 |
 Kneber/Zeus Botnet
Kneber (Zbot, BTN1) is a form of malware which is reported to have affected more than 74,000 PCs in 2,400 business and government systems around the world. Kneber, named after the username linking the infected computers worldwide (Hilary Kneber), is related to the ZeuS botnet, a malware botnet package that is readily available for sale and also traded in underground cybercriminal forums. The protection will detect and block attempts to connect to the Kneber/Zeus botnet.
IPS-1 & IPS-1 NGX R65: This attack can be mitigated by a previously released protection.
Security Gateway R70: A new protection is now available.
VPN-1 NGX R65 & VSX NGX R65: A new protection is now available.
CPAI-2010-038.
Adobe Flash Player Subvert Domain Sandbox Vulnerability (APSB10-06)Industry Reference:CVE-2010-0186.
A critical vulnerability has been identified in Adobe Flash Player. This vulnerability could subvert the domain sandbox and make unauthorized cross-domain requests. This protection will detect and block attempts to exploit this vulnerability.
Security Gateway R70: A new protection is now available.
CPAI-2010-039.
Security Best Practice: Protect Yourself from JavaScript Obfuscation TechniquesAlthough various security products provide coverage against many web vulnerabilities, such as ActiveX exploits, these known exploits could potentially bypass security products by using JavaScript obfuscation techniques. This protection triggers when the Javascript 'document.write' function has been deliberately renamed using statement similar to "var = document.write".
Security Gateway R70: A new protection is now available.
SBP-2009-17.
Microsoft Internet Explorer Response Redirect Information Disclosure VulnerabilityIndustry Reference:CVE-2010-0255.
An information disclosure vulnerability has been reported in Microsoft Internet Explorer. A remote attacker could exploit this issue by convincing a user to open a maliciously crafted HTML file with Internet Explorer, which may allow the attacker to view data from a Web page in another Internet Explorer domain. This protection will detect and block attempts to exploit this vulnerability.
IPS-1 & IPS-1 NGX R65: A new protection is now available.
Security Gateway R70: A protection was released in a previous update.
VPN-1 NGX R65 & VSX NGX R65: A protection was released in a previous update.
CPAI-2010-033.
Sun Java System Web Server Digest Authorization Buffer Overflow VulnerabilityA buffer overflow vulnerability was reported in Sun Java System Web Server, a web server for medium to large business applications. The vulnerability is due to insufficient boundary checks when processing malformed HTTP requests. A remote unauthenticated attack can leverage this vulnerability by sending a crafted HTTP request to a target server. Successful exploitation could lead to execution of remote code. This protection will detect and block HTTP requests with too many Digest Authentication headers.
IPS-1 & IPS-1 NGX R65: A new protection is now available.
CPAI-2010-109.
Sun Java System Web Server WEBDAV Stack Buffer Overflow VulnerabilityA buffer overflow vulnerability was reported in Sun Java System Web Server. Sun Microsystems' Java System Web Server is a web server for medium to large business applications.The vulnerability is due to a boundary error when processing crafted WEBDAV requests. A remote unauthenticated attacker can exploit this vulnerability by sending a crafted HTTP request to a target server. Successful exploitation could result in injection and execution of arbitrary code in the security context of the affected process. This protection will detect and block HTTP requests using Webdav request methods whose URL is longer than a certain threshold.
IPS-1 & IPS-1 NGX R65: A new protection is now available.
CPAI-2010-106.
HP Power Manager formExportDataLogs Buffer Overflow VulnerabilityIndustry Reference:CVE-2009-3999.
A buffer overflow vulnerability was reported in HP Power Manager, a web-based application for managing a HP Uninterruptible Power System (UPS). The vulnerability is due to insufficient bounds checking in the HP Power Manager while processing URL parameters in the formExportDataLogs form of the web based management server. To leverage the vulnerability, a remote unauthenticated attacker would need to send a malicious HTTP request to the target system, potentially leading to injection and execution of arbitrary code. This protection will detect and block HTTP requests to HP Power Manager forms whose fileName argument is larger than a certain threshold.
IPS-1 & IPS-1 NGX R65: A new protection is now available.
CPAI-2010-111.
HP Power Manager formExportDataLogs Directory Traversal VulnerabilityIndustry Reference:CVE-2009-4000.
A directory traversal vulnerability was reported in HP Power Manager. HP Power Manager is a web-based application for managing a HP Uninterruptible Power System (UPS). The web management console allows users to monitor, manage, and control a single UPS locally and remotely.The vulnerability is due to an input validation error while processing parameters sent to the web based management web server. Remote unauthenticated attackers can exploit this vulnerability to overwrite arbitrary files with attacker-controlled data on the target system by sending malicious HTTP requests. This protection will detect and block HTTP requests to the HP Power Manager where the fileName parameter contains directory traversal characters.
IPS-1 & IPS-1 NGX R65: A new protection is now available.
CPAI-2010-107.
Novell iManager eDirectory Plugin Schema Buffer Overflow VulnerabilityIndustry Reference:CVE-2009-4486.
A stack buffer overflow vulnerability was reported in the Novell iManager eDirectory plugin. Novell iManager is a web-based administration console that provides management of many other Novell products. The vulnerability is due to improper validation of user input by a sub-application. A remote, authenticated attacker can exploit this vulnerability by sending specially crafted parameters to the application. Successful exploitation of this vulnerability would result in arbitrary code execution with the privileges of the SYSTEM. This protection will detect and block HTTP requests to the Novell iManager plugin with invalid request parameters.
IPS-1 & IPS-1 NGX R65: A new protection is now available.
CPAI-2010-108.
Oracle TimesTen In-Memory Database HTTP Request Denial of Service VulnerabilityA denial of service vulnerability was reported in Oracle TimesTen In-Memory Database service, a product designed for real-time data management. The vulnerability is due to an input validation error while parsing HTTP GET requests. Remote unauthenticated attackers can exploit this vulnerability by sending a specially crafted HTTP request to the target system, potentially resulting in a Denial of Service condition. This protection will detect and block HTTP request to the Oracle TimesTen server where any CGI argument has a length that exceeds a given threshold.
IPS-1 & IPS-1 NGX R65: A new protection is now available.
CPAI-2010-110.
|
February 24, 2010
 |
You have received this notification because you have subscribed to the SmartDefense mailing list. If you would prefer to no longer receive security alerts and defense notifications please click to Unsubscribe
As always, please feel free to contact us directly if you have any comments or questions.
Read Check Point's Privacy Policy
©2003.2009 Check Point Software Technologies Ltd. (Nasdaq: CHKP) All rights reserved.
800 Bridge Parkway, Redwood City, CA USA 94065 |
|