb8u3libldap-2.4-2_2.4.40+dfsg-1+deb8u3






Debian 8.0allperl_5.20.2-3+deb8u7






Debian 8.0allzookeeper_3.4.5+dfsg-2+deb8u2

182364 - FreeBSD chromium Multiple Vulnerabilities (52f4b48b-4ac3-11e7-99aa-e8e0b747a45a)

Category: SSH Module -> NonIntrusive -> FreeBSD Patches and HotfixesRisk Level: LowCVE: CVE-2017-5070, CVE-2017-5071, CVE-2017-5072, CVE-2017-5073, CVE-2017-5074, CVE-2017-5075, CVE-2017-5076, CVE-2017-5077, CVE-2017-5078, CVE-2017-5079, CVE-2017-5080, CVE-2017-5081, CVE-2017-5082, CVE-2017-5083, CVE-2017-5085,CVE-2017-5086

DescriptionThe scan detected that the host is missing the following update:chromium -- multiple vulnerabilities (52f4b48b-4ac3-11e7-99aa-e8e0b747a45a)


http://www.vuxml.org/freebsd/52f4b48b-4ac3-11e7-99aa-e8e0b747a45a.html

Affected packages: chromium < 59.0.3071.86chromium-pulse < 59.0.3071.86

182365 - FreeBSD heimdal Bypass Of Capath Policy (40a8d798-4615-11e7-8080-a4badb2f4699)

Category: SSH Module -> NonIntrusive -> FreeBSD Patches and HotfixesRisk Level: LowCVE: CVE-MAP-NOMATCH

Description

The scan detected that the host is missing the following update:heimdal -- bypass of capath policy (40a8d798-4615-11e7-8080-a4badb2f4699)


http://www.vuxml.org/freebsd/40a8d798-4615-11e7-8080-a4badb2f4699.html

Affected packages: heimdal < 7.3.0

182366 - FreeBSD ansible Input Validation Flaw In Jinja2 Templating System (15a04b9f-47cb-11e7-a853-001fbc0f280f)

Category: SSH Module -> NonIntrusive -> FreeBSD Patches and HotfixesRisk Level: LowCVE: CVE-MAP-NOMATCH

DescriptionThe scan detected that the host is missing the following update:ansible -- Input validation flaw in jinja2 templating system (15a04b9f-47cb-11e7-a853-001fbc0f280f)


http://www.vuxml.org/freebsd/15a04b9f-47cb-11e7-a853-001fbc0f280f.html

Affected packages: ansible < 2.3.1

182367 - FreeBSD FreeRADIUS TLS Resumption Authentication Bypass (673dce46-46d0-11e7-a539-0050569f7e80)

Category: SSH Module -> NonIntrusive -> FreeBSD Patches and HotfixesRisk Level: LowCVE: CVE-2017-9148

DescriptionThe scan detected that the host is missing the following update:FreeRADIUS -- TLS resumption authentication bypass (673dce46-46d0-11e7-a539-0050569f7e80)


http://www.vuxml.org/freebsd/673dce46-46d0-11e7-a539-0050569f7e80.html

Affected packages: freeradius < 3.0.14freeradius2 < 3.0.14freeradius3 < 3.0.14

182368 - FreeBSD duo Two-factor Authentication Bypass (738e8ae1-46dd-11e7-a539-0050569f7e80)

Category: SSH Module -> NonIntrusive -> FreeBSD Patches and Hotfixes

Risk Level: LowCVE: CVE-MAP-NOMATCH

DescriptionThe scan detected that the host is missing the following update:duo -- Two-factor authentication bypass (738e8ae1-46dd-11e7-a539-0050569f7e80)


http://www.vuxml.org/freebsd/738e8ae1-46dd-11e7-a539-0050569f7e80.html

Affected packages: duo < 1.9.21


Category: SSH Module -> NonIntrusive -> Ubuntu Patches and HotfixesRisk Level: LowCVE: CVE-2017-9287




