TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message to [EMAIL PROTECTED] Contact [EMAIL PROTECTED] for help with any problems! ----------------------------------------------------------------------------
> An Internet Scanner FlexCheck for SSH CRC32 Vulnerability is now available > from the ISS Download Center: <http://www.iss.net/eval/eval.php>. > > > DESCRIPTION OF SSH CRC32 VULNERABILITY (6083) > > This FlexCheck detects a serious vulnerability in the SSH daemon (sshd) > affecting most current sshd versions. Please be aware that this FlexCheck > will not be able to detect a vulnerability on an SSH server that does not > return a banner. > > The vulnerability exists in affected SSH versions when integer > calculations are not handled correctly, resulting in a buffer overflow > condition. X-Force has learned of extensive scanning for vulnerable SSH > servers. Lists of vulnerable servers would be extremely easy for > attackers to gather. The version information can be obtained by making a > connection to port 22, which will display a banner with SSH version > information. For more information about this vulnerability, please see > the following X-Force Alert: > <http://xforce.iss.net/alerts/advise100.php>. > > > DOWNLOADING AND INSTALLING FLEXCHECKS > > The Internet Scanner FlexCheck can be downloaded from the X-Press Update > download center at http://www.iss.net/eval/eval.php. Please note that > this is a FlexCheck, not an X-Press Update, and a different update process > is required. The ReadMe for this file outlines the installation process. > The process for configuring FlexChecks is also outlined in the Internet > Scanner User Guide. > > In Internet Scanner version 6.1, data found by these checks are not > included in reports, but can be viewed in the GUI immediately after the > scan or in the session log file. This issue has been corrected in > Internet Scanner 6.2, and FlexCheck results now display in reports. Use > any sorted by IP or DNS report for a complete listing. If you need > assistance, please contact [EMAIL PROTECTED] > > > For more information on this release of Internet Scanner, please contact > the following: > > * For additional product information: > - http://www.iss.net/db_data/xpu/IS.php > - Jamie Lau, Product Manager - X-Press Updates, [EMAIL PROTECTED] > <mailto:[EMAIL PROTECTED]> > > * For sales information: > - [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]> > - 888-901-7477 (North America) > > * For education, consulting and support information, including ISS > SecureU* training: > - ISS SecureU training - > <http://education.iss.net/namerica.php> > - Consulting Services Group - Joel Williams, CSG Business > Development Manager, [EMAIL PROTECTED], 404-236-3971 > - ISS Support, [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>, > 888-447-4861 or 404-236-2700 >
