Tenable Network Security Podcast Episode 173 - "VMware vCenter Patching, Detecting Vulnerable Browsers"
Announcements
- We're hiring! - Visit the Tenable Careers page for information about open positions.
- Check out our video channel on YouTube for Nessus and SecurityCenter tutorials.
- Tenable Tweets - Find us on Twitter at http://twitter.com/tenablesecurity where we Tweet product and company announcements, Nessus plugin statistics, and more!
- Want to ask questions about Nessus, SecurityCenter, LCE, and PVS and get answers from the experts at Tenable? Join Tenable's Discussion Forum for custom scripts, announcements, and more!
- You can subscribe to the Tenable Network Security Podcast on iTunes!
Discussion & Highlighted Plugins
VMware vCenter Patching
- This week, Tenable released two plugins affecting VMware vCenter. If you are running this product, you must patch this—vCenter is the foundation to your foundation. Successful attacks not only grant the attacker access to the hypervisor, they grant access to all your hypervisors. An attacker with access to the hypervisor has "virtual physical access." For example, downloading the snapshots from your VMware servers is similar to physically sitting in front of your computer. Designing an architecture that allows you to easily patch the virtual infrastructure is not all that easy. While this is certainly technically feasible, the challenges come with a price tag of having multiple, redundant virtual environments. How can we build a cost-effective and low-security-risk virtual infrastructure?
Detecting Vulnerable Browsers
- You can't have too many checks and balances when it comes to keeping browsers up-to-date with patches. For example, I use Google Chrome on OS X, and set it up to update automatically. Most people are not like me and don't keep up with all the latest vulnerabilities. So, it's very easy to never realize something needs to be updated. Now, multiply this problem by thousands of desktops, virtual machines, and devices that run a web browser. Turns out my browser was in a funky state, and I had to reinstall the updater. Having something like Tenable PVS would help, always telling me which of my machines and devices need updating. Even if I think they're updated, the User-Agent typically doesn't lie (unless you are telling it to). How do you keep your browsers up-to-date? Are there other circumstances which may cause patches to not be applied correctly?
Vulnerability Trending Using Scanning, Sniffing, and Logging
- I really like this SecurityCenter dashboard. If I was responsible for network security, I'd use it. Being able to pull from three different sources to get vulnerability data is really powerful. Few things are able to hide. I really like that since vulnerabilities can be deceptive, and it's the ones you miss that get exploited. This is what a penetration test does, finds those vulnerabilities in the dark, dusty corners that you missed.
New & Notable Plugins
Nessus
General
- IrfanView FlashPix Plugin < 4.36 Summary Information Property Set Handling Integer Overflow
- Oracle GlassFish Server 3.0.1 < 3.0.1.7 / 3.1.2 < 3.1.2.5 Multiple Vulnerabilities (April 2013 CPU)
- CoDeSys Gateway Service < 2.3.9.28 Use-After-Free
- VMware vCenter Multiple Vulnerabilities (VMSA-2012-0013)
- SAP Control SOAP Web Service Remote Code Execution (SAP Note 1414444)
- Mac OS X 10.8 < 10.8.4 Multiple Vulnerabilities
- Mac OS X Multiple Vulnerabilities (Security Update 2013-002)
- Mac OS X : Safari < 6.0.5 Multiple Vulnerabilities
- Trend Micro DirectPass < 1.6.0.1015 Multiple Vulnerabilities
- VMware vCenter Server Multiple Vulnerabilities (VMSA-2012-0005)
- Google Chrome < 27.0.1453.110 Multiple Vulnerabilities
- Splunk 5.0.x < 5.0.3 Multiple Vulnerabilities
- Mac OS X 10.7 / 10.8 Unauthorized File Access (remote check)
- ISC BIND 9 Recursive Resolver Malformed Zone DoS
- Siemens Solid Edge SEListCtrlX ActiveX Control SetItemReadOnly Method Memory Address Write Arbitrary Code Execution
- Siemens Solid Edge WPHelper ActiveX Control OpenInEditor Method Arbitrary Command Execution
- MediaWiki 1.19.x < 1.19.7 / 1.20.x < 1.20.6 Arbitrary File Upload
- PHP 5.3.x < 5.3.26 Multiple Vulnerabilities
- PHP 5.4.x < 5.4.16 Multiple Vulnerabilities
- Plesk Panel Apache Arbitrary PHP Code Injection
- SSL Null Cipher Suites Supported
- HP Data Protector Multiple Vulnerabilities
Passive Vulnerability Scanner
Vulnerability Detection
- Apache Subversion < 1.8.0 / 1.7.10 / 1.6.23 Multiple Vulnerabilities
- Eclipse IDE Software Detection
- Mac OS X : Safari < 6.0.5 Multiple Security Vulnerabilities
- Google Chrome < 27.0.1453.110 Multiple Vulnerabilities
- Mac OS X 10.8 < 10.8.4 Multiple Vulnerabilities (Security Update 2013-002)
- CAPWAP Protocol Client Detection
- CAPWAP Protocol Detection
- CAPWAP Protocol Server Detection
- LWAPP Protocol Detection
- PROMOTIC SCADA Server Detection
- ISC BIND 9.6-ESV-R9 / 9.8.5 / 9.9.3 Remote Denial of Service Vulnerability
- PHP < 5.4.16 / 5.3.26 Heap Based Buffer Overflow Vulnerability
- IBM Websphere DataPower server detection
SecurityCenter Dashboards and Report Templates
Dashboards
- Print Services Vulnerabilities
- Operating System Vulnerabilities
- Vulnerability Trending with Scanning, Sniffing and Logging
- Enterprise Management Software Vulnerabilities
- Network Service Vulnerabilities
- Application Development Vulnerabilities
- Media Player Vulnerability Dashboard
- Database Software Vulnerabilities
- Adobe Software Vulnerabilities
Reports
- Print Services Vulnerability Report
- Operating System Vulnerability Report
- Enterprise Management Software Vulnerabilities
- Network Service Vulnerabilities
- Vulnerability Trending with Scanning, Sniffing and Logging
- Application Development Vulnerabilities
- Media Player Vulnerability Report
- Database Software Vulnerabilities
- Adobe Software Vulnerabilities
Security News Stories
Related Articles
Tenable Network Security Podcast Episode 198 - "PCI Discussion Featuring Jeffrey Man"
February 13, 2014<p></p>
CVE-2024-7593: Ivanti Virtual Traffic Manager Authentication Bypass Vulnerability
August 14, 2024Ivanti released a patch for a critical severity authentication bypass vulnerability and a warning that exploit code is publicly available
Microsoft’s August 2024 Patch Tuesday Addresses 88 CVEs
August 13, 2024Microsoft addresses 88 CVEs with seven critical vulnerabilities and 10 zero-day vulnerabilities, six of which were exploited in the wild.
Compromising Microsoft's AI Healthcare Chatbot Service
August 13, 2024Tenable Research discovered multiple privilege-escalation issues in the Azure Health Bot Service via a server-side request forgery (SSRF), which allowed researchers access to cross-tenant resources.
- Podcast