TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message to [EMAIL PROTECTED] Contact [EMAIL PROTECTED] for help with any problems! ----------------------------------------------------------------------------
> Internet Scanner X-Press Update 6.14 is now available from the ISS > Download Center: <http://www.iss.net/download/>. Internet Scanner XPU > 6.14 contains 12 new checks and improvements for a number of existing > checks. > > PROTECTION BENEFITS > > * Application Protection. New checks identify vulnerabilities in PHP, > SQL Server, Microsoft Commerce Server, and PGP Desktop Security. A buffer > overflow check for Internet Explorer is also included. > > * Platform Protection. The XPU also adds checks to identify buffer > overflow vulnerabilities in Solaris and applications developed using the > .NET framework. > > NEW CHECKS > > The new checks in this XPU are listed below. > > Risk VulnID Check Name > Category > ==== ====== ========== > ========= > High 9329* MssqlSqlxmlScriptInjection NT > Critical Issues > High 9423* MscsProfileServiceBo NT > Critical Issues > High 9525* PgpOutlookHeapOverflow NT > Critical Issues > High 9276* MsAspdotnetStateserverBo NT Critical > Issues > High 9170 SunrpcXdrArrayBo > Daemons > High 9117 SunAnswerbook2GettransbitmapBo Web Scan > High 9347 ViewstationDefaultBlankPassword Daemons > High 9247* IeGopherBo NT > Critical Issues > High 9348 ViewstationUnicodeRetrievePassword Web Scan > High 9635 PhpMultipartHandlerBo Web Scan > Medium 7678 AllaireJrunJwsDirectoryTraversal Web Scan > Low 9461 FormmailInstalled > CGI-Bin > > * Please note that these checks require administrative privileges on > scanned hosts. > > IMPROVED CHECKS > > The following checks have been improved in XPU 6.14. > > * ManagementAgentFileRead (Vuln ID: 2258). > * Management Agent DoS (Vuln ID: 2259). > * IisIsapiIdqBo (Vuln ID: 6705). > * ApacheChunkedEncodingBo (Vuln ID: 9249). > * IeApplicationInvocation (Vuln ID: 8118). > * IeHtmlDirectiveBo (Vuln ID: 8116). > * IeScriptingBypass (Vuln ID: 8120). > * IeFileDownloadExecution (Vuln ID: 7703). > * IeUrlHttpRequests (Vuln ID: 7259). > * ToolTalk Overflow (Vuln ID: 1408). Help files were modified. > * IE accept cookies (Vuln ID: 351). Help files were modified. > * NFS checks disabled in L5 NT Server and L5 NT Web Server policies. > > VERSIONS/PLATFORMS > > XPU 6.14 is for use with Internet Scanner version 6.2.1. Internet Scanner > 6.2.1 is available on the ISS Download Center: www.iss.net/download. > > > For more information on this release, please contact the following: > > * For additional product information: > - Internet Scanner: > <http://www.iss.net/products_services/enterprise_protection/vulnerability_ > assessment/> > - X-Press Updates: <http://www.iss.net/db_data/xpu/IS.php> > - Jamie Lau, X-Press Updates Product Manager, [EMAIL PROTECTED] > <mailto:[EMAIL PROTECTED]> > > * For sales information: > - [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]> > - 888-901-7477 (North America) > > * For education, consulting and support information, including ISS > SecureU* training: > - ISS SecureU training - > <http://education.iss.net/namerica.php> > - Consulting Services Group - Joel Williams, CSG Business > Development Manager, [EMAIL PROTECTED], 404-236-3971 > - ISS Support, [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>, > 888-447-4861 or 404-236-2700 >
