-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Greetings,
New SmartDefense Updates have been released today, April 15,
2007 for users
of VPN-1 NGX R65, R62, R61, R60, VPN-1 NG with Application
Intelligence
R55W, R55 & R54, users of InterSpect NGX & 2.0 and
users of Connectra NGX
R62 & R61.
Microsoft Windows Workstation Service 'NetrWkstaUserEnum'
Denial of Service
Protection
Overview: A denial of service vulnerability has been
reported in the
Microsoft Windows Workstation service. Microsoft Windows
workstation
service routes local file system requests and remote file or
print network
requests via Remote Procedure Call (RPC). An attacker may
exploit this
vulnerability to create a denial of service condition on an
affected
system. By enabling this protection, SmartDefense will
detect and block
malformed RPC requests.
For more information, refer to CPAI-2007-050 at
http://www.checkpoint.com/defense/advis
ories/public/2007/cpai-01-Mar.html
Symantec Veritas NetBackup Remote Code Execution Protection
Overview: A remote code execution vulnerability has been
reported in
Symantec Veritas NetBackup. Symantec Veritas NetBackup
Server is a
client/server backup application solution used for
performing scheduled
automatic backups and on-demand backups requested by users.
A remote
attacker could exploit the vulnerability to execute
arbitrary code on an
affected system via command chaining. By enabling this
protection,SmartDefense will detect and block malformed
command chaining
requests.
For more information, refer to CPAI-2007-045 at
http://www.checkpoint.com/defense/advi
sories/public/2007/cpai-06-Mara.html
Oracle ORADC ActiveX Control Remote Code Execution
Protection
Overview: A remote code execution vulnerability has been
identified in the
Oracle Data Control (ORADC) ActiveX control. Oracle Objects
for OLE is a
COM-based database connectivity tool for accessing Oracle
databases. The
ORADC ActiveX control is provided by the Oracle Objects for
OLE package. It
provides data access and operation modifications on the
backend database.
By convincing a user to visit a specially crafted HTML
documents or open a
malicious web page, a remote attacker could execute
arbitrary code on the
affected system. By enabling this protection, SmartDefense
will detect and
block the vulnerable ActiveX Control.
For more information, refer to CPAI-2007-046 at
http://www.checkpoint.com/defense/advi
sories/public/2007/cpai-06-Marb.html
Trend Micro ServerProtect Buffer Overflow Protections
Overview: Trend Micro ServerProtect is prone to multiple
buffer overflow
vulnerabilities. Trend Micro ServerProtect is a centrally
managed virus
protection console for enterprise-class servers. A remote
attacker may
exploit this issue to execute arbitrary code on a vulnerable
system via a
specially crafted RPC request. By enabling this protection,
SmartDefense
will detect and block malformed RPC requests sent to Trend
Micro
ServerProtect over TCP port 5168.
For more information, refer to CPAI-2007-047 at
http://www.checkpoint.com/defense/advi
sories/public/2007/cpai-15-Mara.html
Novell Netmail WebAdmin Remote Buffer Overflow Protection
Overview: Novell NetMail is an electronic mail server
product that
supports various email access and exchange protocols,
including IMAP
(Internet Message Access Protocol) and NMAP (Network
Messaging Application
Protocol). WebAdmin is a browser based administrative tool
used to manage
NetMail. A buffer overflow vulnerability has been reported
in Novell
NetMail WebAdmin. A remote attack may exploit this issue to
execute
arbitrary code on an affected system. By enabling this
protection,
SmartDefense will detect and block overly long username
values sent to the
WebAdmin interface.
For more information, refer to CPAI-2007-048 at
http://www.checkpoint.com/defense/advis
ories/public/2007/cpai-22-Mar.html
Novell NetMail IMAP Verb Literal Buffer Overflow Protection
Overview: A buffer overflow vulnerability exists in Novell
NetMail IMAP
service. Novell NetMail is an electronic mail server product
that supports
various email access and exchange protocols, including the
Internet Message
Access Protocol (IMAP). IMAP is a standard protocol for
accessing e-mail
from a local server that provides management of received
messages on a
remote server. A remote attacker can exploit this issue to
trigger a buffer
overflow which may lead to an application crash and to
arbitrary code
execution. Malformed IMAP commands may cause a buffer
overflow on an
affected IMAP server. The protection addresses this issue by
detecting and
blocking malformed and long IMAP literals that exceed a
certain length.
