Nmap Development mailing list archives
New VA Modules: NSE: 2, Nessus: 8
From: New VA Module Alert Service <postmaster () insecure org>
Date: Sun, 7 Oct 2012 10:00:19 -0700 (PDT)
This report describes any new scripts/modules/exploits added to Nmap, OpenVAS, Metasploit, and Nessus since yesterday. == Nmap Scripting Engine scripts (2) == r29951 oracle-brute-stealth http://nmap.org/nsedoc/scripts/oracle-brute-stealth.html https://svn.nmap.org/nmap/scripts/oracle-brute-stealth.nse Exploits the CVE-2012-3137 vulnerability, a weaknes in Oracle's O5LOGIN authentication scheme. The vulnerability exists in Oracle 11g R1,R2 and allows linking the session key to a password hash. When initiating an authentication attempt as a valid user the server will respond with a session key and salt. Once received the script will disconnect the connection thereby not recording the login attempt. The session key and salt can then be used to brute force the users password. r29953 oracle-brute-stealth http://nmap.org/nsedoc/scripts/oracle-brute-stealth.html https://svn.nmap.org/nmap/scripts/oracle-brute-stealth.nse Exploits the CVE-2012-3137 vulnerability, a weaknes in Oracle's O5LOGIN authentication scheme. The vulnerability exists in Oracle 11g R1,R2 and allows linking the session key to a password hash. When initiating an authentication attempt as a valid user the server will respond with a session key and salt. Once received the script will disconnect the connection thereby not recording the login attempt. The session key and salt can then be used to brute force the users password. == Nessus plugins (8) == 62447 mandriva_MDVSA-2012-161.nasl http://nessus.org/plugins/index.php?view=single&id=62447 Mandriva Linux Security Advisory : html2ps (MDVSA-2012:161) 62446 mandriva_MDVSA-2012-160.nasl http://nessus.org/plugins/index.php?view=single&id=62446 Mandriva Linux Security Advisory : imagemagick (MDVSA-2012:160) 62445 mandriva_MDVSA-2012-151.nasl http://nessus.org/plugins/index.php?view=single&id=62445 Mandriva Linux Security Advisory : ghostscript (MDVSA-2012:151-1) 62444 mandriva_MDVSA-2012-150.nasl http://nessus.org/plugins/index.php?view=single&id=62444 Mandriva Linux Security Advisory : java-1.6.0-openjdk (MDVSA-2012:150-1) 62443 fedora_2012-14363.nasl http://nessus.org/plugins/index.php?view=single&id=62443 Fedora 16 : phpldapadmin-1.2.2-3.gitbbedf1.fc16 (2012-14363) 62442 fedora_2012-14344.nasl http://nessus.org/plugins/index.php?view=single&id=62442 Fedora 17 : phpldapadmin-1.2.2-3.gitbbedf1.fc17 (2012-14344) 62441 fedora_2012-14279.nasl http://nessus.org/plugins/index.php?view=single&id=62441 Fedora 18 : phpldapadmin-1.2.2-3.gitbbedf1.fc18 (2012-14279) 62440 debian_DSA-2555.nasl http://nessus.org/plugins/index.php?view=single&id=62440 Debian DSA-2555-1 : libxslt - several vulnerabilities _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- New VA Modules: NSE: 2, Nessus: 8 New VA Module Alert Service (Oct 07)