TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message to [EMAIL PROTECTED] Contact [EMAIL PROTECTED] for help with any problems! ---------------------------------------------------------------------------- There has been some questions regarding how and when Internet Security Systems updates its security intelligence within our software security engines. We have optimized this process through a new technology called X-Press Updates. ISS X-Force is continually adding new checks to be released through X-Press Updates. Here is more information regarding this. X-Press Updates Internet Security Systems has enabled rapid updates with a technology called X-Press Updates. It is available in the Internet Scanner 6.0 release and System Scanner 4.0, and is being extended into the RealSecure components. X-Press Updates has many benefits: o Get new checks without downloading the entire scanner engine. This minimizes the hassle of deploying updates. o Smaller downloads. Takes less time to download the new checks. o Increasing speed to market with new checks. With only releasing new checks for the engine, the entire update process including Quality Assurance can be focused on only the new X-Press Update checks and not the entire scanner engine. Since the release of Internet Scanner 6.0 this autumn, we have had 4 Internet Scanner X-Press Updates released, with the most recent going out this week. We also released an X-Press Update for System Scanner 4.0 last week. In addition to Sybase and Microsoft SQL, Database Scanner 3.0.1 has been updated recently to cover over 80 new Oracle database security checks. We believe we have had the most frequent number of updates with the largest quantity of new security checks for any commercial database, system, and network based security scanners. We are continuing to strive to streamline the process. The System Scanner with the latest X-Press update has 537 Windows NT checks. System Scanner also has 425 UNIX checks. The Internet Scanner with its latest X-Press updates brings the number of checks to 682. Combined, the total number of security checks is over 1500. The new checks for Internet Scanner and System Scanner are listed below. In the recent release, Internet Scanner 6.0.1 is now compatible with the Common Vulnerability and Exposures (CVE) effort. The CVE aims to standardize the names for all publicly known vulnerabilities and security exposures, allowing customers to better utilize the security information that their existing products collect. ISS is the first security vendor to provide support for this standard within a network scanner. Information about the CVE is available from http://www.cve.mitre.org/. The System Scanner X-Press Update contains the following new checks for Windows NT 4.0 Servers and Workstations: Check Description ----- ----------- MS99-001 "Forms 2.0 textBox Control" Vulnerability MS99-004 Authentication Processing Error MS99-005 BackOffice Server 4.0 Installation Setup File Exists MS99-006 "KnownDLLs List" Vulnerability MS99-008 "Screen Saver" Vulnerability MS99-011 "DHTML Edit" Vulnerability MS99-012 "MSHTML.DLL parsing engine" Vulnerability MS99-014 "Excel 97 Virus Warning" Vulnerability MS99-016 "Malformed Phonebook Entry" Vulnerability MS99-018 "Legacy ActiveX Control" Vulnerability MS99-019 "Malformed HTR Request" Vulnerability MS99-020 "Malformed LSA Request" Vulnerability MS99-021 "CSRSS Worker Thread Exhaustion" Vulnerability MS99-022 "Double Byte Code Page" Vulnerability MS99-023 "Malformed Image Header" Vulnerability MS99-026 "Malformed Dialler Entry" Vulnerability