The latest update to the TrustKeeper scan engine that powers our Trustwave Vulnerability Management product (including both internal and external vulnerability scanning) is now available. The update includes 21 new checks providing coverage for more than 70 vulnerabilities.
New Vulnerability Test Highlights
Cisco
- Cisco ASA Software Version Information Disclosure Vulnerability (CSCuq65542) (CVE-2014-3398)
FreeBSD
- FreeBSD IP Multicast Integer Overflow (FreeBSD-SA-13:09.ip_multicast) (CVE-2013-3077)
- FreeBSD Kernel Memory Disclosure in sctp (CVE-2013-5209)
- FreeBSD Network ioctl Insufficient Credential Check Vulnerability (CVE-2013-5691)
- FreeBSD NFS Server File Permission Bypass (FreeBSD-SA-13:08.nfsserver) (CVE-2013-4851)
- FreeBSD sendfile Kernel Memory Disclosure Vulnerability (CVE-2013-5666)
- ISC BIND in FreeBSD malformed rdata Denial of Service Vulnerability (FreeBSD-SA-13:07.bind) (CVE-2013-4854)
Oracle
- Oracle Database Server October 2014 CPU Multiple Vulnerabilities (CVE-2014-6546, CVE-2014-6467, CVE-2014-6545, CVE-2014-6453, CVE-2014-6560, CVE-2014-6455, CVE-2014-6537, CVE-2014-6483, CVE-2014-0050, CVE-2014-6547, CVE-2014-4293, CVE-2014-4292, CVE-2014-4291, CVE-2014-4290, CVE-2014-4297, CVE-2014-4296, CVE-2014-4301, CVE-2014-4310, CVE-2014-6538, CVE-2014-4295, CVE-2014-4294, CVE-2014-6563, CVE-2014-6542, CVE-2014-4298, CVE-2014-4299, CVE-2014-4300, CVE-2014-6452, CVE-2014-6454, CVE-2014-6544, CVE-2014-4289, CVE-2014-2478)
- Oracle Enterprise Manager October 2014 CPU Multiple Vulnerabilities (CVE-2014-6488)
- Oracle MySQL October 2014 CPU Multiple Vulnerabilities (CVE-2012-5615, CVE-2014-4274, CVE-2014-4287, CVE-2014-6463, CVE-2014-6464, CVE-2014-6469, CVE-2014-6478, CVE-2014-6484, CVE-2014-6491, CVE-2014-6494, CVE-2014-6495, CVE-2014-6496, CVE-2014-6500, CVE-2014-6505, CVE-2014-6507, CVE-2014-6520, CVE-2014-6530, CVE-2014-6551, CVE-2014-6555, CVE-2014-6559)
PHP
PostgreSQL
- PostgreSQL bitsubstr denial of service (CVE-2010-0442)
- PostgreSQL crafted SET ROLE privilege escalation (CVE-2006-0553)
- PostgreSQL doubly-nested state regular expression denial of service (CVE-2007-6067)
- PostgreSQL intagg module denial of service (CVE-2005-0246)
- PostgreSQL multiple buffer overflows in gram.y (CVE-2005-0247)
- PostgreSQL on Windows postmaster denial of service (CVE-2006-0105)
- PostgreSQL public EXECUTE denial of service (CVE-2005-1409)
- PostgreSQL TCL regular expression denial of service (CVE-2007-4772)
- PostgreSQL tsearch2 module internal argument denial of service (CVE-2005-1410)
Java
How to Update?
All Trustwave customers using the TrustKeeper scan engine receive the updates automatically as soon as an update is available. No action is required.