Description

Download Security Update 10 Release Notes (PDF)

This security update can only be downloaded using the LiveUpdate feature of Symantec NetRecon 3.5.

Symantec NetRecon 3.5 Security Update 10 is a content update for Symantec NetRecon 3.5 that introduces 12 new vulnerability checks. NetRecon now checks for an Apache Web server vulnerability, a Domain Controller Request denial of service vulnerability, a WebDAV denial of service vulnerability, and a Virtualized UNC Shares vulnerability. NetRecon also discovers the NetBus trojan, as well as other programs that are not trojans, but could be used by an attacker to gain system information. These programs include Carbon Copy, CaptureScreen, Desktop Delivery, Invisible Keylogger Stealth, Netlook, PC Protect Stealth, and PCAnywhere.

Security Update 10 also adds new functionality to NetRecon that gives users many new reporting options from a command line interface. These features are explained in NetRecon's updated help files.

New Vulnerability Checks

• Apache Web Server Chunk-Handling Vulnerability
  
  NetRecon can locate versions of Apache Web Server that may be vulnerable to a remote attack. Attackers can use specifically malformed chunk-encoded HTTP requests to execute arbitrary code on Apache servers. Click here to read more about this vulnerability.
  
  
• PCAnywhere can provide remote access to a computer
  
  NetRecon can find copies of PCAnywhere running on network resources. PCAnywhere is a program that allows remote control and access to a system. Unauthorized installations could pose a security risk.
  
  
• PC Protect Stealth logs all activity and stores this in a local encrypted file
  
  NetRecon can locate installations of PC Protect Stealth on network resources. Though PC Protect Stealth logs are encrypted, unauthorized access to the logs could provide an attacker with passwords and other sensitive information.
  
  
• Netlook allows a remote capture of screenshots
  
  NetRecon can locate installations of Netlook running on network resources. Netlook can provide an attacker with remote screenshots of a system. These screenshots can include sensitive information.
  
  
• NetBus can be used as a backdoor program allowing remote access
  
  NetRecon can locate installations of NetBus on network resources. NetBus is a backdoor program that, once installed on a system, lets unauthorized users remotely perform a variety of operations, such as changing the registry, executing commands, starting services, listing files, uploading or downloading files, or other malicious activities.
  
  
• IKS will keep a log of all keystrokes typed
  
  NetRecon can locate installations of IKS (Invisible Keylogger Stealth) on network resources. The IKS logs are typically held in a file called iks.txt or iks.dat. These files may be viewed to obtain passwords and other sensitive information. Unauthorized installations can pose a security risk.
  
  
• Desktop Delivery can provide remote access to a computer
  
  NetRecon can locate installations of Desktop Delivery on network resources. Desktop Delivery is a program that can allow remote control and access to a system.
  
  
• CaptureScreen can provide remote access to a computer
  
  NetRecon can locate installations of CaptureScreen on network resources. CaptureScreen is a program that can allow remote control and access to a system.
  
  
• Carbon Copy can provide remote access to a computer
  
  NetRecon can locate installations of Carbon Copy on network resources. Carbon Copy is a program can allow remote control and access to a system.
  
  
• Virtualized UNC Shares Vulnerability
  
  NetRecon can discover a system vulnerability that allows source code to be sent to an attacker. When a virtual directory is mapped to a Universal Naming Convention (UNC) share, and a request for a file in the directory contains one of several particular characters at the end of the request, the expected Internet Server Application Programming Interface (ISAPI) extension processing may not occur. This can result in the source code version of the file being sent to the attacker's browser.
  
  
• WebDAV Denial of Service Vulnerability
  
  NetRecon can discover a WebDAV vulnerability that lets an attacker overload system resources, resulting in a denial of service. This vulnerability occurs when WebDAV mishandles certain very long, malformed requests. The final result causes an access violation on the IIS 5.0 server, crashing it.
  
  
• Domain Controller Request Denial of Service
  
  NetRecon can discover an NT service vulnerability that allows an attacker to overload system resources, resulting in a denial of service. An NT service that runs on all Windows 2000 domain controllers contains a flaw that affects how a system processes a certain type of invalid service request. If an attacker sends a continuous stream of these requests to an affected machine, the attempt to process the requests consumes most or all of the CPU capacity.
  
  

• New Command Line Interface reporting options
  
  NetRecon now has several new options in the command line interface that let users create reports in HTML format. The options let users choose the format of the report and also let them determine the report's content via options that select vulnerability, computer name, vulnerability risk by number, vulnerability risk by color, and other parameters.
  
  Proper formatting and syntax is documented in the help files. To locate these files:
  
  
  1. Open the NetRecon online help files.
  2. Click the book labeled How do I..., then click Use the Command Line Interface.
  3. Click the section entitled Understanding .nrd Files.