TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message to
[EMAIL PROTECTED] Contact [EMAIL PROTECTED] for help with any problems!
----------------------------------------------------------------------------
Internet Scanner 6.1
X-Press Update 4.6
January 4, 2001
SUMMARY
X-Press Update 4.6 for Internet Scanner 6.1 is now
available for download. Internet Scanner XPU 4.6 is
an X-Force update that delivers 43 new vulnerability
checks, including a check for IrixTelnetdSyslogFormat
and network sniffer checks, as well as 9 check fixes
for SMTP checks.
This XPU is available at:
https://www.iss.net/update/InternetScanner
The Internet Scanner User Guide and online Help contain
instructions for installing X-Press Updates manually or
with the automated XPU Installer.
________________________________________________________
NEW VULNERABILITY CHECKS
This X-Press Update delivers checks for a wide range of
important vulnerabilities, from backdoors to imformation
gathering weaknesses, on an assortment of platforms. New
vulnerability checks in this X-Press Update are listed
below by category.
Risk VulnID Check Name
==== ====== ==========
+Backdoors+
High 5389 BackdoorEventHorizon
High 5329 BackdoorHostControl
High 5086 BackdoorQaz
High 5362 BackdoorRemoteStorm
High 5356 BackdoorSnidx2
High 4789 BackdoorSwift
High 3149 BackdoorUnexplained10
High 2245 SubsevenBackdoor
High 4092 WinwhatwhereInvestigator
Low 1208 CarbonCopy32 Installed
+CGI-Bin vulnerabilities+
High 4546 PdgsoftChangepwBo
+Daemon vulnerabilities+
High 5092 IrixTelnetdSyslogFormat
High 3688 SolSadmindAmslverifyBo
Low 3455 BftelnetUsernameDos
+DNS vulnerabilities+
Medium 3675 NtMsDnsCachepollution
+E-Mail vulnerabilities+
High 3677 QpopperAuthBo
High 428 Sendmail 8.7.5 Buffer Overflow
High 3522 SmartserverPop3Bo
High 3465 ViruswallHeloBo
Medium 3807 NavPopUser
Medium 1720 SLmailHeloOverflow
Medium 3302 Smartserver3SmtpBo
Medium 1617 Vintra mail server dos
Medium 3488 XtramailPassDos
+Firewall vulnerabilities+
Medium 5218 WatchguardSohoWebDos
+FTP vulnerabilities+
Medium 3482 BrokerUserDos
Medium 3491 QvttermLoginDos
+Information Gathering vulnerabilities+
Low 3965 NtChroniclePresent
Low 3966 NtCiscoscannerPresent
Low 3969 NtHypertracePresent
Low 3972 NtMwcRedButtonScanPresent
Low 3981 WinShadowScanPresent
+NT Critical Issues+
High 4603 NtAutoShareServer
Medium 3653 NtMsDhcpLog
Low 3949 MssqlAgentStoredPw
+NT Password Policy+
High 4141 NtUnencryptedPwdSmb
+NT Patches+
High 5399 NetworkMonitorBo
+Network Sniffers+
Low 3968 NtHoppaAnalyzerPresent
Low 3971 NtLookoutPresent
Low 3975 NtNtSniffPresent
Low 3979 NtSpynetPresent
+Web Scan vulnerabilities+
Medium 925 8.3 File Creation
Low 4558 IisStandaloneServer
Descriptions for each of these new checks can
be found in the documentation that is downloaded
with the XPU.
__________________________________________________
UPDATED CHECKS
The following checks are also updated by Internet
Scanner XPU 4.6:
SmtpDebug
SmtpDecode
SmtpExpn
SmtpVrfy
SmtpWizard
SendmailAliasDos
SendmailDaemonMode
Sendmail875BO
SmtpExpnBo
SmtpHeloBo
SmtpForgery
SmtpRcpt
SmtpVrfyBo
____________________________________________________
FIXED ISSUES
Internet Scanner XPU 4.6 includes a fix for the
following issue:
Export issues in Executive Vulnerability reports:
In some earlier versions, exporting an Executive
Vulnerability report that did not contain any
vulnerabilites resulted in an exception. All Executive
reports have been updated to correct this issue.
_____________________________________________________
KNOWN ISSUES
Possible False positives on SMTP EXPN:
It is possible to get some false positives on the SMTP
EXPN check. According to the RFC (821) it is considered
acceptable for a server to respond with a 250 (success)
or 550 (failure) when the server supports the EXPN command.
For example, some of the servers return "550 EXPN command
not available", meaning the command is not supported and
the machine is not vulnerable, while "550 That is a
mailing list, not a user" would be a failure code, but
not an indication of an error and the machine would be
vulnerable. If you suspect that you have a false positive
check your log file for the response from the server.
