RealSecure Network Sensor XPU 3.2

From: CustomerRelations (bpq@iss.net)
Date: 08/27/01


Message-Id: <4.2.2.20010827153040.00a95830@msgatl01.iss.net>
Date: Mon, 27 Aug 2001 15:31:33 -0400
To: xpress@iss.net
From: CustomerRelations <bpq@iss.net>
Subject: RealSecure Network Sensor XPU 3.2


TO UNSUBSCRIBE: email "unsubscribe xpress" in the body of your message to
MAJORDOMO@ISS.NET. Contact xpress-owner@iss.net for help with any problems!
---------------------------------------------------------------------------

===============================================================

X-PRESS UPDATE 3.2 FOR NETWORK SENSOR NOW AVAILABLE!

===============================================================

SUMMARY

X-Press Update 3.2 for Network Sensor contains 9 new signatures
including a signature for telnet buffer overflow vulnerability,
two signatures to address ColdFusion vulnerabilities, and an Oracle
buffer overflow signature.

PROTECTION BENEFITS OF X-PRESS UPDATE 3.2

- Application Protection. XPU 3.2 contains a signature to address
a telnet buffer overflow vulnerability in systems that have telnet
servers that are derived from BSD. The XPU also contains signatures
to address ColdFusion vulnerabilities, and a signature to protect
against a high risk Oracle buffer overflow vulnerability.

- Web Servers. XPU 3.2 contains three signatures to address
vulnerabilities in IIS web servers.

VERSIONS/PLATFORMS

This XPU supports Network Sensor on Solaris, Windows NT, Windows 2000
and the Nokia appliance platforms.

This XPU supports both the 5.0 and 6.0 Network Sensor. However, each
requires a different XPU file. If your WorkGroup Manager has Internet
access, WGM will automatically select the correct files for the sensor
you choose to update. If you download the files from the download center
on the ISS web site, the file you should choose is dependent on the
Network Sensor versions in your environment.

Please note that if you are in the process of upgrading and have a
mix of both versions, 6.0 Network Sensors must be updated by 6.0
WorkGroup Managers. 5.0 Network Sensors can be updated by both 5.5
and 6.0 WorkGroup Managers.

NEW SIGNATURES IN X-PRESS UPDATE 3.2

SecChkID ProductCheckName RiskLevel
-------- ---------------- ---------
6875 TelnetExcessiveAYTs High
6791 HTTP_ColdFusion_Email_ExampleApp Medium
6790 HTTP_ColdFusion_WebPublish_ExampleApp High
6994 HTTP_IIS_Unicode_Encoding High
6995 HTTP_IIS_Unicode_Wide_Encoding High
2381 HTTP_IIS_Showcode Medium
6334 HTTP_Oracle_Appserver_Overflow High
6342 HTTP_PHPNuke_URL_Redirect Medium
6647 POP_QPopUser_Overflow High

IMPROVED SIGNATURES IN X-PRESS UPDATE 3.2

HTTP_Head. A bug fix for HTTP_Head has been included in this XPU.

E-mail Overflow Signatures. E-mail overflow signatures have been
enhanced to report the size of the buffer overflow encountered.

KNOWN ISSUES

There is a known issue with the console Update on 5.X Nokia Sensors.
A Nokia sensor that has been updated with any XPU cannot deliver a
console update to base 5.x console. A 'base 5.x console' is a
console which has not been updated via an XPU delivered Console Update.

The issue has a workaround. Connect the console to a Windows or Solaris
based 5.X sensor which contains the Console Update required for your
install. Alternatively, you may also apply an XPU from the base console.
This method will also update the console with the desired Console Update.

If you have questions about the workaround, please contact Support@iss.net.