BlackICE 3.6.coq
Posted on Sunday, October 30 2005 @ 19:17 CET by LSDsmurfSecurity Content Improvements in 3.6.coq:
- The default priorities of 68 PAM issues have changed to take X-Force recommendations directly. The issues and their priority changes are listed in section 6.
- A false positive was removed from HTTP_Skype_Callto_Overflow.
- A new tuning parameter, pam.content.vcard.limit, has been added to help prevent false positives with Email_VCF_Mozilla_Overflow.
- A false positive was removed from HTTP_PHP_Addslashes_ViewFiles.
- A false positive was removed from SQL_SSRP_Malformed_Enum_Response that could fire on non-threatening DNS traffic.
- A new tuning parameter, pam.http.iis.ida.threshold, has been added to help prevent false positives with HTTP_IIS_Index_Server_Overflow.
- The file name details for MIME attachments is now set to a displayable maximum of 255.
- A false positive due to skipping "End of Mib View" variables has been removed from SNMP_Bad_Variable_Type.
- A false positive was removed from SIP_Unknown_Method_name by tightening the reverse connection logic.
- The file extension ".vsd" was associated with compound documents to remove a false positive from Content_CompoundFile_Bad_Extension.
- The file extensions ".lha" and ".lzh" were associated with LHA compressed files to remove a false positive from Content_CompoundFile_Bad_Extension.
- A false negative was removed from HTTP_IExplorer_Command_Exec, and the default response was changed from block- connection to rewrite.
- FTP heuristics were enhanced to accept a hyphen as the first character following a 220 server response.
- A false positive was removed from MSRPC_MSDTC_Message_BO by having the algorithm only inspect vulnerable opcodes.
- A false negative was removed from BrightStor_Discovery_Overflow.
- A false negative was removed from BackOrifice_Ping.
- Changed the order MIME type evaluations to detect more common MIME types earlier.
- Added recognition of several new MIME types to the HTTP parser.
- Improved data validation was added to the BGP parser to improve accuracy and prevent desynchronization.
- Two tuning parameters, pam.fastchannel.size and pam.fastchannel.expire, have been added to provide additional VoIP performance control.
- Performance improvements were made to the HTML content-layer parser.
- The SIP protocol parser was refactored to improve performance.
Program Information Category: Tools and Utilities Type: Shareware Version: 3.6.coq Size: 6.93MB Works on: Windows Product page: here |
Loading Comments