Ubuntu 16.04

slapd_2.4.42+dfsg-2ubuntu3.2

Ubuntu 14.04

slapd_2.4.31-1+nmu2ubuntu8.4

Ubuntu 16.10


Ubuntu 17.04


192160 - Fedora Linux 24 FEDORA-2017-7d698eba8b Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Fedora Patches and HotfixesRisk Level: LowCVE: CVE-2017-5052, CVE-2017-5053, CVE-2017-5054, CVE-2017-5055, CVE-2017-5056, CVE-2017-5057, CVE-2017-5058, CVE-2017-5059, CVE-2017-5060, CVE-2017-5061, CVE-2017-5062, CVE-2017-5063, CVE-2017-5064, CVE-2017-5065, CVE-2017-5066,CVE-2017-5067, CVE-2017-5068, CVE-2017-5069

DescriptionThe scan detected that the host is missing the following update:FEDORA-2017-7d698eba8b



Fedora Core 24

chromium-native_client-58.0.3029.81-1.20170421gitc948e9b.fc24chromium-58.0.3029.110-2.fc24

192162 - Fedora Linux 25 FEDORA-2017-690eedcf41 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Fedora Patches and HotfixesRisk Level: LowCVE: CVE-2017-7511

DescriptionThe scan detected that the host is missing the following update:FEDORA-2017-690eedcf41



Fedora Core 25

poppler-0.45.0-3.fc25

192166 - Fedora Linux 26 FEDORA-2017-c729c6123c Update Is Not Installed


DescriptionThe scan detected that the host is missing the following update:FEDORA-2017-c729c6123c



Fedora Core 26

samba-4.6.4-0.fc26

192168 - Fedora Linux 25 FEDORA-2017-54580efa82 Update Is Not Installed


DescriptionThe scan detected that the host is missing the following update:FEDORA-2017-54580efa82



Fedora Core 25

sudo-1.8.20p2-1.fc25

192170 - Fedora Linux 25 FEDORA-2017-8ad8d1bd86 Update Is Not Installed


DescriptionThe scan detected that the host is missing the following update:FEDORA-2017-8ad8d1bd86



Fedora Core 25

puppet-4.2.1-5.fc25

ENHANCED CHECKS

The following checks have been updated. Enhancements may include optimizations, changes that reflect new information on avulnerability and anything else that improves upon an existing FSL check.

33152 - Oracle Solaris 119758-39 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Solaris Patches and HotfixesRisk Level: HighCVE: CVE-2007-0452, CVE-2007-2444, CVE-2007-2446, CVE-2007-2447, CVE-2007-4138, CVE-2007-4572, CVE-2007-5398, CVE-2007-6015, CVE-2008-4314, CVE-2010-2063, CVE-2010-3069, CVE-2011-0719, CVE-2011-2522, CVE-2011-2694, CVE-2012-1182,CVE-2012-2111, CVE-2012-6150, CVE-2013-0213, CVE-2013-0214, CVE-2013-4124, CVE-2013-4408, CVE-2013-4475, CVE-2013-4496, CVE-2014-0178, CVE-2014-0244, CVE-2014-3493

Update DetailsName is updated Description is updated Observation is updated Recommendation is updated FASLScript is updated

33154 - Oracle Solaris 119757-39 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Solaris Patches and HotfixesRisk Level: HighCVE: CVE-2007-0452, CVE-2007-2444, CVE-2007-2446, CVE-2007-2447, CVE-2007-4138, CVE-2007-4572, CVE-2007-5398, CVE-2007-6015, CVE-2008-4314, CVE-2010-2063, CVE-2010-3069, CVE-2011-0719, CVE-2011-2522, CVE-2011-2694, CVE-2012-1182,CVE-2012-2111, CVE-2012-6150, CVE-2013-0213, CVE-2013-0214, CVE-2013-4124, CVE-2013-4408, CVE-2013-4475, CVE-2013-4496, CVE-2014-0178, CVE-2014-0244, CVE-2014-3493

