27.02.2013 Views

(PVS) Signatures - Tenable Network Security

(PVS) Signatures - Tenable Network Security

(PVS) Signatures - Tenable Network Security

SHOW MORE
SHOW LESS

Create successful ePaper yourself

Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.

Solution: Upgrade or patch according to vendor recommendations.<br />

CVE-2006-0006<br />

Microsoft Windows Media Player Bitmap File Processing Overflow (911565)<br />

<strong>PVS</strong> ID: 3430 FAMILY: Generic RISK: HIGH NESSUS ID:20905<br />

Description: Synopsis :\n\nArbitrary code can be executed on the remote host through the Windows<br />

Media Player.\n\nThe remote host is running Microsoft Media Player version 9.0. There is<br />

a vulnerability in the remote version of this software that may allow an attacker to execute<br />

arbitrary code on the remote host. To exploit this flaw, one attacker would need to set up a<br />

rogue BMP image and send it to a victim on the remote host.<br />

Solution: Upgrade or patch according to vendor recommendations.<br />

CVE-2006-0006<br />

Windows Media Player Bitmap File Processing Overflow (911565)<br />

<strong>PVS</strong> ID: 3431 FAMILY: Generic RISK: HIGH NESSUS ID:20905<br />

Description: Synopsis :\n\nArbitrary code can be executed on the remote host through the Windows<br />

Media Player.\n\nThe remote host is running Microsoft Media Player version 7.1. There is<br />

a vulnerability in the remote version of this software that may allow an attacker to execute<br />

arbitrary code on the remote host. To exploit this flaw, one attacker would need to set up a<br />

rogue BMP image and send it to a victim on the remote host.<br />

Solution: Upgrade or patch according to vendor recommendations.<br />

CVE-2006-0006<br />

SSH Tectia Server SFTP Filename Logging Format String<br />

<strong>PVS</strong> ID: 3432 FAMILY: SSH<br />

RISK:<br />

MEDIUM<br />

NESSUS ID:20927<br />

Description: Synopsis :\n\nThe remote SSH server may be affected by a format string<br />

vulnerability.\n\nThe remote host is running SSH Tectia Server, a commercial SSH server.<br />

According to its banner, the installed version of this software contains a format string<br />

vulnerability in its SFTP subsystem. An authenticated remote attacker may be able to<br />

execute arbitrary code on the affected host subject to his privileges or crash the server<br />

itself.<br />

Solution: Upgrade to version 4.3.7, 4.4.2 or higher.<br />

CVE-2006-0705<br />

Passive Vulnerability Scanner (<strong>PVS</strong>) <strong>Signatures</strong><br />

dotProject < 2.0.2 Multiple Script Remote File Inclusion<br />

<strong>PVS</strong> ID: 3433 FAMILY: CGI RISK: HIGH NESSUS ID:20925<br />

Family Internet Services 882

Hooray! Your file is uploaded and ready to be published.

Saved successfully!

Ooh no, something went wrong!