Description

Download Security Update 3 Release Notes (PDF)

This security update can only be downloaded using the LiveUpdate feature of Symantec NetRecon 3.6.

The SU3 theme is to introduce numerous 802.11x wireless exposures as well as Cisco and Lotus Domino vulnerability checks.

Security Update 3 (SU3) is a content update for Symantec NetRecon 3.6 that introduces 53 new vulnerability checks. Symantec NetRecon 3.6 now checks for ten 802.11x wireless network vulnerabilities, twenty-one Cisco vulnerabilities, seven Microsoft Internet Explorer vulnerabilities, eleven IBM Lotus Domino vulnerabilities, and vulnerabilities that relate to Microsoft Exchange Server and VPN. For details, download the Security Update 3 Release Notes (PDF).

New Vulnerability/Exposure Checks

802.11x wireless networks (10)

• Wireless Access Point identified
• Cisco-Aironet Wireless Access Point Identified
• Cisco-Aironet Wireless Access Point Identified via SNMP
• D-Link Wireless Access Point Identified
• Netgear Wireless Access Point Identified
• Linksys Wireless Access Point Identified
• SMC Wireless Access Point Identified

• Cisco IOS TFTP Server Long File Name Buffer Overflow Vulnerability
• Cisco IOS ILMI SNMP Community String Vulnerability
• Cisco IOS Malformed PPTP Packet Denial of Service Vulnerability
• Cisco IOS Cisco Express Forwarding Session Information Leakage Vulnerability
• Cisco IOS Router Scan Software Reloading Vulnerability
• Cisco IOS OSPF Neighbor Buffer Overflow Vulnerability
• Cisco IOS ICMP Redirect Routing Table Modification Vulnerability
• Cisco IOS EIGRP Announcement ARP Denial Of Service Vulnerability
• Cisco CatOS CiscoView HTTP Server Buffer Overflow Vulnerability
• Cisco Switch Router with Fast Ethernet Cards ACL Bypass/DoS Vulnerabilities
• Cisco Catalyst 802.1x Frame Forwarding Vulnerability
• Cisco Catalyst Memory Leak Denial of Service Vulnerability
• Cisco SSH Denial of Service Vulnerability
• Cisco Local Interface ARP Denial of Service Vulnerability
• Cisco Access Control List Fragment Non-blocking Vulnerability
• Cisco Outbound Access Control List Bypass Vulnerability
• Cisco Fragment Keyword Outgoing Access Control Vulnerability
• Cisco 12000 Series Internet Router ACL Failure To Drop Packets Vulnerability
• Cisco 12000 Series Internet Router Denial Of Service Vulnerability
• Cisco 12000 Outgoing ACL Fragmented Packet Vulnerability
• Cisco 12000 Series Turbo ACL Fragment Bypass Vulnerability

• IE is vulnerable to arbitrary code injection through malformed header fields
• Microsoft IE Arbitrary File Execution Vulnerability
• Microsoft IE HTTP Request Encoding Vulnerability
• Microsoft IE Zone Spoofing Vulnerability
• Microsoft IE Arbitrary Program Execution Vulnerability
• Microsoft IE Same Origin Policy Violation Vulnerability
• Microsoft IE Forced Script Execution Vulnerability
• Multiple Vendor Session Initiation Protocol Vulnerabilities

• Lotus Domino iNotes s_ViewName/Foldername Buffer Overflow Vulnerability
• IBM Lotus Domino HTTP Redirect Buffer Overflow Vulnerability
• IBM Lotus Domino Web Server HTTP POST Denial Of Service Vulnerability
• Lotus Domino NSF Banner Information Disclosure Vulnerability
• Lotus Domino HTTP Authentication Logging Buffer Overflow Vulnerability
• Lotus Domino MS-DOS Device Path Disclosure Vulnerability
• Lotus Domino Banner Information Disclosure Vulnerability
• Lotus Domino MS-Dos Device Name Denial Of Service Vulnerability
• Lotus Domino Remote Authentication Bypass Vulnerability
• Lotus Domino DOS Device Extension Denial of Service Vulnerability
• Lotus Domino Username Enumeration Vulnerability

• System Attendant on Exchange Server 2000 grants unauthorized registry access
• VPN service enabled
• Ntpd Remote Buffer Overflow Vulnerability
• Embedded Webserver identified
• Embedded Webserver in device is vulnerable to Cross-Site Scripting
• Allegro RomPager Malformed URL Request DoS Vulnerability

Other Security Update 3 Issues

• Symantec NetRecon 3.6 with SU3 requires the latest Microsoft Jet database components to function properly.
  
  
• Symantec NetRecon customers who also use Symantec ESM can detect vulnerabilities using the remote registry service. To take advantage of this functionality, the Enterprise Security Agent Service must be configured to run using an account that is part of the Domain Admin's group rather than the Local System account.
  
  
• All of the Cisco vulnerabilities are currently detected via the SNMP service. Please ensure that the SNMP service is running on your Cisco devices. You will also need to add your read-only community strings, (if they are not already there) to c:\Program Files\Symantec\Netrecon 3.6\nrsnmpnames.inf if you want to detect your Cisco switches and routers successfully. If enabling SNMP presents a security risk, you can disable it after your scan is finished.
  
  
• All of the wireless vulnerabilities are detected through your internal network. It is not required to purchase a wireless card in order to detect these vulnerabilities. The wireless access points will be detected based on whether the administrative web interface is enabled (usually TCP port 80). The main goal is to ensure that users have not plugged in a wireless access point into your corporate network thus exposing your network physically to the outside or airwave rage.
  
  
• The Lotus Domino vulnerabilities are based on the web server advertising its version number in the HTTP banner. Even though it is not recommended to enable the server to display the version information, you can do it by editing the notes.ini file and adding "DominoNoBanner=0". This setting is enabled by default in earlier versions.