Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

New VA Modules: NSE: 2, Nessus: 8

From: New VA Module Alert Service <postmaster () insecure org>
Date: Sun, 7 Oct 2012 10:00:19 -0700 (PDT)
This report describes any new scripts/modules/exploits added to Nmap,
OpenVAS, Metasploit, and Nessus since yesterday.

== Nmap Scripting Engine scripts (2) ==

r29951 oracle-brute-stealth http://nmap.org/nsedoc/scripts/oracle-brute-stealth.html
https://svn.nmap.org/nmap/scripts/oracle-brute-stealth.nse
Exploits the CVE-2012-3137 vulnerability, a weaknes in Oracle's O5LOGIN
authentication scheme. The vulnerability exists in Oracle 11g R1,R2 and
allows linking the session key to a password hash. When initiating an
authentication attempt as a valid user the server will respond with a
session key and salt. Once received the script will disconnect the
connection thereby not recording the login attempt. The session key and
salt can then be used to brute force the users password.

r29953 oracle-brute-stealth http://nmap.org/nsedoc/scripts/oracle-brute-stealth.html
https://svn.nmap.org/nmap/scripts/oracle-brute-stealth.nse
Exploits the CVE-2012-3137 vulnerability, a weaknes in Oracle's O5LOGIN
authentication scheme. The vulnerability exists in Oracle 11g R1,R2 and
allows linking the session key to a password hash. When initiating an
authentication attempt as a valid user the server will respond with a
session key and salt. Once received the script will disconnect the
connection thereby not recording the login attempt. The session key and
salt can then be used to brute force the users password.

== Nessus plugins (8) ==

62447 mandriva_MDVSA-2012-161.nasl
http://nessus.org/plugins/index.php?view=single&id=62447
Mandriva Linux Security Advisory : html2ps (MDVSA-2012:161)

62446 mandriva_MDVSA-2012-160.nasl
http://nessus.org/plugins/index.php?view=single&id=62446
Mandriva Linux Security Advisory : imagemagick (MDVSA-2012:160)

62445 mandriva_MDVSA-2012-151.nasl
http://nessus.org/plugins/index.php?view=single&id=62445
Mandriva Linux Security Advisory : ghostscript (MDVSA-2012:151-1)

62444 mandriva_MDVSA-2012-150.nasl
http://nessus.org/plugins/index.php?view=single&id=62444
Mandriva Linux Security Advisory : java-1.6.0-openjdk (MDVSA-2012:150-1)

62443 fedora_2012-14363.nasl
http://nessus.org/plugins/index.php?view=single&id=62443
Fedora 16 : phpldapadmin-1.2.2-3.gitbbedf1.fc16 (2012-14363)

62442 fedora_2012-14344.nasl
http://nessus.org/plugins/index.php?view=single&id=62442
Fedora 17 : phpldapadmin-1.2.2-3.gitbbedf1.fc17 (2012-14344)

62441 fedora_2012-14279.nasl
http://nessus.org/plugins/index.php?view=single&id=62441
Fedora 18 : phpldapadmin-1.2.2-3.gitbbedf1.fc18 (2012-14279)

62440 debian_DSA-2555.nasl
http://nessus.org/plugins/index.php?view=single&id=62440
Debian DSA-2555-1 : libxslt - several vulnerabilities
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: