[Customerconnect] Internet Scanner XPU 6.25 Now Available!

From: ISS Customer Relations (bpq@iss.net)
Date: 01/28/03


To: customerconnect@iss.net
From: ISS Customer Relations <bpq@iss.net>
Date: Tue, 28 Jan 2003 16:55:50 -0500

Internet Scanner X-Press Update 6.25 is now available from the ISS Download
Center: <http://www.iss.net/download/>. Internet Scanner XPU 6.25
contains seven new checks and improvements for multiple existing
checks. This XPU extends Internet Scanner's coverage for the SQL Slammer
worm by adding another check for this vulnerability!

PROTECTION BENEFITS
∑ SQL Slammer Worm. Check addresses vulnerability in Microsoft SQL
Server

∑ Application Protection. Checks in this XPU address security issues
in Coldfusion MX, and CUPS

∑ Platform Protection. XPU 6.25 includes checks for issues in the
Microsoft Windows operating systems.

NEW CHECKS

The new checks in this XPU are listed below.

Risk VulnID Check Name Category
==== ====== ========== =========
High 9661 mssql-resolution-service-bo Daemons
High 11132* win-locator-bo NT Critical Issues
High 10909 cups-neg-memcpy-bo Daemons
Medium 10565 coldfusion-mx-file-disclosure Web Scan
Medium 10953 platinumftpserver-dir-directory-traversal Ftp
Medium 11133* outlook-v1-certificate-plaintext Email
Low 10955 platinumftpserver-cd-command-dos Ftp

* Please note that these checks require administrative privileges on
scanned hosts.

IMPROVED CHECKS
∑ IisMs02018Patch (Vuln ID: 8811)
∑ FtpGlobExpansion (Vuln ID: 6332)
∑ FtpGlobImplementation (Vuln ID: 6333)
∑ WuftpGlobHeapCorruption (Vuln ID: 7611)
∑ FtpWrite (Vuln ID: 53)
∑ Guestnopwreq (Vuln id: 163)
∑ NbRootShare (Vuln Id: 393)
∑ RootDotDot check (Vuln ID: 106)
∑ IisFrontpageInfo (Vuln ID: 4001)
∑ IPlanetRunning (Vuln ID: 8055)
∑ ApacheRunning (Vuln ID: 8054)
∑ SolSadminAmslVerifyBo (SeckID: 3688)
∑ NTWritableNetbios (Vuln ID: 26)

VERSIONS/PLATFORMS

XPU 6.25 is for use with Internet Scanner version 6.2.1. Internet Scanner
6.2.1 is available on the ISS Download
Center: <http://www.iss.net/eval/eval.php>.

For more information on this release, please contact the following:

* For additional product information:
- Internet Scanner:
<http://www.iss.net/products_services/enterprise_protection/vulnerability_as
sessment/>
- X-Press Updates: <http://www.iss.net/db_data/xpu/IS.php>

* For sales and professional services information:
- sales@iss.net <mailto:sales@iss.net>
- 888-776-2362 (U.S. and Canada); +1-404-236-2600 (International)

* For support information, including ISSí Technical Support Knowledgebase:
- Customer Support - <http://www.iss.net/support/enterprise/index.php>
- Technical Support Knowledgebase -
<http://www.iss.net/support/knowledgebase/>

_______________________________________________
CustomerConnect mailing list
CustomerConnect@iss.net