TrustKeeper Scan Engine Update – September 22, 2014

Summary

The latest update to the TrustKeeper Scan Engine is now available. It adds detection for a vulnerability affecting FreeBSD and one affecting OpenSSH. We also increased coverage for web backdoors/shells, enhanced detection of missing hotfixes in Windows, improved OS fingerprinting via SMTP service banners and added support for Boa Webserver.

New Vulnerability Test Highlights

Some of the vulnerability tests we added include:

FreeBSD

  • FreeBSD SCTP Protocol Implementation Denial of Service (CVE-2012-3549)

OpenSSH

  • OpenSSH Post-authentication sshd Memory Corruption Vulnerability with AES-GCM cipher (CVE-2013-4548)

How to Update?

All Trustwave customers using the TrustKeeper Scan Engine receive the updates automatically as soon as an update is available. No action is required.

Trustwave reserves the right to review all comments in the discussion below. Please note that for security and other reasons, we may not approve comments containing links.