TrustKeeper Scan Engine Update – January 20, 2015

The latest update to the TrustKeeper scan engine that powers our Trustwave Vulnerability Management product (including both internal and external vulnerability scanning) is now available. Highlights of the release include new checks for 20 vulnerabilities

New Vulnerability Test Highlights

AllegroSoft

• AllegroSoft RomPager Misfortune Cookie Vulnerability (CVE-2014-9222, CVE-2014-9223)

Cisco

• Cisco IOS ISR Entropy Collection Denial of Service (CSCul77897, CVE-2014-3347)
• Cisco IOS Metadata Vulnerability (CSCug75942, CVE-2014-3355)
• Cisco IOS Multicast Domain Name System Vulnerabilities (cisco-sa-20140924-mdns, CVE-2014-3357, CVE-2014-3358)
• Cisco IOS Multicast Virtual Private Network Data Leak (cisco-sa-20080326-mvpn, CVE-2008-1156)
• Cisco IOS Network Address Translation Vulnerability (CSCun54071, CVE-2014-3361)
• Cisco IOS RSVP Vulnerability (CSCui11547, CVE-2014-3354)

Juniper

• Juniper NetScreen ScreenOS DNS Lookup Denial of Service (CVE-2014-3813)
• Juniper NetScreen ScreenOS Malformed IPv6 Packets Denial of Service (CVE-2014-3814)

OpenSSL

• OpenSSL Bignum squaring may produce incorrect results (CVE-2014-3570)
• OpenSSL Certificate fingerprints can be modified (CVE-2014-8275)
• OpenSSL DH client certificates accepted without verification (CVE-2015-0205)
• OpenSSL DTLS memory leak in dtls1_buffer_record (CVE-2015-0206)
• OpenSSL DTLS segmentation fault in dtls1_get_record (CVE-2014-3571)
• OpenSSL MiTM Vulnerability in ssl23_get_client_hello function (CVE-2014-3511)
• OpenSSL no-ssl3 configuration sets method to NULL (CVE-2014-3569)

phpMyAdmin

• phpMyAdmin Multiple Cross-site Scripting Vulnerabilities in ENUM value (CVE-2014-7217)

Zimbra

• Zimbra Local File Include Vulnerability (CVE-2013-7091)

How to Update?

All Trustwave customers using the TrustKeeper scan engine receive the updates automatically as soon as an update is available. No action is required.