| Threat Type | Multiple Vulnerabilities |
IPS Definition
DB Versions | 2.678 - 2.681 |
| Coverage Release Date | Aug 18, 2009 - Aug 27, 2009 |
| Published Date | Monday, August 31, 2009 |
| Version # | 1 |
| |
| Severity | Number of
Vulnerabilities | Active
Exploitation |
| Critical | 19 | 4 | | High | 17 | 11 | | Medium | 13 | 4 | | Low | - | - | | Info | 1 | n/a | | Total | 50 | 19 |
|
Foreword
The FortiGuard Global Threat Research Team has released new security content to cover multiple vulnerabilities. The FortiGuard Team has observed 19 active exploitations of these vulnerabilities to date.
For more information, visit the FortiGuard Center at www.fortiguardcenter.com.
Threat Remediation
Fortinet provides coverage for the vulnerabilities described below as of the 2.681 IPS Definitions database update. A brief description of each vulnerability is provided as follows, in order of severity.
 Critical ( 9 )
Description:
This indicates an attack attempt against an integer overflow vulnerability in Adobe Reader and Acrobat.
The vulnerability is caused by an error when the vulnerable software handles a specially crafted PDF file. It allows a remote attacker to execute arbitrary code.
Affected Products:
Adobe Acrobat and Reader versions prior to 9.1.2
Adobe Acrobat and Reader versions prior to 8.1.6
Adobe Acrobat and Reader versions prior to 7.1.3
Reference IDs:
|
Description:
This indicates an attack attempt against a buffer overflow vulnerability in Adobe Reader and Acrobat.
The vulnerability is caused by an error when the vulnerable software handles a specially crafted PDF file. It allows a remote attacker to execute arbitrary code.
Affected Products:
Adobe Acrobat and Reader versions prior to 9.1.2
Adobe Acrobat and Reader versions prior to 8.1.6
Adobe Acrobat and Reader versions prior to 7.1.3
Reference IDs:
|
Description:
This indicates an attack attempt against a buffer-overflow vulnerability in HP Network Node Manager.
The vulnerability is caused by an error when the vulnerable software handles a specially crafted HTTP request. It allows a remote attacker to execute arbitrary code.
Affected Products:
HP OpenView Network Node Manager (OV NNM) version 7.51
HP OpenView Network Node Manager (OV NNM) version 7.53
Reference IDs:
|
Description:
This indicates an attack attempt against a buffer-overflow vulnerability in HT-MP3Player.
The vulnerability is caused by an error when the vulnerable software handles a malicious .ht3 file. It allows a remote attacker to execute arbitrary code via sending a crafted .ht3 file.
Affected Products:
HT-MP3Player 1.0
Reference IDs:
|
Description:
This indicates an attack attempt against a buffer-overflow vulnerability in Motorola Timbuktu Pro.
The vulnerability is caused by an error when the vulnerable software handles a specially crafted request sent to the PlughNTCommand named pipe. It allows a remote attacker to execute arbitrary code.
Affected Products:
Motorola Timbuktu Pro 8.6.5
Motorola Timbuktu Pro 8.6.3.1367
Reference IDs:
|
Description:
This indicates an attack attempt against a memory corruption vulnerability in Mozilla Firefox.
The vulnerability is caused by an error when the vulnerable software handles a specially crafted webpage. It allows a remote attacker to execute arbitrary code.
Affected Products:
Mozilla Firefox 3.0.10 and prior
Reference IDs:
|
Description:
This indicates an attack attempt against a buffer-overflow vulnerability in Photo DVD Maker.
The vulnerability is caused by an error when the vulnerable software handles a malicious .pdm file. It allows a remote attacker to execute arbitrary code via sending a crafted .pdm file.
Affected Products:
Photo DVD Maker 8.02 and prior versions
Reference IDs:
|
Description:
This indicates an attack attempt against a buffer-overflow vulnerability in Safenet SoftRemote IKE Service.
The vulnerability is caused by an error when the vulnerable software handles a malicious request. It allows a remote attacker to execute arbitrary code via sending a crafted UDP request.
Affected Products:
SafeNet SoftRemote before 10.8.6
Reference IDs:
|
Description:
This indicates an attack attempt against a buffer overflow vulnerability in Unisys Business Information Server.
The vulnerability is caused by an error when the vulnerable software handles a specially crafted packet. It allows a remote attacker to execute arbitrary code.
Affected Products:
Unisys Business Information Server 10.1
Unisys Business Information Server 10
Reference IDs:
|
High ( 10 )
Description:
This indicates an attack attempt against a buffer-overflow vulnerability in Dana IRC client.
The vulnerability is caused by an error when the vulnerable software handles a specially crafted packet. It allows a remote attacker to cause a denial of service or execute arbitrary code.
Affected Products:
Dana IRC Client version 1.3
Reference IDs:
|
Description:
This indicates an attack attempt against a buffer-overflow vulnerability in ISC dhclient.
