| Threat Type | Multiple Vulnerabilities |
IPS Definition
DB Versions | 2.693 - 2.698 |
| Coverage Release Date | Sep 29, 2009 - Oct 08, 2009 |
| Published Date | Monday, October 12, 2009 |
| Version # | 1 |
| |
| Severity | Number of
Vulnerabilities | Active
Exploitation |
| Critical | 14 | 3 | | High | 8 | 1 | | Medium | 4 | - | | Low | 7 | - | | Info | - | n/a | | Total | 33 | 4 |
|
Foreword
The FortiGuard Global Threat Research Team has released new security content to cover multiple vulnerabilities. The FortiGuard Team has observed 4 active exploitations of these vulnerabilities to date.
For more information, visit the FortiGuard Center at www.fortiguardcenter.com.
Threat Remediation
Fortinet provides coverage for the vulnerabilities described below as of the 2.698 IPS Definitions database update. A brief description of each vulnerability is provided as follows, in order of severity.
Critical ( 6 )
Adobe.0day.17776
Event ID: 17776 |
Release Date: Oct 08, 2009
IPS Definitions DB Version: 2.698 |
Description:
This signature has been released by the FortiGuard Global Security Research Team in order to protect against a Zero-Day vulnerability. This signature should help mitigate the Zero-Day threat proactively - both prior to, and after an official fix is available from the vendor. Once this official fix is available, further details will be made available in our advisory on the FortiGuard Center (http://www.fortiguard.com). This signature and description will also be updated at this point in time.
Affected Products:
This is a Zero-Day (unpatched) vulnerability that is currently being investigated by the FortiGuard Global Security Research Team.
Reference IDs:
|
FG-VD-09-010-Cisco
Event ID: 17752 |
Release Date: Oct 06, 2009
IPS Definitions DB Version: 2.696 |
Description:
This indicates an attack attempt against a Zero-Day vulnerability discovered by the FortiGuard Global Security Research Team. This signature should help mitigate the Zero-Day threat proactively - both prior to, and after an official fix is available from the vendor. Once this official fix is available, further details about our discovery will be made available in an advisory on our FortiGuard Center (http://www.fortiguard.com). This signature and description will also be updated at this point in time.
Affected Products:
This is a Zero-Day (unpatched) vulnerability that has been discovered by the FortiGuard Global Security Research Team.
|
FG-VD-09-014-Cisco
Event ID: 17755 |
Release Date: Oct 06, 2009
IPS Definitions DB Version: 2.696 |
Description:
This indicates an attack attempt against a Zero-Day vulnerability discovered by the FortiGuard Global Security Research Team. This signature should help mitigate the Zero-Day threat proactively - both prior to, and after an official fix is available from the vendor. Once this official fix is available, further details about our discovery will be made available in an advisory on our FortiGuard Center (http://www.fortiguard.com). This signature and description will also be updated at this point in time.
Affected Products:
This is a Zero-Day (unpatched) vulnerability that has been discovered by the FortiGuard Global Security Research Team.
|
FG-VD-09-025-Cisco
Event ID: 17758 |
Release Date: Oct 06, 2009
IPS Definitions DB Version: 2.696 |
Description:
This indicates an attack attempt against a Zero-Day vulnerability discovered by the FortiGuard Global Security Research Team. This signature should help mitigate the Zero-Day threat proactively - both prior to, and after an official fix is available from the vendor. Once this official fix is available, further details about our discovery will be made available in an advisory on our FortiGuard Center (http://www.fortiguard.com). This signature and description will also be updated at this point in time.
Affected Products:
This is a Zero-Day (unpatched) vulnerability that has been discovered by the FortiGuard Global Security Research Team.
|
Description:
A buffer overflow vulnerability has been identified in the McAfee Subscription Manager (MCSUBMGR.DLL) ActiveX control. The exploit is triggered when the IsOldAppInstalled() method processes an overly long string argument, allowing remote attackers to execute arbitrary code.
An attacker can exploit this vulnerability by hosting a malicious web-site and enticing users to visit it.
Affected Products:
McAfee VirusScan 10.0.27
McAfee SecurityCenter Agent 6.0
McAfee SecurityCenter 6.0.22
McAfee SecurityCenter 7.0
McAfee SecurityCenter 6.0
McAfee SecurityCenter 4.3
Reference IDs:
|
Description:
This indicates an attempt to exploit a code execution vulnerability in Symantec Altiris Deployment Solution.
