Software Updates

TrustKeeper Scan Engine Update - November 26, 2012

Written by | Nov 25, 2012 3:00:00 PM

The team in the US is going through the early stages of post-Thanksgiving turkey and gravy withdrawal, but we're trying not to let that slow us down. We've released a new update to the TrustKeeper scanner that includes tests for a cornucopia of more than 40 new vulnerabilities, as well numerous improvements to reduce false-positives.

New Vulnerability Test Highlights

Some of the more interesting vulnerability tests we added recently are as follows:

Cisco

  • Cisco ASA DHCP Memory Allocation Denial of Service Vulnerability (CVE-2012-4643)
  • Cisco ASA DCERPC Inspection Denial of Service Vulnerabilities (CVE-2012-4662, CVE-2012-4663)
  • Cisco ASA SIP Inspection Media Update Denial of Service Vulnerability (CVE-2012-4660)
  • Cisco ASA DCERPC Inspection Buffer Overflow Vulnerability (CVE-2012-4661)
  • Cisco ASA SSL VPN Authentication Denial of Service Vulnerability (CVE-2012-4659)
  • Cisco IOS Software and Unified Communications Manager Session Initiation Protocol Denial of Service Vulnerability (CVE-2012-3949)
  • Cisco IOS Reverse SSH Denial of Service Vulnerability (CVE-2012-0386)
  • Cisco MACE/WAAS Denial of Service Vulnerability (CVE-2012-1312, CVE-2012-1314)
  • Cisco IOS Software FlexVPN Denial of Service Vulnerability (CVE-2012-3893)
  • Cisco SIP Packet NAT Denial of Service Vulnerability (CVE-2011-3276)
  • Cisco IOS Software Chunk Leaks at ipnat node and ipnat entry with Codenomicon SIP Suite (CVE-2011-2578)

Microsoft

  • Vulnerability in SMB Server Could Allow Denial of Service (MS11-048) (CVE-2011-1267)
  • Vulnerability in Active Directory Certificate Services Web Enrollment Could Allow Elevation of Privilege (MS11-051) (CVE-2011-1264)
  • Microsoft .NET Common Language Runtime Remote Code Execution Vulnerabilities (MS10-060) (CVE-2010-1898)

Other

  • DotNetNuke Open Redirect Vulnerability in LinkClick.aspx
  • mod_cluster Access Restriction Bypass Vulnerability (CVE-2012-1154)
  • Joomla! 'language search' Component Cross Site Scripting Vulnerability (CVE-2012-5455)
  • Atlassian JIRA XML Parsing Denial of Service Vulnerability (CVE-2012-2926)

 

How to Update?

All Trustwave customers using the TrustKeeper Scan Engine receive the updates "auto-magically" as soon as an update is available. No action is required.
View full post