MS99-029 "Malformed HTTP Request Header" Vulnerability MS99-031 "Virtual Machine sandbox" Vulnerability MS99-034 "Fragmented IGMP Packet" Vulnerability MS99-035 "Set Cookie Header Caching" Vulnerability MS99-036 Windows NT4.0 Does Not Delete Unattended Installation File MS99-037a "ImportExportFavorites" Vulnerability 'safe for scripting' MS99-040 "Download Behaviour" Vulnerability The Internet Scanner X-Press Update 3.1 this week contains: Risk VulnID Check Name Category === === ======================= ======= High 3409 AvirtPop3PassBo E-mail High 2251 CGI whois_raw CGI-Bin High 3300 FusewarePopmailBo E-mail High 3351 HttpCgiImagemapBo CGI-Bin High 3383 HttpCgiWwwboardAdminPassFileRead Web Scan High 3457 NtPrinterSpoolerBo RPC High 3332 OpenlinkRemoteExecute CGI-Bin High 3400 ProftpdPathString FTP High 1662 SLmail username bo Daemons High 3417 WftpdMkdBo FTP High 3375 WuftpMessageFileRoot FTP High 3376 WuftpSiteNewerDos FTP High 2345 SunCmsdBo RPC Low 3232 AmdPid Daemons Low 3236 AmdVersion Daemons Low 3321 ArkieaBackupNlservdRemoteDos Daemons Low 3401 ExpressfsCommandBo FTP Low 3247 HttpCgiWwwboardDefault Web Scan Low 2204 TimbuktuDetect Daemons Medium 3464 AlibabaPostDos Web Scan Medium 3432 AvirtDirectoryCreate E-mail Medium 3333 BackdoorLeapfrog CGI-Bin Medium 3449 EservFileread Web Scan Medium 3384 NtRasReboot Daemons Medium 3427 NtServicesExeDos NT Services Medium 2271 OmniDos CGI-Bin Medium 3430 SkyfullMailFromBo Daemons Medium 3506 TfnDos Network Medium 3508 Trin00Daemon Backdoors Internet Scanner 6.0.1 delivers 38 new vulnerability checks, including 6 new checks for malicious backdoor programs that attackers use to remotely control computers. Several of the 38 new security checks represent very serious vulnerabilities - serious enough that the X-Force released advisories for these problems. The Netscape Enterprise server (http://xforce.iss.net/alerts/advise39.php3) and distributed Denial-Of-Service attacks have checks that customers can use to protect themselves from these threats. Risk VulnID Check Name Category === === ======================= ======= High 3570 TrinooMaster Backdoors High 3336 BackdoorBugs Backdoors High 3340 BackdoorCow Backdoors High 3354 BackdoorFore Backdoors High 3329 BackdoorMavericksMatrix Backdoors High 3143 BackdoorRws Backdoors High 3326 BackdoorTotalEclypse Backdoors High 2283 CmailAdminDefault Daemons High 1843 FTPchmodable FTP High 3101 HttpCgiBnbsurvey CGI-Bin High 3103 HttpCgiClassifiedsExe CGI-Bin High 1532 HylaFax faxsurvey Vulnerability CGI-Bin High 1463 IMAP Authenticate Buffer Overflow E-mail High 3126 NetscapeAdminBo Web Scan High 3114 Pop2FoldBo E-mail High 3399 ProftpdLongDirBo FTP High 3448 RealserverG2PwBo Daemons Medium 2175 AlibabaDotDot Web Scan Medium 2254 BisonWare PORTCrash FTP Medium 3234 BisonwareCommandBo FTP Medium 3301 CmailSmtpBo E-mail Medium 2207 ColdfusionAdminDos Web Scan Medium 3093 HttpCgiBnbform CGI-Bin Medium 2385 HttpCgiCachemgr CGI-Bin Medium 3281 HttpTeamtrackFileRead Web Scan Medium 3283 IamsPop3Dos E-mail Medium 3284 IamsSmtpVrfyDos E-mail Medium 3273 IhtmlMerchantFileAccess Web Scan Medium 3279 IisIisadmpwd Web Scan Medium 2259 Management Agent DoS Daemons Medium 2258 ManagementAgentFileRead Daemons Medium 3286 MediahouseStatsLoginBo Web Scan Medium 2206 NetscapeSpaceView Web Scan Medium 2287 NovellWebserverDos Web Scan Medium 3106 NtDnsDos DNS Medium 2176 ServU CommandBO FTP Low 2084 ApacheDebian Web Scan Low 2288 CmailUserLeak E-mail Internet Scanner X-Press Update 2.2 contains 20 new checks, including 8 new checks for malicious "back