The vulnerability is located in the "AeXNSPkgDLLib.dll" ActiveX control through miss-use of "DownloadAndInstall" method. It may allow remote attackers to download and install arbitrary files in vulnerable systems.
Affected Products:
Symantec Altiris Deployment Solution 6.9 sp3
Reference IDs:
|
High ( 3 )
FG-VD-09-012-Cisco
Event ID: 17753 |
Release Date: Oct 06, 2009
IPS Definitions DB Version: 2.696 |
Description:
This indicates an attack attempt against a Zero-Day vulnerability discovered by the FortiGuard Global Security Research Team. This signature should help mitigate the Zero-Day threat proactively - both prior to, and after an official fix is available from the vendor. Once this official fix is available, further details about our discovery will be made available in an advisory on our FortiGuard Center (http://www.fortiguard.com). This signature and description will also be updated at this point in time.
Affected Products:
This is a Zero-Day (unpatched) vulnerability that has been discovered by the FortiGuard Global Security Research Team.
|
FG-VD-09-013-Cisco
Event ID: 17754 |
Release Date: Oct 06, 2009
IPS Definitions DB Version: 2.696 |
Description:
This indicates an attack attempt against a Zero-Day vulnerability discovered by the FortiGuard Global Security Research Team. This signature should help mitigate the Zero-Day threat proactively - both prior to, and after an official fix is available from the vendor. Once this official fix is available, further details about our discovery will be made available in an advisory on our FortiGuard Center (http://www.fortiguard.com). This signature and description will also be updated at this point in time.
Affected Products:
This is a Zero-Day (unpatched) vulnerability that has been discovered by the FortiGuard Global Security Research Team.
|
Description:
This indicates a possible attack against a remote code-execution vulnerability in HP Web JetAdmin Server, which allows unauthorized access to a vulnerable server.
Affected Products:
HP Web JetAdmin 6.5 and prior
HP Web JetAdmin 7.0 may also be vulnerable
Reference IDs:
|
Medium ( 4 )
Description:
This indicates an attack attempt against a buffer overflow vulnerability in the Tomcat plugin in 4d WebSTAR.
The vulnerability is caused by an error when the vulnerable software handles a specially crafted long URL. It allows a remote attacker to cause a denial of service and possibly execute arbitrary code.
Affected Products:
4D WebSTAR 5.4
4D WebSTAR 5.3.3
Reference IDs:
|
Description:
This indicates an attack attempt to exploit a denial of service vulnerability in Apple Safari.
The vulnerability is caused by an error when the vulnerable software handles a web page including misused "eval" function. A remote attacker could exploit this vulnerability to crash the vulnerable software.
Affected Products:
Safari 3.2.3
Reference IDs:
|
Description:
This indicates an attack attempt against a Local File Include vulnerability in Easy Px 41 CMS.
The vulnerability exists because the affected software fails to properly sanitize user-supplied input. This could allow remote attackers to execute arbitrary code via sending a crafted web page.
Affected Products:
Easy PX 41 CMS 09.00.00B1
Reference IDs:
|
Description:
This indicates an attack attempt against a privilege-elevation vulnerability in
Mozilla Firefox.
The vulnerability is found in the pkcs11.addmodule and pkcs11.deletemodulemethods. It allows a remote attacker to easily entice users to add or remove a malicious PKCS11 module.
Affected Products:
Mozilla Firefox older than 3.0.14
Reference IDs:
|
Low ( 7 )
Description:
This indicates an attack attempt against a cross-site scripting (XSS) vulnerability in Adobe ColdFusion Server.
The vulnerability is caused by an error when the vulnerable software handles a specially crafted URL. It allows a remote attacker to inject arbitrary web script or HTML.
Affected Products:
ColdFusion 8.0.1 and earlier versions
Reference IDs:
|
Description:
This indicates an attack attempt against an integer-overflow vulnerability in Apple Mac OS.
The vulnerability is caused by an error when the vulnerable system handles Mach-O binaries with malformed "load_command" structures. It allows a remote attacker to cause a denial of service and possibly execute arbitrary code.
