TrustKeeper Scan Engine Update - January 22, 2014

Summary

The latest TrustKeeper Scan Engine Update is now available. This release contains new checks for nine vulnerabilities found in Oracle Enterprise Manager, Oracle Fusion Middleware, Oracle Glassfish, PHP and PostgreSQL. Updates were also made to existing Microsoft Service Pack roll-up vulnerabilities to include the latest Microsoft Bulletins.

As always, this release contains improvements to existing tests and their associated evidence to help aid in vulnerability remediation activities.

New Vulnerability Test Highlights

Some of the more interesting vulnerability tests we added recently are as follows:

Oracle

• Oracle Enterprise Manager July 2013 Security Update (CVE-2013-3758, CVE-2013-3791)
• Oracle Fusion Middleware October 2013 CPU Missing (CVE-2013-5773, CVE-2013-3828, CVE-2013-5813, CVE-2013-3831, CVE-2013-3836, CVE-2013-3833, CVE-2013-5798, CVE-2013-3827)
• Oracle Glassfish October 2013 CPU Missing (CVE-2013-3827, CVE-2013-5816)

PHP

• PHP Function Interruption Information Disclosure Vulnerability (CVE-2010-2190)
• PHP json_decode Denial of Service Vulnerability (CVE-2009-1271)
• PHP zend_strndup Return Value-Check Denial of Service Vulnerability (CVE-2011-4153)

PostgreSQL

• PostgreSQL crypt_des Password Truncation Vulnerability (CVE-2012-2143)
• PostgreSQL Remote Argument Injection Vulnerability (CVE-2013-1899)
• PostgreSQL Replication Privilege Access Control Bypass Vulnerability (CVE-2013-1901)

How to Update?

All Trustwave customers using the TrustKeeper Scan Engine receive the updates automatically as soon as an update is available. No action is required.