TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message to
[EMAIL PROTECTED] Contact [EMAIL PROTECTED] for help with any problems!
----------------------------------------------------------------------------
Didn't ISS just recall the update for "unknown" reasons?
> -----Original Message-----
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
> Mark Wood
> Sent: Thursday, January 04, 2001 9:23 AM
> To: [EMAIL PROTECTED]
> Subject: Internet Scanner 6.1 XPU 4.6 is now available
>
>
>
> TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your
> message to
> [EMAIL PROTECTED] Contact [EMAIL PROTECTED] for help with
> any problems!
> ------------------------------------------------------------------
> ----------
>
> Internet Scanner 6.1
> X-Press Update 4.6
> January 4, 2001
>
> SUMMARY
> X-Press Update 4.6 for Internet Scanner 6.1 is now
> available for download. Internet Scanner XPU 4.6 is
> an X-Force update that delivers 43 new vulnerability
> checks, including a check for IrixTelnetdSyslogFormat
> and network sniffer checks, as well as 9 check fixes
> for SMTP checks.
>
> This XPU is available at:
>
> https://www.iss.net/update/InternetScanner
>
> The Internet Scanner User Guide and online Help contain
> instructions for installing X-Press Updates manually or
> with the automated XPU Installer.
> ________________________________________________________
> NEW VULNERABILITY CHECKS
> This X-Press Update delivers checks for a wide range of
> important vulnerabilities, from backdoors to imformation
> gathering weaknesses, on an assortment of platforms. New
> vulnerability checks in this X-Press Update are listed
> below by category.
>
> Risk VulnID Check Name
> ==== ====== ==========
>
> +Backdoors+
> High 5389 BackdoorEventHorizon
> High 5329 BackdoorHostControl
> High 5086 BackdoorQaz
> High 5362 BackdoorRemoteStorm
> High 5356 BackdoorSnidx2
> High 4789 BackdoorSwift
> High 3149 BackdoorUnexplained10
> High 2245 SubsevenBackdoor
> High 4092 WinwhatwhereInvestigator
> Low 1208 CarbonCopy32 Installed
>
> +CGI-Bin vulnerabilities+
> High 4546 PdgsoftChangepwBo
>
> +Daemon vulnerabilities+
> High 5092 IrixTelnetdSyslogFormat
> High 3688 SolSadmindAmslverifyBo
> Low 3455 BftelnetUsernameDos
>
> +DNS vulnerabilities+
> Medium 3675 NtMsDnsCachepollution
>
> +E-Mail vulnerabilities+
> High 3677 QpopperAuthBo
> High 428 Sendmail 8.7.5 Buffer Overflow
> High 3522 SmartserverPop3Bo
> High 3465 ViruswallHeloBo
> Medium 3807 NavPopUser
> Medium 1720 SLmailHeloOverflow
> Medium 3302 Smartserver3SmtpBo
> Medium 1617 Vintra mail server dos
> Medium 3488 XtramailPassDos
>
> +Firewall vulnerabilities+
> Medium 5218 WatchguardSohoWebDos
>
> +FTP vulnerabilities+
> Medium 3482 BrokerUserDos
> Medium 3491 QvttermLoginDos
>
> +Information Gathering vulnerabilities+
> Low 3965 NtChroniclePresent
> Low 3966 NtCiscoscannerPresent
> Low 3969 NtHypertracePresent
> Low 3972 NtMwcRedButtonScanPresent
> Low 3981 WinShadowScanPresent
>
> +NT Critical Issues+
> High 4603 NtAutoShareServer
> Medium 3653 NtMsDhcpLog
> Low 3949 MssqlAgentStoredPw
>
> +NT Password Policy+
> High 4141 NtUnencryptedPwdSmb
>
> +NT Patches+
> High 5399 NetworkMonitorBo
>
> +Network Sniffers+
> Low 3968 NtHoppaAnalyzerPresent
> Low 3971 NtLookoutPresent
> Low 3975 NtNtSniffPresent
> Low 3979 NtSpynetPresent
>
> +Web Scan vulnerabilities+
> Medium 925 8.3 File Creation
> Low 4558 IisStandaloneServer
>
> Descriptions for each of these new checks can
> be found in the documentation that is downloaded
> with the XPU.
> __________________________________________________
> UPDATED CHECKS
> The following checks are also updated by Internet
> Scanner XPU 4.6:
>
> SmtpDebug
> SmtpDecode
> SmtpExpn
> SmtpVrfy
> SmtpWizard
> SendmailAliasDos
> SendmailDaemonMode
> Sendmail875BO
> SmtpExpnBo
> SmtpHeloBo
> SmtpForgery
> SmtpRcpt
> SmtpVrfyBo
> ____________________________________________________
> FIXED ISSUES
> Internet Scanner XPU 4.6 includes a fix for the
> following issue:
>
> Export issues in Executive Vulnerability reports:
> In some earlier versions, exporting an Executive
> Vulnerability report that did not contain any
> vulnerabilites resulted in an exception. All Executive
> reports have been updated to correct this issue.
> _____________________________________________________
> KNOWN ISSUES
>
> Possible False positives on SMTP EXPN:
> It is possible to get some false positives on the SMTP
> EXPN check. According to the RFC (821) it is considered
> acceptable for a server to respond with a 250 (success)
> or 550 (failure) when the server supports the EXPN command.
> For example, some of the servers return "550 EXPN command
> not available", meaning the command is not supported and
> the machine is not vulnerable, while "550 That is a
> mailing list, not a user" would be a failure code, but
> not an indication of an error and the machine would be
> vulnerable. If you suspect that you have a false positive
> check your log file for the response from the server.
>
>
