• No results found

MCAFEE FOUNDSTONE FSL UPDATE

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "MCAFEE FOUNDSTONE FSL UPDATE"

Copied!
7
0
0

Loading.... (view fulltext now)

Download now ( 7 Page )

Full text

(1)

2013-FEB-25

MCAFEE FOUNDSTONE FSL UPDATE

To better protect your environment McAfee has created this FSL check update for the Foundstone Product Suite. The following is a detailed summary of the new and updated checks included with this release.

NEW CHECKS

14663 - VMware vSphere Products Client-Side Authentication Vulnerability

Category: Windows Host Assessment -> Miscellaneous (CATEGORY REQUIRES CREDENTIALS)

Risk Level: High CVE: CVE-2013-1405 DISA IAVA: 2013-B-0012 Description

A vulnerability is present in some versions of VMware vSphere. Observation

VMware vSphere products provides unified management of VM.

A vulnerability is present in some versions of VMware vSphere. The flaw exist in the handling of the management authentication protocol. Successful exploitation by a remote attacker could result in remote code execution.

14750 - (HT5644) Apple OS X Server Multiple Ruby on Rails Vulnerabilities

Category: SSH Module -> NonIntrusive -> Mac OS X Patches and Hotfixes Risk Level: High

CVE: CVE-2013-0156, CVE-2013-0333 Description

Multiple vulnerabilities are present in some versions of Apple Mac OS X Server. Observation

Apple Mac OS X Server provides easy to use interface to configure enterprise services for Apple devices.

Multiple vulnerabilities are present in some versions of Apple Mac OS X Server. The flaws lie in Ruby on Rails in OS X Server. Successful exploitation could allow an attacker to cause arbitrary code execution.

14751 - Schneider Electric Accutech Manager Heap Overflow Remote Code Execution

Category: Windows Host Assessment -> SCADA (CATEGORY REQUIRES CREDENTIALS) Risk Level: High

CVE: CVE-2013-0658 Description

(2)

Observation

A remote code execution vulnerability is present in some versions of Schneider Electric Accutech Manager.

The flaw is due to a heap-based buffer overflow in the application. Successful exploitation by a remote attacker could result in the execution of arbitrary code or a denial of service.

14752 - (VMSA-2013-0002) VMware View VMCI Privilege Escalation Vulnerability

Category: Windows Host Assessment -> Miscellaneous (CATEGORY REQUIRES CREDENTIALS)

Risk Level: High CVE: CVE-2013-1406 Description

A privilege escalation vulnerability is present in some versions of VMware View. Observation

VMware View is a remote virtual desktops management solution.

A privilege escalation vulnerability is present in some versions of VMware View. The flaw occurs due to the handing of control code of vmci.sys. Successful exploitation could allow an attacker to escalate privilege.

14755 - Ruby on Rails Serialized Attributes YAML Remote Code Execution

Category: Windows Host Assessment -> Miscellaneous (CATEGORY REQUIRES CREDENTIALS)

Risk Level: High CVE: CVE-2013-0277 Description

A remote code execution vulnerability is present in some versions of Ruby on Rails. Observation

A remote code execution vulnerability is present in some versions of Ruby on Rails.

The flaw lies in the serialized attribute handling code. Successful exploitation by a remote attacker could result in the execution of arbitrary code or a denial of service.

14756 - BlackBerry Enterprise Server LibTIFF Remote Code Execution I

Category: Windows Host Assessment -> Miscellaneous (CATEGORY REQUIRES CREDENTIALS)

Risk Level: High CVE: CVE-2012-2088 Description

A remote code execution vulnerability is present in some versions of BlackBerry Enterprise Server. Observation

(3)

The flaw is due to how TIFF images are processed. Successful exploitation by a remote attacker could result in the execution of arbitrary code.

14757 - BlackBerry Enterprise Server LibTIFF Remote Code Execution II

Category: Windows Host Assessment -> Miscellaneous (CATEGORY REQUIRES CREDENTIALS)

Risk Level: High CVE: CVE-2012-4447 Description

A remote code execution vulnerability is present in some versions of BlackBerry Enterprise Server. Observation

A remote code execution vulnerability is present in some versions of BlackBerry Enterprise Server.

