[Xpress] Internet Scanner XPU v6.7 Now Available!

From: ISS Customer Relations (bpq@iss.net)
Date: 04/09/02


To: xpress@iss.net
From: ISS Customer Relations <bpq@iss.net>
Date: Mon, 08 Apr 2002 18:37:02 -0400

The latest X-Press Updates are now available on the ISS Download
Center: <http://www.iss.net/download/>. These updates include Internet
Scanner XPU 6.7, Network Sensor update 4.2 for version 5.x, and RealSecure
SiteProtector XPUs. An XPU is also available for SAFEsuite Decisions.

***************************************
INTERNET SCANNER XPU 6.7
***************************************

Internet Scanner XPU 6.7 delivers 23 new checks and is focused on Cisco
routers and remote control applications. Thanks to feedback from
customers, XPUs continue to improve existing checks in order to reduce
false positives. There are twelve improved checks in this release. We
encourage you to continue to report false positives that you identify in
your environment to support@iss.net <mailto:support@iss.net>.

PROTECTION BENEFITS OF X-PRESS™ UPDATE 6.7
· Cisco Routers. The XPU contains 13 Cisco router checks. The
checks identify configurations that could impact the security posture of
your network, and are important for enforcing your network security
policy.
· Remote Control Applications. XPU 6.7 includes checks to identify
RemotelyAnywhere and GoToMyPC.
· Web Servers. This XPU contains three checks for vulnerabilities in
Oracle Application Server, and a check for a buffer overflow vulnerability
in iPlanet web servers.
· Other checks. A check for Peekabooty is included in this XPU. In
addition, two checks address vulnerabilities in Internet Explorer.

NEW CHECKS

The new checks in this XPU are listed below.

Risk VulnID Check Name Category
==== ====== ========== =========
Medium 8663* PeekabootyPresent Daemons
Medium 8620* RemotelyAnywherePresent Daemons
Medium 8637 RemotelyAnywhereRunning Daemons
Medium 8631* GotomypcPresent
Daemons
Medium 8401 CiscoAutoloadingEnabled Router/Switch
Medium 8403 CiscoBufferedLoggingDisabled Router/Switch
Medium 8404 CiscoCdpEnabled Router/Switch
Medium 8405 CiscoCommunityStringEnabled Router/Switch
Medium 8406 CiscoHttpEnabled Router/Switch
Medium 8407 CiscoIpDirectedBroadcastEnabled Router/Switch
Medium 8408 CiscoIpsourceRoutingEnabled Router/Switch
Medium 8409 CiscoLoggingDisabled Router/Switch
Medium 8410 CiscoNtpEnabled Router/Switch
Medium 8412 CiscoPasswordUnencryptedConfig Router/Switch
Medium 8413 CiscoSecretDisabled Router/Switch
Medium 8414 CiscoTftpEnabled Router/Switch
Medium 8415 CiscoTunnelInterfaceExists Router/Switch
High 8096 OracleAppserverPlSqlAuthclientBo Web Scan
Low 8099 OracleAppserverPlsqlPlsDos Web Scan
Medium 8100 OracleAppserverOraclejspViewInfo Web Scan
High 8285 IplanetHostHeaderBo Web Scan
High 8118* IeApplicationInvocation NT Critical
Issues
High 8120* IeScriptingBypass NT Critical
Issues

* Please note that these checks require administrative privileges on
scanned hosts.

IMPROVED CHECKS

The following checks have been improved in XPU 6.7.
· IIS RDS (1212)
· IisIsapiPrinterBo (6485)
· TelnetTabBO (7284)
· Nfswrite (84)
· FtpChmod (1843)
· Passfilt.dll incorrect (219)
· Passfilt.DLL checksum (1310)
· SshDeattackOverwriteMemory (6083)
· NetscapeAdminBo (3586)
· IeUrlHttpRequests (7259)
· IeIncorrectSecurityZone (7258)
· IeFileDownloadExecution (7703)

_______________________________________________
Xpress mailing list
Xpress@iss.net