WelcomeEnterpriseSmall BusinessHome & Home OfficePartnersAbout Symantec
August 15, 2003
Symantec NetRecon 3.6 Security Update 6

Symantec NetRecon 3.6 Security Update 6 (SU6) detects any Windows 2000 and Windows XP systems susceptible to W32.Blaster.Worm and it's variants by discovering the Microsoft Windows DCOM RPC Interface Buffer Overrun Vulnerability (see New vulnerabilities and exposures below).

Description

Download Security Update 6 Release Notes (PDF)

Use the LiveUpdate feature of Symantec NetRecon 3.6 to download the security update.

Security Update 6 (SU6) is a content update for Symantec NetRecon 3.6 that detects and reports three states for Symantec Enterprise Security Architecture (SESA) and 78 vulnerabilities and exposures for: Windows 2000 and Windows XP (1), Apache Web server (29), Hypertext Preprocessor (PHP) (16), Tomcat (18), and SSL (13). For details, download the Security Update 6 Release Notes (PDF).


New Objectives

With the addition of SU6, Symantec NetRecon has four new objectives:

  • Discover HTTPS vulnerabilities
  • Discover network resources running SESA Manager
  • Discover network resources running SESA Agents
  • Discover network resources not running SESA Agents

Known Issues

Microsoft Internet Explorer 6.0 or newer is required for the following objectives to run properly:

  • Discover HTTPS vulnerabilities
  • Discover network resources running SESA Manager

New state detection

  • SESA Agent not detected
  • SESA Agent identified
  • SESA Manager detected

New vulnerabilities and exposures

Windows 2000 and Windows XP

  • Microsoft Windows DCOM RPC Interface Buffer Overrun Vulnerability
Apache Web server
  • Apache APR_PSPrintf Memory Corruption Vulnerability
  • Apache Basic Authentication Module Valid User Login Denial Of Service
  • Apache AB.C Web Benchmarking Buffer Overflow Vulnerability
  • Apache AB.C Web Benchmarking Read_Connection() Buffer Overflow Vulnerability
  • Apache Web Server Scoreboard Memory Segment Overwriting SIGUSR1 Sending
  • Apache Server Side Includes Cross-Site Scripting Vulnerability
  • Apache Web Server OS2 Filestat Denial Of Service Vulnerability
  • Apache Web Server File Descriptor Leakage Vulnerability
  • Apache Web Server Linefeed Memory Allocation Denial Of Service Vulnerability
  • Apache 2 WebDAV CGI POST Request Information Disclosure Vulnerability
  • Apache Web Server MIME Boundary Information Disclosure Vulnerability
  • Apache Web Server ETag Header Information Disclosure Weakness
  • Apache Web Server Default Script Mapping Bypass Vulnerability
  • Apache Web Server MS-DOS Device Name Denial Of Service Vulnerability
  • Apache Web Server MS-DOS Device Name Arbitrary Code Execution Vulnerability
  • Apache Web Server Illegal Character HTTP Request File Disclosure Vulnerability
  • Apache HTPasswd Insecure Temporary File Vulnerability
  • Apache /tmp File Race Vulnerability
  • Multiple Apache HTDigest Buffer Overflow Vulnerabilities
  • Apache HTDigest Arbitrary Command Execution Vulnerability
  • Multiple Apache HTDigest and HTPassWD Component Vulnerabilities
  • Apache 2 mod_dav Denial Of Service Vulnerability
  • Apache Oversized STDERR Buffer Denial Of Service Vulnerability
  • Apache 2.0 CGI Path Disclosure Vulnerability
  • Apache 2.0 Path Disclosure Vulnerability
  • Apache 2.0 Encoded Backslash Directory Traversal Vulnerability
  • Apache httpd 2.0 CGI Error Path Disclosure Vulnerability
Hypertext Preprocessor (PHP)
  • PHP Transparent Session ID Cross-Site Scripting Vulnerability
  • PHP STR_Repeat Boundary Condition Error Vulnerability
  • PHP array_pad() Integer Overflow Memory Corruption Vulnerability
  • PHP PHPInfo Cross-Site Scripting Vulnerability
  • PHP Post File Upload Buffer Overflow Vulnerabilities
  • PHP SafeMode Arbitrary File Execution Vulnerability
  • PHP MySQL Safe_Mode Filesystem Circumvention Vulnerability
  • PHP openlog() Buffer Overflow Vulnerability
  • PHP emalloc() Unspecified Integer Overflow Memory Corruption Vulnerability
  • PHP socket_recvfrom() Signed Integer Memory Corruption Vulnerability
  • PHP socket_recv() Signed Integer Memory Corruption Vulnerability
  • PHP socket_iovec_alloc() Integer Overflow Vulnerability
  • PHP Mail Function ASCII Control Character Header Spoofing Vulnerability
  • PHP wordwrap() Heap Corruption Vulnerability
  • PHP CGI SAPI Code Execution Vulnerability
  • PHP 4.0.3 IMAP Module Buffer Overflow Vulnerability
Tomcat
  • Apache Tomcat Insecure Directory Permissions Vulnerability
  • Apache Tomcat Invoker Servlet File Disclosure Vulnerability
  • Apache Tomcat Example Web Application Cross-Site Scripting Vulnerability
  • Apache Tomcat Web.XML File Contents Disclosure Vulnerability
  • Apache Tomcat Null Byte Directory/File Disclosure Vulnerability
  • Multiple Vendor HTTP CONNECT TCP Tunnel Vulnerability
  • Apache Tomcat DefaultServlet File Disclosure Vulnerability
  • Apache Tomcat 3.2 Directory Disclosure Vulnerability
  • Apache Tomcat 4.1 JSP Request Cross-Site Scripting Vulnerability
  • Apache Tomcat Servlet Mapping Cross-Site Scripting Vulnerability
  • Apache Tomcat Null Character Malformed Request Denial Of Service Vulnerability
  • Apache Tomcat Web Root Path Disclosure Vulnerability
  • Apache Tomcat Example Files Web Root Path Disclosure Vulnerability
  • Apache Tomcat JSP Engine Denial of Service Vulnerability
  • Apache Tomcat Source.JSP Malformed Request Information Disclosure Vulnerability
  • Apache Tomcat RealPath.JSP Malformed Request Information Disclosure Vulnerability
  • Apache Tomcat Servlet Path Disclosure Vulnerability
  • Apache Tomcat System Path Information Disclosure Vulnerability
SSL
  • OpenSSL Bad Version Oracle Side Channel Attack Vulnerability
  • OpenSSL Timing Attack RSA Private Key Information Disclosure Vulnerability
  • OpenSSL CBC Error Information Leakage Weakness
  • Mod_SSL Wildcard DNS Cross-Site Scripting Vulnerability
  • OpenSSL SSLv2 Malformed Overflow Vulnerability
  • OpenSSL SSLv3 Session ID Buffer Overflow Vulnerability
  • OpenSSL ASN.1 Parsing Error Denial Of Service Vulnerability
  • OpenSSL Kerberos Enabled SSLv3 Master Key Exchange Buffer Overflow
  • OpenSSL ASCII Representation Of Integers Buffer Overflow Vulnerability
  • Mod_SSL Off-By-One HTAccess Buffer Overflow Vulnerability
  • Apache mod_ssl/Apache-SSL Buffer Overflow Vulnerability
  • OpenSSL PRNG Internal State Disclosure Vulnerability
  • OpenSSL Unseeded Random Number Generator Vulnerability

For details, download the Security Update 6 Release Notes (PDF).


Last modified on: Friday, 15-Aug-03 12:04:36