Affected Products:
Apple Mac OS X version 10.4.8 and previous versions
Reference IDs:
|
FG-VD-09-008-Cisco
Event ID: 17751 |
Release Date: Oct 06, 2009
IPS Definitions DB Version: 2.696 |
Description:
This indicates an attack attempt against a zero-day vulnerability discovered by the FortiGuard Global Security Research Team. This signature should help mitigate the Zero-Day threat proactively - both prior to, and after an official fix is available from the vendor. Once this official fix is available, further details about our discovery will be made available in an advisory on our FortiGuard Center (http://www.fortiguard.com). This signature and description will also be updated at this point in time.
Affected Products:
This is a Zero-Day (unpatched) vulnerability that has been discovered by the FortiGuard Global Security Research Team.
|
FG-VD-09-016-Cisco
Event ID: 17757 |
Release Date: Oct 06, 2009
IPS Definitions DB Version: 2.696 |
Description:
This indicates an attack attempt against a Zero-Day vulnerability discovered by the FortiGuard Global Security Research Team. This signature should help mitigate the Zero-Day threat proactively - both prior to, and after an official fix is available from the vendor. Once this official fix is available, further details about our discovery will be made available in an advisory on our FortiGuard Center (http://www.fortiguard.com). This signature and description will also be updated at this point in time.
Affected Products:
This is a Zero-Day (unpatched) vulnerability that has been discovered by the FortiGuard Global Security Research Team.
|
Description:
This indicates an attack attempt against a denial of service vulnerability in GCALDaemon.
The vulnerability is caused by an error when the vulnerable software handles a specially crafted Content-Length HTTP header. It allows a remote attacker to cause a denial of service.
Affected Products:
GCALDaemon GCalDaemon 1.0-beta13
Reference IDs:
|
Description:
Acunetix Web Vulnerability Scanner has a denial-of-service vulnerability. A remote attacker could make the scanner crash via a specially crafted HTTP request with invalid Content-Length values.
Affected Products:
Acunetix Web Vulnerability Scanner versions prior to 4.0 2006071
Reference IDs:
|
Description:
This indicates an attack attempt against an Information Disclosure vulnerability in Microsoft Internet Explorer.
The vulnerability is caused by an error when the vulnerable software handles a specially crafted web page. It allows a remote attacker to read arbitrary files.
Affected Products:
Microsoft Internet Explorer 6
Microsoft Internet Explorer 7
Reference IDs:
|
Top of Section
Enhanced Coverage
The FortiGuard Threat Research team updates security content as new vectors of exploitation are discovered. The table below details the security content enhanced with this release.
Critical ( 8 )
High ( 5 )
Top of Section
Active Exploitation
The FortiGuard Threat Research team uses globally distributed probes to monitor exploit activity. Vulnerabilities can be classified as active and given a magnitude level. The magnitude level is the rate of activity across the probes. The value of the magnitude is set to low, medium or high.
The table below lists the vulnerabilities discussed in this bulletin (specifically new and enhanced detection) and their corresponding exploit activity magnitude. The data below is as of this writing.
Critical ( 3 of 14 )
High ( 1 of 8 )
Medium ( 0 of 4 )
Low ( 0 of 7 )
Top of Section
Document History
| Revision Date | Version Number | |
|---|
| Monday, October 12, 2009 | 1 | Initial Documentation. |
About Fortinet ( www.fortinet.com )
Fortinet is the pioneer and leading provider of ASIC-accelerated unified threat management, or UTM, security systems, which are used by enterprises and service providers to increase their security while reducing total operating costs. Fortinet solutions were built from the ground up to integrate multiple levels of security protection--including firewall, antivirus, intrusion prevention, VPN, spyware prevention and anti-spam -- designed to help customers protect against network and content level threats. Leveraging a custom ASIC and unified interface, Fortinet solutions offer advanced security functionality that scales from remote office to chassis-based solutions with integrated management and reporting. Fortinet solutions have won multiple awards around the world and are the only security products that are certified in six programs by ICSA Labs: (Firewall, Antivirus, IPSec, SSL, Network IPS, and Anti-Spyware). Fortinet is privately held and based in Sunnyvale, California.
Disclaimer
Although Fortinet has attempted to provide accurate information in these materials, Fortinet assumes no legal responsibility for the accuracy or completeness of the information. Please note that no Fortinet statements herein constitute or contain any guarantee, warranty or legally binding representation. All materials contained in this publication are subject to change without notice, and Fortinet reserves the right to change, modify, transfer, or otherwise revise this publication without notice.
Top of page
