[Xpress] Internet Scanner XPU 6.13 Now Available!

From: ISS Customer Relations (bpq@iss.net)
Date: 06/21/02

To: xpress@iss.net
From: ISS Customer Relations <bpq@iss.net>
Date: Thu, 20 Jun 2002 18:47:29 -0400

Internet Scanner X-Press Update 6.13 is now available from the ISS Download
Center: <http://www.iss.net/download/>. Internet Scanner XPU 6.13
contains 15 new checks and improvements for a number of existing
checks. XPU 6.13 focuses on Passport.

.NET Framework. The focus of XPU 6.13 is Passport and the .NET
framework. Ten checks are included that identify Passport configurations
that could impact your security stance. These checks address settings that
may enable access to logs, user authentication, profile information, and
cookies. Default settings and sample programs are identified that may
provide an attacker well known entry points.

Application Protection. XPU 6.13 includes a check to address
denial of service vulnerabilities in Apache and Microsoft Exchange. A
Yahoo Instant Messenger buffer overflow check strengthens the peer-to-peer
capabilities of Internet Scanner. A check is also included to identify
Open SSH.

Other Malicious Code. A check for Litmus backdoor is included to
identify systems that are infected with this backdoor and can be controlled
through an IRC network.


The new checks in this XPU are listed below.

Risk VulnID Check Name Category
==== ====== ========== =========
High 9187* PassportCcdPermission NT Critical Issues
High 9091* PassportVerboseModeExposure NT Critical Issues
High 9094* PassportPassportLogExposure NT Critical Issues
High 9123* PassportIisLogPermissionExposure NT Critical Issues
Medium 9065* PassportSampleSiteGlobal NT Critical Issues
Medium 9068* PassportRegistryPermission NT Critical Issues
Medium 9146* PassportEventsReportingDisabled NT Critical Issues
Medium 9064* PassportDefaultTimeWindow NetBIOS
Medium 9066 PassportSampleSiteExposure Web Scan
Medium 9067 PassportTestSiteExposure Web Scan
High 9183* YahooMessengerYmsgrBo NetBIOS
Low 9195* ExchangeMsgAttributeDos NetBIOS
Low 9307 OpensshRunning Daemons
Medium 9049* BackdoorLitmus Backdoors
High 8589 ApacheDosBatchCommandExecution Web Scan

* Please note that these checks require administrative privileges on
scanned hosts.


The following checks have been improved in XPU 6.13.
DNS Iquery (206)
Nt-applog (30)
nt-systemlog (138)
Wuftpglobheapcorryption (7611)
Deftel (43)
TelnetOpen (22)
Ftpbounce (199)
Managementagentfileread (2258)
Management Agent DoS (2259)
Rootdotdot (106)
DCOM (176)
SMB share found (NetBIOS share) (12)
ApacheChunkedEncodingBo (9249). Please note that this check has
been modified to be more specific. It also has been recategorized as a DOS
check due to impact on Oracle Application Server during testing.


XPU 6.13 is for use with Internet Scanner version 6.2.1. Internet Scanner
6.2.1 is available on the ISS Download
Center: <http://www.iss.net/eval/eval.php>.

Xpress mailing list