Update DetailsName is updated Description is updated Observation is updated Recommendation is updated FASLScript is updated

21845 - (HT207798) Apple iOS Vulnerability Prior To 10.3.2

Category: Wireless Assessment -> NonIntrusive -> iOSRisk Level: HighCVE: CVE-2017-2495, CVE-2017-2496, CVE-2017-2497, CVE-2017-2498, CVE-2017-2499, CVE-2017-2501, CVE-2017-2502, CVE-2017-2504, CVE-2017-2505, CVE-2017-2506, CVE-2017-2507, CVE-2017-2508, CVE-2017-2510, CVE-2017-2513, CVE-2017-2514,CVE-2017-2515, CVE-2017-2518, CVE-2017-2519, CVE-2017-2520, CVE-2017-2521, CVE-2017-2524, CVE-2017-2525, CVE-2017-2526, CVE-2017-2528, CVE-2017-2530, CVE-2017-2531, CVE-2017-2536, CVE-2017-2538, CVE-2017-2539, CVE-2017-2544, CVE-2017-2547, CVE-2017-2549, CVE-2017-6979, CVE-2017-6980, CVE-2017-6981, CVE-2017-6982, CVE-2017-6983, CVE-2017-6984,CVE-2017-6987, CVE-2017-6989, CVE-2017-6991

Update DetailsRisk is updated

88866 - Slackware Linux 13.37, 14.0, 14.1, 14.2 SSA:2017-136-02 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Slackware Patches and HotfixesRisk Level: HighCVE: CVE-2017-8422



Category: SSH Module -> NonIntrusive -> Gentoo Linux Patches and HotFixesRisk Level: HighCVE: CVE-2016-9840, CVE-2016-9841, CVE-2016-9842, CVE-2016-9843


182347 - FreeBSD Kauth: Local Privilege Escalation (0baee383-356c-11e7-b9a9-50e549ebab6c)

Category: SSH Module -> NonIntrusive -> FreeBSD Patches and HotfixesRisk Level: HighCVE: CVE-2017-8422


182349 - FreeBSD Joomla3 SQL Injection (3c2549b3-3bed-11e7-a9f0-a4badb296695)

Category: SSH Module -> NonIntrusive -> FreeBSD Patches and HotfixesRisk Level: HighCVE: CVE-2017-8917


185689 - Ubuntu Linux 14.04 USN-3286-1 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Ubuntu Patches and HotfixesRisk Level: HighCVE: CVE-2017-8422


187744 - Fedora Linux 19 FEDORA-2014-3812 Update Is Not Installed






192093 - Fedora Linux 24 FEDORA-2017-6bdbf57f29 Update Is Not Installed



192100 - Fedora Linux 26 FEDORA-2017-dd51077c87 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes

Risk Level: HighCVE: CVE-2017-8422


192102 - Fedora Linux 26 FEDORA-2017-0898c704a1 Update Is Not Installed



192104 - Fedora Linux 25 FEDORA-2017-aff6f6bd9d Update Is Not Installed



192105 - Fedora Linux 25 FEDORA-2017-7e3437b905 Update Is Not Installed



192134 - Fedora Linux 24 FEDORA-2017-8b4898ce81 Update Is Not Installed




Category: SSH Module -> NonIntrusive -> Debian Patches and HotfixesRisk Level: MediumCVE: CVE-2017-6891



Category: SSH Module -> NonIntrusive -> Gentoo Linux Patches and HotFixesRisk Level: MediumCVE: CVE-2015-4054, CVE-2015-6817


181596 - FreeBSD pgbouncer Failed Auth_query Lookup Leads To Connection As Auth_user (d76961da-56f6-11e5-934b-002590263bf5)

Category: SSH Module -> NonIntrusive -> FreeBSD Patches and HotfixesRisk Level: MediumCVE: CVE-2015-6817