The flaw is due to how TIFF images are processed. Successful exploitation by a remote attacker could result in the execution of arbitrary code.

14754 - Ruby on Rails attr_protected Method ActiveRecord Security Bypass Category: Windows Host Assessment -> Miscellaneous

(CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium

CVE: CVE-2013-0276 Description

A security bypass vulnerability is present in some versions of Ruby on Rails. Observation

A security bypass vulnerability is present in some versions of Ruby on Rails.

The flaw lies in the attr_protected method in ActiveRecord. Successful exploitation could allow a remote attacker to bypass security restrictions.

14768 - Bugzilla Show Bug Invalid Format Cross Site Scripting Vulnerability Category: General Vulnerability Assessment -> NonIntrusive -> Web Server

Risk Level: Medium CVE: CVE-2013-0785 Description

A cross site scripting vulnerability is present in some versions of Bugzilla. Observation

Bugzilla is a Web-based bug-tracking system.

A cross site scripting vulnerability is present in some versions of Bugzilla. The flaw occurs due to bug id was not sanitized when format is invalid. Successful exploitation could allow an attacker to execute arbitrary script code.

(4)

Category: General Vulnerability Assessment -> NonIntrusive -> Web Server Risk Level: Low

CVE: CVE-2013-0786 Description

An information disclosure vulnerability is present in some versions of Bugzilla. Observation

Bugzilla is a Web-based bug-tracking system.

An information disclosure vulnerability is present in some versions of Bugzilla. The flaw lies in debug mode. Successful exploitation could allow an attacker to obtain confidential field value.

14586 - Microsoft Windows Machine Account Lockout Threshold Policy

Category: Windows Host Assessment -> Security Policy/Options (CATEGORY REQUIRES CREDENTIALS)

Risk Level: Informational Description

The Microsoft Windows machine account lockout threshold parameter does not match policy. Observation

The Microsoft Windows machine account lockout threshold parameter does not match policy.

This policy setting allows administrators to specify the number of failed logon attempts that will cause a user account to be locked out.

ENHANCED CHECKS

The following checks have been updated. Enhancements may include optimizations, changes that reflect new information on a vulnerability and anything else that improves upon an existing FSL check.

4098 - Microsoft HTML Help Workshop Buffer Overflow vulnerability

Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS)

Risk Level: High Check Version: 1.95 CVE: CVE-2006-0564 Update Details

Recommendation is updated.

8801 - Apple Safari 'Window.Parent.Close()' Code Execution Vulnerability

Category: Windows Host Assessment -> Miscellaneous (CATEGORY REQUIRES CREDENTIALS)

(5)

Update Details

Recommendation is updated.

13735 - Microsoft Wordpad Doc File Null Pointer Denial of Service

Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS)

Risk Level: High Update Details

Recommendation is updated.

13802 - Microsoft Windows OpenType Font Denial Of Service

Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS)

Risk Level: High Update Details

Recommendation is updated.

13850 - Microsoft IIS FTP Command Denial of Service

Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS)

Risk Level: High Update Details

Recommendation is updated.

4648 - Microsoft SQL MS Jet Engine Unicode Buffer Overflow Vulnerability Category: Windows Host Assessment -> Miscellaneous

(CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium

Check Version: 1.1514

CVE: CVE-2002-0695, CVE-2002-0859

DISA IAVA: 2003-T-0013,2003-T-0008,2003-T-0004,2003-A-0012,2003-A-0011,200 Update Details

CVE is updated.

14528 - Microsoft Windows Enable S4U2Self For Claim Policy

(6)

Risk Level: Informational Update Details

FASLScript is updated.

14535 - Microsoft Windows Machine Inactivity limit Policy

Category: Windows Host Assessment -> Security Policy/Options (CATEGORY REQUIRES CREDENTIALS)

Risk Level: Informational Update Details

FASLScript is updated.

