TrustKeeper Scan Engine Update - August 2, 2013

Written by | Aug 2, 2013 3:00:00 PM

It's high summer in the Windy City and we're bringing you another TrustKeeper Scan Engine update on a warm, gentle breeze. This update has coverage for 19 new vulnerabilities, detection for 4 new service applicaitons as well as the usual bug fixes and general improvements.

The new detection for the service applications include Openswan, FreeS/WAN, strongSwan - all of which are IPSec implementations - and Jenkins, a Java-based Continuous integration server.

New Vulnerability Test Highlights

Some of the more interesting vulnerability tests we added recently are as follows:

Apache

Apache HTTP Server mod_dav_svn Denial of Service Vulnerability via Invalid Source (CVE-2013-1896)
Apache HTTP Server mod_rewrite Terminal Escape Sequence Vulnerability (CVE-2013-1862)

Joomla

Cross-site scripting vulnerability in Joomla! Language Switch module. (CVE-2012-4532)
Joomla! Unspecified XSS Vulnerability (CVE-2012-4531)
Joomla! XSS Vulnerability in Highlighter Plugin (CVE-2013-3267)
Joomla! XSS Vulnerability in Voting Plugin (CVE-2013-3059)

Openswan

Openswan and Freeswan Aggressive Mode PSK Denial of Service (CVE-2005-3671)
Openswan and Strongswan ASN.1 parser Denial of Service (CVE-2009-2185)
Openswan and Strongswan Dead Peer Detection Denial of Service (CVE-2009-0790)
Openswan Buffer Overflow in atodn function (CVE-2013-2053)
Openswan IKE Invalid Key Length Vulnerability (CVE-2011-3380)
Openswan IPSEC livetest tool Permissions Vulnerability (CVE-2008-4190)
Openswan PID File Permissions Vulnerability (CVE-2011-2147)
Openswan Stack-based Buffer Overflow in get_internal_addresses function (CVE-2005-0162)
Openswan Use-after-free Vulnerability in Cryptographic Helper Handler (CVE-2011-4073)
Openswan Cisco Banner Option Handling Command Execution and DoS Vulnerability (CVE-2010-3308)
Openswan Cisco Banner Option Handling Command Execution Vulnerability (CVE-2010-3753)
Openswan Cisco DNS Option Handling Vulnerability (CVE-2010-3752, CVE-2010-3302)

Oracle

Oracle Enterprise Manager January 2013 CPU Advisory (CVE-2013-0352, CVE-2013-0374, CVE-2013-0355, CVE-2013-0373, CVE-2013-0353, CVE-2013-0358, CVE-2013-0354, CVE-2012-5062, CVE-2012-3219)

How to Update?

All Trustwave customers using the TrustKeeper Scan Engine receive the updates automatically as soon as an update is available. No action is required.

View full post