Description

Download Security Update 4 Release Notes (PDF)

This security update can only be downloaded using the LiveUpdate feature of Symantec NetRecon 3.6.

Security Update 4 (SU4) is a content update for Symantec NetRecon 3.6 that detects and reports 51 new vulnerabilities and exposures. Symantec NetRecon 3.6 now detects fourteen Samba vulnerabilities, thirteen sendmail vulnerabilities, eighteen MySQL vulnerabilities, four Cisco Catalyst vulnerabilities, and two Microsoft vulnerabilities. For details, download the Security Update 4 Release Notes (PDF).

New vulnerabilities and exposures

Samba (14)

• Samba call_trans2open Remote Buffer Overflow Vulnerability
• Samba Multiple Unspecified Remote Buffer Overflow Vulnerabilities
• Samba-TNG Unspecified Remote Privilege Escalation Vulnerability
• Samba SMB/CIFS Packet Assembling Buffer Overflow Vulnerability
• Samba REG File Writing Race Condition Vulnerability
• Samba Server Encrypted Password Buffer Overrun Vulnerability
• Samba Improperly Terminated Struct Buffer Overflow Vulnerability
• Samba Remote Arbitrary File Creation Vulnerability
• Samba Insecure TMP file Symbolic Link Vulnerability
• Samba SWAT Symlink Vulnerability
• Samba SWAT Logging Failure Vulnerability
• Samba SWAT Logfile Permissions Vulnerability
• Samba Pre-2.0.5 Vulnerabilities
• Samba Long Password Buffer Overflow Vulnerability

• Sendmail Address Prescan Memory Corruption Vulnerability
• Sendmail check_relay Access Bypassing Vulnerability
• Sendmail Trojan Horse Vulnerability
• Sendmail SMRSH Double Pipe Access Validation Vulnerability
• Sendmail Long Ident Logging Circumvention Weakness
• Sendmail DNS Map TXT Record Buffer Overflow Vulnerability
• Sendmail File Locking Denial Of Service Vulnerability
• Sendmail Inadequate Privilege Lowering Vulnerability
• Sendmail Queue Processing Data Loss/DoS Vulnerability
• Sendmail Debugger Arbitrary Code Execution Vulnerability
• Sendmail Unsafe Signal Handling Race Condition Vulnerability
• Sendmail ETRN Denial of Service Vulnerability
• Sendmail Aliases Database Regeneration Vulnerability

• MySQL Weak Password Encryption Vulnerability
• MySQL mysqld Privilege Escalation Vulnerability
• MySQL Double Free Heap Corruption Vulnerability
• MySQL COM_CHANGE_USER Password Memory Corruption Vulnerability
• MySQL COM_CHANGE_USER Password Length Account Compromise Vulnerability
• MySQL libmysqlclient Library Read_Rows Buffer Overflow Vulnerability
• MySQL libmysqlclient Library Read_One_Row Buffer Overflow Vulnerability
• MySQL COM_TABLE_DUMP Memory Corruption Vulnerability
• MySQL DataDir Parameter Local Buffer Overflow Vulnerability
• MySQL Logging Not Enabled Weak Default Configuration Vulnerability
• MySQL Null Root Password Weak Default Configuration Vulnerability
• MySQL Bind Address Not Enabled Weak Default Configuration Vulnerability
• MySQL Root Operation Symbolic Link File Overwriting Vulnerability
• MySQL SHOW GRANTS Password Hash Disclosure Vulnerability
• MySQL Local Buffer Overflow Vulnerability
• MySQL Unauthenticated Remote Access Vulnerability
• MySQL Authentication Algorithm Vulnerability
• MySQL GRANT Global Password Changing Vulnerability

• Cisco Catalyst CatOS Authentication Bypass Vulnerability
• Cisco Catalyst Unicast Traffic Broadcast Vulnerability
• Cisco Catalyst ssh Protocol Mismatch Denial of Service Vulnerability
• Cisco Catalyst Enable Password Bypass Vulnerability

• Microsoft Windows RPC Service Denial of Service Vulnerability
• Microsoft IIS WebDAV Denial Of Service Vulnerability

For details, download the Security Update 4 Release Notes (PDF).