| Threat Type | Multiple Vulnerabilities |
IPS Definition
DB Versions | 2.689 - 2.692 |
| Coverage Release Date | Sep 15, 2009 - Sep 24, 2009 |
| Published Date | Monday, September 28, 2009 |
| Version # | 1 |
| |
| Severity | Number of
Vulnerabilities | Active
Exploitation |
| Critical | 15 | 7 | | High | 15 | 7 | | Medium | 6 | 3 | | Low | 2 | - | | Info | - | n/a | | Total | 38 | 17 |
|
Foreword
The FortiGuard Global Threat Research Team has released new security content to cover multiple vulnerabilities. The FortiGuard Team has observed 17 active exploitations of these vulnerabilities to date.
For more information, visit the FortiGuard Center at www.fortiguardcenter.com.
Threat Remediation
Fortinet provides coverage for the vulnerabilities described below as of the 2.692 IPS Definitions database update. A brief description of each vulnerability is provided as follows, in order of severity.
 Critical ( 5 )
Description:
This indicates an attack attempt against a integer overflow vulnerability in Adobe Flash Player.
The vulnerability is caused by an error when the vulnerable software handles a specially crafted SWF file. It allows a remote attacker to execute arbitrary code.
Affected Products:
Adobe Flash Player version 9.0.159.0 and previous versions
Adobe Flash Player version 10.0.22.87 and previous versions
Adobe AIR version 1.5.1 and previous versions
Reference IDs:
|
Description:
This indicates an attack attempt against a command-execution vulnerability in the Awingsoft Awakening Winds3D Viewer plugin.
The vulnerability is caused by an error when the vulnerable software handles a malicious Winds3D scene. It allows a remote attacker to execute arbitrary command by enticing the user to visit a malicious website.
Affected Products:
Awingsoft Awakening Winds3D Viewer plugin 3.5.0.0, 3.0.0.5
Reference IDs:
|
Description:
This indicates an attack attempt against a memory-corruption vulnerability in Mozilla Firefox.
The vulnerability is caused by an error when the vulnerable software handles a specially crafted SVG element. It allows a remote attacker to execute arbitrary code.
Affected Products:
Mozilla Firefox 3.5
Mozilla Firefox 3.0.11
Mozilla Firefox 3.0.10
Mozilla Firefox 3.0.9
Mozilla Firefox 3.0.8
Mozilla Firefox 3.0.7 Beta
Mozilla Firefox 3.0.7
Mozilla Firefox 3.0.6
Mozilla Firefox 3.0.5
Mozilla Firefox 3.0.4
Mozilla Firefox 3.0.3
Mozilla Firefox 3.0.2
Mozilla Firefox 3.0.1
Mozilla Firefox 3.0 Beta 5
Mozilla Firefox 3.0
Reference IDs:
|
Description:
This indicates an attack attempt against a remote code execution vulnerability in the Microsoft Windows system library "avifil32.dll".
The vulnerability is caused by an error when the "AVIFile" API handles a specially crafted AVI file with a truncated AVHI chunk. It allows a remote attacker to execute arbitrary code.
Affected Products:
Microsoft Windows 2000 Service Pack 4
Microsoft Windows XP Service Pack 2
Microsoft Windows XP Service Pack 3
Microsoft Windows XP Professional x64 Edition Service Pack 2
Microsoft Windows Server 2003 Service Pack 2
Microsoft Windows Server 2003 x64 Edition Service Pack 2
Microsoft Windows Server 2003 with SP2 for Itanium-based Systems
Microsoft Windows Vista
Microsoft Windows Vista Service Pack 1
Microsoft Windows Vista Service Pack 2
Microsoft Windows Vista x64 Edition
Microsoft Windows Vista x64 Edition Service Pack 1
Microsoft Windows Vista x64 Edition Service Pack 2
Microsoft Windows Server 2008 for 32-bit Systems
Microsoft Windows Server 2008 for 32-bit Systems Service Pack 2
Microsoft Windows Server 2008 for x64-based Systems
Microsoft Windows Server 2008 for x64-based Systems Service Pack 2
Microsoft Windows Server 2008 for Itanium-based Systems
Microsoft Windows Server 2008 for Itanium-based Systems Service Pack 2
Reference IDs:
|
Description:
This indicates an attack attempt against a command injection vulnerability in PeaZIP.
The vulnerability is caused by an error when the vulnerable software handles a malicious archive file. It allows a remote attacker to inject arbitrary command via sending a crafted archive files.
Affected Products:
PeaZIP 2.6.1, 2.5.1, and earlier on Windows
Reference IDs:
|
High ( 4 )
Description:
This indicates a possible attack against a buffer-overflow vulnerabiilty in Altap Servant Salamander with Portable Executable Viewer 2.02.
The vulnerability is caused by an improper operation on user input data, which could lead to arbitrary code execution by inputing a long PDB debug filename in a PE file.
Affected Products:
Altap Salamander 2.5 with Portable Executable Viewer 2.02
Servant Salamander 2.0 with Portable Executable Viewer 1.00
Reference IDs:
|
Description:
This indicates an attack attempt against a command execution vulnerability in DXStudio Firefox Plugin.
