SmartDefense Security Advisory

Novell eDirectory NDS Verb Integer Overflow Vulnerability

Industry Reference:CVE-2009-0895.

An integer overflow was identified in Novell eDirectory. Novell eDirectory is a Lightweight Directory Access Protocol (LDAP) directory-based identity management system that centralizes the management of user identities, access privileges and many other network resources. An attacker can exploit this vulnerability to execute arbitrary code on a target system. This protection will detect and block malformed Novell NDS packets sent to the eDirectory system.

Security Gateway R70: A new protection is now available.
CPAI-2010-014.

Hydraq Trojan/Aurora Attack

Industry Reference:CVE-2010-0249.

The Hydraq Trojan (also known as Aurora) was being used in the recent attack against Google and other large companies. A then unpatched Internet Explorer vulnerability (CVE-2010-0249) was used as one of the propagation vectors for this Trojan. The intent of the trojan is to open a back door on a compromised computer allowing a remote attacker to monitor activity and steal information from the compromised computer. Once installed inside a corporate network, the Trojan can also allow the attacker to use the initially compromised computer to launch into the rest of the infrastructure. This protection detects and blocks connections over port 443 that appear to be running the Aurora/Hydraq protocol.

IPS-1 & IPS-1 NGX R65: A new protection is now available.
Security Gateway R70: A new protection is now available.
CPAI-2010-100.

Microsoft Internet Explorer US-ASCII Charset Obfuscation Exploits

Industry Reference:CVE-2006-3227.

Although various security products provide coverage against many web vulnerabilities, these known exploits could potentially bypass security products by using US-ASCII charset obfuscation techniques. Microsoft Internet Explorer contains a flaw related to the encoding Internet transmitted content into ASCII that may allow an attacker to bypass such security filters. This protection will detect and block specially crafted ASCII-encoded Web pages.

Security Gateway R70: A new protection is now available.
SBP-2010-09.

 January 28, 2010

IPS Software Blade

Buy Now

Guidelines

Forums

SmartDefense Microsoft Security Resources
You have received this notification because you have subscribed to the SmartDefense mailing list. If you would prefer to no longer receive security alerts and defense notifications please click to Unsubscribe

As always, please feel free to contact us directly if you have any comments or questions.

Read Check Point's Privacy Policy
©2003.2009 Check Point Software Technologies Ltd. (Nasdaq: CHKP) All rights reserved.
800 Bridge Parkway, Redwood City, CA USA 94065