#VU200 Buffer overflow in Tenable Nessus in Apple Inc. products - CVE-2016-0718
Vulnerability identifier: #VU200
Vulnerability risk: Critical
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Red]
CVE-ID: CVE-2016-0718
CWE-ID:
CWE-119
Exploitation vector: Network
Exploit availability: No
Vulnerable software:
Tenable Nessus
Client/Desktop applications /
Software for system administration
Oracle Solaris
Operating systems & Components /
Operating system
Oracle Linux
Operating systems & Components /
Operating system
macOS
Operating systems & Components /
Operating system
Oracle VM Server for x86
Server applications /
Other server solutions
Vendor:
Tenable Network Security
Oracle
Apple Inc.
Description
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to boundary error when handling malformed input documents. A remote unauthenticated attacker can trigger a buffer overflow in the Expat XML parser library and execute arbitrary code by sending specially crafted data to vulnerable server.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Mitigation
Install the latest version (6.8).
Vulnerable software versions
Tenable Nessus: 6.0.0 - 6.1.11
Oracle Solaris: 10 - 11.3
Oracle VM Server for x86: 3.3 - 3.4
Oracle Linux: 6 - 7
macOS: 10.11 - 10.11.5
External links
https://www.tenable.com/security/tns-2016-11
https://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html
https://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html
https://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html
https://support.apple.com/cs-cz/HT206903
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
