TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message to [EMAIL PROTECTED] Contact [EMAIL PROTECTED] for help with any problems! ----------------------------------------------------------------------------
> RealSecure� Network Sensor XPU 20.4 and XPU 5.3 are now available from the ISS >Download Center: <http://www.iss.net/download/>. XPU 20.4 is for Network Sensor 7.0, >and XPU 5.3 is for Network Sensor 6.5. Included are nine new events including >protocol anomaly detections and signatures. Also included are two new events for 6.5 >that were previously provided for 7.0. > > PROTECTION BENEFITS > > * Hybrid Threats. The XPU provides detection of the "Slapper" OpenSSL/Apache >Worm, which exploits an OpenSSL vulnerability. > > * Databases. One of the focuses of this XPU is databases, with two new events >to protect against SQL Server buffer overflows. > > * Web and Application Servers. Events for Apache and Oracle Application Server >are included to address security issues in these applications. > > * Platform Support. This XPU provides protection against a Windows DoS attack >and an IRIX vulnerability. > > NEW EVENTS IN XPU 20.4 and XPU 5.3 > > SecChkID ProductCheckName Event Type Risk >Level > ------- ---------------- --------- > -------------- > 10031 SQL_SSRP_StackBo Denial of Service High > 9933 SMB_Transact_Bo Denial of Service Low > 7130* HTTP_Nimda_Worm Suspicious Activity High > 9661 SQL_SSRP_HeapBo Suspicious Activity High > 9402 RPC_Xfsmd_Execute Unauthorized Access Attempt High > 9450 HTTP_JRun_Double_Slash Unauthorized Access Attempt High > 9714** SSL2_Master_Key_Overflow Unauthorized Access Attempt > High > 9808 HTTP_URL_BackslashDotDot Unauthorized Access Attempt High > 6705* HTTP_Code_Red Unauthorized Access Attempt High > 8452 HTTP_OracleAdmin_Web_Interface Unauthorized Access Attempt Medium > 8777 HTTP_OWC_Vulnerable_Client Unauthorized Access Attempt Medium > > *These events are already contained within the base Network Sensor 7.0. > ** This vulnerability is used by the "Slapper" OpenSSL/Apache Worm to infect systems. > > SECURITY CONTENT BUG FIXES > > Several existing events are improved in this release for Network Sensor. > > * Synflood (v. 7.0) > * FTP_Tar_Exec (v. 7.0) > * Telnet_Auth_failed (v. 7.0) > * Stream_Dos (v. 6.5) > * HTTP_IIS_Index_Server_Overflow (v. 6.5) > > VERSIONS/PLATFORMS > > XPU 20.4 supports Network Sensor 7.0 on Windows 2000. XPU 5.3 supports Network >Sensor 6.5 on Solaris, Windows NT, Windows 2000 and the Nokia appliance platforms. >Supported management consoles include Workgroup Managers 6.6, 6.5, and SiteProtector >1.2. > > REMINDER: X-Press Updates for RealSecure 6.0 ceased as of August 15, 2002. For >more information, please refer to the following link: ><http://documents.iss.net/literature/RealSecure/RS_6x_XPU_Notice.pdf>. > > **IMPORTANT NOTE FOR NETWORK SENSOR 7.0 CUSTOMERS** > > It is important that Workgroup Manager version 6.5 is upgraded to version 6.6 prior >to applying the XPU to 7.0 sensors. If Workgroup Manager 6.5 connects to a Network >Sensor 7.0 with an XPU installed, it will receive events, but will not be able to >manage the sensor until the Workgroup Manager version is upgraded. > > Customers may upgrade to Workgroup Manager 6.6 by connecting to a 7.0 sensor that >does not yet have an XPU applied, or by using the Workgroup Manager Upgrade Utility >available at www.iss.net/download <http://www.iss.net/download>. > > > For more information on this release, please contact the following: > > * For additional product information: > - X-Press Updates, <http://www.iss.net/db_data/xpu/RS.php> > - Network Sensor, ><http://www.iss.net/products_services/enterprise_protection/rsnetwork/sensor.php> > > * For sales and professional services information: > - [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]> > - 888-776-2362 (U.S. and Canada); +1-404-236-2600 (International) > > * For support information, including ISS> '> Technical Support Knowledgebase: > - Customer Support - <http://www.iss.net/support/enterprise/index.php> > - Technical Support Knowledgebase - > <http://www.iss.net/support/knowledgebase/> > > > CONNECT 2002: The Premier Conference for Internet, Enterprise and Network Security > Join us at Internet Security Systems' International Security Summit, September 30 - >October 4, 2002 in Atlanta > Visit <http://www.issconnect.net> for details >