The vulnerability is caused by an error when the vulnerable software handles a malicious shell.execute script. It allows a remote attacker to execute arbitrary command via sending a crafted web page.
Affected Products:
Worldweaver DX Studio Player 3.0.29.0, 3.0.22.0, 3.0.12.0, and probably other versions before 3.0.29.1
Reference IDs:
|
Description:
This indicates an attack attempt against a code-execution vulnerability in Joomla.
The vulnerability is caused by an error when the vulnerable software handles uploading of files. It allows a remote attacker to execute arbitrary PHP code via sending a crafted web page.
Affected Products:
Joomla 1.5.12
Reference IDs:
|
Description:
This indicates an attack attempt against a security-bypass vulnerability in WordPress.
The vulnerability is due to the software's inability to properly restrict access to its password-resetting features. A remote attacker may exploit this to reset the password of the adminstrator account in WordPress.
Affected Products:
WordPress version 2.8.3; prior versions may also be affected.
Reference IDs:
|
Medium ( 3 )
Description:
This indicates an attack attempt against a denial-of-service vulnerability in Squid.
The vulnerability is caused by an error when the vulnerable software handles a specially crafted HTTP response. It allows a remote attacker to create a denial-of-service condition on the target server.
Affected Products:
Squid versions 3.0 through 3.0.STABLE16
Squid versions 3.1 through 3.1.0.11
Reference IDs:
|
HTTP.Splitting
Event ID: 17701 |
Release Date: Sep 15, 2009
IPS Definitions DB Version: 2.689 |
Description:
This indicates an attack attempt to exploit the HTTP-splitting vulnerability.
The vulnerability is due to the application's failure to properly sanitize user HTTP requests. An attacker can send a specially crafted request containing malicious HTTP responses to poison the cache of the vulnerable web server. As a result, the attacker can bypass content restrictions or cause user requests to be redirected.
Affected Products:
All web application environments are susceptible to HTTP splitting.
|
Description:
This indicates an attack attempt to exploit a SAX-injection vulnerability in Web Services which communicate through the use of SOAP requests.
The vulnerability is a result of the application's failure to properly sanitize user input before using it in web services. As a result, a remote attacker can send a crafted request to execute a function defined in the web service definition language (WSDL) file.
Affected Products:
All web application environments are susceptible to SAX injection.�
|
Low ( 1 )
Description:
Cross-site scripting (XSS) vulnerability in Nikto 1.35 and earlier, allows remote attackers to inject arbitrary web script or HTML via the Server field in an HTTP response header, which is directly injected into an HTML report.
Affected Products:
Nikto Nikto 1.35
N-Stalker N-Stealth Free Edition 5.8
N-Stalker N-Stealth Commercial Edition 5.8
Reference IDs:
|
 Top of Section
Enhanced Coverage
The FortiGuard Threat Research team updates security content as new vectors of exploitation are discovered. The table below details the security content enhanced with this release.
Critical ( 12 )
High ( 12 )
Medium ( 3 )
Low ( 1 )
Top of Section
Active Exploitation
The FortiGuard Threat Research team uses globally distributed probes to monitor exploit activity. Vulnerabilities can be classified as active and given a magnitude level. The magnitude level is the rate of activity across the probes. The value of the magnitude is set to low, medium or high.
The table below lists the vulnerabilities discussed in this bulletin (specifically new and enhanced detection) and their corresponding exploit activity magnitude. The data below is as of this writing.
Critical ( 5 of 13 )
High ( 7 of 14 )
Medium ( 3 of 6 )
Low ( 0 of 2 )
Top of Section
Document History
| Revision Date | Version Number | |
|---|
| Monday, September 28, 2009 | 1 | Initial Documentation. |
About Fortinet ( www.fortinet.com )
Fortinet is the pioneer and leading provider of ASIC-accelerated unified threat management, or UTM, security systems, which are used by enterprises and service providers to increase their security while reducing total operating costs. Fortinet solutions were built from the ground up to integrate multiple levels of security protection--including firewall, antivirus, intrusion prevention, VPN, spyware prevention and anti-spam -- designed to help customers protect against network and content level threats. Leveraging a custom ASIC and unified interface, Fortinet solutions offer advanced security functionality that scales from remote office to chassis-based solutions with integrated management and reporting. Fortinet solutions have won multiple awards around the world and are the only security products that are certified in six programs by ICSA Labs: (Firewall, Antivirus, IPSec, SSL, Network IPS, and Anti-Spyware). Fortinet is privately held and based in Sunnyvale, California.
Disclaimer
Although Fortinet has attempted to provide accurate information in these materials, Fortinet assumes no legal responsibility for the accuracy or completeness of the information. Please note that no Fortinet statements herein constitute or contain any guarantee, warranty or legally binding representation. All materials contained in this publication are subject to change without notice, and Fortinet reserves the right to change, modify, transfer, or otherwise revise this publication without notice.
Top of page
|
