TrustKeeper Scan Engine Update – August 27, 2014

Summary

The latest update to the TrustKeeper Scan Engine is now available. This week's highlights include coverage for 16 new vulnerabilities and added protocol fingerprinting support for GeoVision Remote Playback Log and WebCam Command.

New Vulnerability Test Highlights

Some of the more interesting vulnerability tests we added recently are as follows:

Drupal

FreeBSD

  • FreeBSD nullfs Filesystem Access Restriction Bypass (FreeBSD-SA-13:13.nullfs) (CVE-2013-5710)

OpenSSL

  • OpenSSL DTLS Double Free Denial of Service (CVE-2014-3505)
  • OpenSSL DTLS Handshake Anonymous CypherSuite Denial of Service (CVE-2014-3510)
  • OpenSSL DTLS Handshake Large Length Denial of Service (CVE-2014-3506)
  • OpenSSL Elliptic Curve Point Format Client Denial of Service (CVE-2014-3509)
  • OpenSSL Pretty Print Null Byte Information Disclosure (CVE-2014-3508)
  • OpenSSL SRP Ciphersuite Client Denial of Service (CVE-2014-5139)
  • OpenSSL SRP Library Denial of Service (CVE-2014-3512)
  • OpenSSL Zero Length DTLS Fragment Denial of Service (CVE-2014-3507)

PHP

WordPress

How to Update?

All Trustwave customers using the TrustKeeper Scan Engine receive the updates automatically as soon as an update is available. No action is required.

Trustwave reserves the right to review all comments in the discussion below. Please note that for security and other reasons, we may not approve comments containing links.