OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Lau, Jamie (ISS Atlanta) (JLauiss.net)
Date: Wed Apr 25 2001 - 00:41:17 CDT

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message to
    majordomoiss.net Contact issforum-owneriss.net for help with any problems!
    ----------------------------------------------------------------------------

    > ==================================================
    > X-PRESS UPDATES FOR NETWORK SENSOR,
    > INTERNET SCANNER AND DATABASE SCANNER NOW AVAILABLE!
    > ==================================================
    >
    > APPLICATION PROTECTION
    >
    > The most recent X-Press Updates provide new
    > vulnerability assessment and attack detection
    > capabilities for a variety of popular applications.
    > New checks and signatures for applications include
    > the following:
    >
    > - Wireless. Internet Scanner XPU 4.9 contains a check
    > to detect rogue 802.11 access points. The check will
    > identify Wireless LANS on your network, which put your
    > network at risk if left unsecured.
    >
    > - Microsoft SQL. Database Scanner XPU 1.1 provides new
    > checks to identify vulnerabilities in SQL databases.
    > These include a buffer overflow, exposed
    > user names and passwords, and a vulnerability that can
    > cause the server to crash.
    >
    > - Web Servers. Internet Scanner XPU 4.9 contains two checks
    > to detect vulnerabilities in IIS web servers, and one
    > check to detect vulnerabilities in Jakarta Tomcat used
    > with Apache web servers.
    >
    > There are also checks and signatures that apply to
    > mail applications, shopping carts, and others.
    >
    >
    > PROTECTION FROM HOSTILE CODE
    >
    > The X-Press Updates protects against new hostile
    > code. New checks and signatures include
    > protection against denial of service attacks, backdoors,
    > buffer overflow attacks, and many others.
    >
    > Internet Scanner XPU 4.9 also contains the Solaris snmpxdmidbo
    > check to detect vulnerable versions of the snmpXdmid daemon.
    > This vulnerability has been used to exploit many Solaris
    > systems in recent weeks.
    >
    >
    > PLATFORMS
    >
    > The XPUs are not focused on one platform, but
    > provide checks and signatures relevant for the
    > Windows, Solaris, and Unix environments.
    >
    >
    > ***************************************************
    > NEW IN INTERNET SCANNER XPU 4.9
    > ***************************************************
    >
    > NEW CHECKS
    >
    > Risk VulnID Check Name Category
    > ==== ====== ========== ========
    > High 6263 Ieee80211DevicePresent SNMP
    > High 6245 SolarisSnmpxdmidBo RPC
    > Medium 5050 LinuxLockdRemoteDos RPC
    > High 6238 BackdoorDagger Backdoors
    > High 6150 BackdoorNetdemon Backdoors
    > High 6321 NtpdRemoteBo Daemons
    > High 5175 OutlookVcardDos NT Critical Issues
    > High 6160 Win2kEventViewerBo NT Critical Issues
    > High 5937 WinMediaplayerArbitraryCode NT Critical Issues
    > Medium 6205 IisWebdavDos NT Critical Issues
    > Medium 6166 FtpxqDirectoryTraversal FTP
    > High 5335 IisIndexDirTraverse Web Scan
    > High 4880 MinivendViewpageSample Web Scan
    > Medium 5160 JakartaTomcatAdmin Web Scan
    >
    > FIXES
    >
    > 1. Tool Talk Overflow was improved to reduce false positives.
    > 2. Tfn2kDos was modified to improve consistency of check.
    > 3. Unknown PWD Filter was improved to recognize more known
    > filters and reduce false positives.
    > 4. ASP Source and ASPdot Check Exceptions.
    > 5. Open Netbios Share Improvements.
    >
    > IMPORTANT NOTES
    >
    > The NtpdRemoteBo check will DoS an HPUX 11.0 machine.
    > The machine will need to be rebooted because it will
    > not respond to commands from the console.
    >
    >
    > ***************************************************
    > NEW IN NETWORK SENSOR XPU 2.3
    > ***************************************************
    >
    > NEW SIGNATURES
    >
    > SecChkID ProductCheckName CategoryName
    > ----------- ------------------- -------------
    > 1463 IMAP_Authenticate_Overflow High
    > 1608 Bootp_Remote_Overflow High
    > 6321 NTP_Buffer_Overflow High
    > 1895 IMAP_Imail_Overflow Medium
    > 1558 Cisco_Syslog_DoS Medium
    > 2349 Email_Amavis_Exec High
    > 3432 Email_To_Dot_Dot Medium
    > 1743 HTTP_ColdFusion_FileExists Low
    > 4404 Quake3Arena_Vulnerable_Server High
    > 4404 Quake3Arena_Vulnerable_Client High
    >
    > FIXES
    >
    > 1. Stream_DoS has been revised to help reduce false positives.
    > 2. TFN includes a bug fix.
    >
    > IMPORTANT NOTES
    >
    > Prior to installing RealSecure Network Sensor XPU 2.3, Service
    > Release 1.1 must be applied.
    >
    > For more information on how to install an X-Press Update,
    > please see RealSecure Help and the XPU 2.3 ReadMe.
    >
    >
    > ***************************************************
    > NEW IN DATABASE SCANNER XPU 1.1
    > ***************************************************
    >
    > NEW CHECKS
    >
    > SecCkID Category Name
    > ======= ======== ====
    > 4582 Authentication DTS Passwords Exposed
    > 5622 System Integrity Buffer Overflow in Extended
    > Stored Procedures
    > 6271 System Integrity Force SSL Encryption
    > 3891 System Integrity Malformed TDS Packet Header
    >
    > FIXES
    >
    > 1. This XPU ensures that Database Scanner 4.1 reporting will
    > be compatible with installations of Internet Scanner 6.2.
    > 2. This XPU contains a fix for the Oracle penetration test feature.