TrustKeeper Scan Engine Update – November 14, 2014

Written by | Nov 13, 2014 7:15:00 AM

The latest update to the TrustKeeper scan engine that powers our Trustwave Vulnerability Management product (including both internal and external vulnerability scanning) is now available. Highlights of the release include a check for the "Winshock" vulnerability in Microsoft Windows and new checks for more than 50 other vulnerabilities.

New Vulnerability Test Highlights

FreeBSD

FreeBSD bzip2 Denial of Service Vulnerability (FreeBSD-SA-05:14.bzip2) (CVE-2005-0953, CVE-2005-1260)
FreeBSD bzip2 Vulnerability (FreeBSD-SA-10:08.bzip2) (CVE-2010-0405)
FreeBSD devfs Vulnerability (FreeBSD-SA-05:17.devfs) (CVE-2005-2218)
FreeBSD devfs Vulnerability (FreeBSD-SA-09:14.devfs)
FreeBSD execve and fexecve Denial of Service (CVE-2014-3880)
FreeBSD freebsd-update Insecure Directory Permissions Vulnerability (FreeBSD-SA-09:17.freebsd-update) (CVE-2009-4358)
FreeBSD gzip Vulnerability (FreeBSD-SA-05:11.gzip) (CVE-2005-0988, CVE-2005-1228)
FreeBSD gzip Vulnerability (FreeBSD-SA-06:21.gzip) (CVE-2006-4334, CVE-2006-4335, CVE-2006-4336, CVE-2006-4337)
FreeBSD jail Vulnerability (FreeBSD-SA-07:01.jail) (CVE-2007-0166)
FreeBSD jail Vulnerability (FreeBSD-SA-10:04.jail) (CVE-2010-2022)
FreeBSD kmem Vulnerability (FreeBSD-SA-05:08.kmem) (CVE-2005-1406)
FreeBSD kmem Vulnerability (FreeBSD-SA-06:06.kmem) (CVE-2006-0379, CVE-2006-0380)
FreeBSD kmem Vulnerability (FreeBSD-SA-06:25.kmem) (CVE-2006-6013)
FreeBSD ktrace Kernel Memory Disclosure (CVE-2014-3873)
FreeBSD libc Vulnerability (FreeBSD-SA-08:02.libc) (CVE-2008-0122)
FreeBSD libc Vulnerability (FreeBSD-SA-09:07.libc)
FreeBSD mbuf read-only Flag Local Privilege Escalation Vulnerability (FreeBSD-SA-10:07.mbuf) (CVE-2010-2693)
FreeBSD nfsclient Local Privilege Escalation Vulnerability (FreeBSD-SA-10:06.nfsclient) (CVE-2010-2020)
FreeBSD ntpd Vulnerability (FreeBSD-SA-09:03.ntpd) (CVE-2009-0021)
FreeBSD ntpd Vulnerability (FreeBSD-SA-09:11.ntpd) (CVE-2009-1252)
FreeBSD ntpd Vulnerability (FreeBSD-SA-10:02.ntpd) (CVE-2009-3563)
FreeBSD OPIE Stack Overflow Vulnerability (CVE-2010-1938)
FreeBSD pipe Vulnerability (FreeBSD-SA-09:09.pipe)
FreeBSD pipe Vulnerability (FreeBSD-SA-09:13.pipe)
FreeBSD Predictable IP fragmentation ID Vulnerability (CVE-2008-1147)
FreeBSD pseudofs Null Pointer Dereference (FreeBSD-SA-10:09.pseudofs) (CVE-2010-4210)
FreeBSD ZFS ZIL Insecure File Permissions Vulnerability (FreeBSD-SA-10:03.zfs) (CVE-2010-0318)

ISC BIND

ISC BIND in FreeBSD Denial of Service Vulnerability (FreeBSD-SA-05:12.bind9) (CVE-2005-0034)
ISC BIND in FreeBSD Denial of Service Vulnerability (FreeBSD-SA-06:20.bind) (CVE-2006-4095, CVE-2006-4096)
ISC BIND in FreeBSD Denial of Service Vulnerability (FreeBSD-SA-09:12.bind) (CVE-2009-0696)
ISC BIND in FreeBSD Vulnerability (FreeBSD-SA-07:07.bind) (CVE-2007-2926)
ISC BIND in FreeBSD Vulnerability (FreeBSD-SA-08:06.bind) (CVE-2008-1447)
ISC BIND in FreeBSD Vulnerability (FreeBSD-SA-09:04.bind) (CVE-2009-0025)
ISC BIND in FreeBSD Vulnerability (FreeBSD-SA-10:01.bind) (CVE-2009-4022)

Nginx

Nginx SSL session reuse vulnerability (CVE-2014-3616)

OpenSSL

OpenSSL in FreeBSD Denial of Service Vulnerability (FreeBSD-SA-09:08.openssl) (CVE-2009-0590)
OpenSSL in FreeBSD Vulnerability (FreeBSD-SA-05:21.openssl) (CVE-2005-2969)
OpenSSL in FreeBSD Vulnerability (FreeBSD-SA-06:19.openssl) (CVE-2006-4339)
OpenSSL in FreeBSD Vulnerability (FreeBSD-SA-06:23.openssl) (CVE-2006-2937, CVE-2006-2940, CVE-2006-3738, CVE-2006-4343)
OpenSSL in FreeBSD Vulnerability (FreeBSD-SA-07:08.openssl) (CVE-2007-5135)
OpenSSL in FreeBSD Vulnerability (FreeBSD-SA-09:02.openssl) (CVE-2008-5077)

Microsoft Secure Channel (Schannel)

Vulnerability in Secure Channel Could Allow Remote Code Execution (MS14-066) (CVE-2014-6321)

How to Update?

All Trustwave customers using the TrustKeeper scan engine receive the updates automatically as soon as an update is available. No action is required.

View full post