The vulnerability is caused by an error when the vulnerable software handles a malicious dhcp server response. It allows a remote attacker to execute arbitrary code via sending a crafted dhcp server response packet.
Affected Products:
DHCP 4.1 (all versions)
DHCP 4.0 (all versions)
DHCP 3.1 (all versions)
DHCP 3.0 (all versions)
DHCP 2.0 (all versions)
Reference IDs:
|
Description:
This indicates an attempt to attack the buffer overflow vulnerability in Juniper SSL-VPN Client. The vulnerability in ActiveX inside JuniperSetupDLL.dll is caused by insufficient checking of user-supplied input for ProductName parameter.
Affected Products:
Juniper Networks SSL-VPN Client 0
Reference IDs:
|
Description:
This indicates an attack attempt against a remote code-execution vulnerability in Microsoft Windows Media Player 11, which was caused by improper operation on a file that is streamed from a Server-Side Playlist (SSPL) on Windows Media Server.
Affected Products:
Nortel Networks ENSM- Enterprise NMS 0
Nortel Networks ENSM - Enterprise NMS 10.5
Nortel Networks ENSM - Enterprise NMS 10.4
Microsoft Windows Media Player 11
HP Storage Management Appliance III
HP Storage Management Appliance II
HP Storage Management Appliance I
HP Storage Management Appliance 2.1
Reference IDs:
|
Description:
This indicates an attack attempt against an arbitrary program-execution vulnerability in Microsoft Windows.
The vulnerability is caused by a flaw in the showHelp() function when it references a compiled help file (.CHM file). It allows a remote attacker to bypass security checking to execute arbitrary programs via a URL containing ".." sequences and a filename ending with "::".
Affected Products:
Microsoft Windows XP SP1
Microsoft Windows NT Workstation 4.0 SP6a
Microsoft Windows NT Server 4.0 SP6a
NT Enterprise Server 4.0 SP6a
Windows 2000 Server SP4
Windows 2000 Professional SP4
Reference IDs:
|
Description:
This indicates a possible attack against a remote code-execution vulnerability in statuswml.cgi file of Nagios.
The vulnerability is due to the software's inability to properly handle shell metacharacters in its ping and traceroute commands. Remote attackers may exploit this to execute arbitrary code.
Affected Products:
Nagios before 3.1.1
Reference IDs:
|
Description:
This indicates an attack attempt against a buffer overflow vulnerability in Soulseek Server.
The vulnerability is caused by an error when the vulnerable software handles a malicious peer search. It allows a remote attacker to execute arbitrary code via sending a crafted request.
Affected Products:
Soulseek 156 and 157 NS, other versions may also be affected.
Reference IDs:
|
Description:
This indicates an attack attempt against a format string vulnerability in Sun Microsystems MySQL database server.
The vulnerability is caused by an error when the vulnerable software handles a specially crafted create or drop database command. It allows a remote attacker to cause a denial of service (daemon crash).
Affected Products:
MySQL 5.x
MySQL 4.x
Reference IDs:
|
Description:
This indicates an attempt to exploit a stack-based buffer overflow vulnerability in VLC media player.
This issue is caused by an error when the vulnerable software is handling overlong "smb://" uri in the xspf (XML Shareable Playlist Format ) file. It allows a remote attacker to execute arbitrary code via sending a crafted xspf file.
Affected Products:
VLC Media Player version 0.9.9 and prior (Windows)
Reference IDs:
|
Description:
This indicates an attack attempt against a code-execution vulnerability in Zen Cart.
The vulnerability is caused by an error when the vulnerable software handles a malicious POST request. It allows a remote attacker to execute arbitrary code via sending a crafted web page.
Affected Products:
Zen Cart 1.3.8 is vulnerable; other versions may also be affected.
Reference IDs:
|
Medium ( 8 )
Description:
This indicates an attack attempt against a SQL injection vulnerability in Adobe RoboHelp Server.
The vulnerability is caused by an error when the vulnerable software handles a specially crafted HTTP request. It allows a remote attacker to execute arbitrary SQL statements.
Affected Products:
Adobe RoboHelp Server 7
Adobe RoboHelp Server 6
Reference IDs:
|
Description:
This indicates an attack attempt against a denial-of-service vulnerability in Digium Asterisk.
The vulnerability is caused by an error when the vulnerable software handles a large volume of crafted messages. It allows a remote attacker to cause a denial-of-service condition to the asterisk service.
Affected Products:
Asterisk Open Source versions 1.0.x
Asterisk Open Source versions 1.2.x
Asterisk Open Source versions 1.4.x
Asterisk Business Edition versions A.x.x
Asterisk Business Edition versions B.x.x.x
Asterisk Business Edition versions C.x.x.x
Asterisk Appliance Developer Kit versions 0.x.x
Asterisk Appliance s800i versions 1.0.x
Reference IDs:
|
DNS.Server.Spoofing
Event ID: 17638 |
Release Date: Aug 25, 2009
IPS Definitions DB Version: 2.680 |
Description:
This indicates an attack attempt against a DNS Cache Poisoning vulnerability in Microsoft DNS server.
