Correction to XPU notification: VERSIONS/PLATFORMS
XPU support for XPU 20.10/5.9 is not available for SiteProtector 1.2. Please see the following previously released announcement regarding XPU support for 1.2: http://sdm3.rm04.net:80/servlet/MailView?ms=ODkxMjQS1&r=NzA0MDI0ODES1 -----Original Message----- From: Solutions Marketing Sent: Wednesday, March 12, 2003 2:22 PM To: [EMAIL PROTECTED] Subject: [ISSForum] RealSecure Network Sensor XPU 20.10/5.9 Now Available! RealSecure� Network Sensor XPU 20.10 and XPU 5.9 are now available from the ISS Download Center: <http://www.iss.net/download/>. PROTECTION BENEFITS Included in this release are twenty-two new events including protocol anomaly detections and signatures. * Application Protection. This release contains events to address issues in Snort (see the X-Force advisory that was released regarding this vulnerability: http://www.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21951, Trend, IIS, IE, Peoplesoft and Triliian. * Platform Protection. Protection for issues in Windows is included. NEW EVENTS SecChkID ProductCheckName Event Type Risk Level ------- ---------------- --------- ---------- 11173 IRC_Automated_Client Unauthorized Access Attempt High 11132* MSRPC_Locator_BO Unauthorized Access Attempt High 11073 DHCP_Minires_Format_Overflow Unauthorized Access Attempt High 11061 HTTP_ScanMail_Auth_Bypass Unauthorized Access Attempt High 11059 HTTP_OfficeScan_Auth_Bypass Unauthorized Access Attempt High 10956* RPC_Large_Fragmented Unauthorized Access Attempt High 10962* HTTP_POST_PeopleSoft_Traversal Unauthorized Access Attempt High 10520* HTTP_POST_PeopleSoft_XXE Unauthorized Access Attempt Medium 10254 HTTP_IE_Help_Overflow Unauthorized Access Attempt Medium 11063 HTTP_TrendVCS_Auth_Bypass Unauthorized Access Attempt Low 11153 SQL_SSRP_Slammer_Worm Suspicious Activity High 9666 SQL_SSRP_DoS Suspicious Activity High 11263 POP_User_Root Suspicious Activity Medium 10834* AOLIM_Trillian_Encrypt_Handshake Protocol Signature Low 4192** SNMP_CiscoMgmt_Ping Protocol Signature Low 4192** SNMP_trapAuthFailure Protocol Signature Low 4191** SNMP_ifTable Protocol Signature Low 4191** SNMP_ipForwarding Protocol Signature Low 4191** SNMP_ipRouteTable Protocol Signature Low 4191** SNMP_RMON_Collections Protocol Signature Low 4191** SNMP_Show_LMUsers Protocol Signature Low 142** Trace_Route_UDP Pre-attack Probe Low *These events are contained in the 7.0 Network Sensor only. **These events are also contained only in the 7.0 Network Sensor, and represent existing events that were broken down to create more specific events. SECURITY CONTENT BUG FIXES The following existing events are improved in this release for Network Sensor 7.0. * Help files for the following checks SMB_Nimda_Worm (7130) and HTTP_IIS_Index_Server_Overflow (6705) were modified to show in the Policy Editor help pane. * Group files for the following checks HTTP_Unix_Passwords(1069), Ident_Error (1070), SNMP_Community(685), VNC_Login_Failed(6425), and Windows_Access_Error(1075) modified to show in the correct policy editor groups. * TCP_Service_Sweep(5253) was refactored to reduce false positives. * NTP protocol parsing was refactored to eliminate False positive in SNMP_InvalidTag_Packet(8132). * Trace_Route (142) was refactored to reduce false positives on specific DNS traffic. * Http_Unix_Passwords(1069) was refactored to fix a false positive. * HTTP_Jrun_Double_Slash(9450) was refactored to fix a false positive with specific proxy traffic. The following existing event is improved in this release for Network Sensor 6.5. * SQL_Spida_Worm(9124) was refactored to fix a coring problem. VERSIONS/PLATFORMS XPU 20.10 supports Network Sensor 7.0 on Windows 2000 and RH Linux 7.3. XPU 5.9 supports Network Sensor 6.5 on Solaris, Windows NT, Windows 2000 and the Nokia appliance platforms. Supported management consoles include Workgroup Managers 6.6, 6.5, and SiteProtector 1.2, 2.0. For more information on this release, please contact the following: * For additional product information: - X-Press Updates, <http://www.iss.net/db_data/xpu/RS.php> - Network Sensor, <http://www.iss.net/products_services/enterprise_protection/rsnetwork/sensor.php> * For sales and professional services information: - [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]> - 800-776-2362 (U.S. and Canada); +1-404-236-2600 (International) * For support information, including ISS' Technical Support Knowledgebase: - Customer Support - <http://www.iss.net/support/enterprise/index.php> - Technical Support Knowledgebase - <http://www.iss.net/support/knowledgebase/> * For additional information regarding common issues experienced when downloading XPUs, please reference Answer ID 1843 in the ISS knowledgebase - <http://www.iss.net/support/knowledgebase/> _______________________________________________ ISSForum mailing list [EMAIL PROTECTED] TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to https://atla-mm1.iss.net/mailman/listinfo _______________________________________________ ISSForum mailing list [EMAIL PROTECTED] TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to https://atla-mm1.iss.net/mailman/listinfo
