New SmartDefense Updates

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Greetings,

New SmartDefense Updates have been released today, October
10, 2007 for
users of VPN-1 NGX R65, R62, R61, R60, VPN-1 NG with
Application
Intelligence R55W, R55 & R54, users of InterSpect NGX
and users of
Connectra NGX R62 & R61. 


Ipswitch IMail Server IMap SEARCH Command Date String
Protection
Overview:  A buffer overflow vulnerability exists in
Ipswitch IMail Server.
Ipswitch IMail server is a messaging service suite that
supports numerous
mail exchanging protocols, including the Internet Message
Access Protocol
(IMAP). IMAP is a standard protocol for accessing e-mail
from a local
server that provides management of received messages on a
remote server.
Several mail servers contain buffer overflow errors in the
way they handle
commands. A remote attacker can exploit this issue to
trigger a buffer
overflow which may lead to an application crash and to
arbitrary code
execution. By enabling this protection, SmartDefense will
detect and block
malformed SEARCH commands sent to the Ipswitch IMail
Server.
For more information, refer to CPAI-2007-111 at
http://www.checkpoint.com/defense/advis
ories/public/2007/cpai-19-Sep.html

VMware Workstation ActiveX Control Protection
Overview:  A remote code execution vulnerability has been
reported in
VMware Workstation. VMware Workstation is a virtualization
technology that
allows running multiple instances of virtual computers
simultaneously with
the hosting operating system. A remote attacker could
exploit this issue by
convincing a user to visit a specially crafted HTML document
or open a
malicious web page. Successful exploitation could result in
remote code
execution on the target system once the malicious page is
loaded. By
enabling this protection, SmartDefense will detect and block
the vulnerable
ActiveX Control.
For more information, refer to CPAI-2007-112 at
http://www.checkpoint.com/defense/advi
sories/public/2007/cpai-19-Sepa.html

Symantec Products ActiveX Control Code Execution Protection
Overview:  Multiple code execution vulnerabilities have been
reported in
various Symantec products that have web-based interfaces.
Symantec products
include various software applications that deal with
security and
information management. A remote attacker could exploit this
issue by
convincing a user to visit a specially crafted HTML document
or open a
malicious web page. Successful exploitation could result in
remote code
execution on the target system once the malicious page is
loaded. By
enabling this protection, SmartDefense will detect and block
the vulnerable
ActiveX Controls.
For more information, refer to CPAI-2007-113 at
http://www.checkpoint.com/defense/advi
sories/public/2007/cpai-19-Sepb.html

Microsoft SQL Server Distributed Management Objects
Protection
Overview:  A buffer overflow vulnerability has been reported
in Microsoft
SQL Server. Microsoft SQL Server is a Relational Database
Management System
(RDBMS) that can be managed through Distributed Management
Objects (DMO). A
remote attacker can exploit this issue to execute arbitrary
code on
vulnerable server. By enabling this protection, SmartDefense
will detect
and block overly large arguments passed to the vulnerable
method of the
Microsoft SQL Server DBO library.
For more information, refer to CPAI-2007-114 at
http://www.checkpoint.com/defense/advi
sories/public/2007/cpai-19-Sepc.html

Microsoft Visual Studio Crystal Reports RPT Files Protection
(MS07-052)
Overview:  A buffer overflow vulnerability has been
identified in Business
Objects Crystal Reports. Crystal Reports is a software used
for designing
and generating reports from numerous data sources. A remote
attacker could
exploit this issue via a malformed RPT file. Successful
exploitation of
this vulnerability may allow execution of arbitrary code on
a target
system. By enabling this protection, SmartDefense will
detect and block the
transferring of malformed Crystal Reports files (.RPT) over
HTTP.
For more information, refer to CPAI-2007-115 at
http://www.checkpoint.com/defense/advis
ories/public/2007/cpai-20-Sep.html

IBM and Lenovo Access Support ActiveX Control Protection
Overview: The Access Support software package for IBM and
Lenovo systems
includes several ActiveX controls. Multiple vulnerabilities
have been
reported in IBM and Lenovo Access Support acpRunner ActiveX
control. A
remote attacker could exploit this issue by convincing a
user to visit a
specially crafted HTML document or open a malicious web
page. Successful
exploitation could result in remote code execution on the
target system
once the malicious page is loaded. By enabling this
protection,
SmartDefense will detect and block the vulnerable ActiveX
Control.
For more information, refer to CPAI-2007-116 at
http://www.checkpoint.com/defense/advis
ories/public/2007/cpai-23-Sep.html

CA eTrust Intrusion Detection (caller.dll) ActiveX Control
Protection
Overview: A remote code execution vulnerability has been
reported in CA
eTrust Intrusion Detection. CA eTrust Intrusion Detection is
a network
intrusion management and prevention system, that includes
real-time session
monitoring and Internet web filtering capabilities. A remote
attacker could
exploit this issue by convincing a user to visit a specially
crafted HTML
document or open a malicious web page. Successful
exploitation could result
in remote code execution on the target system once the
malicious page is
loaded. By enabling this protection, SmartDefense will
detect and block the
vulnerable ActiveX Controls.
For more information, refer to CPAI-2007-117 at
http://www.checkpoint.com/defense/advi
sories/public/2007/cpai-23-Sepa.html


Links to the recent SmartDefense Advisories are available
at:
http://www.checkpoint.com/defense/advisories/pub
lic/summary.html 

Read more about SmartDefense Service at:
http://www.checkpoint.com/defense/advisories/pu
blic/overview.html  

To sign-up to the mailing list, send an email to
listservamadeus.us.checkpoint.com with the text
"SUBSCRIBE
SMARTDEFENSE-NEWS" in the email body.

To unsubscribe from this list, send an email to
listservamadeus.us.checkpoint.com with the text
"SIGNOFF
SMARTDEFENSE-NEWS"
In the email body.

As always, please feel free to contact us directly if you
have any comments
or questions (sda-infoCheckPoint.com). 

-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.6.2 (Build 2014) - not licensed for
commercial use: www.pgp.com

wsBVAwUBRwzl+ay7i8j/RTzHAQiqwgf/VTPwX72ZOaF0uy5ABZm0sDX4XUQD
6jjh
DPQ5KsC9prTiIrFIhkOnKb6aeDlSBeqf52osIxyddzJvAkBMJNArzy8aMuBm
HxI2
O20Gf4d1wT02Pj6nnrpq+FgYXu8Wvjc6EPrsVs4/qqqP5ecGRCHlQQNdX5G8
8LSd
3v0gNTGMHNsH/32hHqGX/YxD1VDMbyBkEywICTfKVBavXfJvG26OYwZKOgj1
Sd64
O/0VY/yG/QtEnWj+s8yOOYD71E6beTKfnN6BttMN2F0GTLqFri7BOg0tKHvH
rfNP
QpKLQSi2Vp6snlKnvTMazUeyYt8xbvZoli4fCgZHwRZUjYu1aBzDTw==
=siAO
-----END PGP SIGNATURE-----