14583 - Microsoft Windows Block Microsoft Accounts Policy

Category: Windows Host Assessment -> Security Policy/Options (CATEGORY REQUIRES CREDENTIALS)

Risk Level: Informational Update Details

FASLScript is updated.

70001 - windowspolicy.fasl3.inc

Category: General Vulnerability Assessment -> NonIntrusive -> Invalid Category Risk Level: Informational

Check Version: 1.5015 Update Details

FASLScript is updated.

70050 - vmware.fasl3.inc

Category: General Vulnerability Assessment -> NonIntrusive -> Invalid Category Risk Level: Informational

Check Version: 1.3199 Update Details

FASLScript is updated.

70129 - ruby.fasl3.inc

Category: General Vulnerability Assessment -> NonIntrusive -> Invalid Category Risk Level: Informational

(7)

FASLScript is updated.

ADDITIONAL NOTES

70001 - This content package includes new Windows2012 Policies.

HOW TO UPDATE

FS1000 APPLIANCE customers should follow the instructions for Enterprise/Professional customers, below. In addition, we strongly urge all appliance customers to authorize and install any Windows Update critical patches. The appliance will auto-download any critical updates but will wait for your explicit authorization before installing.

FOUNDSTONE ENTERPRISE and PROFESSIONAL customers may obtain these new scripts using the FSUpdate Utility by selecting "FoundScan Update" on the help menu. Make sure that you have a valid FSUpdate username and password. The new vulnerability scripts will be automatically included in your scans if you have selected that option by right-clicking the selected vulnerability category and checking the "Run New Checks" checkbox.

MANAGED SERVICE CUSTOMERS already have the newest update applied to their environment. The new vulnerability scripts will be automatically included when your scans are next scheduled, provided the Run New Scripts option has been turned on.

MCAFEE TECHNICAL SUPPORT

ServicePortal: https://mysupport.mcafee.com/

Multi-National Phone Support available here:

http://www.mcafee.com/us/about/contact/index.html

Non-US customers - Select your country from the list of Worldwide Offices.

This email may contain confidential and privileged material for the sole use of the intended recipient. Any review or distribution by others is strictly prohibited. If you are not the intended recipient please contact the sender and delete all copies.

Copyright 2010 McAfee, Inc.

References

Download now ( PDF - 7 Page - 30.04 KB )

Related documents

[Image removed due to copyright concerns]

Through ionizations and excitations the passage of a charged particle through biological medium creates three species in the local vicinity of the particle track: Direct ionization

Introduction to BlackBerry Smartphone Web Development Widgets

– BlackBerry® Browser – BlackBerry® Connect – BlackBerry® Device Software – BlackBerry® Enterprise Server – BlackBerry® Enterprise Solution – BlackBerry® Infrastructure

Understanding High Availability

Both BlackBerry Enterprise Server instances in the BlackBerry Enterprise Server pair include, by default, the BlackBerry Attachment Service, BlackBerry Dispatcher, BlackBerry ®

BlackBerry Enterprise Server Performance Characteristics and Sizing Recommendations

BlackBerry Enterprise Server performance characteristics As the core of the BlackBerry solution, the BlackBerry Enterprise Server for Lotus Domino can be scaled appropriately

Installing the BlackBerry Enterprise Server Management console with a remote database

Figure 7: Command prompt with the temporary directory for the BlackBerry Enterprise Server Management console.. Run the Createdb.exe from the

Maintenance Release. Notes. BlackBerry Enterprise Server for IBM Domino. Version: 5.0 Service Pack: 4 Maintenance Release: 4

Install this maintenance release on any computer that hosts a BlackBerry Enterprise Server and on any remote computer that hosts a BlackBerry MDS Connection Service,

McAfee Host Intrusion Prevention Content 4865

o Signature 6027: Vulnerability in GDI could allow Remote Code Execution o Signature 6028: Vulnerability in Windows Shell Handler URL Validation Could. Allow Remote

MCAFEE FOUNDSTONE FSL UPDATE

13765 - (MS12-037) Microsoft Internet Explorer HTML Sanitization Information Disclosure (2699988) Category: Windows Host Assessment -> Patches and Hotfixes. (CATEGORY