| Threat Type | Multiple Vulnerabilities |
IPS Definition
DB Versions | 2.758 - 2.762 |
| Coverage Release Date | Feb 15, 2010 - Feb 25, 2010 |
| Published Date | Monday, March 01, 2010 |
| Version # | 1 |
| |
| Severity | Number of
Vulnerabilities | Active
Exploitation |
| Critical | 17 | 2 | | High | 18 | 6 | | Medium | 7 | 4 | | Low | - | - | | Info | - | n/a | | Total | 42 | 12 |
|
Foreword
The FortiGuard Global Threat Research Team has released new security content to cover multiple vulnerabilities. The FortiGuard Team has observed 12 active exploitations of these vulnerabilities to date.
For more information, visit the FortiGuard Center at www.fortiguardcenter.com.
Threat Remediation
Fortinet provides coverage for the vulnerabilities described below as of the 2.762 IPS Definitions database update. A brief description of each vulnerability is provided as follows, in order of severity.
Critical ( 8 )
Description:
This indicates an attack attempt against a command-injection vulnerability in Alcatel OmniPCX Office.
A vulnerability has been reported in Alcatel OmniPCX Office that may allow an attacker to execute shell commands on a vulnerable system. This is possible because the user input filters fail to properly sanitize the "user" parameter value that is passed to "MasterCGI". An attacker may include shell commands by supplying an injection string through the URL and a good string through POST or the COOKIE.
Affected Products:
Alcatel-Lucent OmniPCX Enterprise 7.1
Alcatel-Lucent OmniPCX Enterprise 7.0
Alcatel-Lucent OmniPCX Enterprise 6.2
Alcatel-Lucent OmniPCX Enterprise 6.1
Alcatel-Lucent OmniPCX Enterprise 6.0
Alcatel-Lucent OmniPCX Enterprise 0
Alcatel-Lucent OmniPCX Enterpise 7
Reference IDs:
|
Description:
This indicates an attack attempt against a stack-overflow vulnerability in Microsoft Office PowerPoint.
The vulnerability is caused by an error when the vulnerable software handles a .ppt file that includes a malicious "LinkedSlideAtom" atom. It may allow remote attackers to execute arbitrary code by sending a crafted PPT file.
Affected Products:
Microsoft Office PowerPoint 2003 Service Pack 3
Reference IDs:
|
Description:
This indicates an attack attempt against a stack-overflow vulnerability in Microsoft Office PowerPoint viewer.
The vulnerability is caused by an error when the vulnerable software handles a .ppt file that includes a malicious "TextCharsAtom" atom. It may allow remote attackers to execute arbitrary code by sending a crafted PPT file.
Affected Products:
Microsoft Office PowerPoint 2003 Service Pack 3
Reference IDs:
|
Description:
This indicates an attack attempt against a stack-overflow vulnerability in Microsoft Office PowerPoint viewer.
The vulnerability is caused by an error when the vulnerable software handles a .ppt file that includes a malicious "TextBytesAtom" atom. It may allow remote attackers to execute arbitrary code by sending a crafted PPT(.ppt) file.
Affected Products:
Microsoft Office PowerPoint 2003 Service Pack 3
Reference IDs:
|
Description:
This indicates an attack attempt against a buffer-overflow vulnerability in Novell iPrint Client.
The vulnerability is caused by an error when the vulnerable software handles a malicious "date-time" parameter. It allows a remote attacker to execute arbitrary code via sending a crafted web page.
Affected Products:
Novell iPrint Client before 5.32
Reference IDs:
|
Description:
This indicates an attack attempt against a buffer-overflow vulnerability in Novell iPrint Client.
The vulnerability is caused by an error when the vulnerable software handles a malicious "target-frame" value. It allows a remote attacker to execute arbitrary code via sending a crafted web page.
Affected Products:
Novell iPrint Client before 5.32
Reference IDs:
|
Description:
This indicates an attack attempt against a remote code-execution vulnerability in multiple operating systems.
The vulnerability is caused by insufficient checking of embedded signed Java applets in HTML documents. It may allow remote attackers to execute arbitrary code by sending a web page with an embedded crafted signed Java applet.
Affected Products:
Windows (x86)
Mac OS X
Linux (x86)
|
Description:
This indicates an attack attempt against a buffer-overflow vulnerability in Zeus Web Server.
The vulnerability is caused by an error when the vulnerable software handles a malfromed SSL v2 client hello message. It may allow remote attackers to execute arbitrary code by sending a crafted SSL handshake packet.
