TrustKeeper Scan Engine Update August 6 2015

Summary

We're bringing you another TrustKeeper Scan Engine update with a bunch of new checks for vulnerabilities so that you can continue to enjoy your summer.

New Vulnerability Test Highlights

Some of the more interesting vulnerability tests we added recently are as follows:

  • Discovered HTTP Methods
  • Generic Shell Backdoor Detected
  • Weak SSH Encryption Algorithms Supported
  • Weak SSH Hashing Algorithms Supported
  • Weak SSH Key Exchange Algorithms Supported
  • WebDAV Detected
  • Webmin Race Condition Vulnerability through the Read Mail module (CVE-2015-1377)
  • Unencrypted Communication Channel Accessibility
  • Database Accessibility
  • Database Accessibility
  • NetBIOS Accessibility
  • Unix R-Services Accessibility
  • Unix R-Services Accessibility
  • Unix Utility Services Accessibility
  • Unix Utility Services Accessibility
  • Windows DCE Service Accessibility
  • Unix/Linux RPC Service Accessibility
  • Windows Networking Services Accessibility
  • Remote Access Service Detected

ISC

  • A crafted dns query could cause a Denial of Service in ISC BIND 9 with DNSSEC and recursion enabled. (CVE-2015-4620)

Microsoft

OpenSSL

  • OpenSSL Alternative Chains Certificate Forgery Vulnerability (CVE-2015-1793)

Oracle

How to Update?

All Trustwave customers using the TrustKeeper Scan Engine receive the updates automatically as soon as an update is available. No action is required.

Trustwave reserves the right to review all comments in the discussion below. Please note that for security and other reasons, we may not approve comments containing links.