The vulnerability is caused by an error when the vulnerable software handles a series of specially crafted DNS requests. It allows a remote attacker to spoof DNS replies.
Affected Products:
Microsoft Windows 2000 Server Service Pack 4
Microsoft Windows Server 2003 Service Pack 1
Microsoft Windows Server 2003 Service Pack 2
Microsoft Windows Server 2003 x64 Edition
Microsoft Windows Server 2003 x64 Edition Service Pack 2
Microsoft Windows Server 2003 SP1 (Itanium)
Microsoft Windows Server 2003 SP2 (Itanium)
Reference IDs:
|
Description:
This indicates an attempt to exploit a denial-of-service vulnerability in the DHCP service in Windows Vista.
An attacker can exploit the vulnerability by creating a specially crafted DHCP server that assigns the same broadcast IP address to multiple hosts. This will corrupt the network structure of the host, causing a crash.
Affected Products:
Windows Vista
Windows Vista x64 Edition
Reference IDs:
|
Description:
This indicates a file upload attempt against Oracle Database server.
A malicious executable file could be uploaded by parsing a java class to a remote TNS service.
Affected Products:
Oracle Database 10g
Oracle Database 9i
Reference IDs:
|
Description:
This indicates an attempt to exploit an arbitrary file overwrite vulnerability in Pegasus Imaging ImagXpress.
Pegasus Imaging ImagXpress ActiveX Control contains an arbitrary file overwrite vulnerability through the "CompactFile()" method. An attacker can exploit this to overwrite arbitrary files on an affected computer.
Affected Products:
Pegasus Imaging Corporation. ImagXpress 1.0
Reference IDs:
|
Description:
This indicates an attempt to exploit an arbitrary file delete vulnerability in Pegasus Imaging ThumbnailXpress.
Pegasus Imaging ThumbnailXpress ActiveX Control contains an arbitrary file delete vulnerability through the "CacheFile" method. An attacker can exploit this to delete arbitrary files on an affected computer.
Affected Products:
Pegasus Imaging Corporation. ThumbnailXpress 1.0
Reference IDs:
|
Description:
This indicates an attack attempt against an information-disclosure vulnerability in Safari.
The vulnerability is caused by an error when the vulnerable software handles a malicious XSL file. It allows a remote attacker to steal files via sending a crafted web page.
Affected Products:
Apple Safari Prior 4.0
Reference IDs:
|
 Top of Section
Enhanced Coverage
The FortiGuard Threat Research team updates security content as new vectors of exploitation are discovered. The table below details the security content enhanced with this release.
Critical ( 15 )
High ( 20 )
Medium ( 9 )
Low ( 1 )
Info ( 1 )
Top of Section
Active Exploitation
The FortiGuard Threat Research team uses globally distributed probes to monitor exploit activity. Vulnerabilities can be classified as active and given a magnitude level. The magnitude level is the rate of activity across the probes. The value of the magnitude is set to low, medium or high.
The table below lists the vulnerabilities discussed in this bulletin (specifically new and enhanced detection) and their corresponding exploit activity magnitude. The data below is as of this writing.
Critical ( 4 of 19 )
High ( 8 of 14 )
Medium ( 3 of 12 )
Top of Section
Document History
| Revision Date | Version Number | |
|---|
| Monday, August 31, 2009 | 1 | Initial Documentation. |
About Fortinet ( www.fortinet.com )
Fortinet is the pioneer and leading provider of ASIC-accelerated unified threat management, or UTM, security systems, which are used by enterprises and service providers to increase their security while reducing total operating costs. Fortinet solutions were built from the ground up to integrate multiple levels of security protection--including firewall, antivirus, intrusion prevention, VPN, spyware prevention and anti-spam -- designed to help customers protect against network and content level threats. Leveraging a custom ASIC and unified interface, Fortinet solutions offer advanced security functionality that scales from remote office to chassis-based solutions with integrated management and reporting. Fortinet solutions have won multiple awards around the world and are the only security products that are certified in six programs by ICSA Labs: (Firewall, Antivirus, IPSec, SSL, Network IPS, and Anti-Spyware). Fortinet is privately held and based in Sunnyvale, California.
Disclaimer
Although Fortinet has attempted to provide accurate information in these materials, Fortinet assumes no legal responsibility for the accuracy or completeness of the information. Please note that no Fortinet statements herein constitute or contain any guarantee, warranty or legally binding representation. All materials contained in this publication are subject to change without notice, and Fortinet reserves the right to change, modify, transfer, or otherwise revise this publication without notice.
Top of page
|