door" programs and 12 new Web server or CGI-Bin checks. Checks included in X-Press Update 2.2: Check Name Category ---------- ------------- BackdoorBackconstruction Backdoors BackdoorBiggluck Backdoors BackdoorSecretservice Backdoors BackdoorServeme Backdoors BackdoorStealthspy Backdoors BackdoorTruva12 Backdoors BackdoorUltors Backdoors HttpCgiRwwwshell Backdoors CGIjj CGI-Bin HttpCgiNewdsn CGI-Bin HttpCgiWwwboard CGI-Bin SambarDumpEnv CGI-Bin IIS bdir Web Scan IIS DOT DOT Crash Web Scan IisSamplesCodebrws Web Scan IisSamplesShowcode Web Scan IisSamplesViewcode Web Scan NetscapePageServices Web Scan Sambar Server default accounts Web Scan WebSuiteDos Web Scan Internet Scanner 6.0 includes 67 new vulnerability checks, including more than 30 new checks for malicious backdoor programs (such as BackOrifice 2000) that attackers use to remotely control computers: Risk VulnID Check Name Category High 625 Perl fingerd Daemons High 886 SmtpHeloBo E-mail High 887 SMTP VRFY Buffer Overflow Attempt E-mail High 888 SMTP EXPN Buffer Overflow Attempt E-mail High 895 Bind bo DNS High 1212 IIS RDS Web Scan High 1400 CgiPerlMailPrograms Web Scan High 1728 Palmetto FTP FTP High 1740 ColdFusionEvaluator Web Scan High 1890 QpopperPASSOverflow E-mail High 2052 CGI Textcounter CGI-Bin High 2079 WinRouteConfig Firewalls High 2178 BackdoorPbbser Backdoors High 2240 CMailCommandBO E-mail High 2245 SubsevenBackdoor Backdoors High 2281 IIS HTR Overflow Web Scan High 2310 EvilFTP Backdoor Backdoors High 2321 NetSphere Backdoor Backdoors High 2322 GateCrasher Backdoor Backdoors High 2324 GirlFriend Backdoor Backdoors High 2325 Hack'a'tack Backdoor Backdoors High 2326 BackdoorPhasezero Backdoors High 2343 BackdoorBo2k Backdoors High 2384 NetscapeGetBo Web Scan High 2386 BackdoorComa Backdoors High 2387 BackdoorForcedentry Backdoors High 2389 BackdoorBackdoor2 Backdoors High 2390 BackdoorNetmonitor Backdoors High 3099 BackdoorBlazer5 Backdoors High 3100 BackdoorFrenzy Backdoors High 3110 BackdoorHvlrat Backdoors High 3111 BackdoorMillenium Backdoors High 3112 BackdoorProsiak Backdoors High 3113 BackdoorHackersparadise Backdoors High 3118 BackdoorSchwindler Backdoors High 3119 BackdoorProgenic Backdoors High 3120 BackdoorTheThing Backdoors High 3122 BackdoorDeltasource Backdoors High 3130 BackdoorDoly15 Backdoors High 3131 BackdoorAolAdmin Backdoors Medium 896 Bind DoS DNS Medium 1630 UnityMail web server dos Web Scan Medium 1741 ColdFusionSource CGI-Bin Medium 1742 ColdFusionSyntaxChecker CGI-Bin Medium 1744 ColdFusionFileRead CGI-Bin Medium 1895 IMailIMAPOverflow E-mail Medium 1899 IMailWhoisOverflow E-mail Medium 2054 Novell Files Script CGI-Bin Medium 2055 CGI nphpublish CGI-Bin Medium 2088 Startech POP3 E-mail Medium 2196 HttpCgiCounterLong CGI-Bin Medium 2229 IIS ExAir DoS Web Scan Medium 2239 CmailFileread E-mail Medium 2241 FTGateRead E-mail Medium 2242 NTMailFileRead E-mail Medium 2270 SiteServerCSC Web Scan Low 1416 iParty denial of service Daemons Low 1743 ColdFusionFileExists CGI-Bin Low 1894 VNCDetect Daemons Low 1921 SMTPforgery E-mail Low 1928 SMTPrcpt E-mail Low 1986 VNCDetectNoConn Daemons Low 1988 VNCNoAuth Daemons Low 2210 ICQClient Daemons Low 2211 mSQLDetect Daemons Low 2227 CDDBD detect Daemons Low 2388 OracleDetect Daemons Sincerely, Christopher ------------------------------------- Christopher Klaus Founder and CTO Internet Security Systems, Inc. (678) 443-6000 /fax (678) 443-6477 6600 Peachtree-Dunwoody Road NE 300 Embassy Row, Atlanta, GA 30328 www.issx.com NASDAQ: ISSX Join ISS X-Force Mailing List: http://xforce.issx.com/maillists/
