TrustKeeper Scan Engine Update – August 5, 2014

Summary

The latest update to the TrustKeeper Scan Engine is now available. This week's update includes coverage for 14 new vulnerabilities, improved version detection for Drupal and improved detection for VNC, FTP and SNMPv3.

New Vulnerability Test Highlights

Some of the more interesting vulnerability tests we added recently are as follows:

Webmin

  • Webmin Brute Force Lockout Bypass Vulnerability (CVE-2004-0583)
  • Webmin chooser.cgi Cross Site Scripting Vulnerability (CVE-2007-1276)
  • Webmin Configuration File Ownership Change Vulnerability (CVE-2005-1177)
  • Webmin MiniServ Format String Denial of Service Vulnerability (CVE-2005-3912)
  • Webmin Multiple pam_login.cgi Cross Site Scripting Vulnerabilities (CVE-2007-3156)
  • Webmin Null Byte Security Bypass Vulnerabilities (CVE-2006-4542)
  • Webmin PAM Authentication Bypass Vulnerability (CVE-2005-3042)
  • Webmin Popup Window Cross Site Scripting Vulnerability (CVE-2014-3924)
  • Webmin Search Parameter Cross Site Scripting Vulnerability (CVE-2008-0720)
  • Webmin Sensitive File Read Access Vulnerability (CVE-2004-0582)
  • Webmin simplify_path Read Access Bypass Vulnerabilities (CVE-2006-3392)
  • Webmin Unspecified Authenticated Cross Site Scripting Vulnerabilities (CVE-2014-3885)
  • Webmin Unspecified Cross Site Scripting Vulnerabilities (CVE-2014-3886)
  • Webmin Web Mail Arbitrary Code Execution Vulnerability (CVE-2004-1468)

How to Update?

All Trustwave customers using the TrustKeeper Scan Engine receive the updates automatically as soon as an update is available. No action is required.

Trustwave reserves the right to review all comments in the discussion below. Please note that for security and other reasons, we may not approve comments containing links.