TrustKeeper Scan Engine Update – November 14, 2014

The latest update to the TrustKeeper scan engine that powers our Trustwave Vulnerability Management product (including both internal and external vulnerability scanning) is now available. Highlights of the release include a check for the "Winshock" vulnerability in Microsoft Windows and new checks for more than 50 other vulnerabilities.

New Vulnerability Test Highlights

FreeBSD

• FreeBSD bzip2 Denial of Service Vulnerability (FreeBSD-SA-05:14.bzip2) (CVE-2005-0953, CVE-2005-1260)
• FreeBSD bzip2 Vulnerability (FreeBSD-SA-10:08.bzip2) (CVE-2010-0405)
• FreeBSD devfs Vulnerability (FreeBSD-SA-05:17.devfs) (CVE-2005-2218)
• FreeBSD devfs Vulnerability (FreeBSD-SA-09:14.devfs)
• FreeBSD execve and fexecve Denial of Service (CVE-2014-3880)
• FreeBSD freebsd-update Insecure Directory Permissions Vulnerability (FreeBSD-SA-09:17.freebsd-update) (CVE-2009-4358)
• FreeBSD gzip Vulnerability (FreeBSD-SA-05:11.gzip) (CVE-2005-0988, CVE-2005-1228)
• FreeBSD gzip Vulnerability (FreeBSD-SA-06:21.gzip) (CVE-2006-4334, CVE-2006-4335, CVE-2006-4336, CVE-2006-4337)
• FreeBSD jail Vulnerability (FreeBSD-SA-07:01.jail) (CVE-2007-0166)
• FreeBSD jail Vulnerability (FreeBSD-SA-10:04.jail) (CVE-2010-2022)
• FreeBSD kmem Vulnerability (FreeBSD-SA-05:08.kmem) (CVE-2005-1406)
• FreeBSD kmem Vulnerability (FreeBSD-SA-06:06.kmem) (CVE-2006-0379, CVE-2006-0380)
• FreeBSD kmem Vulnerability (FreeBSD-SA-06:25.kmem) (CVE-2006-6013)
• FreeBSD ktrace Kernel Memory Disclosure (CVE-2014-3873)
• FreeBSD libc Vulnerability (FreeBSD-SA-08:02.libc) (CVE-2008-0122)
• FreeBSD libc Vulnerability (FreeBSD-SA-09:07.libc)
• FreeBSD mbuf read-only Flag Local Privilege Escalation Vulnerability (FreeBSD-SA-10:07.mbuf) (CVE-2010-2693)
• FreeBSD nfsclient Local Privilege Escalation Vulnerability (FreeBSD-SA-10:06.nfsclient) (CVE-2010-2020)
• FreeBSD ntpd Vulnerability (FreeBSD-SA-09:03.ntpd) (CVE-2009-0021)
• FreeBSD ntpd Vulnerability (FreeBSD-SA-09:11.ntpd) (CVE-2009-1252)
• FreeBSD ntpd Vulnerability (FreeBSD-SA-10:02.ntpd) (CVE-2009-3563)
• FreeBSD OPIE Stack Overflow Vulnerability (CVE-2010-1938)
• FreeBSD pipe Vulnerability (FreeBSD-SA-09:09.pipe)
• FreeBSD pipe Vulnerability (FreeBSD-SA-09:13.pipe)
• FreeBSD Predictable IP fragmentation ID Vulnerability (CVE-2008-1147)
• FreeBSD pseudofs Null Pointer Dereference (FreeBSD-SA-10:09.pseudofs) (CVE-2010-4210)
• FreeBSD ZFS ZIL Insecure File Permissions Vulnerability (FreeBSD-SA-10:03.zfs) (CVE-2010-0318)

ISC BIND

• ISC BIND in FreeBSD Denial of Service Vulnerability (FreeBSD-SA-05:12.bind9) (CVE-2005-0034)
• ISC BIND in FreeBSD Denial of Service Vulnerability (FreeBSD-SA-06:20.bind) (CVE-2006-4095, CVE-2006-4096)
• ISC BIND in FreeBSD Denial of Service Vulnerability (FreeBSD-SA-09:12.bind) (CVE-2009-0696)
• ISC BIND in FreeBSD Vulnerability (FreeBSD-SA-07:07.bind) (CVE-2007-2926)
• ISC BIND in FreeBSD Vulnerability (FreeBSD-SA-08:06.bind) (CVE-2008-1447)
• ISC BIND in FreeBSD Vulnerability (FreeBSD-SA-09:04.bind) (CVE-2009-0025)
• ISC BIND in FreeBSD Vulnerability (FreeBSD-SA-10:01.bind) (CVE-2009-4022)

Nginx

• Nginx SSL session reuse vulnerability (CVE-2014-3616)

OpenSSL

• OpenSSL in FreeBSD Denial of Service Vulnerability (FreeBSD-SA-09:08.openssl) (CVE-2009-0590)
• OpenSSL in FreeBSD Vulnerability (FreeBSD-SA-05:21.openssl) (CVE-2005-2969)
• OpenSSL in FreeBSD Vulnerability (FreeBSD-SA-06:19.openssl) (CVE-2006-4339)
• OpenSSL in FreeBSD Vulnerability (FreeBSD-SA-06:23.openssl) (CVE-2006-2937, CVE-2006-2940, CVE-2006-3738, CVE-2006-4343)
• OpenSSL in FreeBSD Vulnerability (FreeBSD-SA-07:08.openssl) (CVE-2007-5135)
• OpenSSL in FreeBSD Vulnerability (FreeBSD-SA-09:02.openssl) (CVE-2008-5077)

Microsoft Secure Channel (Schannel)

• Vulnerability in Secure Channel Could Allow Remote Code Execution (MS14-066) (CVE-2014-6321)

How to Update?

All Trustwave customers using the TrustKeeper scan engine receive the updates automatically as soon as an update is available. No action is required.