2016-AUG-18 FSL version 7.5.841 MCAFEE FOUNDSTONE FSL UPDATE To better protect your environment McAfee has created this FSL check update for the Foundstone Product Suite. The following is a detailed summary of the new and updated checks included with this release. NEW CHECKS 20369 - Splunk Enterprise Multiple Vulnerabilities (SP-CAAAPQM) Category: General Vulnerability Assessment -> NonIntrusive -> Web Server Risk Level: High CVE: CVE-2013-0211, CVE-2015-2304, CVE-2016-1541, CVE-2016-2105, CVE-2016-2106, CVE-2016-2107, CVE-2016-2108, CVE- 2016-2109, CVE-2016-2176 Description Multiple vulnerabilities are present in some versions of Splunk Enterprise. Observation Splunk Enterprise is an operational intelligence solution Multiple vulnerabilities are present in some versions of Splunk Enterprise. The flaws lie in multiple components. Successful exploitation by a remote attacker could lead to the information disclosure of sensitive information, cause denial of service or execute arbitrary code. 20428 - (HT206899) Apple iCloud Multiple Vulnerabilities Prior To 5.2.1 Category: Windows Host Assessment -> Miscellaneous (CATEGORY REQUIRES CREDENTIALS) Risk Level: High CVE: CVE-2016-1684, CVE-2016-1836, CVE-2016-4447, CVE-2016-4448, CVE-2016-4449, CVE-2016-4483, CVE-2016-4607, CVE- 2016-4608, CVE-2016-4609, CVE-2016-4610, CVE-2016-4612, CVE-2016-4614, CVE-2016-4615, CVE-2016-4616, CVE-2016-4619 Description Multiple vulnerabilities are present in some versions of Apple iCloud. Observation Apple iCloud is a manager for the Apple's could based storage service. Multiple vulnerabilities are present in some versions of Apple iCloud. The flaws lie in several components. Successful exploitation could allow an attacker to retrieve sensitive data, cause a denial of service condition or have other unspecified impact on the target system. 182060 - FreeBSD FreeBSD Rtsold (8) remote buffer overflow vulnerability (72ee7111-6007-11e6-a6c3-14dae9d210b8) Category: SSH Module -> NonIntrusive -> FreeBSD Patches and Hotfixes Risk Level: High CVE: CVE-2014-3954 Description The scan detected that the host is missing the following update: FreeBSD -- rtsold(8) remote buffer overflow vulnerability (72ee7111-6007-11e6-a6c3-14dae9d210b8) Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: http://www.vuxml.org/freebsd/72ee7111-6007-11e6-a6c3-14dae9d210b8.html Affected packages: 10.0 <= FreeBSD < 10.0_10 9.3 <= FreeBSD < 9.3_3 9.2 <= FreeBSD < 9.2_13 9.1 <= FreeBSD < 9.1_20 182083 - FreeBSD FreeBSD Multiple OpenSSL Vulnerabilities (7b1a4a27-600a-11e6-a6c3-14dae9d210b8) Category: SSH Module -> NonIntrusive -> FreeBSD Patches and Hotfixes Risk Level: High CVE: CVE-2016-0702, CVE-2016-0703, CVE-2016-0704, CVE-2016-0705, CVE-2016-0797, CVE-2016-0798, CVE-2016-0799, CVE- 2016-0800 Description The scan detected that the host is missing the following update: FreeBSD -- Multiple OpenSSL vulnerabilities (7b1a4a27-600a-11e6-a6c3-14dae9d210b8) Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: http://www.vuxml.org/freebsd/7b1a4a27-600a-11e6-a6c3-14dae9d210b8.html Affected packages: 10.2 <= FreeBSD < 10.2_13 10.1 <= FreeBSD < 10.1_30 9.3 <= FreeBSD < 9.3_38 190740 - Fedora Linux 24 FEDORA-2016-c558e58b21 Update Is Not Installed Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: High CVE: CVE-2015-3197, CVE-2016-0705, CVE-2016-0799, CVE-2016-2105, CVE-2016-2106, CVE-2016-2107, CVE-2016-2108, CVE- 2016-2109 Description The scan detected that the host is missing the following update: FEDORA-2016-c558e58b21 Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://lists.fedoraproject.org/archives/list/[email protected]/2016/5/?count=200&page=8 Fedora Core 24 mingw-openssl-1.0.2h-1.fc24 190752 - Fedora Linux 24 FEDORA-2016-0a061f6dd9 Update Is Not Installed Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: High CVE: CVE-2016-0729, CVE-2016-2099, CVE-2016-4463 Description The scan detected that the host is missing the following update: FEDORA-2016-0a061f6dd9 Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://lists.fedoraproject.org/archives/list/[email