TrustKeeper Scan Engine Update for September 22, 2016

Summary

The latest update to the TrustKeeper scan engine that powers our Trustwave Vulnerability Management product (including both internal and external vulnerability scanning) is now available. Enjoy!

New Vulnerability Test Highlights

Some of the more interesting vulnerability tests we added recently are as follows:

Bind

  • Bind vulnerable to Denial of Service via a long request when lightweight resolver protocol is used (CVE-2016-2775)

Wordpress

  • Cross-site scripting vulnerability in Wordpress via the user_email parameter (CVE-2007-5105)
  • Cross-site scripting vulnerability in Wordpress via the user_login parameter (CVE-2007-5106)
  • Failure to restrict URL access in Wordpress (CVE-2010-0682)

Joomla

  • Joomla! 3.2 before 3.4.4 contains an SQL injection vulnerability (CVE-2015-7297)
  • Joomla! 3.2 before 3.4.5 does not properly check ACLs (CVE-2015-7859)
  • Joomla! 3.x before 3.4.5 does not properly check ACLs allowing attackers to obtain sensitive information (CVE-2015-7899)
  • Joomla! allows remote attackers to hijack the authentication of unspecified victims via unknown vectors (CVE-2015-8563)
  • Joomla! before 1.5.15 allows remote attackers to read an extension's XML file (CVE-2009-3946)
  • Joomla! before 1.5.23 might allow remote attackers to obtain sensitive information (CVE-2011-2889)
  • Unsupported Joomla! version
  • Joomla! 3.4.x before 3.4.6 allows remote attackers to have unspecified impact via directory traversal (CVE-2015-8564)

OpenSSL

  • OpenSSL Denial of Service vulnerability in Time-Stamp Protocol (CVE-2016-2180)

Oracle Glassfish

PHP

  • A double free vulnerability exists in in PHP 7.x before 7.0.6 (CVE-2016-3132)
  • An integer wrap may occur in PHP when reading zip files with the getFromIndex() and getFromName() methods (CVE-2016-3078)
  • PHP allows a Denial of Service from anteger overflow in the fread function in ext/standard/file.c (CVE-2016-5096)
  • PHP allows remote attackers to cause a Denial of Service by triggering a large output string (CVE-2016-5095)
  • PHP allows remote attackers to cause a Denial of Service via an integer overflow in the php_html_entities (CVE-2016-5094)
  • PHP does not ensure the presence of a '\\0' character (CVE-2016-5093)
  • PHP misinterprets the semantics of the snprintf return value disclosing sensitive information (CVE-2016-5114)

Samba

  • Samba BADLOCK attack: protocol-downgrade attack and user impersonation caused by incorrect handling of DCERPC connections (CVE-2016-2118)
  • Samba bundled LDAP client protocol downgrade attack by altering data stream (CVE-2016-2112)
  • Samba internal DNS server prone to Denial of Service by uploading a crafted TXT record (CVE-2016-0771)
  • Samba is prone to client spoofing by not requiring SMB signing within DECRPC session (CVE-2016-2115)
  • Samba is prone to client-signing protection bypass and SMB2 / SMB3 server spoofing via GUEST / NULL flags (CVE-2016-2119)
  • Samba is prone to computer name spoofing and information disclosure (vulnerability in NETLOGON service) (CVE-2016-2111)
  • Samba sensitive information disclosure via a crafted certificate (lack of X.509 certificate verification) (CVE-2016-2113)
  • Samba server spoofing by modifying data stream (lack of support for mandatory server signing setting) (CVE-2016-2114)

How to Update?

All Trustwave customers using the TrustKeeper Scan Engine receive the updates automatically as soon as an update is available. No action is required.

Trustwave reserves the right to review all comments in the discussion below. Please note that for security and other reasons, we may not approve comments containing links.