Summary
The latest update to the TrustKeeper Scan Engine is now available. This week's highlights include coverage for 16 new vulnerabilities and added protocol fingerprinting support for GeoVision Remote Playback Log and WebCam Command.
New Vulnerability Test Highlights
Some of the more interesting vulnerability tests we added recently are as follows:
Drupal
FreeBSD
- FreeBSD nullfs Filesystem Access Restriction Bypass (FreeBSD-SA-13:13.nullfs) (CVE-2013-5710)
OpenSSL
- OpenSSL DTLS Double Free Denial of Service (CVE-2014-3505)
- OpenSSL DTLS Handshake Anonymous CypherSuite Denial of Service (CVE-2014-3510)
- OpenSSL DTLS Handshake Large Length Denial of Service (CVE-2014-3506)
- OpenSSL Elliptic Curve Point Format Client Denial of Service (CVE-2014-3509)
- OpenSSL Pretty Print Null Byte Information Disclosure (CVE-2014-3508)
- OpenSSL SRP Ciphersuite Client Denial of Service (CVE-2014-5139)
- OpenSSL SRP Library Denial of Service (CVE-2014-3512)
- OpenSSL Zero Length DTLS Fragment Denial of Service (CVE-2014-3507)
PHP
WordPress
How to Update?
All Trustwave customers using the TrustKeeper Scan Engine receive the updates automatically as soon as an update is available. No action is required.