Software Updates

TrustKeeper Scan Engine Update – August 27, 2014

Written by | Aug 26, 2014 6:51:00 AM

Summary

The latest update to the TrustKeeper Scan Engine is now available. This week's highlights include coverage for 16 new vulnerabilities and added protocol fingerprinting support for GeoVision Remote Playback Log and WebCam Command.

New Vulnerability Test Highlights

Some of the more interesting vulnerability tests we added recently are as follows:

Drupal

FreeBSD

  • FreeBSD nullfs Filesystem Access Restriction Bypass (FreeBSD-SA-13:13.nullfs) (CVE-2013-5710)

OpenSSL

  • OpenSSL DTLS Double Free Denial of Service (CVE-2014-3505)
  • OpenSSL DTLS Handshake Anonymous CypherSuite Denial of Service (CVE-2014-3510)
  • OpenSSL DTLS Handshake Large Length Denial of Service (CVE-2014-3506)
  • OpenSSL Elliptic Curve Point Format Client Denial of Service (CVE-2014-3509)
  • OpenSSL Pretty Print Null Byte Information Disclosure (CVE-2014-3508)
  • OpenSSL SRP Ciphersuite Client Denial of Service (CVE-2014-5139)
  • OpenSSL SRP Library Denial of Service (CVE-2014-3512)
  • OpenSSL Zero Length DTLS Fragment Denial of Service (CVE-2014-3507)

PHP

WordPress

  • WordPress Large Number of XML Elements Denial of Service (CVE-2014-5266)
  • WordPress XML Large Nested Entities DoS (CVE-2014-5265)

How to Update?

All Trustwave customers using the TrustKeeper Scan Engine receive the updates automatically as soon as an update is available. No action is required.