Tenable Research

August 8th, 2006 Microsoft Tuesday Nessus Checks

by Ron Gula on August 9, 2006

Tenable Direct Feed and Security Center users have updated Nessus plugins to check for all vulnerabilities disclosed by the recent "Microsoft Tuesday" patches. The majority of these checks are for client-side issues and require local access with domain credentials. There were 12 local checks in total including two for Microsoft Office. There is one highly critical remote flaw (MS06-040) which is a stack overflow. It is possible to exploit Windows 2000 and XP SP1 remotely if they are not protected by a firewall. Windows 2003 SP1 and XP SP2 may also be exploitable, but could just be subject to...

Zombies and Botnets - Detecting "Crowd Surges" in Logs and Network Traffic

by Ron Gula on August 3, 2006

Tenable released a TASL script for the Log Correlation Engine that can use netflow, sniffed network sessions, firewall logs and even network IDS logs to help identify botnets, maleware and zombie networks. The basic premiss is that for certain protocols like SSH, Telnet, IRC and custom high-port control mechanisms, if we have a "large" user population suddenly all decide to visit an IP address on the other side of the world, this could indicate a "phone home" or some sort of control mechanism. In our testing we've seen 100s of IP addresses all start to connect on a variety of ports. In some...

mIDA 1.0.6 released

by Renaud Deraison on August 2, 2006

Today, the Tenable Research Team released a new version of mIDA, an IDA (Interactive Disassembler) plugin that allows one to extract Windows RPC server interfaces and to recreate the IDL definitions. By using the disassembler engine, mIDA supports almost all RPC interfaces. Version 1.0.6 introduced the following changes : Bugfixes (crash and better parsing of some structures) Support of MIDL compiler 7 used in Windows Vista NDR Library version 0x60001 FC_SUPPLEMENT, FC_EXPR, FC_FORCED_BOGUS_STRUCT and the new range format We would like to thank all people who sent us bug reports and feedback...