Title.

AutoUpdate 65 is released

Content

• Common Vulnerability Scoring System (CVSS)

• Expanding HTML reprting

• Redhat Enterprise Linux Update

• Textual Manifest

Introduction

This update is a feature update. It contains new and updated product features which include the introduction of full support for the Common Vulnerability Scoring System CVSS, enhanced HTML reporting features and an update to the Red Hat Enterprise Linux agent.

Common Vulnerability Scoring System (CVSS)

This update introduces CVSS reporting and score manipulation features to the Assuria Auditor Console.

CVSS is a vulnerability scoring system designed to provide an open and standardized method for rating IT vulnerabilities. CVSS helps organizations prioritize and coordinate a joint response to security vulnerabilities by communicating the base, temporal and environmental properties of a vulnerability.

FIRST sponsors and supports CVSS.  FIRST hosts a special interest group to update and promote CVSS and provides a central repository for CVSS documentation.

For additional information on CVSS v2, please see http://www.first.org/cvss

and

http://nvd.nist.gov/cvss.cfm?calculator&adv&version=2

In Assuria Auditor Console CVSS scores and vectors for checks can be viewed in the policy navigators and all html based reports. Reports can be ordered in different combinations of risk level and/or CVSS score.

A CVSS vector editor is provided as part of the Assuria Auditor Console, to allow customers to set their own vectors (and hence scores) for checks.  The CVSS Vector Editor can be accessed from the Maintenance menu -> CVSS.

CVSS Score online. The NIST NVD site has all security alerts CVSS scored and presented at http://nvd.nist.gov/nvd.cfm

NIST also have XML feeds that anyone can use http://nvd.nist.gov/download.cfm#XML

Further information on CVSS vectors are available at http://www.first.org/cvss/

Expanding HTML reporting

This update introduces new expanding style html reports to Assuria Auditor, in addition to the existing classic HTML Report forms.

The new style reports are available via an extended set options within the Report Generation pane. 

RedHat Enterprise Linux Update

This update brings existing installed agents up to the same run time software level as the new Red Hat Enterprise LINUX RPM we recently shipped to extend support to RHEL5. See Assuria Bulletin 45. The result is that an existing agent updated to this AU level will run on RHEL5 in just the same way as one installed from the new RPM.

The change is to cause the Assuria Auditor agent to recognise special RedHat remote file shares and not process them as local files.

The full manifest of new and changed files for this update can be viewed below:

Agent updates

Updates are included for the following agents:

• RHEL Red Hat Enterprise Linux 3 (x86), 4 (x86) and 4 (x64), 5 (x86)

RHEL Red Hat Enterprise Linux 3 (x86), 4 (x86) and 4 (x64), 5 (x86)

    o Updated Files

     - bin/checker

     - bin/sysscand

    o Updated Checks

     - httpd-root-symlink

     - tdfc-service-database

    o X-Press Update Files

      - rulesets/unarchivePolicy

      - signatures/rulesets/unarchivePolicy.sgn

      - lib/xpud3_65.zip

      - lib/xpud3_65.sgn

      - lib/xpud3_65_script.sh

      - lib/xpud3_65_script.sh.sgn

      - lib/xpud3_65_script2.sh

      - lib/xpud3_65_script2.sh.sgn

      - etc/update.ini

Console update

o Database update

      - Updated information on existing checks, including CVSS data

o Updated Policy Navigators, including CVSS data:

      - IBM AIX

      - Red Hat Enterprise Linux

      - Sun Solaris 8

      - Sun Solaris 9

      - Sun Solaris 10 on Sparc

      - Sun Solaris 10 on X86

      - Windows 2000

      - Windows 2003

      - HP HP-UX 11 on PA-RISC

      - HP HP-UX 11 on IA-64

o Updated console files

      - bin/S2dbupdate.exe

      - bin/tcl/htmlrep.tbc

      - bin/tcl/IndexedResults.tbc

      - bin/tcl/main.tbc

      - bin/tcl/normrep.tbc

      - bin/tcl/report.tbc

      - bin/tcl/startup.tbc

      - bin/tcl/stdrep.tbc

      - bin/tcl/treeutils.tbc

      - etc/xpu_config

o New console files

      - bin/tcl/htmlexprep.tbc

      - bin/tcl/stdexprep.tbc

      - bin/tcl/cvss.tbc