Affected Products:
Zeus Technologies Zeus Web Server 4.2 r2
Zeus Technologies Zeus Web Server 4.2
Zeus Technologies Zeus Web Server 4.1 r5
Zeus Technologies Zeus Web Server 4.1 r4
Zeus Technologies Zeus Web Server 4.1 r3
Zeus Technologies Zeus Web Server 4.1 r2
Zeus Technologies Zeus Web Server 4.1 r1
Zeus Technologies Zeus Web Server 4.1
Zeus Technologies Zeus Web Server 4.0
Zeus Technologies Zeus Web Server 4.3r4
Reference IDs:
|
High ( 6 )
Description:
This indicates an attack attempt against an SQL-injection vulnerability in view_profile.php in AJDating.
The vulnerability is caused by an error when the vulnerable software handles a specially crafted URL. It allows a remote attacker to execute arbitrary SQL commands via the user_id parameter.
Affected Products:
AJ Square AJ Dating 1.0
Reference IDs:
|
Description:
This indicates an attack attempt against a memory-corruption vulnerability in
Cisco CiscoWorks Internetwork Performance Monitor.
The vulnerability is caused by an error when the vulnerable software handles
a malicious CORBA GIOP request. It allows a remote attacker to execute remote code execution.
Affected Products:
Cisco CiscoWorks Internetwork Performance Monitor
Reference IDs:
|
Description:
This indicates an attack attempt against a buffer-overflow vulnerability in Easy RM to MP3 Converter.
The vulnerability is caused by an error when the vulnerable software handles a malicious .pls file. It allows a remote attacker to execute arbitrary code via sending a crafted file.
Affected Products:
Mini-stream RM-MP3 Converter version 2.7.3.700 and 3.0.0.7. Other versions may also be affected.
Reference IDs:
|
Description:
This indicates an attack attempt against a remote command-execution vulnerability in phf, which is a sample cgi bin program.
A vulnerability has been reported in phf that may allow an attacker to execute shell commands on a vulnerable system. This is possible because the user input filters fail to properly sanitize the "Qname" parameter value. An attacker may include shell commands by supplying an injection string through the URL.
Affected Products:
NCSA httpd 1.5 a-export
Apache Software Foundation Apache 1.0.3
Reference IDs:
|
Description:
This indicates an attack attempt against a buffer-overflow vulnerability in Sun Java System Web Server.
The vulnerability is caused by an error when the vulnerable software handles a malicious request. It allows a remote attacker to execute arbitrary code via sending a crafted web page.
Affected Products:
Sun Java System Web Server version 7.0 Update 7 (7.0u7) and prior
Sun Java System Web Server version 6.1 Service Pack 11 and prior
Sun Java System Web Proxy Server version 4.0 Service pack 12 and prior
Reference IDs:
|
Description:
This indicates an attack attempt against a buffer-overflow vulnerability in Wireshark.
The vulnerability is caused by an error when the vulnerable software handles a malfromed LWRES packet. It may allow remote attackers to execute arbitrary code by sending a crafted LWRES packet.
Affected Products:
Wireshark Wireshark 1.2.5
Wireshark Wireshark 1.2.4
Wireshark Wireshark 1.2.3
Wireshark Wireshark 1.2.2
Wireshark Wireshark 1.2.1
Wireshark Wireshark 1.2
Wireshark Wireshark 1.0.10
Wireshark Wireshark 1.0.9
Wireshark Wireshark 1.0.8
Wireshark Wireshark 1.0.7
Wireshark Wireshark 1.0.6
Wireshark Wireshark 1.0.5
Wireshark Wireshark 1.0.4
Wireshark Wireshark 1.0.3
Wireshark Wireshark 1.0.2
Wireshark Wireshark 1.0.1
Wireshark Wireshark 1.0
Pardus Linux 2009 0
Ethereal Group Ethereal 0.99
Ethereal Group Ethereal 0.10.14
Ethereal Group Ethereal 0.10.13
Ethereal Group Ethereal 0.10.12
Ethereal Group Ethereal 0.10.11
Ethereal Group Ethereal 0.10.10
Ethereal Group Ethereal 0.10.9
Ethereal Group Ethereal 0.10.8
Ethereal Group Ethereal 0.10.7
Ethereal Group Ethereal 0.10.6
Ethereal Group Ethereal 0.10.5
Ethereal Group Ethereal 0.10.4
Ethereal Group Ethereal 0.10.3
Ethereal Group Ethereal 0.10.2
Ethereal Group Ethereal 0.10.1
Ethereal Group Ethereal 0.10 .10
Ethereal Group Ethereal 0.10
Ethereal Group Ethereal 0.9.16
Ethereal Group Ethereal 0.9.15
Ethereal Group Ethereal 0.9.14
Ethereal Group Ethereal 0.9.13
Ethereal Group Ethereal 0.9.12
Ethereal Group Ethereal 0.9.11
Ethereal Group Ethereal 0.9.10
Ethereal Group Ethereal 0.9.9
Ethereal Group Ethereal 0.9.8
Ethereal Group Ethereal 0.9.7
Ethereal Group Ethereal 0.9.6
Ethereal Group Ethereal 0.9.5
Ethereal Group Ethereal 0.9.4
Ethereal Group Ethereal 0.9.3
Ethereal Group Ethereal 0.9.2
Ethereal Group Ethereal 0.9.1
Ethereal Group Ethereal 0.9
Debian Linux 5.0 sparc
Debian Linux 5.0 s/390
Debian Linux 5.0 powerpc
Debian Linux 5.0 mipsel
Debian Linux 5.0 mips
Debian Linux 5.0 m68k
Debian Linux 5.0 ia-64
Debian Linux 5.0 ia-32
Debian Linux 5.0 hppa
Debian Linux 5.0 armel
Debian Linux 5.0 arm
Debian Linux 5.0 amd64
Debian Linux 5.0 alpha
Debian Linux 5.0
Reference IDs:
|
Medium ( 3 )
Description:
This indicates an attack attempt against a cross-site scripting vulnerability in raSMP.
