Update Protection against Winny Remote Buffer Overflow Vulnerability
| Check Point Reference: | CPAI-2006-045 | |
| Date Published: | ||
| Severity: | ||
| Last Updated: | ||
| Source: | eEye | |
| Industry Reference(s): | CVE-2006-2007 | |
| Protection Provided by: |
VPN-1
|
|
| Who is Vulnerable? Winny version 2.0 b7.1 and before Windows NT 4.0 Windows 98 / ME Windows 2000 Windows XP Windows 2003 | ||
| Vulnerability Description A critical vulnerability was reported in Winny, a popular Japanese P2P application. The vulnerability may allow a remote attacker to execute arbitrary code in the context of the user who executed the Winny. |
||
|
Vulnerability Details This vulnerability exists in the handling of specific commands provided by the file transfer port. This vulnerability exists within a strcpy(). A long string argument can be passed with some commands into a heap buffer. There is no checking of the length of this input. |
Protection Overview
SmartDefense can block Winny traffic by identifying Winny fingerprints. SmartDefense is able to detect peer to peer traffic regardless of the TCP port that is being used to initiate the peer to peer session.
To configure the defense, select your product from the list below and follow the related protection steps.
Additional Information
All in all, the update includes the following protections:
Vulnerability in Microsoft Data Access Components (MDAC) Function (MS06-014) - CPAI-2006-043
Internet Explorer mhtml Redirection Vulnerability - CPAI-2006-044
Winny P2P Remote Buffer Overflow Vulnerability - CPAI-2006-045
IMAP Multiple Vulnerabilities - CPAI-2006-046
Enhanced Protection against Microsoft FrontPage XSS Vulnerability (MS06-017) - CPAI-2006-035
MYSQL Protections - CPSA-2006-04 (InterSpect NGX only)
Exclusion List for HTTP Client Protections
VPN-1 NGX R61
How Can I Protect My Network?
1. Update your SmartDefense: Click the SmartDefense Services tab, In the left pane from the drop-down list, click Download Updates and then click the Online Update button.
2. In the SmartDefense tree, select Application Intelligence > Peer to Peer and click Winny.
3. Install security policy on all modules.
How Do I Know if My Network is Under Attack?
SmartView Tracker will log the following entries:
Attack Name: Peer to Peer Protocol Enforcement Violation
Attack Detection: Winny protocol detected on connection
VPN-1 NGX R60, VPN-1 NG with Application Intelligence R55W
How Can I Protect My Network?
1. Update SmartDefense by clicking Online Update in the SmartDashboard General window.
2. In the SmartDefense tree, select Application intelligence > Peer to Peer and click Winny.
3. Install security policy on all modules.
How Do I Know if My Network is Under Attack?
SmartView Tracker will log the following entries:
Attack Name: Peer to Peer Protocol Enforcement Violation
Attack Detection: Winny protocol detected on connection
InterSpect NGX
How Can I Protect My Network?
1. Update your SmartDefense: In the left pane from the drop-down list, select Profiles > SmartDefense Service and click the Online Update button.
2. In the left pane, select Profiles > Default Protection and select the SmartDefense page of the profile.
3. In the SmartDefense tree, select Application Intelligence > Peer to Peer and click Winny.
4. Install security policy on all modules.
How Do I Know if My Network is Under Attack?
SmartView Tracker will log the following entries:
Attack Name: Peer to Peer Protocol Enforcement Violation
Attack Detection: Winny protocol detected on connection
InterSpect 2.0
How Can I Protect My Network?
1. Update your SmartDefense by clicking Online Update in the SmartDashboard General window.
2. In the SmartDefense tree, select Application Intelligence > Peer to Peer and click Winny.
3. Install policy on all modules.
How Do I Know if My Network is Under Attack?
SmartView Tracker will log the following entries:
Attack Name: Peer to Peer Protocol Enforcement Violation
Attack Detection: Winny protocol detected on connection