-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Greetings,
New SmartDefense Updates have been released today, September
12, 2006 for
users of VPN-1 NGX R61 & R60, VPN-1 NG with Application
Intelligence R55W,
R55 & R54, users of InterSpect NGX & 2.0 and users
of VPN-1 VSX NGX.
Malformed IMAP Commands Protection (SELECT, LOGIN, LIST)
Overview: Several IMAP servers do not properly validate the
length of
several IMAP commands before passing the info contained in
these commands
to the allocated buffer. Overly long Login, Select and List
may cause a
buffer overflow on an affected IMAP server. The update
addresses the issue
by validating the length of the Select, Login and List IMAP
commands.
For more information, refer to CPAI-2006-098 at
http://www.checkpoint.com/defense/advi
sories/public/2006/cpai-20-Aug.html.
Microsoft Windows DHCP Protection (MS06-036)
Overview: Microsoft Windows contains a vulnerability in the
way that it
processes and logs DHCP messages. The Dynamic Host
Configuration Protocol
(DHCP) provides central management of IP addresses and other
details
related to the IP configuration used on the network. A
remote user can
exploit this vulnerability by sending a specially crafted
DHCP message to a
vulnerable DHCP server. SmartDefense Service team has
provided a protection
against this type of DHCP vulnerabilities in January 23,
2005
(CPAI-2005-07) in response to MS04-042. The update from
September 7, 2006
enhances the DHCP protection by further enforcing the DHCP
protocol. All
you need to do is update SmartDefense on your VPN/InterSpect
system. For
more information, refer to CPAI-2006-101 at
http://www.checkpoint.com/defense/adv
isories/public/2006/cpai-17-Auga.html.
Microsoft Internet Explorer UTF-8 Decoding Protection
(MS06-021)
Overview: Microsoft Internet Explorer (IE) fails to properly
decode UTF-8
encoded web pages. UTF-8 (Unicode Translation Format 8) is a
type of
character encoding for Unicode character sets. This
vulnerability allows
remote attackers to execute arbitrary code via a specially
crafted UTF-8
encoded HTML document. The update protects against this
vulnerability by
blocking UTF-8 malformed HTML files. Depending on the
traffic mix,
activating this protection may result in performance
degradation.
For more information, refer to CPAI-2006-105 at
http://www.checkpoint.com/defense/adv
isories/public/2006/cpai-14-Auga.html.
Pre-Patch Workaround for Microsoft Windows Vulnerabilities
Overview: Several remote code execution vulnerabilities
exist in Microsoft
Office, including vulnerabilities in Excel, Power Point and
Word. A remote
attacker may create a malicious Excel, PowerPoint or Word
file and host it
on a Web site or send it as an email attachment. This may
allow an attacker
to overflow a buffer and possibly execute arbitrary code on
the affected
system. Since the protections offered in this advisory may
degrade
performance and block access to legitimate Office files,
Check Point users
are advised to use these Office protections as a workaround
till all
systems are patched. By enabling this protection,
SmartDefense will block
the transferring of Microsoft Office files including Word,
Power Point and
Excel over HTTP. In order for the protection to work, at
least one of the
Block Office protection's options in the configuration pane
(i.e. Block
Word Documents; Block Excel Documents; Block Power Point
Documents) needs
to be activated. Note: Depending on the traffic mix,
activating these
protections may result in performance degradation.
For more information, refer to SBP-2006-06 at
http://www.checkpoint.com/defense/advis
ories/public/2006/sbp-17-Aug.html.
MiniBB Remote File Protection
Overview: MiniBB is a free forum software, an original PHP
message board
script that a user can build online community on.
Vulnerabilities in MiniBB
Forum may allow a remote attacker to execute arbitrary PHP
code via a
specially crafted URL. The Update enables the HTTP Worm
Catcher to detect
and block the vulnerability based on pre-defined worm
signatures.
For more information, refer to CPAI-2006-102 at
http://www.checkpoint.com/defense/advi
sories/public/2006/cpai-01-Aug.html.
GraceNote (CDDB) Control ActiveX Protection
Overview: The Gracenote CDDB ActiveX control is used by Sony
products (as
well as other vendors) for looking up information about CDs
in the
Gracenote CD Data Base (CDDB). Gracenote CDDB ActiveX
control contains a
buffer overflow error. By convincing a user to visit a
malicious Web page
or open a malicious HTML, an attacker could cause the
victim's system to
execute arbitrary commands or cause the victim's Web
browser to crash. The
update defends against the vulnerability by blocking the
vulnerable ActiveX
(CDDB) Control application. Depending on the traffic mix,
activating this
protection may result in performance degradation.
For more information, refer to CPAI-2006-103 at
http://www.checkpoint.com/defense/advi
sories/public/2006/cpai-02-Aug.html.
Microsoft Internet Explorer (Internet.HHCtrl) Protection
Overview: Microsoft Internet Explorer (IE) contains a heap
overflow
vulnerability. The vulnerability exists in a Microsoft
ActiveX which
supports all functions of the user help interface
(hhctrl.ocx). A remote
attacker may trigger this flaw to deny service from
legitimate users. By
convincing a user to visit a specially crafted Web page, an
attacker could
cause the victim's Web browser to crash. The update
protects against this
vulnerability by blocking the vulnerable COM object.
Depending on the
traffic mix, activating this protection may result in
performance
degradation.
For more information, refer to CPAI-2006-104 at
http://www.checkpoint.com/defense/advi
sories/public/2006/cpai-06-Aug.html.
Apache LDAP HTTP Server Protection
Overview: A vulnerability exists in Apache HTTP Server.
Attackers can
trigger this vulnerability via crafted URLs that are not
properly handled
using certain Rewrite rules. This issue only affects
installations using
Rewrite rules with specific characteristics. This flaw
allows attackers to
cause denial of service and possibly to execute arbitrary
code. The Update
enables the HTTP Worm Catcher to detect and block the
vulnerability based
on pre-defined worm signatures.
For more information, refer to CPAI-2006-106 at
http://www.checkpoint.com/defense/advis
ories/public/2006/cpai-17-Aug.html
Links to the recent SmartDefense Advisories are available
at:
http://www.checkpoint.com/defense/advisories/pub
lic/summary.html
Read more about SmartDefense Service at:
http://www.checkpoint.com/defense/advisories/pu
blic/overview.html
To sign-up to the mailing list, send an email to
listserv amadeus.us.checkpoint.com with the text
"SUBSCRIBE
SMARTDEFENSE-NEWS" in the email body.
To unsubscribe from this list, send an email to
listservamadeus.us.checkpoint.com with the text
"SIGNOFF
SMARTDEFENSE-NEWS" In the email body.
As always, please feel free to contact us directly if you
have any comments
or questions (sda-infoCheckPoint.com).
-----BEGIN PGP SIGNATURE-----
Version: PGP 8.1
iQA/AwUBRQbH0VqiP0SjohCrEQJJKwCcC9KWNp1f2+aF9OyMQBKzmil3wPAA
nApN
kjegqvGYqexzofxlxOdbEO09
=vhl4
-----END PGP SIGNATURE-----
|