A vulnerability has been reported in raSMP that may allow an attacker to execute shell commands on a vulnerable system. This is possible because the user input filters fail to properly sanitize the User-Agent header that is passed to "index.php". An attacker may include shell commands by supplying an injection string through the HTTP header.
Affected Products:
raSMP raSMP 2.0 .0
Reference IDs:
|
Description:
This indicates an attack attempt to exploit a directory-traversal vulnerability in Samba.
The vulnerability is a result of the application's failure to properly sanitize user shared name input before using it. As a result, a remote attacker can gain unauthorized access to the root folder.
Affected Products:
Samba 3.4.5 and earlier versions.
Reference IDs:
|
Description:
This indicates an attack attempt against a denial-of-service vulnerability in Sun Java System Web Server.
The vulnerability is caused by an error when the vulnerable software handles a malicious digest header. It allows a remote attacker to crash the server via sending a crafted web page.
Affected Products:
Sun Java System Web Server version 7.0 Update 7 (7.0u7) and prior
Sun Java System Web Server version 6.1 Service Pack 11 and prior
Sun Java System Web Proxy Server version 4.0 Service pack 12 and prior
Reference IDs:
|
Top of Section
Enhanced Coverage
The FortiGuard Threat Research team updates security content as new vectors of exploitation are discovered. The table below details the security content enhanced with this release.
Critical ( 10 )
High ( 12 )
Medium ( 4 )
Top of Section
Active Exploitation
The FortiGuard Threat Research team uses globally distributed probes to monitor exploit activity. Vulnerabilities can be classified as active and given a magnitude level. The magnitude level is the rate of activity across the probes. The value of the magnitude is set to low, medium or high.
The table below lists the vulnerabilities discussed in this bulletin (specifically new and enhanced detection) and their corresponding exploit activity magnitude. The data below is as of this writing.
Critical ( 1 of 17 )
High ( 5 of 16 )
Medium ( 3 of 6 )
Top of Section
Document History
| Revision Date | Version Number | |
|---|
| Monday, March 01, 2010 | 1 | Initial Documentation. |
About Fortinet ( www.fortinet.com )
Fortinet is the pioneer and leading provider of ASIC-accelerated unified threat management, or UTM, security systems, which are used by enterprises and service providers to increase their security while reducing total operating costs. Fortinet solutions were built from the ground up to integrate multiple levels of security protection--including firewall, antivirus, intrusion prevention, VPN, spyware prevention and anti-spam -- designed to help customers protect against network and content level threats. Leveraging a custom ASIC and unified interface, Fortinet solutions offer advanced security functionality that scales from remote office to chassis-based solutions with integrated management and reporting. Fortinet solutions have won multiple awards around the world and are the only security products that are certified in six programs by ICSA Labs: (Firewall, Antivirus, IPSec, SSL, Network IPS, and Anti-Spyware). Fortinet is privately held and based in Sunnyvale, California.
Disclaimer
Although Fortinet has attempted to provide accurate information in these materials, Fortinet assumes no legal responsibility for the accuracy or completeness of the information. Please note that no Fortinet statements herein constitute or contain any guarantee, warranty or legally binding representation. All materials contained in this publication are subject to change without notice, and Fortinet reserves the right to change, modify, transfer, or otherwise revise this publication without notice.
Top of page