protected]/2016/7/?count=200&page=10 Fedora Core 24 mingw-xerces-c-3.1.4-1.fc24 190775 - Fedora Linux 23 FEDORA-2016-87e8468465 Update Is Not Installed Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: High CVE: CVE-2016-0729, CVE-2016-2099, CVE-2016-4463 Description The scan detected that the host is missing the following update: FEDORA-2016-87e8468465 Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://lists.fedoraproject.org/archives/list/[email protected]/2016/7/?count=200&page=9 Fedora Core 23 mingw-xerces-c-3.1.4-1.fc23 190777 - Fedora Linux 23 FEDORA-2016-7a878ed298 Update Is Not Installed Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: High CVE: CVE-2016-2317, CVE-2016-2318, CVE-2016-5118, CVE-2016-5241 Description The scan detected that the host is missing the following update: FEDORA-2016-7a878ed298 Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://lists.fedoraproject.org/archives/list/[email protected]/2016/6/?count=200&page=5 Fedora Core 23 GraphicsMagick-1.3.24-1.fc23 190791 - Fedora Linux 22 FEDORA-2016-84373c5f4f Update Is Not Installed Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: High CVE: CVE-2016-2099, CVE-2016-4463 Description The scan detected that the host is missing the following update: FEDORA-2016-84373c5f4f Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://lists.fedoraproject.org/archives/list/[email protected]/2016/7/?count=200&page=9 Fedora Core 22 xerces-c-3.1.4-1.fc22 190802 - Fedora Linux 24 FEDORA-2016-6b9c658707 Update Is Not Installed Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: High CVE: CVE-2016-0749, CVE-2016-2150 Description The scan detected that the host is missing the following update: FEDORA-2016-6b9c658707 Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://lists.fedoraproject.org/archives/list/[email protected]/2016/7/?count=200&page=5 Fedora Core 24 spice-0.12.8-1.fc24 190834 - Fedora Linux 22 FEDORA-2016-40ccaff4d1 Update Is Not Installed Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: High CVE: CVE-2016-2317, CVE-2016-2318, CVE-2016-5118, CVE-2016-5241 Description The scan detected that the host is missing the following update: FEDORA-2016-40ccaff4d1 Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://lists.fedoraproject.org/archives/list/[email protected]/2016/6/?count=200&page=5 Fedora Core 22 GraphicsMagick-1.3.24-1.fc22 190850 - Fedora Linux 23 FEDORA-2016-7c48036d73 Update Is Not Installed Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: High CVE: CVE-2016-0639, CVE-2016-0642, CVE-2016-0643, CVE-2016-0647, CVE-2016-0648, CVE-2016-0655, CVE-2016-0666, CVE- 2016-0705, CVE-2016-2047 Description The scan detected that the host is missing the following update: FEDORA-2016-7c48036d73 Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://lists.fedoraproject.org/archives/list/[email protected]/2016/5/?count=200&page=10 Fedora Core 23 community-mysql-5.6.30-1.fc23 190878 - Fedora Linux 23 FEDORA-2016-e1234b65a2 Update Is Not Installed Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: High CVE: CVE-2015-3197, CVE-2016-0705, CVE-2016-0799, CVE-2016-2105, CVE-2016-2106, CVE-2016-2107, CVE-2016-2108, CVE- 2016-2109 Description The scan detected that the host is missing the following update: FEDORA-2016-e1234b65a2 Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://lists.fedoraproject.org/archives/list/[email protected]/2016/5/?count=200&page=6 Fedora Core 23 mingw-openssl-1.0.2h-1.fc23 190929 - Fedora Linux 22 FEDORA-2016-7615febbd6 Update Is Not Installed Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: High CVE: CVE-2016-0729, CVE-2016-2099, CVE-2016-4463 Description The scan detected that the host is missing the following update: FEDORA-2016-7615febbd6 Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://lists.fedoraproject.org/archives/list/[email protected]/2016/7/?count=200&page=9 Fedora Core 22 mingw-xerces-c-3.1.4-1.fc22 190985 - Fedora Linux 24 FEDORA-2016-0d90ead5d7 Update Is Not Installed Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: High CVE: CVE-2016-2317, CVE-2016-2318, CVE-2016-5118, CVE-2016-5241