Wednesday, September 01, 2010

Cisco MARS 6.0.8 Now Available

A couple of weeks, out of date due to my holidays, but Cisco have released MARS 6.0.8

You can review the release notes HERE

There are no new product enhancements, but this release has updated Vendor Signatures, for Cisco (and Non Cisco Devices), as shown below....

New Vendor Signatures
The following table describes the most recent signatures supported for each product or technology:
Revised in 6.0.8
Product
Signature Version Supported
Intrusion Prevention and Detection Signatures
Yes
Cisco IDS 4.0
Cisco IPS 5.x
Cisco IPS 6.x
Cisco IPS 7.x
Current through S496 signature release. Current as of June 16, 2010.
No
Cisco ASA
Current as of March 9, 2010.
No
Cisco IOS 12.2/12.3/12.4
Current as of March 9, 2010.
Yes
Snort 2.8
Current as of June 17, 2010
Latest signature mapped: 16664.
Yes
ISS RealSecure Network Sensor 6.5 and 7.0, and
ISS RealSecure Server Sensor 6.5 and 7.0
XPU 30.061
Release date: June 14, 2010
Yes
McAfee IntruShield 4.1
v4.1.75.24
Release date: June 11, 2010
Yes
McAfee Entercept HIDS 6.x
Current through the June 15, 2010 signature release.
Yes
CheckPoint Application Intelligence
(VPN-1 NG with Application Intelligence R65)
Current through the June 18, 2010 signature release.
Yes
Juniper IPD 4.x
Signature version: 4.0
Release date: June 14, 2010
Yes
Netscreen IDP 3.x
Signature version: 4.0
Release date: June 14, 2010
Yes
Enterasys Dragon 7.2/7.3
Current through the June 14, 2010 signature release.
Vulnerability Scanner Signatures
Yes
Qualys Guard ANY
Current through the June 16, 2010 signature release.
Yes
E-Eye, Retina Scanner Vulnerability Software, version v5.11.1.2181
Current through the June 16, 2010 signature release.
Yes
Foundstone, version ANY
Current through the June 17, 2010 signature release.
Yes
Common Vulnerabilities and Exposures (CVE) Database
Current with the June 18, 2010 definition update.
Miscellaneous Support
No
Oracle 11g
Support for new AUDIT_ACTIONS. 
 

1 comment:

MikeInSeoul said...

What was interesting about this release, to me, was that it was published twice. There was 6.0.8(3427), posted around August 10th. It was then pulled, apparently due to some nasty bug with CSA clients.

Then, about two weeks later, they released it as 6.0.8(3428), with the CSA bug fixed.

The updates for the Cisco IPS products have been available in an on-going basis (currently S511). In reality, the only notable item in this upgrade is a patch for OpenSSL, which is something I've been waiting for. See here:
http://www.cisco.com/en/US/partner/docs/security/security_management/cs-mars/6.0/release/notes/rnote608.html#wp574013

Otherwise ... *yawn*.