Tenable Blog

Late yesterday, Tenable announced SecurityCenter™ received a "Strong Positive" rating in Gartner's 2012 MarketScope for Vulnerability Assessment. The report provides guidance to security professionals evaluating options for vulnerability assessment. Gartner rates vendors based on evaluation criteria including market responsiveness and track record; product offering strategy; product functions such as base scanning methods, scope of vulnerability assessment, workflow and remediation support, and reporting capabilities; viability; and customer experience.

Announcements

• We're hiring! - Visit the Tenable website for more information about open positions.
• Check out our video channel on YouTube which contains new Nessus and SecurityCenter tutorials.
• Tenable Tweets - You can find us on Twitter at http://twitter.com/tenablesecurity where we make product and company announcements, provide Nessus plugin statistics, and more!
• Want to ask questions about Nessus, SecurityCenter, LCE, and PVS and get answers from the experts at Tenable? Join Tenable's Discussion Forum for custom scripts, announcements, and more!
• You can subscribe to the Tenable Network Security Podcast on iTunes!

New & Notable Plugins

Nessus

• Scientific Linux Update Level
• nginx on Windows Directory Aliases Access Restriction Bypass
• Appweb < 3.3.3 Insecure SSL Renegotiation
• Scientific Linux Security Update : openoffice.org on SL5.x i386/x86_64
• Apple Xcode < 4.4 Multiple Vulnerabilities (Mac OS X)
• Opera < 12.01 Multiple Vulnerabilities

Conferences Fuel Your Passion

Few things spark your passion for information security the same way as a conference. It’s inspiring to talk to so many different people in the industry and listen to a variety of talks, all in one place. I had the chance to personally meet many readers of the Tenable blog and listeners of the Tenable podcast. I also heard some great talks as well. Here are some highlights.

Smashing the Future for Fun and Profit

I was really excited to see the folks on this panel come together and "talk shop." It’s a rare opportunity to see Jeff Moss (Dark Tangent), Adam Shostack, Marcus Ranum, Bruce Schneier, and Jennifer Granick all share the same stage! This did not happen by chance, as this panel brought back five of the original speakers Jeff Moss assembled at the first two Black Hat conferences held in 1997 and 1998.

I've had the unique opportunity to interview each of the 2012 panel members individually, so I was particularly interested to see how their thoughts, ideas, and opinions would converge. I was not disappointed. The topics ranged from software security, the government’s role in security, consumerism and how ease of use impacts security, the vulnerability market, and so much more. Jennifer Granick was an outstanding moderator (which was not an easy task by any stretch!).

The big question for me was, “What changed?” Jeff had a great anecdote. He said we don't really solve the problems, but we just run away from them and they seem to go away. We've just been able to run faster. I reviewed the topics presented at the first Black Hat conference in 1997, and I couldn't agree more. Vulnerabilities in TCP/IP, secure coding, and over-reliance on firewalls all made the list — topics we still discuss, and problems we still run from today.

Announcements

• We're hiring! - Visit the Tenable website for more information about open positions.
• Check out our video channel on YouTube which contains new Nessus and SecurityCenter 4 tutorials.
• Tenable Tweets - You can find us on Twitter at http://twitter.com/tenablesecurity where we make product and company announcements, provide Nessus plugin statistics, and more!
• Want to ask questions about Nessus, SecurityCenter, LCE, and PVS and get answers from the experts at Tenable? Join Tenable's Discussion Forum for custom scripts, announcements, and more!
• You can subscribe to the Tenable Network Security Podcast on iTunes!

New & Notable Plugins

Nessus

• DB2 9.8 Less Than Fix Pack 5 Vulnerabilities
• Vulnerabilities in Microsoft Gadgets Could Allow Remote Code Execution
• DNSSEC NSEC Records Information Disclosure
• VMware ESXi update to libxml2
• MySQL 5.5 Less Than 5.5.23 Unspecified Vulnerability
• Novell GroupWise WebAccess User.interface Directory Traversal
• Pidgin Less than 2.10.5 Message Inline Image Parsing Remote Overflow

Announcements

• We're hiring! - Visit the Tenable website for more information about open positions.
• Check out our video channel on YouTube which contains new Nessus and SecurityCenter 4 tutorials.
• Tenable Tweets - You can find us on Twitter at http://twitter.com/tenablesecurity where we make product and company announcements, provide Nessus plugin statistics, and more!
• Want to ask questions about Nessus, SecurityCenter, LCE, and PVS and get answers from the experts at Tenable? Join Tenable's Discussion Forum for custom scripts, announcements, and more!
• You can subscribe to the Tenable Network Security Podcast on iTunes!

New & Notable Plugins

Nessus

• Microsoft IIS 6.0 PHP NTFS Stream Authentication Bypass - Using an alternative data stream, attackers are able to access PHP files which are otherwise protected. This is accomplished by accessing a file using the following name: "filename.php::$INDEX_ALLOCATION" as it is the functional equivalent of "filename.php".
• VMware Fusion 4.x Less Than 4.1.3 Vulnerabilities - "Due to a flaw in the virtual floppy configuration it is possible to perform an out-of-bounds memory write. This vulnerability may allow a guest user to crash the VMX process or potentially execute code on the host." Do many still use a virtual floppy disk?
• Cisco AnyConnect Secure Mobility Client VPN Downloader Arbitrary Code Execution - "Such versions are potentially affected by an arbitrary code execution vulnerability." Potentially? I really wish vendors would do a better job of further qualifying the risk of exploitation. Upgrading all of your clients is not an easy task, and security folks may have a tough time convincing administrators to push out a fix if the risk is not a reality.
• MacOSX Cisco AnyConnect Secure Mobility Client Multiple Vulnerabilities - Looks like these problems exist on OS X as well. The AnyConnect client does not validate binary downloads, allowing an attacker to execute code.
• Symantec Message Filter Management Interface Default Credentials - I believe one of the security measures that gives you the most bang for your buck is to make certain all of your management interfaces are not using default or easily-guessable credentials.
• IBM Lotus Domino Password Protected DB Enumeration - Tools exist in the popular Metasploit framework to brute force this password.
• Basilic diff.php Command Injection - "Basilic, a bibliography server for research laboratories, has a command injection vulnerability."
• HP System Management Homepage Less Than 7.1.1 Vulnerabilities - This update files a long list of vulnerabilities.
• IrfanView JPEG-2000 Plugin Remote Stack-based Buffer Overflow - Remote code execution triggered by opening JP2 files.
• Cisco WebEx ARF Player Buffer Overflow - I suppose you could host an "evil" webcast and trigger this buffer overflow condition!