[ISSForum] RealSecure Network Sensor XPU 20.10/5.9 Now Available!

Thu, 13 Mar 2003 08:40:36 -0800 

RealSecure� Network Sensor XPU 20.10 and XPU 5.9 are now available from the ISS 
Download Center: <http://www.iss.net/download/>. 

PROTECTION BENEFITS

Included in this release are twenty-two new events including protocol anomaly 
detections and signatures.  

        *       Application Protection.  This release contains events to address 
issues in Snort (see the X-Force advisory that was released regarding this 
vulnerability: http://www.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21951, 
Trend, IIS, IE, Peoplesoft and Triliian.  

        *       Platform Protection.  Protection for issues in Windows is included. 


NEW EVENTS

SecChkID        ProductCheckName                                Event Type             
                 Risk Level
-------                 ----------------                                        
---------                               ----------
11173           IRC_Automated_Client                            Unauthorized Access 
Attempt     High
11132*          MSRPC_Locator_BO                                Unauthorized Access 
Attempt     High
11073           DHCP_Minires_Format_Overflow                    Unauthorized Access 
Attempt     High
11061           HTTP_ScanMail_Auth_Bypass                       Unauthorized Access 
Attempt     High
11059           HTTP_OfficeScan_Auth_Bypass                     Unauthorized Access 
Attempt     High
10956*          RPC_Large_Fragmented                            Unauthorized Access 
Attempt     High
10962*          HTTP_POST_PeopleSoft_Traversal          Unauthorized Access Attempt    
 High
10520*          HTTP_POST_PeopleSoft_XXE                        Unauthorized Access 
Attempt     Medium
10254           HTTP_IE_Help_Overflow                           Unauthorized Access 
Attempt     Medium
11063           HTTP_TrendVCS_Auth_Bypass                       Unauthorized Access 
Attempt     Low
11153           SQL_SSRP_Slammer_Worm                   Suspicious Activity            
 High
9666            SQL_SSRP_DoS                            Suspicious Activity            
 High
11263           POP_User_Root                           Suspicious Activity            
 Medium
10834*          AOLIM_Trillian_Encrypt_Handshake                Protocol Signature     
         Low
4192**          SNMP_CiscoMgmt_Ping                     Protocol Signature             
 Low
4192**          SNMP_trapAuthFailure                            Protocol Signature     
         Low
4191**          SNMP_ifTable                                    Protocol Signature     
         Low
4191**          SNMP_ipForwarding                               Protocol Signature     
         Low
4191**          SNMP_ipRouteTable                               Protocol Signature     
         Low
4191**          SNMP_RMON_Collections                   Protocol Signature             
 Low
4191**          SNMP_Show_LMUsers                               Protocol Signature     
         Low
142**           Trace_Route_UDP                         Pre-attack Probe               
 Low

*These events are contained in the 7.0 Network Sensor only.
**These events are also contained only in the 7.0 Network Sensor, and represent 
existing events that were broken down to create more specific events. 

SECURITY CONTENT BUG FIXES

The following existing events are improved in this release for Network Sensor 7.0. 

*       Help files for the following checks SMB_Nimda_Worm (7130) and 
HTTP_IIS_Index_Server_Overflow (6705) were modified to show in the Policy Editor help 
pane.
*       Group files for the following checks HTTP_Unix_Passwords(1069), Ident_Error 
(1070), SNMP_Community(685),      VNC_Login_Failed(6425), and 
Windows_Access_Error(1075) modified to show in the correct policy editor groups. 
*       TCP_Service_Sweep(5253) was refactored to reduce false positives. 
*       NTP protocol parsing was refactored to eliminate False positive in 
SNMP_InvalidTag_Packet(8132). 
*       Trace_Route (142) was refactored to reduce false positives on specific DNS 
traffic.
*       Http_Unix_Passwords(1069) was refactored to fix a false positive. 
*       HTTP_Jrun_Double_Slash(9450) was refactored to fix a false positive with 
specific proxy traffic. 

The following existing event is improved in this release for Network Sensor 6.5. 

        *       SQL_Spida_Worm(9124) was refactored to fix a coring problem.


VERSIONS/PLATFORMS

XPU 20.10 supports Network Sensor 7.0 on Windows 2000 and RH Linux 7.3. XPU 5.9 
supports Network Sensor 6.5 on Solaris, Windows NT, Windows 2000 and the Nokia 
appliance platforms. Supported management consoles include Workgroup Managers 6.6, 
6.5, and SiteProtector 1.2, 2.0.


For more information on this release, please contact the following:

* For additional product information:
-       X-Press Updates, <http://www.iss.net/db_data/xpu/RS.php> 
-       Network Sensor, 
<http://www.iss.net/products_services/enterprise_protection/rsnetwork/sensor.php>

*  For sales and professional services information:
-       [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]> 
-       800-776-2362 (U.S. and Canada); +1-404-236-2600 (International)

*  For support information, including ISS' Technical Support Knowledgebase: 
-       Customer Support - <http://www.iss.net/support/enterprise/index.php>  
-       Technical Support Knowledgebase - <http://www.iss.net/support/knowledgebase/>

*  For additional information regarding common issues experienced when downloading 
XPUs, please reference Answer ID 1843 in the ISS knowledgebase - 
<http://www.iss.net/support/knowledgebase/>





_______________________________________________
ISSForum mailing list
[EMAIL PROTECTED]

TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to 
https://atla-mm1.iss.net/mailman/listinfo

Reply via email to