MCAFEE FOUNDSTONE FSL UPDATE



Similar documents
MCAFEE FOUNDSTONE FSL UPDATE

MCAFEE FOUNDSTONE FSL UPDATE

McAfee Vulnerability Manager 7.0.2

MCAFEE FOUNDSTONE FSL UPDATE

The Leader in Cloud Security SECURITY ADVISORY

FINAL DoIT v.8 APPLICATION SECURITY PROCEDURE

Remote Administration

McAfee Vulnerability Manager 7.5.1

MatriXay Database Vulnerability Scanner V3.0

Thick Client Application Security

Nessus scanning on Windows Domain

Medical Device Security Health Imaging Digital Capture. Security Assessment Report for the Kodak Capture Link Server V1.00

Windows Remote Access

Threat Modeling. Categorizing the nature and severity of system vulnerabilities. John B. Dickson, CISSP

Web Application Report

Virtualization System Security

Penetration Testing Report Client: Business Solutions June 15 th 2015

McAfee Policy Auditor Content Update Summary. New Checks

Creating Stronger, Safer, Web Facing Code. JPL IT Security Mary Rivera June 17, 2011

Medical Device Security Health Imaging Digital Capture. Security Assessment Report for the Kodak DryView 8150 Imager Release 1.0.

VMware vcenter Support Assistant 5.1.1

Medical Device Security Health Imaging Digital Capture. Security Assessment Report for the Kodak CR V4.1

External Vulnerability Assessment. -Technical Summary- ABC ORGANIZATION

Monitor Print Popup for Mac. Product Manual.

ArCycle vmbackup. for VMware/Hyper-V. User Guide

Integrated Network Vulnerability Scanning & Penetration Testing SAINTcorporation.com

SECURITY TRENDS & VULNERABILITIES REVIEW 2015

Software Vulnerability Assessment

Securing your Virtual Datacenter. Part 1: Preventing, Mitigating Privilege Escalation

Directory and File Transfer Services. Chapter 7

Web Application Threats and Vulnerabilities Web Server Hacking and Web Application Vulnerability

Administrator Manual Across Personal Edition v6 (Revision: February 4, 2015)

How To Control Vcloud Air From A Microsoft Vcloud (Vcloud)

How To Secure An Rsa Authentication Agent

2013 Ruby on Rails Exploits. CS 558 Allan Wirth

Database Auditing: Best Practices. Rob Barnes, CISA Director of Security, Risk and Compliance Operations

WHITEPAPER. Nessus Exploit Integration

Passing PCI Compliance How to Address the Application Security Mandates

Advanced Configuration Steps

Web App Security Audit Services

ITEC441- IS Security. Chapter 15 Performing a Penetration Test

Web attacks and security: SQL injection and cross-site scripting (XSS)

Configuring Virtual Switches for Use with PVS. February 7, 2014 (Revision 1)

Desktop Release Notes. Desktop Release Notes 5.2.1

ANNEXURE-1 TO THE TENDER ENQUIRY NO.: DPS/AMPU/MIC/1896. Network Security Software Nessus- Technical Details

SB 1386 / AB 1298 California State Senate Bill 1386 / Assembly Bill 1298

Web Vulnerability Scan Report

WatchDox Administrator's Guide. Application Version 3.7.5

Medical Device Security Health Imaging Digital Capture. Security Assessment Report for the Kodak DR V2.0

13.1 Backup virtual machines running on VMware ESXi / ESX Server

The purpose of this report is to educate our prospective clients about capabilities of Hackers Locked.

IBM Managed Security Services Vulnerability Scanning:

Chapter 4 Application, Data and Host Security

Application Security Policy

Advanced Systems Security

PANO MANAGER CONNECTOR FOR SCVMM& HYPER-V

Understanding Security Testing

My FreeScan Vulnerabilities Report

Patch Management. Module VMware Inc. All rights reserved

How to Backup and Restore a VM using Veeam

McAfee Web Gateway 7.4.1

RSA Authentication Manager 8.1 Virtual Appliance Getting Started

Mac OS X Security Checklist:

Using Nessus In Web Application Vulnerability Assessments

Upgrade Guide. McAfee Vulnerability Manager Microsoft Windows Server 2008 R2

NETWRIX IDENTITY MANAGEMENT SUITE

Hacking the WordpressEcosystem

60467 Project 1. Net Vulnerabilities scans and attacks. Chun Li

How To Protect Data From Attack On A Network From A Hacker (Cybersecurity)

