MCAFEE FOUNDSTONE FSL UPDATE

Transcription

1 MCAFEE FOUNDSTONE FSL UPDATE 2013-FEB-25 To better protect your environment McAfee has created this FSL check update for the Foundstone Product Suite. The following is a detailed summary of the new and updated checks included with this release. NEW CHECKS VMware vsphere Products Client-Side Authentication Vulnerability CVE: CVE DISA IAVA: 2013-B-0012 A vulnerability is present in some versions of VMware vsphere. VMware vsphere products provides unified management of VM. A vulnerability is present in some versions of VMware vsphere. The flaw exist in the handling of the management authentication protocol. Successful exploitation by a remote attacker could result in remote code execution (HT5644) Apple OS X Server Multiple Ruby on Rails Vulnerabilities Category: SSH Module -> NonIntrusive -> Mac OS X Patches and Hotfixes CVE: CVE , CVE Multiple vulnerabilities are present in some versions of Apple Mac OS X Server. Apple Mac OS X Server provides easy to use interface to configure enterprise services for Apple devices. Multiple vulnerabilities are present in some versions of Apple Mac OS X Server. The flaws lie in Ruby on Rails in OS X Server. Successful exploitation could allow an attacker to cause arbitrary code execution Schneider Electric Accutech Manager Heap Overflow Remote Code Execution Category: Windows Host Assessment -> SCADA CVE: CVE A remote code execution vulnerability is present in some versions of Schneider Electric Accutech Manager.

2 A remote code execution vulnerability is present in some versions of Schneider Electric Accutech Manager. The flaw is due to a heap-based buffer overflow in the application. Successful exploitation by a remote attacker could result in the execution of arbitrary code or a denial of service (VMSA ) VMware View VMCI Privilege Escalation Vulnerability CVE: CVE A privilege escalation vulnerability is present in some versions of VMware View. VMware View is a remote virtual desktops management solution. A privilege escalation vulnerability is present in some versions of VMware View. The flaw occurs due to the handing of control code of vmci.sys. Successful exploitation could allow an attacker to escalate privilege Ruby on Rails Serialized Attributes YAML Remote Code Execution CVE: CVE A remote code execution vulnerability is present in some versions of Ruby on Rails. A remote code execution vulnerability is present in some versions of Ruby on Rails. The flaw lies in the serialized attribute handling code. Successful exploitation by a remote attacker could result in the execution of arbitrary code or a denial of service BlackBerry Enterprise Server LibTIFF Remote Code Execution I CVE: CVE

3 The flaw is due to how TIFF images are processed. Successful exploitation by a remote attacker could result in the execution of arbitrary code BlackBerry Enterprise Server LibTIFF Remote Code Execution II CVE: CVE The flaw is due to how TIFF images are processed. Successful exploitation by a remote attacker could result in the execution of arbitrary code Ruby on Rails attr_protected Method ActiveRecord Security Bypass Risk Level: Medium CVE: CVE A security bypass vulnerability is present in some versions of Ruby on Rails. A security bypass vulnerability is present in some versions of Ruby on Rails. The flaw lies in the attr_protected method in ActiveRecord. Successful exploitation could allow a remote attacker to bypass security restrictions Bugzilla Show Bug Invalid Format Cross Site Scripting Vulnerability Category: General Vulnerability Assessment -> NonIntrusive -> Web Server Risk Level: Medium CVE: CVE A cross site scripting vulnerability is present in some versions of Bugzilla. Bugzilla is a Web-based bug-tracking system. A cross site scripting vulnerability is present in some versions of Bugzilla. The flaw occurs due to bug id was not sanitized when format is invalid. Successful exploitation could allow an attacker to execute arbitrary script code Bugzilla Debug Mode Query Information Disclosure Vulnerability

4 Category: General Vulnerability Assessment -> NonIntrusive -> Web Server Risk Level: Low CVE: CVE An information disclosure vulnerability is present in some versions of Bugzilla. Bugzilla is a Web-based bug-tracking system. An information disclosure vulnerability is present in some versions of Bugzilla. The flaw lies in debug mode. Successful exploitation could allow an attacker to obtain confidential field value Microsoft Windows Machine Account Lockout Threshold Policy The Microsoft Windows machine account lockout threshold parameter does not match policy. The Microsoft Windows machine account lockout threshold parameter does not match policy. This policy setting allows administrators to specify the number of failed logon attempts that will cause a user account to be locked out. ENHANCED CHECKS The following checks have been updated. Enhancements may include optimizations, changes that reflect new information on a vulnerability and anything else that improves upon an existing FSL check Microsoft HTML Help Workshop Buffer Overflow vulnerability Check Version: 1.95 CVE: CVE Apple Safari 'Window.Parent.Close()' Code Execution Vulnerability CVE: CVE

5 Microsoft Wordpad Doc File Null Pointer Denial of Service Microsoft Windows OpenType Font Denial Of Service Microsoft IIS FTP Command Denial of Service Microsoft SQL MS Jet Engine Unicode Buffer Overflow Vulnerability Risk Level: Medium Check Version: CVE: CVE , CVE DISA IAVA: 2003-T-0013,2003-T-0008,2003-T-0004,2003-A-0012,2003-A-0011,200 CVE is updated Microsoft Windows Enable S4U2Self For Claim Policy

6 Microsoft Windows Machine Inactivity limit Policy Microsoft Windows Block Microsoft Accounts Policy windowspolicy.fasl3.inc Category: General Vulnerability Assessment -> NonIntrusive -> Invalid Category Check Version: vmware.fasl3.inc Category: General Vulnerability Assessment -> NonIntrusive -> Invalid Category Check Version: ruby.fasl3.inc Category: General Vulnerability Assessment -> NonIntrusive -> Invalid Category

7 ADDITIONAL NOTES This content package includes new Windows2012 Policies. HOW TO UPDATE FS1000 APPLIANCE customers should follow the instructions for Enterprise/Professional customers, below. In addition, we strongly urge all appliance customers to authorize and install any Windows Update critical patches. The appliance will auto-download any critical updates but will wait for your explicit authorization before installing. FOUNDSTONE ENTERPRISE and PROFESSIONAL customers may obtain these new scripts using the FSUpdate Utility by selecting "FoundScan Update" on the help menu. Make sure that you have a valid FSUpdate username and password. The new vulnerability scripts will be automatically included in your scans if you have selected that option by right-clicking the selected vulnerability category and checking the "Run New Checks" checkbox. MANAGED SERVICE CUSTOMERS already have the newest update applied to their environment. The new vulnerability scripts will be automatically included when your scans are next scheduled, provided the Run New Scripts option has been turned on. MCAFEE TECHNICAL SUPPORT ServicePortal: Multi-National Phone Support available here: Non-US customers - Select your country from the list of Worldwide Offices. This may contain confidential and privileged material for the sole use of the intended recipient. Any review or distribution by others is strictly prohibited. If you are not the intended recipient please contact the sender and delete all copies. Copyright 2010 McAfee, Inc. McAfee is a registered trademark of McAfee, Inc. and/or its affiliates