Home Page | Skip to Navigation | Skip to Content | Skip to Search | Skip to Footer

Update Protection against CBSMS Mambo Module Remote File Vulnerabilities

Subscribe

Check Point Reference: CPAI-2006-119
Date Published:
Severity:
Last Updated:
Source: FrSIRT/ADV-2006-2528
Industry Reference(s): CVE-2006-3302
CVE-2006-3294
Protection Provided by: VPN-1
  • NGX R61
  • NGX R60
  • NG with Application Intelligence R55W
  • NG with Application Intelligence R55
  • NG with Application Intelligence R54
VSX
  • NGX
InterSpect
  • NGX
Who is Vulnerable?
CBSMS Mambo Module version 1.0 and prior
Vulnerability Description
CBSMS Module for Mambo, an Open Source Content Management System, is prone to multiple vulnerabilities. A remote attacker can exploit these vulnerabilities to execute arbitrary PHP code on an affected system.
Update/Patch Available
Apply patch:
http://forum.mamboserver.com/showthread.php?t=83001
Vulnerability Details
The vulnerabilities are due to input validation errors in the "mod_cbsms_messages.php" and "mod_cbsms.php" scripts. An attacker can exploit these flaws via URLs in the "mosC_a_path" and "mosConfig_absolute_path" parameters. By doing so, the attacker could include malicious scripts and execute arbitrary commands on the vulnerable system.

Protection Overview
The Update enables the HTTP Worm Catcher to detect and block these vulnerabilities based on pre-defined worm signatures.

In order for the protection to be activated, update your VPN-1/InterSpect/Connectra product to the latest SmartDefense update. For information on how to update SmartDefense, go to SBP-2006-05, Protection tab and select the version of your choice. 

To configure the defense, select your product from the list below and follow the related protection steps.

Additional Information
The Update released on October 11, 2006 includes the following protections: 

Malformed DNS Resource Records Protection (MS06-041) - CPAI-2006-111
Microsoft Internet Explorer Memory Corruption Vulnerabilities (MS06-042) - CPAI-2006-112
Microsoft Windows MHTML Remote Code Execution Vulnerability (MS06-043) - CPAI-2006-113  
Microsoft Management Console Remote Code Execution Vulnerability (MS06-044) - CPAI-2006-114
Windows Explorer GUID Remote Code Execution Vulnerability (MS06-045) - CPAI-2006-115
Microsoft Windows RASMAN Buffer Overflow Vulnerabilities (MS06-025) - CPAI-2006-116
Microsoft Windows MailSlot Buffer Overflow Vulnerabilities (MS06-035) - CPAI-2006-117
Microsoft Internet Explorer (daxctle.ocx) Vulnerabilities (CPAI-2006-118)
CBSMS Mambo Module Remote File Vulnerabilities (CPAI-2006-119)

VPN-1 NGX R61 ,R60, VPN-1 NG with Application Intelligence R55W

How Can I Protect My Network?
1. In the Web Intelligence tree, click Malicious Code > General HTTP Worm Catcher.
2. Enable the following pattern:

CBSMS Mambo Module Remote File Vulnerability

3. Install security policy on all modules.

How Do I Know if My Network is Under Attack?
SmartView Tracker will log the following entries:

Attack Name: HTTP Worm Catcher
Attack Information: CBSMS Mambo Module Remote File Vulnerability

VPN-1 NG with Application Intelligence R55/R54

How Can I Protect My Network?
1. In the SmartDefense tree, click Application Intelligence > Web and enable General HTTP Worm Catcher.
2. Enable the following pattern:

CBSMS Mambo Module Remote File Vulnerability

3. Install security policy on all modules.

How Do I Know if My Network is Under Attack?
SmartView Tracker will log the following entries:

Attack Name: HTTP Worm Catcher
Attack Information: CBSMS Mambo Module Remote File Vulnerability

VPN-1 VSX NGX

How Can I Protect My Network?
1. In the SmartDefense tree, click Application Intelligence > Web and enable General HTTP Worm Catcher.
2. Enable the following pattern:

CBSMS Mambo Module Remote File Vulnerability

3. Install security policy on all modules.

How Do I Know if My Network is Under Attack?
SmartView Tracker will log the following entries:

Attack Name: HTTP Worm Catcher
Attack Information: CBSMS Mambo Module Remote File Vulnerability

InterSpect NGX

How Can I Protect My Network?
1. In the left pane, select Profiles > Default Protection and select the Web Intelligence page of the profile.
2. In the Web Intelligence tree, click Malicious Code > General HTTP Worm Catcher.
3. Enable the following pattern:

CBSMS Mambo Module Remote File Vulnerability

4. Install policy on all modules.

How Do I Know if My Network is Under Attack?
SmartView Tracker will log the following entries:

Attack Name: HTTP Worm Catcher
Attack Information: CBSMS Mambo Module Remote File Vulnerability

InterSpect 2.0

How Can I Protect My Network?
1. In the SmartDefense tree, click Application Intelligence > Web > General HTTP Worm Defender.
2. Enable the following pattern:

CBSMS Mambo Module Remote File Vulnerability

3. Install policy on all modules.

How Do I Know if My Network is Under Attack?
SmartView Tracker will log the following entries:

Attack Name: HTTP Worm Catcher
Attack Information: CBSMS Mambo Module Remote File Vulnerability

Connectra NGX R61

How Can I Protect My Network?
1. In the navigation tree, click Web Intelligence. In the Malicious Code Protection pane click General HTTP Worm Catcher.
2. Enable the following patterns:

CBSMS Mambo Module Remote File Vulnerability

3. Install policy on all modules.

How Do I Know if My Network is Under Attack?
Upon attack, the following entries will be logged:

Attack Name: HTTP Worm Catcher
Attack Information: CBSMS Mambo Module Remote File Vulnerability