TrustKeeper Scan Engine Update – March 18, 2015

The latest update to the TrustKeeper scan engine that powers our Trustwave Vulnerability Management product (including both internal and external vulnerability scanning) is now available.

This week we've included 7 new vulnerabilities, which relate to FreeBSD and generic web application misconfiguration issues.

New Vulnerability Test Highlights

Some of the more interesting vulnerability tests we added recently are as follows:

FreeBSD

• FreeBSD Kernel Memory Disclosure Vulnerability in setlogin/getlogin (FreeBSD-SA-14:25.setlogin) (CVE-2014-8476)
• FreeBSD namei Kernel Memory Disclosure Vulnerability (FreeBSD-SA-14:22.namei) (CVE-2014-3711)
• FreeBSD routed Remote Denial of Service Vulnerability (FreeBSD-SA-14:21.routed) (CVE-2014-3955)
• FreeBSD rtsold Remote Buffer Overflow Vulnerability (FreeBSD-SA-14:20.rtsold) (CVE-2014-3954)
• FreeBSD sshd Denial of Service Vulnerability (FreeBSD-SA-14:24.sshd) (CVE-2014-8475)

Generic

• Information disclosure via sitemap.xml
• Non-Secure Session Cookies Identified

How to Update?

All Trustwave customers using the TrustKeeper Scan Engine receive the updates automatically as soon as an update is available. No action is required.