New SmartDefense Updates

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

  
Greetings,

Several new SmartDefense Updates have been released today,
May 21, 2006 for
users of VPN-1 NGX R61 & R60, VPN-1 NG with Application
Intelligence
R55W, R55 & R54, users of InterSpect NGX & 2.0 and
users of Connectra NGX
R61. 

Microsoft MDAC Protection (MS06-014)
Summary: The Microsoft Data Access Components (MDAC)
provides a number of
supporting technologies for accessing and using databases. A
vulnerability
exists in a functionality distributed in MDAC which could be
exploited be
remote attackers to take complete control of an affected
system. The update
protects against the MDAC vulnerability by blocking the
vulnerable ActiveX
control. Depending on the traffic mix, activating this
protection may
result in performance degradation.  
For more information, visit CPAI-2006-043 at
http://www.checkpoint.com/defense/advi
sories/public/2006/cpai-26-Apra.html

Internet Explorer mhtml Redirection Protection
Summary: A vulnerability has been identified in Microsoft
Internet
Explorer. Internet Explorer fails to properly validate
"mhtml:" URL
redirections. This could be exploited by a remote attackers
to access
sensitive information on behalf of the target user. The
update blocks the
vulnerability by blocking the vulnerable mhtml handler.
Depending on the
traffic mix, activating this protection may lead to
performance
degradation. 
For more information, visit CPAI-2006-044 at
http://www.checkpoint.com/defense/advis
ories/public/2006/cpai-15-May.html

Winny P2P Buffer Overflow Protection
Summary: A critical vulnerability was reported in Winny, a
popular Japanese
P2P application. The vulnerability may allow a remote
attacker to execute
arbitrary code in the context of the user who executed the
Winny.
SmartDefense can block Winny traffic by identifying Winny
fingerprints.
SmartDefense is able to detect peer to peer traffic
regardless of the TCP
port that is being used to initiate the peer to peer
session. 
For more information, visit CPAI-2006-045 at
http://www.checkpoint.com/defense/advis
ories/public/2006/cpai-27-Apr.html

Multiple IMAP Vulnerabilities Protection
Summary: Several IMAP servers from several vendors are
vulnerable to a
buffer overflow condition due to failure to handle overly
long IMAP
commands.  These vulnerabilities can be exploited by remote
attackers to
execute arbitrary commands. The update blocks overly long
IMAP commands
including FETCH, EXAMINE and APPEND that may cause buffer
overflows on some
IMAP servers. 
For more information, visit CPAI-2006-046 at
http://www.checkpoint.com/defense/advi
sories/public/2006/cpai-29-Marb.html

MySQL Multiple Vulnerabilities Protection (users of
InterSpect NGX only)
Summary: MySQL is an open-source relational database
management system that
is rapidly growing in popularity. MySQL is free for most
applications and
is heavily used by the open source community, running on
both Windows and
UNIX operating systems. MySQL Servers are prone to multiple
vulnerabilities, enabling an attacker to modify, obtain or
destroy database
contents. This may result in disclosure of confidential
information,
database modification or even database shutdown. 
For more information, visit CPSA-2006-04 at
http://www.checkpoint.com/defense/advis
ories/public/2006/cpsa-13-May.html

Enhanced Protection for Microsoft FrontPage XSS
Vulnerability (MS06-017)
Summary: FrontPage Server Extensions is a set of tools that
can be
installed on a Web site. They allow authorized personnel to
manage the
server, add or change content, and perform other tasks. A
vulnerability was
detected in Front Page Server Extensions that may allow an
attacker take a
variety of actions including monitoring the Web session and
forwarding
information to a third party, running other code on the
user's system, and
reading or writing cookies. The Update enables the HTTP Worm
Catcher to
detect and block the vulnerability based on a pre-defined
worm signature. 
For more information, visit CPSA-2006-35 at
http://www.checkpoint.com/defense/advis
ories/public/2006/cpai-10-Apr.html

In addition, an Exclusion List has been added to the HTTP
Client
Protections. The Exclusion List allows you to exclude
trusted Web servers
from HTTP Client Protections inspection. Any server that
will be configured
as a Web Server will not be subjected to the HTTP Client
Protections. 

Links to the recent SmartDefense Advisories are available
at:
http://www.checkpoint.com/defense/advisories/pub
lic/summary.html 
 
Read more about SmartDefense Service at:
http://www.checkpoint.com/defense/advisories/pu
blic/overview.html 

To sign-up to the mailing list, send an email to
listservamadeus.us.checkpoint.com with the text
"SUBSCRIBE
SMARTDEFENSE-NEWS" in the email body.

To unsubscribe from this list, send an email to
listservamadeus.us.checkpoint.com with the text
"SIGNOFF
SMARTDEFENSE-NEWS" In the email body.

As always, please feel free to contact us directly if you
have any comments
or questions (sda-infoCheckPoint.com). 


-----BEGIN PGP SIGNATURE-----
Version: PGP 8.1

iQA/AwUBRHDLMFqiP0SjohCrEQIjPACeJH/gW6ZMP5rWcg/1YCGq4OS1JuoA
nAth
7IMfs9T14uV8Y/h7dldPvXSB
=6RZC
-----END PGP SIGNATURE-----