182358 - FreeBSD OpenEXR Multiple Remote Code Execution And Denial Of Service Vulnerabilities (803879e9-4195-11e7-9b08-080027ef73ec)

Category: SSH Module -> NonIntrusive -> FreeBSD Patches and HotfixesRisk Level: MediumCVE: CVE-2017-9110, CVE-2017-9111, CVE-2017-9112, CVE-2017-9113, CVE-2017-9114, CVE-2017-9115, CVE-2017-9116





21373 - (MS17-007) Microsoft Edge Memory Handling Information Disclosure I (4013071)

Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS)Risk Level: MediumCVE: CVE-2017-0011

Update Details

21495 - LibreOffice Calc and Writer Arbitrary File Disclosure Vulnerability

Category: SSH Module -> NonIntrusive -> Mac OS X Patches and HotfixesRisk Level: Medium

CVE: CVE-2017-3157

Update Details

181441 - FreeBSD pgbouncer Remote Denial Of Service (8fbd4187-0f18-11e5-b6a8-002590263bf5)



181483 - FreeBSD Roundcube - Multiple Vulnerabilities (038a5808-24b3-11e5-b0c8-bf4d8935d4fa)

Category: SSH Module -> NonIntrusive -> FreeBSD Patches and HotfixesRisk Level: MediumCVE: CVE-2015-5381, CVE-2015-5383



Category: SSH Module -> NonIntrusive -> Fedora Patches and HotfixesRisk Level: MediumCVE: CVE-2015-5381, CVE-2015-5382, CVE-2015-5383


191610 - Fedora Linux 25 FEDORA-2017-7b181f9c98 Update Is Not Installed



192147 - Fedora Linux 25 FEDORA-2017-8ff992386d Update Is Not Installed



181714 - FreeBSD redmine Potential XSS Vulnerability (939a7086-9ed6-11e5-8f5c-002590263bf5)



70050 - vmware.fasl3.inc

Category: General Vulnerability Assessment -> NonIntrusive -> Invalid CategoryRisk Level: InformationalCVE: CVE-MAP-NOMATCH

Update DetailsFASLScript is updated

ADDITIONAL NOTES

HOW TO UPDATE

FS1000 APPLIANCE customers should follow the instructions for Enterprise/Professional customers, below. In addition, we stronglyurge all appliance customers to authorize and install any Windows Update critical patches. The appliance will auto-download anycritical updates but will wait for your explicit authorization before installing.

FOUNDSTONE ENTERPRISE and PROFESSIONAL customers may obtain these new scripts using the FSUpdate Utility by selecting"FoundScan Update" on the help menu. Make sure that you have a valid FSUpdate username and password. The new vulnerabilityscripts will be automatically included in your scans if you have selected that option by right-clicking the selected vulnerability categoryand checking the "Run New Checks" checkbox.

MANAGED SERVICE CUSTOMERS already have the newest update applied to their environment. The new vulnerability scripts willbe automatically included when your scans are next scheduled, provided the Run New Scripts option has been turned on.

MCAFEE TECHNICAL SUPPORT

ServicePortal: https://mysupport.mcafee.comMulti-National Phone Support available here:

http://www.mcafee.com/us/about/contact/index.htmlNon-US customers - Select your country from the list of Worldwide Offices.

This email may contain confidential and privileged material for the sole use of the intended recipient. Any review or distribution byothers is strictly prohibited. If you are not the intended recipient please contact the sender and delete all copies.

Copyright 2017 McAfee, Inc.McAfee is a registered trademark of McAfee, Inc. and/or its affiliates

https://mysupport.mcafee.com/

http://www.mcafee.com/us/about/contact/index.html

MCAFEE FOUNDSTONE FSL UPDATE 2017-JUN-08 · A privilege escalation vulnerability is present in some...

Documents

Transcript of MCAFEE FOUNDSTONE FSL UPDATE 2017-JUN-08 · A privilege escalation vulnerability is present in some...