For more information, refer to CPAI-2007-049 at
http://www.checkpoint.com/defense/advi
sories/public/2007/cpai-05-Feba.html
Trend Micro OfficeScan ActiveX Buffer Overflow Protection
Overview: A buffer overflow vulnerability has been reported
in the Trend
Micro OfficeScan Client ActiveX control. The Trend Micro
OfficeScan product
is a centralized virus and security scan management system.
OfficeScan
Client is an integrated client which provides security
protection for the
network endpoints. By convincing a user to visit a specially
crafted HTML
documents or open a malicious web page, a remote attacker
could cause the
browser to crash allowing execution of arbitrary commands.
By enabling this
protection, SmartDefense will detect and block the
vulnerable ActiveX
Control.
For more information, refer to CPAI-2007-051 at
http://www.checkpoint.com/defense/advis
ories/public/2007/cpai-06-Mar.html
Protect Yourself against FTP Brute Force Attacks
Overview: The File Transfer Protocol (FTP) is used to
connect computers
over the Internet enabling file transferring between their
users. FTP Brute
Force Attacks are a common threat on vulnerable systems.
Using Brute Force,
remote attackers attempt to gain access to unauthorized
areas of a target
system, such as FTP accounts, e-mail accounts and databases.
By trying to
repeatedly log in to an FTP server using different
passwords, it is
possible to crack user accounts on the remote target and
compromise it. By
enabling this protection, SmartDefense will detect and block
repeated login
attempts from the same client during a configurable period
of time.
For more information, refer to SBP-2007-05 at
http://www.checkpoint.com/defense/adviso
ries/public/2007/sbp-13-Mar.html
Protect Yourself against FTP Format Strings Attacks
Overview: The File Transfer Protocol (FTP) is used to
connect computers
over the Internet enabling file transferring between their
users. FTP
format string attacks are a common threat on vulnerable
systems. Format
string attacks can be used to crash a program or to execute
malicious code.
Successful format string attack will compromise a target
system. By
enabling this protection, SmartDefense will detect and block
special format
string characters within FTP commands.
For more information, refer to SBP-2007-06 at
http://www.checkpoint.com/defense/adviso
ries/public/2007/sbp-15-Mar.html
Links to the recent SmartDefense Advisories are available
at:
http://www.checkpoint.com/defense/advisories/pub
lic/summary.html
Read more about SmartDefense Service at:
http://www.checkpoint.com/defense/advisories/pu
blic/overview.html
To sign-up to the mailing list, send an email to
listserv amadeus.us.checkpoint.com
with the text "SUBSCRIBE SMARTDEFENSE-NEWS" in the
email body
To unsubscribe from this list, send an email to
listservamadeus.us.checkpoint.com
with the text "SIGNOFF SMARTDEFENSE-NEWS" In the
email body.
As always, please feel free to contact us directly if you
have any comments
or questions (sda-infoCheckPoint.com).
-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.6.0 (Build 214)
wsBVAwUBRiJBKqy7i8j/RTzHAQhuYAgAtKhhFBuLg/nLRJ7DfltGHv2A7sbf
1y0v
lAMBPhUsuEOtZMp8dwZAo9bN8GEf4E3vaG5CiGlbf/iAfaOFii0t65unh+h7
EY9P
CV9i7l2xzziJqPn6THRYcLHzwnJ4wPIaDvF4cJEzsm/djMgfDAxgqnP63FfY
e3Sr
7m9wuzIlPDtKtcEp53VIhDPByF97A4oN62cYY+trQQoGSAlxb13rBoLX6Vyx
OQWz
YDDJu9S+A4oE4opTCzbXipYGRutPLHt4GH5bR9OToU/X4UDZxYMJ8gZZ1S8X
GPsq
t+IEhihIVCma3dZkdg4vxys3pyVj7hMh6E2SJthLt4att8z2dPbv1w==
=Aig1
-----END PGP SIGNATURE-----
|
