Security Resources

Software Updates

TrustKeeper Scan Engine Update - August 2, 2013

It's high summer in the Windy City and we're bringing you another TrustKeeper Scan Engine update on a warm, gentle breeze. This update has coverage for 19 new vulnerabilities, detection for 4 new service applicaitons as well as the usual bug fixes and general improvements.

The new detection for the service applications include Openswan, FreeS/WAN, strongSwan - all of which are IPSec implementations - and Jenkins, a Java-based Continuous integration server.

New Vulnerability Test Highlights

Some of the more interesting vulnerability tests we added recently are as follows:

Apache
* Apache HTTP Server mod_dav_svn Denial of Service Vulnerability via Invalid Source (CVE-2013-1896)
* Apache HTTP Server mod_rewrite Terminal Escape Sequence Vulnerability (CVE-2013-1862)

Joomla
* Cross-site scripting vulnerability in Joomla! Language Switch module. (CVE-2012-4532)
* Joomla! Unspecified XSS Vulnerability (CVE-2012-4531)
* Joomla! XSS Vulnerability in Highlighter Plugin (CVE-2013-3267)
* Joomla! XSS Vulnerability in Voting Plugin (CVE-2013-3059)

Openswan
* Openswan and Freeswan Aggressive Mode PSK Denial of Service (CVE-2005-3671)
* Openswan and Strongswan ASN.1 parser Denial of Service (CVE-2009-2185)
* Openswan and Strongswan Dead Peer Detection Denial of Service (CVE-2009-0790)
* Openswan Buffer Overflow in atodn function (CVE-2013-2053)
* Openswan IKE Invalid Key Length Vulnerability (CVE-2011-3380)
* Openswan IPSEC livetest tool Permissions Vulnerability (CVE-2008-4190)
* Openswan PID File Permissions Vulnerability (CVE-2011-2147)
* Openswan Stack-based Buffer Overflow in get_internal_addresses function (CVE-2005-0162)
* Openswan Use-after-free Vulnerability in Cryptographic Helper Handler (CVE-2011-4073)
* Openswan Cisco Banner Option Handling Command Execution and DoS Vulnerability (CVE-2010-3308)
* Openswan Cisco Banner Option Handling Command Execution Vulnerability (CVE-2010-3753)
* Openswan Cisco DNS Option Handling Vulnerability (CVE-2010-3752, CVE-2010-3302)

Oracle
* Oracle Enterprise Manager January 2013 CPU Advisory (CVE-2013-0352, CVE-2013-0374, CVE-2013-0355, CVE-2013-0373, CVE-2013-0353, CVE-2013-0358, CVE-2013-0354, CVE-2012-5062, CVE-2012-3219)

How to Update?

All Trustwave customers using the TrustKeeper Scan Engine receive the updates automatically as soon as an update is available. No action is required.