NeXpose Release December 13, 2010 (Content)

Document created by techeditor on Apr 7, 2011
Version 1Show Document
  • View in full screen mode

This release is a content update.

 

  • Content updates include new checks for vulnerabilities, patch verification, and compliance with security policies.
  • Product updates include performance improvements, bug fixes, and new features.

 

Bi-monthly vulnerability check update


  • New vulnerability and patch checks bring coverage up to date for the following operating systems and applications:
    o Adobe Flash
    o Adobe Reader
    o Apache
    o Apple QuickTime
    o CentOS
    o Cisco devices
    o Mozilla Firefox
    o OpenSSL
    o PHP
    o Red Hat Enterprise Linux
    o Solaris
    o VMware

    These checks help prevent security breaches that could allow hostile parties to take control of affected systems, gain access to confidential data, disrupt business operations, or cause other problems.

 

List of checks


  • Apache httpd APR apr_palloc heap overflow (CVE-2009-2412)
  • Apache httpd mod_deflate DoS (CVE-2009-1891)
  • Apache httpd mod_imap XSS (CVE-2007-5000)
  • Apache httpd mod_rewrite off-by-one error (CVE-2006-3747)
  • CESA-2010:0882: kernel security and bug fix update
  • CESA-2010:0907: kernel security and bug fix update
  • CESA-2010:0919: php security update
  • CESA-2010:0926: krb5 security update
  • CESA-2010:0936: kernel security and bug fix update
  • Obsolete VMware ESX Version
  • OpenSSL SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG ciphersuite downgrade (CVE-2010-4180)
  • ProFTPD 1.3.3c backdoor
  • QuickTime: buffer overflow allows arbitrary code execution via malicious MPEG files (CVE-2010-3791)
  • QuickTime: heap overflow allows arbitrary code execution via malicious track header atoms (CVE-2010-1508)
  • QuickTime: heap-overflow allows arbitrary code execution via malicious JP2 images (CVE-2010-3787)
  • QuickTime: integer overflow allows arbitrary code execution via malicious movie files (CVE-2010-4009)
  • QuickTime: local filesystem information disclosure (CVE-2010-0530)
  • QuickTime: memory corruption allows arbitrary code execution via malicious AVI files (CVE-2010-3789)
  • QuickTime: memory corruption allows arbitrary code execution via malicious FlashPix images (CVE-2010-3801)
  • QuickTime: memory corruption allows arbitrary code execution via malicious movie files (CVE-2010-3790)
  • QuickTime: memory corruption allows arbitrary code execution via malicious panorama atoms in QTVR files (CVE-2010-3802)
  • QuickTime: memory corruption allows arbitrary code execution via malicious PICT images (CVE-2010-3800)
  • QuickTime: memory corruption allows arbitrary code execution via malicious Sorenson moviie files (CVE-2010-3793)
  • QuickTime: signedness issue allows arbitrary code execution via malicious MPEG files (CVE-2010-3792)
  • QuickTime: uninitialized memory access allows arbitrary code execution via malicious GIF images (CVE-2010-3795)
  • QuickTime: uninitialized memory access allows arbitrary code execution via malicious JP2 images (CVE-2010-3788)
  • QuickTime: unitialized memory access allows arbitrary code execution via malicious FlashPix images (CVE-2010-3794)
  • RHSA-2010:0907: kernel security and bug fix update
  • RHSA-2010:0919: php security update
  • RHSA-2010:0921: Red Hat Enterprise MRG Messaging and Grid security update
  • RHSA-2010:0922: Red Hat Enterprise MRG Messaging and Grid security update
  • RHSA-2010:0926: krb5 security update
  • RHSA-2010:0934: acroread security update
  • RHSA-2010:0935: java-1.4.2-ibm security update
  • RHSA-2010:0936: kernel security and bug fix update
  • RHSA-2010:0937: JBoss Enterprise Application Platform 4.3.0.CP09 update
  • RHSA-2010:0938: JBoss Enterprise Application Platform 4.3.0.CP09 update
  • Sun Patch: Message Queue 4.4 Update 2 Patch 1 SunOS 5.9 5.10 Core product
  • Sun Patch: Message Queue 4.4 Update 2 Patch 1_x86 SunOS 5.9 5.10 Core product
  • VMSA-2010-0017: Service Console OS update (CVE-2010-3081)
  • VMSA-2010-0018: OS Command Injection in VMware Tools update (CVE-2010-4297)
  • VMSA-2010-0019: Service Console update (CVE-2010-0405)
  • VMSA-2010-0019: Service Console update (CVE-2010-3069)

Attachments

    Outcomes