Discovering passwords in the memory

Virtually Pwned Pentesting VMware. Claudio

Columbia University Web Security Standards and Practices. Objective and Scope

NetIQ Advanced Authentication Framework - MacOS Client

Symantec NetBackup for Microsoft SQL Server Administrator's Guide

Web Plus Security Features and Recommendations

LANDESK Service Desk. Desktop Manager

CS 356 Lecture 25 and 26 Operating System Security. Spring 2013

FINAL DoIT v.4 PAYMENT CARD INDUSTRY DATA SECURITY STANDARDS APPLICATION DEVELOPMENT AND MAINTENANCE PROCEDURES

Scan to SMB(PC) Set up Guide

KonyOne Server Prerequisites _ MS SQL Server

1 Scope of Assessment

Lepide Software. LepideAuditor for File Server [CONFIGURATION GUIDE] This guide informs How to configure settings for first time usage of the software

Microsoft Security Bulletin MS Important

NNT CIS Microsoft SQL Server 2008R2 Database Engine Level 1 Benchmark Report 0514a

Cisco S380 and Cisco S680 Web Security Appliance

Introduction to Web Application Security. Microsoft CSO Roundtable Houston, TX. September 13 th, 2006

Kaseya Server Instal ation User Guide June 6, 2008

DFW INTERNATIONAL AIRPORT STANDARD OPERATING PROCEDURE (SOP)

Global Partner Management Notice

How To Fix A Snare Server On A Linux Server On An Ubuntu (Amd64) (Amd86) (For Ubuntu) (Orchestra) (Uniden) (Powerpoint) (Networking

Transcription:

MCAFEE FOUNDSTONE FSL UPDATE 2013-FEB-25 To better protect your environment McAfee has created this FSL check update for the Foundstone Product Suite. The following is a detailed summary of the new and updated checks included with this release. NEW CHECKS 14663 - VMware vsphere Products Client-Side Authentication Vulnerability CVE: CVE-2013-1405 DISA IAVA: 2013-B-0012 A vulnerability is present in some versions of VMware vsphere. VMware vsphere products provides unified management of VM. A vulnerability is present in some versions of VMware vsphere. The flaw exist in the handling of the management authentication protocol. Successful exploitation by a remote attacker could result in remote code execution. 14750 - (HT5644) Apple OS X Server Multiple Ruby on Rails Vulnerabilities Category: SSH Module -> NonIntrusive -> Mac OS X Patches and Hotfixes CVE: CVE-2013-0156, CVE-2013-0333 Multiple vulnerabilities are present in some versions of Apple Mac OS X Server. Apple Mac OS X Server provides easy to use interface to configure enterprise services for Apple devices. Multiple vulnerabilities are present in some versions of Apple Mac OS X Server. The flaws lie in Ruby on Rails in OS X Server. Successful exploitation could allow an attacker to cause arbitrary code execution. 14751 - Schneider Electric Accutech Manager Heap Overflow Remote Code Execution Category: Windows Host Assessment -> SCADA CVE: CVE-2013-0658 A remote code execution vulnerability is present in some versions of Schneider Electric Accutech Manager.

A remote code execution vulnerability is present in some versions of Schneider Electric Accutech Manager. The flaw is due to a heap-based buffer overflow in the application. Successful exploitation by a remote attacker could result in the execution of arbitrary code or a denial of service. 14752 - (VMSA-2013-0002) VMware View VMCI Privilege Escalation Vulnerability CVE: CVE-2013-1406 A privilege escalation vulnerability is present in some versions of VMware View. VMware View is a remote virtual desktops management solution. A privilege escalation vulnerability is present in some versions of VMware View. The flaw occurs due to the handing of control code of vmci.sys. Successful exploitation could allow an attacker to escalate privilege. 14755 - Ruby on Rails Serialized Attributes YAML Remote Code Execution CVE: CVE-2013-0277 A remote code execution vulnerability is present in some versions of Ruby on Rails. A remote code execution vulnerability is present in some versions of Ruby on Rails. The flaw lies in the serialized attribute handling code. Successful exploitation by a remote attacker could result in the execution of arbitrary code or a denial of service. 14756 - BlackBerry Enterprise Server LibTIFF Remote Code Execution I CVE: CVE-2012-2088

