New SmartDefense Updates

Email lists > CheckPoint SmartDefense Info

Thread: New SmartDefense Updates

Search this list only Search all lists
New SmartDefense Updates
Israel	2007-05-13 09:14:56
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Greetings, New SmartDefense Updates have been released today, May 13, 2007 for users of VPN-1 NGX R65, R62, R61, R60, VPN-1 NG with Application Intelligence R55W, R55 & R54, users of InterSpect NGX & 2.0 and users of Connectra NGX R62 & R61. Apple Mac OS X GIF Image Remote Code Execution Protection Overview: An integer overflow vulnerability exists in ImageIO in Apple Mac OS X. an attacker can exploit this issue via a malformed GIF image. GIF (Graphics Interchange Format) is a popular image format. By convincing a user to visit a specially crafted HTML documents or open a malicious web page, a remote attacker could cause denial of service and may execute arbitrary code on an affected system. By enabling this protection, SmartDefense will detect and block the transferring of malformed GIF files over HTTP. For more information, refer to CPAI-2007-059 at http://www.checkpoint.com/defense/advi sories/public/2007/cpai-10-Apra.html Mercury Mail Transport System Data Buffer Overflow Protection Overview: A buffer overflow vulnerability exist in Mercury Mail Transport System. Mercury Mail Transport System is a free mail server program that supports various email access and exchange protocols, including the Internet Message Access Protocol (IMAP). IMAP is a standard protocol for accessing e-mail from a local server that provides management of received messages on a remote server. A remote attacker can exploit this issue to trigger a Data buffer overflow which may lead to an application crash and to arbitrary code execution. Malformed IMAP commands may cause a buffer overflow on an affected server. The protection addresses this issue by detecting and blocking malformed IMAP commands that can lead to Data buffer overflow. For more information, refer to CPAI-2007-060 at http://www.checkpoint.com/defense/advi sories/public/2007/cpai-11-Apra.html Multiple Symantec SupportSoft ActiveX Control Buffer Overflow Protections Overview: Multiple vulnerabilities have been reported in Symantec SupportSoft ActiveX controls. SupportSoft provides third party ActiveX controls used for remote assistance and other technical support functions. By convincing a user to visit a specially crafted HTML documents or open a malicious web page, a remote attacker could cause the browser to crash allowing execution of arbitrary commands. By enabling this protection, SmartDefense will detect and block the malformed ActiveX Controls. For more information, refer to CPAI-2007-061 at http://www.checkpoint.com/defense/advi sories/public/2007/cpai-12-Apra.html Multiple McAfee ePolicy Orchestrator SiteManager Buffer Overflow Protections Overview: Multiple vulnerabilities exist in the McAfee ePolicy Orchestrator (ePO), and the Protection Pilot products. McAfee ePolicy Orchestrator is a central management system to enforce and monitor system security. A remote attacker could exploit this issue by convincing a user to visit a specially crafted HTML documents or open a malicious web page. Successful exploitation could result in remote code execution on the target system once the malicious page is loaded. By enabling this protection, SmartDefense will detect and block the malformed ActiveX Controls. For more information, refer to CPAI-2007-062 at http://www.checkpoint.com/defense/advis ories/public/2007/cpai-16-Apr.html Sun Java GIF Image Remote Code Execution Protection Overview: A remote code execution vulnerability exists in Sun Java Runtime Environment (JRE). The Sun Java Runtime Environment allows users to run Java applications in a browser or as standalone programs. A remote attacker can exploit this issue to take complete control over an affected system. By enabling this protection, SmartDefense will detect and block malformed Java GIF files. For more information, refer to CPAI-2007-063 at http://www.checkpoint.com/defense/advis ories/public/2007/cpai-05-Apr.html Links to the recent SmartDefense Advisories are available at: http://www.checkpoint.com/defense/advisories/pub lic/summary.html Read more about SmartDefense Service at: http://www.checkpoint.com/defense/advisories/pu blic/overview.html To sign-up to the mailing list, send an email to listservamadeus.us.checkpoint.com with the text "SUBSCRIBE SMARTDEFENSE-NEWS" in the email body. To unsubscribe from this list, send an email to listservamadeus.us.checkpoint.com with the text "SIGNOFF SMARTDEFENSE-NEWS" In the email body. As always, please feel free to contact us directly if you have any comments or questions (sda-infoCheckPoint.com). -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.6.0 (Build 214) wsBVAwUBRkcdXKy7i8j/RTzHAQgXfwf/Qv0pqAVMOuYwhXMG8JEjsbEVFNkh sNwC 8qjieaUZ7QPbh5ZFZDmoRemFI3qLgleh9Lv0hkNYw8qZq7thYATHA5PHx/FS D+gn YnBXOSIg8b1f6rh4lkIneCG/Q7/cnnpVIjZ0heSmYN1C2Nm0HgMSmLHst9X8 hiRQ hUMidhzUhPwwG5bdip9to7o9dIKWXMH0ku3siBYHuERAi9DXrotl3Tq/aO47 uBzK vM5KPxLckLJTUIn64896BI6rjopxDWoPU1nc8tCUMD+0foAftj6846XDG+he 4r0X 1wzsob42jZehAkQ2sfwFSVrtCbIryOWzr24sh17OChIkC1uemosA0A== =M7TE -----END PGP SIGNATURE-----

[1]

about | contact Other archives ( Real Estate discussion Medical topics )

Mailing lists