urlscan.io logo urlscan.io
SecurityTrails logo

www.tenable.com Open in urlscan Pro
2606:4700::6810:3105  Public Scan

Back to summary
URL: https://www.tenable.com/plugins/nessus/183528
Submission: On October 16 via api from IN — Scanned from DE

Form analysis 0 forms found in the DOM

Text Content

 * 
 * Plugins

 * Settings
   
   LINKS
   
   Tenable Cloud Tenable Community & Support Tenable University
   
   Severity
   VPRCVSS v2CVSS v3
   
   Theme
   LightDarkAuto
   
   Help


 * 
 * Plugins
   OverviewPlugins PipelineNewestUpdatedSearchNessus FamiliesWAS FamiliesNNM
   FamiliesLCE FamiliesTenable OT Security FamiliesAbout Plugin FamiliesRelease
   Notes
 * Audits
   OverviewNewestUpdatedSearch Audit FilesSearch
   ItemsReferencesAuthoritiesDocumentationDownload All Audit Files
 * Indicators
   OverviewSearchIndicators of AttackIndicators of Exposure
 * CVEs
   OverviewNewestUpdatedSearch
 * Attack Path Techniques
   OverviewSearch
    * Links
      Tenable CloudTenable Community & SupportTenable University
    * Settings
      Severity
      VPRCVSS v2CVSS v3
      Theme
      LightDarkAuto

DETECTIONS

 * Plugins
   OverviewPlugins PipelineRelease NotesNewestUpdatedSearchNessus FamiliesWAS
   FamiliesNNM FamiliesLCE FamiliesTenable OT Security FamiliesAbout Plugin
   Families
 * Audits
   OverviewNewestUpdatedSearch Audit FilesSearch
   ItemsReferencesAuthoritiesDocumentationDownload All Audit Files
 * Indicators
   OverviewSearchIndicators of AttackIndicators of Exposure

ANALYTICS

 * CVEs
   OverviewNewestUpdatedSearch
 * Attack Path Techniques
   OverviewSearch

 1. Plugins
 2. Nessus
 3. 183528

 1. Nessus


UBUNTU 16.04 ESM : APACHE ZOOKEEPER VULNERABILITIES (USN-4789-1)

HIGH NESSUS PLUGIN ID 183528

Language:

English
日本語简体中文繁體中文English
 * Information
 * Dependencies
 * Dependents
 * Changelog

SYNOPSIS

The remote Ubuntu host is missing one or more security updates.


DESCRIPTION

The remote Ubuntu 16.04 ESM host has packages installed that are affected by
multiple vulnerabilities as referenced in the USN-4789-1 advisory.

It was discovered that Apache ZooKeeper incorrectly handled certain inputs. An
attacker could possibly use this issue to cause a denial of service or other
unspecified impact. (CVE-2016-5017)

It was discovered that Apache ZooKeeper incorrectly implemented wchp/wchc
commands. An attacker could possibly use this issue to cause a denial of
service. (CVE-2017-5637)

It was discovered that Apache Zookeeper incorrectly handled clusters. An
attacker could possibly use this issue to obtain sensitive information. This
issue only affected Ubuntu 16.04 ESM. (CVE-2018-8012)

Tenable has extracted the preceding description block directly from the Ubuntu
security advisory.

Note that Nessus has not tested for these issues but has instead relied only on
the application's self-reported version number.


SOLUTION

Update the affected packages.


SEE ALSO

https://ubuntu.com/security/notices/USN-4789-1

PLUGIN DETAILS

Severity: High

ID: 183528

File Name: ubuntu_USN-4789-1.nasl

Version: 1.1

Type: local

Agent: unix

Family: Ubuntu Local Security Checks

Published: 10/20/2023

Updated: 8/28/2024





Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure,
Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus



RISK INFORMATION



VPR

Risk Factor: Medium

Score: 6.7

CVSS V2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P



CVSS Score Source: CVE-2016-5017

CVSS V3

Risk Factor: High

Base Score: 8.1

Temporal Score: 7.3

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C



VULNERABILITY INFORMATION

CPE: p-cpe:/a:canonical:ubuntu_linux:libzookeeper-mt2,
p-cpe:/a:canonical:ubuntu_linux:zookeeper,
p-cpe:/a:canonical:ubuntu_linux:libzookeeper2,
p-cpe:/a:canonical:ubuntu_linux:libzookeeper-st2,
p-cpe:/a:canonical:ubuntu_linux:libzookeeper-java,
p-cpe:/a:canonical:ubuntu_linux:libzookeeper-st-dev,
p-cpe:/a:canonical:ubuntu_linux:python-zookeeper,
p-cpe:/a:canonical:ubuntu_linux:zookeeper-bin,
p-cpe:/a:canonical:ubuntu_linux:libzookeeper-mt-dev,
p-cpe:/a:canonical:ubuntu_linux:zookeeperd,
cpe:/o:canonical:ubuntu_linux:16.04:-:esm

Required KB Items: Host/cpu, Host/Debian/dpkg-l, Host/Ubuntu,
Host/Ubuntu/release

Exploit Available: true

Exploit Ease: Exploits are available



Patch Publication Date: 3/15/2021

Vulnerability Publication Date: 9/20/2016



REFERENCE INFORMATION

CVE: CVE-2016-5017, CVE-2017-5637, CVE-2018-8012

IAVB: 2018-B-0069-S, 2019-B-0041-S

USN: 4789-1

 * Tenable.com
 * Community & Support
 * Documentation
 * Education

 * © 2024 Tenable®, Inc. All Rights Reserved
 * Privacy Policy
 * Legal
 * 508 Compliance





Tenable Cloud Risk Report 2024