The flaw is due to how TIFF images are processed. Successful exploitation by a remote attacker could result in the execution of arbitrary code. 14757 - BlackBerry Enterprise Server LibTIFF Remote Code Execution II CVE: CVE-2012-4447 The flaw is due to how TIFF images are processed. Successful exploitation by a remote attacker could result in the execution of arbitrary code. 14754 - Ruby on Rails attr_protected Method ActiveRecord Security Bypass Risk Level: Medium CVE: CVE-2013-0276 A security bypass vulnerability is present in some versions of Ruby on Rails. A security bypass vulnerability is present in some versions of Ruby on Rails. The flaw lies in the attr_protected method in ActiveRecord. Successful exploitation could allow a remote attacker to bypass security restrictions. 14768 - Bugzilla Show Bug Invalid Format Cross Site Scripting Vulnerability Category: General Vulnerability Assessment -> NonIntrusive -> Web Server Risk Level: Medium CVE: CVE-2013-0785 A cross site scripting vulnerability is present in some versions of Bugzilla. Bugzilla is a Web-based bug-tracking system. A cross site scripting vulnerability is present in some versions of Bugzilla. The flaw occurs due to bug id was not sanitized when format is invalid. Successful exploitation could allow an attacker to execute arbitrary script code. 14767 - Bugzilla Debug Mode Query Information Disclosure Vulnerability

Category: General Vulnerability Assessment -> NonIntrusive -> Web Server Risk Level: Low CVE: CVE-2013-0786 An information disclosure vulnerability is present in some versions of Bugzilla. Bugzilla is a Web-based bug-tracking system. An information disclosure vulnerability is present in some versions of Bugzilla. The flaw lies in debug mode. Successful exploitation could allow an attacker to obtain confidential field value. 14586 - Microsoft Windows Machine Account Lockout Threshold Policy The Microsoft Windows machine account lockout threshold parameter does not match policy. The Microsoft Windows machine account lockout threshold parameter does not match policy. This policy setting allows administrators to specify the number of failed logon attempts that will cause a user account to be locked out. ENHANCED CHECKS The following checks have been updated. Enhancements may include optimizations, changes that reflect new information on a vulnerability and anything else that improves upon an existing FSL check. 4098 - Microsoft HTML Help Workshop Buffer Overflow vulnerability Check Version: 1.95 CVE: CVE-2006-0564 8801 - Apple Safari 'Window.Parent.Close()' Code Execution Vulnerability CVE: CVE-2010-1939

13735 - Microsoft Wordpad Doc File Null Pointer Denial of Service 13802 - Microsoft Windows OpenType Font Denial Of Service 13850 - Microsoft IIS FTP Command Denial of Service 4648 - Microsoft SQL MS Jet Engine Unicode Buffer Overflow Vulnerability Risk Level: Medium Check Version: 1.1514 CVE: CVE-2002-0695, CVE-2002-0859 DISA IAVA: 2003-T-0013,2003-T-0008,2003-T-0004,2003-A-0012,2003-A-0011,200 CVE is updated. 14528 - Microsoft Windows Enable S4U2Self For Claim Policy

14535 - Microsoft Windows Machine Inactivity limit Policy 14583 - Microsoft Windows Block Microsoft Accounts Policy 70001 - windowspolicy.fasl3.inc Category: General Vulnerability Assessment -> NonIntrusive -> Invalid Category Check Version: 1.5015 70050 - vmware.fasl3.inc Category: General Vulnerability Assessment -> NonIntrusive -> Invalid Category Check Version: 1.3199 70129 - ruby.fasl3.inc Category: General Vulnerability Assessment -> NonIntrusive -> Invalid Category

ADDITIONAL NOTES 70001 - This content package includes new Windows2012 Policies. HOW TO UPDATE FS1000 APPLIANCE customers should follow the instructions for Enterprise/Professional customers, below. In addition, we strongly urge all appliance customers to authorize and install any Windows Update critical patches. The appliance will auto-download any critical updates but will wait for your explicit authorization before installing. FOUNDSTONE ENTERPRISE and PROFESSIONAL customers may obtain these new scripts using the FSUpdate Utility by selecting "FoundScan Update" on the help menu. Make sure that you have a valid FSUpdate username and password. The new vulnerability scripts will be automatically included in your scans if you have selected that option by right-clicking the selected vulnerability category and checking the "Run New Checks" checkbox. MANAGED SERVICE CUSTOMERS already have the newest update applied to their environment. The new vulnerability scripts will be automatically included when your scans are next scheduled, provided the Run New Scripts option has been turned on. MCAFEE TECHNICAL SUPPORT ServicePortal: https://mysupport.mcafee.com/ Multi-National Phone Support available here: http://www.mcafee.com/us/about/contact/index.html Non-US customers - Select your country from the list of Worldwide Offices. This email may contain confidential and privileged material for the sole use of the intended recipient. Any review or distribution by others is strictly prohibited. If you are not the intended recipient please contact the sender and delete all copies. Copyright 2010 McAfee, Inc. McAfee is a registered trademark of McAfee, Inc. and/or its affiliates

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information