BlackICE 3.6.coq

Posted on Sunday, Oct 30 2005 @ 19:17 CET by LSDsmurf

Security Content Improvements in 3.6.coq:
  • The default priorities of 68 PAM issues have changed to take X-Force recommendations directly. The issues and their priority changes are listed in section 6.
  • A false positive was removed from HTTP_Skype_Callto_Overflow.
  • A new tuning parameter, pam.content.vcard.limit, has been added to help prevent false positives with Email_VCF_Mozilla_Overflow.
  • A false positive was removed from HTTP_PHP_Addslashes_ViewFiles.
  • A false positive was removed from SQL_SSRP_Malformed_Enum_Response that could fire on non-threatening DNS traffic.
  • A new tuning parameter, pam.http.iis.ida.threshold, has been added to help prevent false positives with HTTP_IIS_Index_Server_Overflow.
  • The file name details for MIME attachments is now set to a displayable maximum of 255.
  • A false positive due to skipping "End of Mib View" variables has been removed from SNMP_Bad_Variable_Type.
  • A false positive was removed from SIP_Unknown_Method_name by tightening the reverse connection logic.
  • The file extension ".vsd" was associated with compound documents to remove a false positive from Content_CompoundFile_Bad_Extension.
  • The file extensions ".lha" and ".lzh" were associated with LHA compressed files to remove a false positive from Content_CompoundFile_Bad_Extension.
  • A false negative was removed from HTTP_IExplorer_Command_Exec, and the default response was changed from block- connection to rewrite.
  • FTP heuristics were enhanced to accept a hyphen as the first character following a 220 server response.
  • A false positive was removed from MSRPC_MSDTC_Message_BO by having the algorithm only inspect vulnerable opcodes.
  • A false negative was removed from BrightStor_Discovery_Overflow.
  • A false negative was removed from BackOrifice_Ping.
Other Updates:
  • Changed the order MIME type evaluations to detect more common MIME types earlier.
  • Added recognition of several new MIME types to the HTTP parser.
  • Improved data validation was added to the BGP parser to improve accuracy and prevent desynchronization.
  • Two tuning parameters, pam.fastchannel.size and pam.fastchannel.expire, have been added to provide additional VoIP performance control.
  • Performance improvements were made to the HTML content-layer parser.
  • The SIP protocol parser was refactored to improve performance.

Program Information

Category:
Tools and Utilities
Type:
Shareware


Version:
3.6.coq
Size:
6.93MB
Works on:
Windows


Product page: here

Download: BlackICE 3.6.coq



Loading Comments