Tenable Network Security Podcast Episode 123 - "Network Management Vulnerabilities, RuggedOS Backdoor"

Announcements

• Check out our video channel on YouTube which contains new Nessus and SecurityCenter 4 tutorials.
• We're hiring! - Visit the Tenable website for more information about open positions.
• You can subscribe to the Tenable Network Security Podcast on iTunes!
• Tenable Tweets - You can find us on Twitter at http://twitter.com/tenablesecurity where we make product and company announcements, provide Nessus plugin statistics, and more!
• Want to ask questions about Nessus, SecurityCenter, LCE, and PVS and get answers from the experts at Tenable? Join Tenable's Discussion Forum for custom scripts, announcements, and more!

New & Notable Plugins

Nessus

• CiscoWorks Common Services HTTP Response Splitting - HTTP response splitting is a tricky vulnerability, and therefore may be dismissed by some as unimportant. Essentially, it can give attackers control of a web application if they can convince users to click on a link or load HTML code in their browser. Also important to note that CiscoWorks is used by many to manage the entire network infrastructure. My attack against this software would aim to steal the SNMP or other credentials on all the network gear in your network.
• MediaWiki Multiple Vulnerabilities - Important updates for this software if you are running MediaWiki, a very popular Wiki software which also runs Wikipedia.
• VMware Workstation, Player, ESXi and ESX Critical Patches - ''This vulnerability may allow a guest user to crash the VMX process or potentially execute code on the host.'' - Any vulnerability which allows an attacker to execute code on the host system of your VMs should get the highest priority on your patch list.
• PHP Unsupported Version Detection - Keep up-to-date with your PHP releases! Easier said than done, as some developers will write applications which lock you into a specific version, making upgrading a much slower process.
• RuggedOS Telnet Server Backdoor - This one has been featured in the press lately. I'm confused as to why the MAC address would be displayed in the TELNET banner.
• Scrutinizer Multiple SQLi Vulnerabilities - Used to manage NetFlow data, SQLi bugs are ones you don't want to see in this type of application.

Passive Vulnerability Scanner (PVS)

• Usenet File Detection (.nzb) - ''The remote web server is hosting .nzb files. NZB files are used by USENET clients to download large files.'' If you want to know if your network is participating in hosting USENET, this is the signature for you.
• Polycom VoIP Client Detection - VoIP software has had its share of vulnerabilities, and making sure it only exists where you want it to exist is part of good network management.

SecurityCenter Report Templates

• Adobe Readers and Players - It seems each week there is a new vulnerability exposed for either Adobe Reader or Adobe Flash. This report will provide you with your total exposure across both products.

SecurityCenter Dashboards

• DNSChanger Monitoring - This dashboard is a snapshot of which systems Nessus and PVS have discovered with DNSChanger malware, and provides a comprehensive look at your current state of infection.

Compliance Checks

• As part of the "NIST FDCC and SCAP Compliance Audit Policies," we've made available new USGCB audits for XP, Vista, IE7, and IE8 in the Tenable Support Portal.

Stories

1. VMware Backdoor Response Uninitialized Memory Potential VM Break
2. Stupid Human Tricks: Security Job Interviews
3. RuggedCom will block industrial control backdoor
4. FTP a Dead Protocol or Very Much Alive?
5. OS X Lion update exposes encryption passwords
6. From LOW to PWNED [6] SharePoint